Re: [389-users] New 389 ds install - cannot logon to adm console

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 11/30/2010 04:33 PM, trisooma wrote:
>>> On 11/30/2010 02:32 PM, Trisooma wrote:
>>>>     On 11/30/2010 10:23 PM, Rich Megginson wrote:
>>>>> On 11/30/2010 02:20 PM, trisooma wrote:
>>>>>> If i am reading the code correctly (and looking at the logging
>>>>>> below), the
>>>>>> line that has a severity of 'crit' should dump info for the ldap
>>>>>> server we
>>>>>> are connecting to.
>>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>>>>>> even
>>>>>> with an odd number like 23395496 (see Eric's first post).
>>>>>>
>>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection():
>>>>>> util_ldap_init
>>>>>> failed for ldap://:389
>>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>>>>>> LDAPConnection to
>>>>>> populate LocalAdmin tasks into cache.
>>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured
>>>>>> --
>>>>>> resuming normal operations
>>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection():
>>>>>> util_ldap_init
>>>>>> failed for ldap://:389
>>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>>>>>> LDAPConnection to
>>>>>> populate LocalAdmin tasks into cache.
>>>>>>
>>>>>> The code that logs this error looks like this
>>>>>> [mod_admserv/mod_admserv.c:517]
>>>>>>
>>>>>>            ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */,
>>>>>> NULL,
>>>>>>                         "openLDAPConnection(): util_ldap_init failed
>>>>>> for
>>>>>> ldap%s://%s:%d",
>>>>>>                         data->secure ? "s" : "",
>>>>>>                         data->host, data->port);
>>>>>>
>>>>>> It seems that the struct 'data' is not filled with the correct
>>>>>> values.
>>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
>>>> My bad, see
>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
>>> First, upgrade to the latest versions of these components from the
>>> testing repo
>>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base
>>> 389-adminutil
>>>
>>> Then, run
>>> setup-ds-admin.pl -u
>>>
>>> Then try
>>>
>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w
>>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>>>
>>> and
>>>
>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w
>>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389
>>> Administration
>>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>>>
>> Using the above i can confirm that i can now use the console to log in
>> and
>> administer my DS (though i had to remove selinux-policy-targeted). The
>> command 'setup-ds-admin.pl -u' ran without a hitch.
>>
>> the results of both ldap queries are below:
>>
>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s
>> base -b "cn=389 Administration Server,cn=Server
>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>> Enter LDAP Password:
>> dn: cn=389 Administration Server,cn=Server
>> Group,cn=icicle.phasma.nl,ou=phasma
>>   .nl,o=NetscapeRoot
>> nsBuildSecurity: domestic
>> objectClass: top
>> objectClass: nsApplication
>> objectClass: groupOfUniqueNames
>> cn: 389 Administration Server
>> nsVendor: 389 Project
>> installationTimeStamp: 20101124210830Z
>> nsBuildNumber: 2010.328.157
>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>> Server,cn=Server
>> Grou
>>   p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>> nsServerMigrationClassname:
>> com.netscape.management.admserv.AdminServerProduct
>>   @389-admin-1.1.jar
>> nsProductName: 389 Administration Server
>> nsProductVersion: 1.1.13
>> nsNickName: admin
>>
>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s
>> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>> Enter LDAP Password:
>> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>> Group,cn=icicl
>>   e.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>> objectClass: top
>> objectClass: netscapeServer
>> objectClass: nsAdminServer
>> objectClass: nsResourceRef
>> objectClass: groupOfUniqueNames
>> serverHostName: icicle.phasma.nl
>> cn: admin-serv-icicle
>> installationTimeStamp: 20101124210830Z
>> serverProductName: Administration Server
>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>> Server,cn=Server
>> Grou
>>   p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>> nsServerID: admin-serv
>>
>> I proceeded to restart dirsrv-admin, and the log now looks like this:
>>
>> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl
>> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: *
>> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured --
>> resuming normal operations
>> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl
>> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: *
>> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1]
>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1]
>> admserv_check_authz(): passing [/admin-serv/authenticate] to the
>> userauth
>> handler
>> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10]
>> admserv_host_ip_check: ap_get_remote_host could not resolve
>> 192.168.134.10
>> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not
>> exist: /usr/share/dirsrv/html/java/jars
> This should be ok - it should fallback to /usr/share/dirsrv/html/java
>> Still some errors are visible in the logfile,
> The one marked [error] above, or are there others?  [notice] messages
> are ok.

No, this is the only one marked as error.

>> but i can log in and add
>> users/groups using the console. When i navigate to 'Directory Server'>
>> 'Configuration' i get the following error message:
>> 'Insufficient Permissions': The user
>> uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does
>> not
>> have permission to perform this operation.
>> When i enter the correct credentials, it seems that everything is
>> working
>> as it is supposed to.
> "correct credentials"?

the password that is set for uid=admin,.......; This is only a minor
annoyance, however it does seem strange that i am asked for the password
again.

>> The log complains about not being able to do a reverse lookup on
>> 192.168.134.10, but this seems wrong (DNS works both ways):
> Yes.  See /etc/dirsrv/admin-serv/console.conf - HostnameLookups

oke, got it.

>> [shadowuser@icicle ~]$ host 192.168.134.10
>> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.
>> [shadowuser@icicle ~]$ host icicle.phasma.nl
>> icicle.phasma.nl has address 192.168.134.10
>>
>> Thanks for your patience,
>>
>> Regards,
>>
>> Trisooma
>>
>>
>>
>>>>>> BTW. this code was taken from 389-admin-1.1.12.a2
>>>>>>
>>>>>> I hope this helps,
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Trisooma
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>> --
>>>> 389 users mailing list
>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux