[389-users] Error finding "Registered server" on DSGW with HTTP auth enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

I'm getting an odd error from the admin server after enabling authentication on the DSGW as described here: http://directory.fedoraproject.org/wiki/DSGW#Requiring_Authenticated_Access

At first it wouldn't find any users; I tracked that back to it searching under o=NetscapeRoot instead of the real baseDN where the users are, so I adjusted ldapurl in adm.conf (names slightly changed to protect the innocent):

>From - 	ldapurl: ldap://ldap-01.example.com:389/o=NetscapeRoot
To - 	ldapurl: ldap://ldap-01.example.com:389/dc=example,dc=com

Now it finds the users OK, but is erroring on this:

[Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd)

I've searched all over for this one and can't find any hints. The source code says it's searching for "dsgwcmd" as a serverID under Server Groups in LDAP somewhere?

Any help would be appreciated, thanks!

---------------------------------------------------------------------



Admin-serv errors log with debug enabled:


[Wed Mar 09 09:57:49 2011] [info] Connection to child 9 established (server ldap-01.example.com:443, client 1.2.3.4)
[Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4, referer: https://password.leve
l3sa.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuratio
n, referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2754): [client 1.2.3.4] checking user cache for: testaccount, referer: https://password.example.com/clien
ts/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2761): [client 1.2.3.4] not in cache, trying DS, referer: https://password.example.com/clients/dsgw/bin/la
ng?context=pb
[Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(1586): [client 1.2.3.4] admserv_check_authz: request for uri [/dsgwcmd/lang], referer: https://password.lev
el3sa.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd), referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [info] Connection to child 9 closed (server ldap-01.example.com:443, client 1.2.3.4)
[Wed Mar 09 09:57:50 2011] [info] Connection to child 10 established (server ldap-01.example.com:443, client 1.2.3.4)
[Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4
[Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuration
[Wed Mar 09 09:57:50 2011] [info] Initial (No.1) HTTPS request received for child 10 (server ldap-01.example.com:443)
[Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] File does not exist: /usr/share/dirsrv/html/favicon.ico
[Wed Mar 09 09:57:50 2011] [info] Connection to child 10 closed (server ldap-01.example.com:443, client 1.2.3.4)


LDAPd access log for the same access attempt:

[09/Mar/2011:09:57:49 -0500] conn=349 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=349 op=0 BIND dn="" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=349 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[09/Mar/2011:09:57:49 -0500] conn=349 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=testaccount)" attrs="c"
[09/Mar/2011:09:57:49 -0500] conn=349 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[09/Mar/2011:09:57:49 -0500] conn=349 op=2 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=349 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=350 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=349 op=3 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=349 op=3 fd=112 closed - U1
[09/Mar/2011:09:57:49 -0500] conn=350 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=350 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=350 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
[09/Mar/2011:09:57:49 -0500] conn=350 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
[09/Mar/2011:09:57:49 -0500] conn=351 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=350 op=2 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=350 op=2 fd=113 closed - U1
[09/Mar/2011:09:57:49 -0500] conn=351 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=351 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=351 op=1 SRCH base="cn=slapd-ldap-01, cn=389 Directory Server, cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
[09/Mar/2011:09:57:49 -0500] conn=351 op=1 RESULT err=0 tag=101 nentries=20 etime=0 notes=U
[09/Mar/2011:09:57:49 -0500] conn=352 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=351 op=2 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=351 op=2 fd=112 closed - U1
[09/Mar/2011:09:57:49 -0500] conn=352 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=352 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=352 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
[09/Mar/2011:09:57:49 -0500] conn=352 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
[09/Mar/2011:09:57:49 -0500] conn=352 op=2 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=352 op=2 fd=113 closed - U1

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux