Martin Eckel wrote:
It is if you want to restrict access by host name. But you can disable this and just restrict access by IP address. See http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt - please read the whole page then especially the section "How to set the hosts/IP addresses allowed to access the Admin Server"Am Do 11.10.2007 22:15 schrieb Richard Megginson <rmeggins@xxxxxxxxxx>: > Martin Eckel wrote:> > Am Di 09.10.2007 17:47 schrieb Richard Megginson <rmeggins@xxxxxxxxxx>:> > > > > Martin Eckel wrote: > > > > Hi, > > > >> > > > I have installed fedora-ds-1.0.4-1 on a FC6 Linux. I am able to run > > > > the startconsole, but when I open the Admin Server window and select> > > > any item than an error message appears that it trys to access to> > > > /admin-serv/tasks/Configuration/ServerSetup. But the tasks directory> > > > don't exist. I would expect that is was created by the rpm-package > > > > while installation but it isn't. > > > > I started the rpm-installation with the --nodeps argument (what I > > > > would like to avoid, I assume that could be the reason) because it > > > > says that no httpd is available, but an apache is already > > installed as> > > > source-package on this system. I have created a symbolic link before> > > > to the httpd-file in /usr/sbin but that don't help.> > > > Anyone knows, why no tasks directory and its subfolders was created> > > > after the installation ? > > > That URL path is not the actual path in the file system. The way the> > > admin server works is that it maps that URL to a LDAP entry somewhere> > > under o=NetscapeRoot in the configuration directory server. It does> > > this so it can apply fine grained access control to each task based on> > > Fedora DS ACIs, rather than on httpd access control. > > > > > > It's going to be tricky to install properly without an httpd.worker > > > package available for setup. > > > > My Apache is compiled as worker version. > > > > > > > > > > Excuse me for my bad English and many Thanks in advance > > > > Martin > > > >> > ------------------------------------------------------------------------> > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users@xxxxxxxxxx > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > Thank you for your answer, Richard. I am still working on the same > > problem. I have checked my ldap structure into the Directory Server > > startconsole. There exists an "admin-serv-ldap" element into the > > NetscapeRoot Directory. I have called my servername "ldap" while the > > installation setup,so it should be correct. But if I click on any > > button into the Admin Server console window, the error-message shows > > that it trys to access to "admin-serv" directory.> Check the admin server access and error logs /opt/fedora-ds/admin-serv/logs> > Also a mysterious thing is that if I click on a button into the> > Directory Server window, i.e. "Manage Certificates" than only an empty> > box is appearing. > Check the admin server access and error logs? > > Is there any configuration file where this access path is defined ? > Not exactly. It's really very simple - the admin server converts the > path /admin-serv/Tasks/Name into an ldap entry - it first looks for the > admin server entry cn=admin-serv-ldap, then looks for cn=Name,cn=Tasks > under that entry. > > > > Regards, > > Martin > > > >> > ------------------------------------------------------------------------> > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > This is a part of the admin-serv/logs/error file:[Fri Oct 12 14:37:02 2007] [notice] [client 217.24.204.116] admserv_host_ip_check: ap_get_remote_host could not resolve 217.24.204.116 [Fri Oct 12 14:37:02 2007] [warn] [client 217.24.204.116] admserv_host_ip_check: failed to get host by ip addr [217.24.204.116] - check your host and DNS configuration [Fri Oct 12 14:37:10 2007] [notice] [client 217.24.204.116] admserv_host_ip_check: ap_get_remote_host could not resolve 217.24.204.116 [Fri Oct 12 14:37:10 2007] [warn] [client 217.24.204.116] admserv_host_ip_check: failed to get host by ip addr [217.24.204.116] - check your host and DNS configuration [Fri Oct 12 14:37:10 2007] [error] [client 217.24.204.116] (104)Connection reset by peer: ap_content_length_filter: apr_bucket_read() failedAnd this will always repeated in the access file if I do something into the Admin Server: 217.24.204.110 - admin [12/Oct/2007:14:36:54 +0200] "GET /admin-serv/authenticate HTTP/1.0" 200 369 217.24.204.116 - uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [12/Oct/2007:14:37:00 +0200] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 217.24.204.116 - uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [12/Oct/2007:14:37:02 +0200] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 217.24.204.116 - uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [12/Oct/2007:14:37:10 +0200] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 58Could it be, that reverse DNS mapping is required for a correct functionality of the Admin Server ?
The URL of my ldap server has a valid entry in a DNS server ald I can do a ping on it. In the error log is nothing else than the DNS errors------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
