Steve Fletcher wrote:
That gives me:[root@rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" "objectclass=*"ldapsearch: Password will expire in 0 secondsldapsearch: Password has been reset by an administrator; you must change it.ldap_search: DSA is unwilling to performThat is likely because I reset the password to get past the invalid credentials problem when trying to run setup-ds-admin.pl -u For the ldapsearch below and to reset the adm password I used -D "cn=Directory Manager". So for the next question: How do I change it or unset the password expiration stuff which I never intended to be applied to the admin server by command line.
Change the passwordExpirationTime in that entry: ldapmodify -x -h rome.protect.nssl -D "cn=directory manager" -w thepassword dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot changetype: modify replace: passwordExpirationTime passwordExpirationTime: 20380101000000Z Will change the password so that it expires in 2038
Rich Megginson wrote:Steve Fletcher wrote:Yes I can query these using ldapsearch.dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot ... Using fedora-idm-console -D ldap I get: Ldap Connection rome.protect.nssl:389 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:38915:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, authentication=********} 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} {PasswordExpiredCtrl: isCritical=false msg=0} {PasswordExpiringCtrl: isCritical=false msg=0}Ldap Connection (null):389 ... and adm.conf has: ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot On several following entries I saw:15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null} 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} {PasswordExpiredCtrl: isCritical=false msg=0}Is this telling me a password has expired?Yes, I believe so. What happens if you do/usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w yourpassword -s base -b "" "objectclass=*"?Rich Megginson wrote:Console: cannot connect to the user database Console: Cannot open: cn=user, cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot Console: Cannot open cn=group, cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot Console: Cannot open cn=OU, cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global Preferences, ou=protect.nssl, o=NetscapeRootWhy can't it find these entries? Is it connecting to the wrong LDAP server? Can you query these entries using ldapsearch?Use fedora-idm-console -D ldap to see what LDAP connections it is making.It should be trying to use the server from ldapurl in /etc/dirsrv/admin-serv/adm.confConsole: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
