> On 11/30/2010 04:33 PM, trisooma wrote: >>> On 11/30/2010 02:32 PM, Trisooma wrote: >>>> On 11/30/2010 10:23 PM, Rich Megginson wrote: >>>>> On 11/30/2010 02:20 PM, trisooma wrote: >>>>>> If i am reading the code correctly (and looking at the logging >>>>>> below), the >>>>>> line that has a severity of 'crit' should dump info for the ldap >>>>>> server we >>>>>> are connecting to. >>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes >>>>>> even >>>>>> with an odd number like 23395496 (see Eric's first post). >>>>>> >>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): >>>>>> util_ldap_init >>>>>> failed for ldap://:389 >>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial >>>>>> LDAPConnection to >>>>>> populate LocalAdmin tasks into cache. >>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured >>>>>> -- >>>>>> resuming normal operations >>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): >>>>>> util_ldap_init >>>>>> failed for ldap://:389 >>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial >>>>>> LDAPConnection to >>>>>> populate LocalAdmin tasks into cache. >>>>>> >>>>>> The code that logs this error looks like this >>>>>> [mod_admserv/mod_admserv.c:517] >>>>>> >>>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, >>>>>> NULL, >>>>>> "openLDAPConnection(): util_ldap_init failed >>>>>> for >>>>>> ldap%s://%s:%d", >>>>>> data->secure ? "s" : "", >>>>>> data->host, data->port); >>>>>> >>>>>> It seems that the struct 'data' is not filled with the correct >>>>>> values. >>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - >>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html >>>> My bad, see >>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html >>> First, upgrade to the latest versions of these components from the >>> testing repo >>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base >>> 389-adminutil >>> >>> Then, run >>> setup-ds-admin.pl -u >>> >>> Then try >>> >>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server >>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >>> >>> and >>> >>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 >>> Administration >>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >>> >> Using the above i can confirm that i can now use the console to log in >> and >> administer my DS (though i had to remove selinux-policy-targeted). The >> command 'setup-ds-admin.pl -u' ran without a hitch. >> >> the results of both ldap queries are below: >> >> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s >> base -b "cn=389 Administration Server,cn=Server >> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >> Enter LDAP Password: >> dn: cn=389 Administration Server,cn=Server >> Group,cn=icicle.phasma.nl,ou=phasma >> .nl,o=NetscapeRoot >> nsBuildSecurity: domestic >> objectClass: top >> objectClass: nsApplication >> objectClass: groupOfUniqueNames >> cn: 389 Administration Server >> nsVendor: 389 Project >> installationTimeStamp: 20101124210830Z >> nsBuildNumber: 2010.328.157 >> uniqueMember: cn=admin-serv-icicle,cn=389 Administration >> Server,cn=Server >> Grou >> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot >> nsServerMigrationClassname: >> com.netscape.management.admserv.AdminServerProduct >> @389-admin-1.1.jar >> nsProductName: 389 Administration Server >> nsProductVersion: 1.1.13 >> nsNickName: admin >> >> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s >> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server >> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >> Enter LDAP Password: >> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server >> Group,cn=icicl >> e.phasma.nl,ou=phasma.nl,o=NetscapeRoot >> objectClass: top >> objectClass: netscapeServer >> objectClass: nsAdminServer >> objectClass: nsResourceRef >> objectClass: groupOfUniqueNames >> serverHostName: icicle.phasma.nl >> cn: admin-serv-icicle >> installationTimeStamp: 20101124210830Z >> serverProductName: Administration Server >> uniqueMember: cn=admin-serv-icicle,cn=389 Administration >> Server,cn=Server >> Grou >> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot >> nsServerID: admin-serv >> >> I proceeded to restart dirsrv-admin, and the log now looks like this: >> >> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl >> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * >> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- >> resuming normal operations >> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl >> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * >> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] >> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] >> admserv_check_authz(): passing [/admin-serv/authenticate] to the >> userauth >> handler >> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] >> admserv_host_ip_check: ap_get_remote_host could not resolve >> 192.168.134.10 >> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not >> exist: /usr/share/dirsrv/html/java/jars > This should be ok - it should fallback to /usr/share/dirsrv/html/java >> Still some errors are visible in the logfile, > The one marked [error] above, or are there others? [notice] messages > are ok. No, this is the only one marked as error. >> but i can log in and add >> users/groups using the console. When i navigate to 'Directory Server'> >> 'Configuration' i get the following error message: >> 'Insufficient Permissions': The user >> uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does >> not >> have permission to perform this operation. >> When i enter the correct credentials, it seems that everything is >> working >> as it is supposed to. > "correct credentials"? the password that is set for uid=admin,.......; This is only a minor annoyance, however it does seem strange that i am asked for the password again. >> The log complains about not being able to do a reverse lookup on >> 192.168.134.10, but this seems wrong (DNS works both ways): > Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups oke, got it. >> [shadowuser@icicle ~]$ host 192.168.134.10 >> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. >> [shadowuser@icicle ~]$ host icicle.phasma.nl >> icicle.phasma.nl has address 192.168.134.10 >> >> Thanks for your patience, >> >> Regards, >> >> Trisooma >> >> >> >>>>>> BTW. this code was taken from 389-admin-1.1.12.a2 >>>>>> >>>>>> I hope this helps, >>>>>> >>>>>> Regards, >>>>>> >>>>>> Trisooma >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> -- >>>> 389 users mailing list >>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
