Re: [389-users] Cannot login as cn=Directory Manager

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/06/2011 06:38 AM, harry.devine@xxxxxxx wrote:

I got the repo setup and installed the latest version, but when I ran setup-ds-admin.pl, there was some contention with what I already had installed and failed.
What exactly was the contention?
So I did a "yum remove" on everything,
You have to run remove-ds-admin.pl -y -f first or it will leave files around. 
then reinstalled from scratch ("yum install 389-ds", etc.).  Now when I run setup-ds-admin.pl, it fails when it tries to setup the server with the following error:

Could not copy file '/etc/dirsrv/config/certmap.conf' to '/etc/dirsrv/slapd-localhost/certmap.conf'.   Error: No such file or directory
Error: Could not create directory server instance 'localhost'.
Exiting . . .

Any ideas?
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine@xxxxxxx



From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: Harry Devine/ACT/FAA@FAA
Cc: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Date: 01/05/2011 03:45 PM
Subject: Re: [389-users] Cannot login as cn=Directory Manager





On 01/05/2011 11:25 AM, harry.devine@xxxxxxx wrote:

I tried to upgrade, but yum tells me that there are no packages marked for update.  I did see that I had the dirsrv.repo file renamed so it wouldn't be used, so I renamed it back and tried the "yum upgrade" again, and got the same thing.  The relevant contents of my dirsrv.repo file are:


[dirsrv]

name=389 Directory Server - 6 - $basearch

baseurl=
http://port389.org/yum/dirsrv/fedora/6/$basearch/RPMS

I assume this repo isn't correct?  I think I downloaded it from that CentOS link I included in my last email.

We've been using EPEL for a couple of years now - that repo is not used any more.
http://directory.fedoraproject.org/wiki/Download

Thanks,

Harry


Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218

Harry.Devine@xxxxxxx

From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: Harry Devine/ACT/FAA@FAA
Cc: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Date: 01/05/2011 11:57 AM
Subject: Re: [389-users] Cannot login as cn=Directory Manager






On 01/05/2011 09:30 AM,
harry.devine@xxxxxxx wrote:

Yep, it appears to just have stopped working.  I know that I had some similar issues back in October when I first installed it, but I turned off the firewall on this PC and all was good.  I verified that I still have the firewall off.  I'm running this on an old laptop that we have here at work which is running CentOS 5.4, and isn't connected to the network at all.  Just for evaluation and familiarization purposes at this point.


Here's the versions that I could get:

389-console: 1.1.3

389-ds-base: 1.2.2

389-admin: 1.1.8

idm-console-framework: 1.1.3

389-adminutil: 1.1.8


Everything was (I assume) installed at once when I did the initial installation following the instructions I found at
http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/.
I suggest upgrading to the latest 1.2.7 if only to make it easier to support.


Lastly, nothing is in the directory server access log around 10:41:25.  Just that one line that said "GET /admin-serv/authenticate HTTP/1.0" at 10:45:45.

That's the admin server log - the directory server access log is in /var/log/dirsrv/slapd-yourinstancename/access


Thanks!

Harry


Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218

Harry.Devine@xxxxxxx
From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: Harry Devine/ACT/FAA@FAA
Cc: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Date: 01/05/2011 11:18 AM
Subject: Re: [389-users] Cannot login as cn=Directory Manager







On 01/05/2011 08:40 AM,
harry.devine@xxxxxxx wrote:

How do I tell what the other versions are?

rpm -qi 389-console 389-ds-base 389-admin idm-console-framework 389-adminutil

I haven't upgraded or anything, so its the same version/installation that I initially did a few months ago.

So it just stopped working, with no explanation, and nothing has changed?

Should I upgrade?  Is there a bug that's fixed in a newer version that could be causing what I'm seeing?


The /var/log/dirsrv/admin-serv/error log shows:

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain] did not match pattern [*.test.com] -will scan aliases

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not match pattern [*.test.com]

[Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host localhost.test.com port 389: 4


This error message is somewhat misleading - it is not actually attempting a TLS connection unless you have configured it to use TLS.

What's in the directory server access log on or around [Wed Jan 05 10:41:25 2011] ?

[Wed Jan 05 10:41:25 2011] [error] [client 127.0.0.1] user cn=Directory Manager not found: /admin-serv/authenticate

If the directory server connection fails, it will fail to lookup/bind too.


The /var/log/dirsrv/admin-serv/access log (which only got written to AFTER I closed 389-console) shows:

127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500] "GET /admin-serv/authenticate HTTP/1.0" 401 466


Thanks!

Harry


Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218

Harry.Devine@xxxxxxx
From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: Harry Devine/ACT/FAA@FAA
Cc: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Date: 01/05/2011 10:23 AM
Subject: Re: [389-users] Cannot login as cn=Directory Manager








On 01/05/2011 05:59 AM,
harry.devine@xxxxxxx wrote:

I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the console log properly.  The console log that got generated when I ran "389-console -D 9 -f console.log" is attached.

What are the versions of the other components?
389-ds-base, 389-admin, idm-console-framework

What does it say in the admin server logs in /var/log/dirsrv/admin-serv/error and access?

Have you upgraded recently?  If so, did you run setup-ds-admin.pl -u after upgrading?


Thanks for the help!

Harry




Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218

Harry.Devine@xxxxxxx
From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Cc: Harry Devine/ACT/FAA@FAA
Date: 01/04/2011 04:40 PM
Subject: Re: [389-users] Cannot login as cn=Directory Manager









On 01/04/2011 12:55 PM,
harry.devine@xxxxxxx wrote:

I've been away from my 389-ds admin for a few months (I'm just starting to get familiar with it), and I can't login using the user ID "cn=Directory Manager".  A few months ago I could using the GUI 389-console application.  But today I can't.  It keeps saying:


"Can't login because of an incorrect User ID, Incorrect password, or Directory problem."


The error log shows: "[error] [client 127.0.0.1] user cn=Directory Manager not found: /admin-serv/authenticate"


I am able to get data back when I enter: "
ldapsearch -x -b o=netscaperoot -D "cn=Directory Manager" -w <password> "objectclass=nsAdminConfig"" from the command line, so I know that the password is correct.

Any thoughts on what to do to fix this?

What platform?  What versions of 389-ds-base, 389-admin, idm-console-framework?
run 389-console -D 9 -f console.log then send console.log (you will first want to obscure any sensitive information)


Thanks!

Harry


Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218

Harry.Devine@xxxxxxx


--
389 users mailing list

389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users











--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux