Richard Hesse wrote:
Looks like there are some permissions problems. local.conf should be owned by nobody. What is the setting for User in console.conf? Have you changed any settings or admin user names or passwords?ps -ef | grep httpd root 2231 1 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf root 2317 2231 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf nobody 2320 2231 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf root 4830 2425 0 21:58 pts/0 00:00:00 grep httpd # ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config /opt/fedora-ds/admin-serv/config: total 84 drwxr-xr-x 2 nobody nobody 4096 Oct 5 18:31 . drwxr-xr-x 6 root root 4096 Sep 27 03:24 .. -rw-r--r-- 1 root root 0 Oct 5 18:31 Admin -rw------- 1 nobody nobody 350 Sep 27 03:24 adm.conf -rw------- 1 nobody nobody 54 Sep 27 03:24 admpw -rw------- 1 root root 4598 Sep 27 03:24 admserv.conf -rw------- 1 nobody nobody 3733 Sep 27 03:24 console.conf -rw------- 1 root root 26784 Sep 27 03:24 httpd.conf -rw-r--r-- 1 root root 16632 Oct 5 05:07 local.conf -rw------- 1 nobody nobody 4573 Sep 27 03:24 nss.conf /opt/fedora-ds/admin-serv/logs: total 1652 drwxr-xr-x 2 root root 4096 Oct 8 21:59 . drwxr-xr-x 6 root root 4096 Sep 27 03:24 .. -rw-r--r-- 1 root root 500844 Oct 5 04:59 access srwx------ 1 nobody root 0 Oct 8 19:12 cgisock.2231 -rw-r--r-- 1 root root 1164192 Oct 8 19:12 error -rw-r--r-- 1 root root 5 Oct 8 19:12 pid cat /opt/fedora-ds/shared/config/dbswitch.conf directory default ldap://localhost:22000/o%3DNetscapeRoot cat /opt/fedora-ds/admin-serv/config/adm.conf ldapHost: localhost ldapPort: 22000 sie: cn=admin-serv-$host, cn=Fedora Administration Server, cn=Server Group,$host,ou=$domain,o=NetscapeRoot userdn: cn=directory manager isie: cn=Fedora Administration Server, cn=Server Group,cn=$host,ou=$domain,o=NetscapeRoot port: 22628 Upon later inspection of the admin-serv error logs, I noticed this: [Mon Oct 08 19:12:40 2007] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
-richard -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Richard Megginson Sent: Monday, October 08, 2007 2:16 PM To: General discussion list for the Fedora Directory server project. Subject: Re: slapi search internal errors popping up in error log Richard Hesse wrote:Nothing really informative in the admin server logs. Just the 500's being recorded: 10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620ps -ef|grep httpd ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config # do the following only after obscuring any sensitive data cat /opt/fedora-ds/shared/config/dbswitch.conf cat /opt/fedora-ds/admin-serv/config/adm.conf-richard -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Richard Megginson Sent: Monday, October 08, 2007 11:09 AM To: General discussion list for the Fedora Directory server project. Subject: Re: slapi search internal errors popping up in error log Richard Hesse wrote:No, we're not using client certs but that doesn't preclude someone using their own certs. No certmap.conf in the instance directory and it looks like the shared one is stock: cat certmap.conf | grep -v "#" certmap default default The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs.Check the admin server access and error log - /opt/fedora-ds/admin-serv/logsAlias directory: drwxr-xr-x 2 nobody nobody 4096 Oct 8 17:42 . drwxr-xr-x 15 root root 4096 Oct 8 17:42 .. -rwxr-xr-x 1 root nobody 347368 Oct 6 00:22 libnssckbi.so -rw------- 1 nobody nobody 16384 Oct 6 00:24 secmod.db -rw------- 1 nobody nobody 65536 Oct 6 00:22 slapd-fds-cert8.db -rw------- 1 nobody nobody 16384 Oct 6 00:22 slapd-fds-key3.db -r-------- 1 nobody nobody 41 Oct 6 00:22 slapd-fds-pin.txt Thanks in advance. -richard -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Richard Megginson Sent: Saturday, October 06, 2007 1:46 PM To: General discussion list for the Fedora Directory server project. Subject: Re: slapi search internal errors popping up in error log Richard Hesse wrote:[06/Oct/2007:00:24:51 +0000] - slapi_search_internal ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 I'm guessing that this is cert related, but the TLS/SSL operations are working fine.Are you using client cert based authentication? cat /opt/fedora-ds/slapd-instance/config/certmap.conf /opt/fedora-ds/shared/config/certmap.confHowever, I noticed that I can no longer view the encryption tab for this server in the console.What error do you get when you try to view the encryption tab? ls -al /opt/fedora-ds/aliasAny ideas what this error means or how to fix it? Thanks. -richard -------------------------------------------------------------------- - - -- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
