Works for me as well. Thank you very much. Cheers, Eric trisooma wrote: >> On 11/30/2010 04:33 PM, trisooma wrote: >>>> On 11/30/2010 02:32 PM, Trisooma wrote: >>>>> On 11/30/2010 10:23 PM, Rich Megginson wrote: >>>>>> On 11/30/2010 02:20 PM, trisooma wrote: >>>>>>> If i am reading the code correctly (and looking at the logging >>>>>>> below), the >>>>>>> line that has a severity of 'crit' should dump info for the ldap >>>>>>> server we >>>>>>> are connecting to. >>>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes >>>>>>> even >>>>>>> with an odd number like 23395496 (see Eric's first post). >>>>>>> >>>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): >>>>>>> util_ldap_init >>>>>>> failed for ldap://:389 >>>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial >>>>>>> LDAPConnection to >>>>>>> populate LocalAdmin tasks into cache. >>>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured >>>>>>> -- >>>>>>> resuming normal operations >>>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): >>>>>>> util_ldap_init >>>>>>> failed for ldap://:389 >>>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial >>>>>>> LDAPConnection to >>>>>>> populate LocalAdmin tasks into cache. >>>>>>> >>>>>>> The code that logs this error looks like this >>>>>>> [mod_admserv/mod_admserv.c:517] >>>>>>> >>>>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, >>>>>>> NULL, >>>>>>> "openLDAPConnection(): util_ldap_init failed >>>>>>> for >>>>>>> ldap%s://%s:%d", >>>>>>> data->secure ? "s" : "", >>>>>>> data->host, data->port); >>>>>>> >>>>>>> It seems that the struct 'data' is not filled with the correct >>>>>>> values. >>>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - >>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html >>>>> My bad, see >>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html >>>> First, upgrade to the latest versions of these components from the >>>> testing repo >>>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base >>>> 389-adminutil >>>> >>>> Then, run >>>> setup-ds-admin.pl -u >>>> >>>> Then try >>>> >>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >>>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server >>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >>>> >>>> and >>>> >>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >>>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >>>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 >>>> Administration >>>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >>>> >>> Using the above i can confirm that i can now use the console to log in >>> and >>> administer my DS (though i had to remove selinux-policy-targeted). The >>> command 'setup-ds-admin.pl -u' ran without a hitch. >>> >>> the results of both ldap queries are below: >>> >>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s >>> base -b "cn=389 Administration Server,cn=Server >>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >>> Enter LDAP Password: >>> dn: cn=389 Administration Server,cn=Server >>> Group,cn=icicle.phasma.nl,ou=phasma >>> .nl,o=NetscapeRoot >>> nsBuildSecurity: domestic >>> objectClass: top >>> objectClass: nsApplication >>> objectClass: groupOfUniqueNames >>> cn: 389 Administration Server >>> nsVendor: 389 Project >>> installationTimeStamp: 20101124210830Z >>> nsBuildNumber: 2010.328.157 >>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration >>> Server,cn=Server >>> Grou >>> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot >>> nsServerMigrationClassname: >>> com.netscape.management.admserv.AdminServerProduct >>> @389-admin-1.1.jar >>> nsProductName: 389 Administration Server >>> nsProductVersion: 1.1.13 >>> nsNickName: admin >>> >>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D >>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s >>> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server >>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" >>> Enter LDAP Password: >>> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server >>> Group,cn=icicl >>> e.phasma.nl,ou=phasma.nl,o=NetscapeRoot >>> objectClass: top >>> objectClass: netscapeServer >>> objectClass: nsAdminServer >>> objectClass: nsResourceRef >>> objectClass: groupOfUniqueNames >>> serverHostName: icicle.phasma.nl >>> cn: admin-serv-icicle >>> installationTimeStamp: 20101124210830Z >>> serverProductName: Administration Server >>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration >>> Server,cn=Server >>> Grou >>> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot >>> nsServerID: admin-serv >>> >>> I proceeded to restart dirsrv-admin, and the log now looks like this: >>> >>> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl >>> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * >>> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- >>> resuming normal operations >>> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl >>> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * >>> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] >>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >>> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] >>> admserv_check_authz(): passing [/admin-serv/authenticate] to the >>> userauth >>> handler >>> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] >>> admserv_host_ip_check: ap_get_remote_host could not resolve >>> 192.168.134.10 >>> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not >>> exist: /usr/share/dirsrv/html/java/jars >> This should be ok - it should fallback to /usr/share/dirsrv/html/java >>> Still some errors are visible in the logfile, >> The one marked [error] above, or are there others? [notice] messages >> are ok. > > No, this is the only one marked as error. > >>> but i can log in and add >>> users/groups using the console. When i navigate to 'Directory Server'> >>> 'Configuration' i get the following error message: >>> 'Insufficient Permissions': The user >>> uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does >>> not >>> have permission to perform this operation. >>> When i enter the correct credentials, it seems that everything is >>> working >>> as it is supposed to. >> "correct credentials"? > > the password that is set for uid=admin,.......; This is only a minor > annoyance, however it does seem strange that i am asked for the password > again. > >>> The log complains about not being able to do a reverse lookup on >>> 192.168.134.10, but this seems wrong (DNS works both ways): >> Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups > > oke, got it. > >>> [shadowuser@icicle ~]$ host 192.168.134.10 >>> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. >>> [shadowuser@icicle ~]$ host icicle.phasma.nl >>> icicle.phasma.nl has address 192.168.134.10 >>> >>> Thanks for your patience, >>> >>> Regards, >>> >>> Trisooma >>> >>> >>> >>>>>>> BTW. this code was taken from 389-admin-1.1.12.a2 >>>>>>> >>>>>>> I hope this helps, >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Trisooma >>>>>>> >>>>>>> -- >>>>>>> 389 users mailing list >>>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>> -- >>>>> 389 users mailing list >>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> -- >>> 389 users mailing list >>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- Eric Donkersloot SURFnet Radboudkwartier 273 3511 CK Utrecht M +31 6 4115 4547 eric.donkersloot@xxxxxxxxxx -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users