bah, you were right earlier, and i missed something.
examining the dse.ldif file, i found that it was indeed the passthrough
authentication plug-in. i manually turned it off for the secondary-master,
shut down the primary-master, and was then able to restart the
secondary-master admin-server
they entry is:
dn: cn=Pass Through Authentication,cn=plugins,cn=config
nsslapd-pluginEnabled
it might help to update the HowTo to reference that change
From: Richard Megginson <rmeggins@xxxxxxxxxx>
Reply-To: "General discussion list for the Fedora Directory server
project." <fedora-directory-users@xxxxxxxxxx>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users@xxxxxxxxxx>
Subject: Re: Problem with
AdminConsole failoverusingFedoraDS
Date: Fri, 27 Apr 2007 08:17:43 -0600
Kyley Engle wrote:
so here's where i'm at now.....
primary-master and secondary-master running...everything is fine. i shut
down the primary-master and i can log into the admin console on the
secondary-master fine. however, if i try to restart the admin server, it
fails with:
[Thu Apr 26 22:48:50 2007] [info] Init: Initializing NSS library
[Thu Apr 26 22:48:50 2007] [info] Initializing SSL Session Cache of size
10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Thu Apr 26 22:48:50 2007] [info] Init: Initializing (virtual) servers for
SSL
[Thu Apr 26 22:48:50 2007] [info] Server: Apache/2.0.52, Interface:
mod_nss/2.0.52, Library: NSS/3.11
[Thu Apr 26 22:48:50 2007] [debug] mod_admserv.c(2154): [30854] Cache
expiration set to 600 seconds
[Thu Apr 26 22:48:50 2007] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
Configuration Failed
I change the 2 files and 1 directory entry listed in the HowTo: and i get
the exact same behavior.
There are probably some other values under o=NetscapeRoot somewhere that
reference the old directory server. Try this:
cd /opt/fedora-ds/shared/bin ; ./ldapsearch -T -h host -p port -D
"cn=directory manager" -w password -s sub -b o=netscaperoot "objectclass=*"
| grep "old ldap server host and/or port"
I have no pass through authentication configured. I'm doing some testing
on 2 freshly installed instances that don't have anything other than
o=NetscapeRoot replication enabled and working.
hope this is useful....
-ke
From: Richard Megginson <rmeggins@xxxxxxxxxx>
Reply-To: "General discussion list for the Fedora Directory server
project." <fedora-directory-users@xxxxxxxxxx>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users@xxxxxxxxxx>
Subject: Re: Problem with Admin Console
failoverusingFedoraDS
Date: Thu, 26 Apr 2007 16:01:22 -0600
Kyley Engle wrote:
i have done that, as well as changing the directory in the
nsDirectoryURL entry and the file
/opt/fedora-ds/admin-serv/config/adm.conf
is there maybe a way to increase the debug logging on the admin-serv?
i'm not finding very much documentation on it.
I think you'll also need to change or disable the pass through
authentication plug-in in your backup configuration directory server.
edit admin-serv/config/httpd.conf and set the LogLevel to debug
ke
From: Richard Megginson <rmeggins@xxxxxxxxxx>
Reply-To: "General discussion list for the Fedora Directory server
project." <fedora-directory-users@xxxxxxxxxx>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users@xxxxxxxxxx>
Subject: Re: Problem with Admin Console
failoverusing FedoraDS
Date: Thu, 26 Apr 2007 15:17:43 -0600
Kyley Engle wrote:
Hello,
I am having problems with the admin-serv when doing failure testing in
my multi-master environmnet.
What I have:
2 masters replicating the userRoot and NetscapeRoot directories
various hub and consumer/search servers
When I installed the instances on each of these servers, i pointed
them at one of the masters, let's call it primary-master, for it's
configuration directory. when both masters are up and running, i can
connect my admin consoel to either directory and manage my fleet of
servers
While doing failure mode testing, I discovered that if the
primary-master was turned off, that the secondary master admin-serv
would not start properly. it gives the following in
/opt/fedora-ds/admin-serv/logs/error:
[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
Configuration Failed
I followed the instructions found here:
http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server
to change the admin server running on secondary-master to point to
itself instead of to the primary master. this did not resolve the
issue.
Has anyone out there gotten the configuration directory successfully
working in a failover capacity in a multi-master environment?
Try updating shared/config/dbswitch.conf to point to the backup
configuration ds.
ke
_________________________________________________________________
The average US Credit Score is 675. The cost to see yours: $0 by
Experian.
http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
<< smime.p7s >>
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
_________________________________________________________________
Download Messenger. Join the i?m Initiative. Help make a difference
today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
<< smime.p7s >>
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
_________________________________________________________________
Mortgage refinance is Hot. *Terms. Get a 5.375%* fix rate. Check savings
https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2bbb&disc=y&vers=925&s=4056&p=5117
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
<< smime.p7s >>
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
_________________________________________________________________
Exercise your brain! Try Flexicon.
http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapril07
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
