On 11/30/2010 04:33 PM, trisooma wrote: >> On 11/30/2010 02:32 PM, Trisooma wrote: >>> On 11/30/2010 10:23 PM, Rich Megginson wrote: >>>> On 11/30/2010 02:20 PM, trisooma wrote: >>>>> If i am reading the code correctly (and looking at the logging >>>>> below), the >>>>> line that has a severity of 'crit' should dump info for the ldap >>>>> server we >>>>> are connecting to. >>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes >>>>> even >>>>> with an odd number like 23395496 (see Eric's first post). >>>>> >>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init >>>>> failed for ldap://:389 >>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial >>>>> LDAPConnection to >>>>> populate LocalAdmin tasks into cache. >>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- >>>>> resuming normal operations >>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init >>>>> failed for ldap://:389 >>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial >>>>> LDAPConnection to >>>>> populate LocalAdmin tasks into cache. >>>>> >>>>> The code that logs this error looks like this >>>>> [mod_admserv/mod_admserv.c:517] >>>>> >>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, >>>>> "openLDAPConnection(): util_ldap_init failed >>>>> for >>>>> ldap%s://%s:%d", >>>>> data->secure ? "s" : "", >>>>> data->host, data->port); >>>>> >>>>> It seems that the struct 'data' is not filled with the correct values. >>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - >>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html >>> My bad, see >>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html >> First, upgrade to the latest versions of these components from the >> testing repo >> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base >> 389-adminutil >> >> Then, run >> setup-ds-admin.pl -u >> >> Then try >> >> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >> youradminpassword -s base -b "cn=389 Administration Server,cn=Server >> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >> >> and >> >> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration >> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >> > Using the above i can confirm that i can now use the console to log in and > administer my DS (though i had to remove selinux-policy-targeted). The > command 'setup-ds-admin.pl -u' ran without a hitch. > > the results of both ldap queries are below: > > [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D > "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s > base -b "cn=389 Administration Server,cn=Server > Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" > Enter LDAP Password: > dn: cn=389 Administration Server,cn=Server > Group,cn=icicle.phasma.nl,ou=phasma > .nl,o=NetscapeRoot > nsBuildSecurity: domestic > objectClass: top > objectClass: nsApplication > objectClass: groupOfUniqueNames > cn: 389 Administration Server > nsVendor: 389 Project > installationTimeStamp: 20101124210830Z > nsBuildNumber: 2010.328.157 > uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server > Grou > p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot > nsServerMigrationClassname: > com.netscape.management.admserv.AdminServerProduct > @389-admin-1.1.jar > nsProductName: 389 Administration Server > nsProductVersion: 1.1.13 > nsNickName: admin > > [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D > "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s > base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server > Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" > Enter LDAP Password: > dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server > Group,cn=icicl > e.phasma.nl,ou=phasma.nl,o=NetscapeRoot > objectClass: top > objectClass: netscapeServer > objectClass: nsAdminServer > objectClass: nsResourceRef > objectClass: groupOfUniqueNames > serverHostName: icicle.phasma.nl > cn: admin-serv-icicle > installationTimeStamp: 20101124210830Z > serverProductName: Administration Server > uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server > Grou > p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot > nsServerID: admin-serv > > I proceeded to restart dirsrv-admin, and the log now looks like this: > > [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl > [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * > [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- > resuming normal operations > [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl > [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * > [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 > [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] > admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth > handler > [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] > admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10 > [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not > exist: /usr/share/dirsrv/html/java/jars This should be ok - it should fallback to /usr/share/dirsrv/html/java > Still some errors are visible in the logfile, The one marked [error] above, or are there others? [notice] messages are ok. > but i can log in and add > users/groups using the console. When i navigate to 'Directory Server'> > 'Configuration' i get the following error message: > 'Insufficient Permissions': The user > uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not > have permission to perform this operation. > When i enter the correct credentials, it seems that everything is working > as it is supposed to. "correct credentials"? > The log complains about not being able to do a reverse lookup on > 192.168.134.10, but this seems wrong (DNS works both ways): Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups > [shadowuser@icicle ~]$ host 192.168.134.10 > 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. > [shadowuser@icicle ~]$ host icicle.phasma.nl > icicle.phasma.nl has address 192.168.134.10 > > Thanks for your patience, > > Regards, > > Trisooma > > > >>>>> BTW. this code was taken from 389-admin-1.1.12.a2 >>>>> >>>>> I hope this helps, >>>>> >>>>> Regards, >>>>> >>>>> Trisooma >>>>> >>>>> -- >>>>> 389 users mailing list >>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> -- >>> 389 users mailing list >>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
