OK. That removed the expiration. Which allowed me to run the
setup-ds-admin.pl -u which fixed the
origional problem with fedora-idm-console. Thanks much for all your
help and patience!!
Steve
Rich Megginson wrote:
Steve Fletcher wrote:
That gives me:
[root@rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h
rome.protect.nssl -D "uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b ""
"objectclass=*"
ldapsearch: Password will expire in 0 seconds
ldapsearch: Password has been reset by an administrator; you must
change it.
ldap_search: DSA is unwilling to perform
That is likely because I reset the password to get past the invalid
credentials problem when trying to run setup-ds-admin.pl -u
For the ldapsearch below and to reset the adm password I used -D
"cn=Directory Manager". So for the next question: How do I change it or
unset the password expiration stuff which I never intended to be
applied to the admin server by command line.
Change the passwordExpirationTime in that entry:
ldapmodify -x -h rome.protect.nssl -D "cn=directory manager" -w
thepassword
dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
changetype: modify
replace: passwordExpirationTime
passwordExpirationTime: 20380101000000Z
Will change the password so that it expires in 2038
Rich Megginson wrote:
Steve Fletcher wrote:
Yes I can query these using ldapsearch.
dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin,
ou=Global Pre
ferences, ou=protect.nssl, o=NetscapeRoot ...
Using fedora-idm-console -D ldap I get:
Ldap Connection rome.protect.nssl:389
15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389
15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot,
authentication=********}
15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0}
{PasswordExpiredCtrl: isCritical=false msg=0}
{PasswordExpiringCtrl: isCritical=false msg=0}
Ldap Connection (null):389 ...
and adm.conf has:
ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot
On several following entries I saw:
15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user,
cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global
Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0,
derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false,
filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null}
15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53}
{PasswordExpiredCtrl: isCritical=false msg=0}
Is this telling me a password has expired?
Yes, I believe so. What happens if you do
/usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w
yourpassword -s base -b "" "objectclass=*"
?
Rich Megginson wrote:
Console: cannot connect to the user database
Console: Cannot open: cn=user,
cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global
Preferences, ou=protect.nssl, o=NetscapeRoot
Console: Cannot open cn=group,
cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global
Preferences, ou=protect.nssl, o=NetscapeRoot
Console: Cannot open cn=OU,
cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global
Preferences, ou=protect.nssl, o=NetscapeRoot
Why can't it find these entries? Is it connecting to the wrong
LDAP server? Can you query these entries using ldapsearch?
Use fedora-idm-console -D ldap to see what LDAP connections it is
making.
It should be trying to use the server from ldapurl in
/etc/dirsrv/admin-serv/adm.conf
Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin,
ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
