Re: slapi search internal errors popping up in error log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Hesse wrote:
ps -ef | grep httpd
root      2231     1  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
root      2317  2231  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
nobody    2320  2231  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
root      4830  2425  0 21:58 pts/0    00:00:00 grep httpd

# ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config
/opt/fedora-ds/admin-serv/config:
total 84
drwxr-xr-x 2 nobody nobody  4096 Oct  5 18:31 .
drwxr-xr-x 6 root   root    4096 Sep 27 03:24 ..
-rw-r--r-- 1 root   root       0 Oct  5 18:31 Admin
-rw------- 1 nobody nobody   350 Sep 27 03:24 adm.conf
-rw------- 1 nobody nobody    54 Sep 27 03:24 admpw
-rw------- 1 root   root    4598 Sep 27 03:24 admserv.conf
-rw------- 1 nobody nobody  3733 Sep 27 03:24 console.conf
-rw------- 1 root   root   26784 Sep 27 03:24 httpd.conf
-rw-r--r-- 1 root   root   16632 Oct  5 05:07 local.conf
-rw------- 1 nobody nobody  4573 Sep 27 03:24 nss.conf

/opt/fedora-ds/admin-serv/logs:
total 1652
drwxr-xr-x 2 root   root    4096 Oct  8 21:59 .
drwxr-xr-x 6 root   root    4096 Sep 27 03:24 ..
-rw-r--r-- 1 root   root  500844 Oct  5 04:59 access
srwx------ 1 nobody root       0 Oct  8 19:12 cgisock.2231
-rw-r--r-- 1 root   root 1164192 Oct  8 19:12 error
-rw-r--r-- 1 root   root       5 Oct  8 19:12 pid

cat /opt/fedora-ds/shared/config/dbswitch.conf
directory default ldap://localhost:22000/o%3DNetscapeRoot

cat /opt/fedora-ds/admin-serv/config/adm.conf
ldapHost:   localhost
ldapPort:   22000
sie:   cn=admin-serv-$host, cn=Fedora Administration Server, cn=Server Group,$host,ou=$domain,o=NetscapeRoot
userdn:   cn=directory manager
isie:   cn=Fedora Administration Server, cn=Server Group,cn=$host,ou=$domain,o=NetscapeRoot
port:   22628

Upon later inspection of the admin-serv error logs, I noticed this:

[Mon Oct 08 19:12:40 2007] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
Looks like there are some permissions problems. local.conf should be owned by nobody. What is the setting for User in console.conf? Have you changed any settings or admin user names or passwords?
-richard


-----Original Message-----
From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Richard Megginson
Sent: Monday, October 08, 2007 2:16 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re:  slapi search internal errors popping up in error log

Richard Hesse wrote:
Nothing really informative in the admin server logs. Just the 500's being recorded:

10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST
/admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620

ps -ef|grep httpd
ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config # do the following only after obscuring any sensitive data cat /opt/fedora-ds/shared/config/dbswitch.conf
cat /opt/fedora-ds/admin-serv/config/adm.conf
-richard

-----Original Message-----
From: fedora-directory-users-bounces@xxxxxxxxxx
[mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of
Richard Megginson
Sent: Monday, October 08, 2007 11:09 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re:  slapi search internal errors
popping up in error log

Richard Hesse wrote:

No, we're not using client certs but that doesn't preclude someone using their own certs.

No certmap.conf in the instance directory and it looks like the shared one is stock:
cat certmap.conf | grep -v "#"
certmap default         default

The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs.


Check the admin server access and error log -
/opt/fedora-ds/admin-serv/logs

Alias directory:
drwxr-xr-x  2 nobody nobody   4096 Oct  8 17:42 .
drwxr-xr-x 15 root   root     4096 Oct  8 17:42 ..
-rwxr-xr-x  1 root   nobody 347368 Oct  6 00:22 libnssckbi.so
-rw-------  1 nobody nobody  16384 Oct  6 00:24 secmod.db
-rw-------  1 nobody nobody  65536 Oct  6 00:22 slapd-fds-cert8.db
-rw-------  1 nobody nobody  16384 Oct  6 00:22 slapd-fds-key3.db
-r--------  1 nobody nobody     41 Oct  6 00:22 slapd-fds-pin.txt


Thanks in advance.

-richard

-----Original Message-----
From: fedora-directory-users-bounces@xxxxxxxxxx
[mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of
Richard Megginson
Sent: Saturday, October 06, 2007 1:46 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re:  slapi search internal errors
popping up in error log

Richard Hesse wrote:


[06/Oct/2007:00:24:51 +0000] - slapi_search_internal
("CN=fds1.sv.powerset.com, OU=Domain Control Validated,
O=fds1.sv.powerset.com", subtree, objectclass=*) err 32



I'm guessing that this is cert related, but the TLS/SSL operations
are working fine.



Are you using client cert based authentication?

cat /opt/fedora-ds/slapd-instance/config/certmap.conf
/opt/fedora-ds/shared/config/certmap.conf


However, I noticed that I can no longer view the encryption tab for
this server in the console.



What error do you get when you try to view the encryption tab?

ls -al /opt/fedora-ds/alias


Any ideas what this error means or how to fix it?



Thanks.



-richard

--------------------------------------------------------------------
-
-
--

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux