Re: [389-users] New 389 ds install - cannot logon to adm console

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Works for me as well. Thank you very much.

Cheers,

Eric

trisooma wrote:
>> On 11/30/2010 04:33 PM, trisooma wrote:
>>>> On 11/30/2010 02:32 PM, Trisooma wrote:
>>>>>     On 11/30/2010 10:23 PM, Rich Megginson wrote:
>>>>>> On 11/30/2010 02:20 PM, trisooma wrote:
>>>>>>> If i am reading the code correctly (and looking at the logging
>>>>>>> below), the
>>>>>>> line that has a severity of 'crit' should dump info for the ldap
>>>>>>> server we
>>>>>>> are connecting to.
>>>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>>>>>>> even
>>>>>>> with an odd number like 23395496 (see Eric's first post).
>>>>>>>
>>>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection():
>>>>>>> util_ldap_init
>>>>>>> failed for ldap://:389
>>>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>>>>>>> LDAPConnection to
>>>>>>> populate LocalAdmin tasks into cache.
>>>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured
>>>>>>> --
>>>>>>> resuming normal operations
>>>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection():
>>>>>>> util_ldap_init
>>>>>>> failed for ldap://:389
>>>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>>>>>>> LDAPConnection to
>>>>>>> populate LocalAdmin tasks into cache.
>>>>>>>
>>>>>>> The code that logs this error looks like this
>>>>>>> [mod_admserv/mod_admserv.c:517]
>>>>>>>
>>>>>>>            ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */,
>>>>>>> NULL,
>>>>>>>                         "openLDAPConnection(): util_ldap_init failed
>>>>>>> for
>>>>>>> ldap%s://%s:%d",
>>>>>>>                         data->secure ? "s" : "",
>>>>>>>                         data->host, data->port);
>>>>>>>
>>>>>>> It seems that the struct 'data' is not filled with the correct
>>>>>>> values.
>>>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
>>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
>>>>> My bad, see
>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
>>>> First, upgrade to the latest versions of these components from the
>>>> testing repo
>>>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base
>>>> 389-adminutil
>>>>
>>>> Then, run
>>>> setup-ds-admin.pl -u
>>>>
>>>> Then try
>>>>
>>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w
>>>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server
>>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>>>>
>>>> and
>>>>
>>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w
>>>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389
>>>> Administration
>>>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>>>>
>>> Using the above i can confirm that i can now use the console to log in
>>> and
>>> administer my DS (though i had to remove selinux-policy-targeted). The
>>> command 'setup-ds-admin.pl -u' ran without a hitch.
>>>
>>> the results of both ldap queries are below:
>>>
>>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s
>>> base -b "cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>>> Enter LDAP Password:
>>> dn: cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma
>>>   .nl,o=NetscapeRoot
>>> nsBuildSecurity: domestic
>>> objectClass: top
>>> objectClass: nsApplication
>>> objectClass: groupOfUniqueNames
>>> cn: 389 Administration Server
>>> nsVendor: 389 Project
>>> installationTimeStamp: 20101124210830Z
>>> nsBuildNumber: 2010.328.157
>>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>>> Server,cn=Server
>>> Grou
>>>   p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>>> nsServerMigrationClassname:
>>> com.netscape.management.admserv.AdminServerProduct
>>>   @389-admin-1.1.jar
>>> nsProductName: 389 Administration Server
>>> nsProductVersion: 1.1.13
>>> nsNickName: admin
>>>
>>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s
>>> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
>>> Enter LDAP Password:
>>> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>>> Group,cn=icicl
>>>   e.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>>> objectClass: top
>>> objectClass: netscapeServer
>>> objectClass: nsAdminServer
>>> objectClass: nsResourceRef
>>> objectClass: groupOfUniqueNames
>>> serverHostName: icicle.phasma.nl
>>> cn: admin-serv-icicle
>>> installationTimeStamp: 20101124210830Z
>>> serverProductName: Administration Server
>>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>>> Server,cn=Server
>>> Grou
>>>   p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>>> nsServerID: admin-serv
>>>
>>> I proceeded to restart dirsrv-admin, and the log now looks like this:
>>>
>>> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl
>>> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: *
>>> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured --
>>> resuming normal operations
>>> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl
>>> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: *
>>> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>>> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1]
>>> admserv_check_authz(): passing [/admin-serv/authenticate] to the
>>> userauth
>>> handler
>>> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve
>>> 192.168.134.10
>>> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not
>>> exist: /usr/share/dirsrv/html/java/jars
>> This should be ok - it should fallback to /usr/share/dirsrv/html/java
>>> Still some errors are visible in the logfile,
>> The one marked [error] above, or are there others?  [notice] messages
>> are ok.
> 
> No, this is the only one marked as error.
> 
>>> but i can log in and add
>>> users/groups using the console. When i navigate to 'Directory Server'>
>>> 'Configuration' i get the following error message:
>>> 'Insufficient Permissions': The user
>>> uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does
>>> not
>>> have permission to perform this operation.
>>> When i enter the correct credentials, it seems that everything is
>>> working
>>> as it is supposed to.
>> "correct credentials"?
> 
> the password that is set for uid=admin,.......; This is only a minor
> annoyance, however it does seem strange that i am asked for the password
> again.
> 
>>> The log complains about not being able to do a reverse lookup on
>>> 192.168.134.10, but this seems wrong (DNS works both ways):
>> Yes.  See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
> 
> oke, got it.
> 
>>> [shadowuser@icicle ~]$ host 192.168.134.10
>>> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.
>>> [shadowuser@icicle ~]$ host icicle.phasma.nl
>>> icicle.phasma.nl has address 192.168.134.10
>>>
>>> Thanks for your patience,
>>>
>>> Regards,
>>>
>>> Trisooma
>>>
>>>
>>>
>>>>>>> BTW. this code was taken from 389-admin-1.1.12.a2
>>>>>>>
>>>>>>> I hope this helps,
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Trisooma
>>>>>>>
>>>>>>> --
>>>>>>> 389 users mailing list
>>>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> --
>>> 389 users mailing list
>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
> 
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-- 
Eric Donkersloot

SURFnet
Radboudkwartier 273
3511 CK Utrecht
M +31 6 4115 4547
eric.donkersloot@xxxxxxxxxx

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux