Re: [389-users] Error finding "Registered server" on DSGW with HTTP auth enabled

Rich Megginson <rmeggins@xxxxxxxxxx> · Wed, 09 Mar 2011 10:41:11 -0700



On 03/09/2011 10:22 AM, Bowden, Brendan wrote:
> Hello all,
>
> I'm getting an odd error from the admin server after enabling authentication on the DSGW as described here: http://directory.fedoraproject.org/wiki/DSGW#Requiring_Authenticated_Access
>
> At first it wouldn't find any users; I tracked that back to it searching under o=NetscapeRoot instead of the real baseDN where the users are, so I adjusted ldapurl in adm.conf (names slightly changed to protect the innocent):
>
> > From - 	ldapurl: ldap://ldap-01.example.com:389/o=NetscapeRoot
> To - 	ldapurl: ldap://ldap-01.example.com:389/dc=example,dc=com
This may break other aspects of admin server and console.
> Now it finds the users OK, but is erroring on this:
>
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd)
>
> I've searched all over for this one and can't find any hints. The source code says it's searching for "dsgwcmd" as a serverID under Server Groups in LDAP somewhere?
>
> Any help would be appreciated, thanks!
I think it's just broken.  This was very likely broken when the admin 
server was ported to apache some years ago.
> ---------------------------------------------------------------------
>
>
>
> Admin-serv errors log with debug enabled:
>
>
> [Wed Mar 09 09:57:49 2011] [info] Connection to child 9 established (server ldap-01.example.com:443, client 1.2.3.4)
> [Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4, referer: https://password.leve
> l3sa.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuratio
> n, referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2754): [client 1.2.3.4] checking user cache for: testaccount, referer: https://password.example.com/clien
> ts/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2761): [client 1.2.3.4] not in cache, trying DS, referer: https://password.example.com/clients/dsgw/bin/la
> ng?context=pb
> [Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(1586): [client 1.2.3.4] admserv_check_authz: request for uri [/dsgwcmd/lang], referer: https://password.lev
> el3sa.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd), referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 9 closed (server ldap-01.example.com:443, client 1.2.3.4)
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 10 established (server ldap-01.example.com:443, client 1.2.3.4)
> [Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4
> [Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuration
> [Wed Mar 09 09:57:50 2011] [info] Initial (No.1) HTTPS request received for child 10 (server ldap-01.example.com:443)
> [Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] File does not exist: /usr/share/dirsrv/html/favicon.ico
> [Wed Mar 09 09:57:50 2011] [info] Connection to child 10 closed (server ldap-01.example.com:443, client 1.2.3.4)
>
>
> LDAPd access log for the same access attempt:
>
> [09/Mar/2011:09:57:49 -0500] conn=349 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 BIND dn="" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=349 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=testaccount)" attrs="c"
> [09/Mar/2011:09:57:49 -0500] conn=349 op=1 RESULT err=0 tag=101 nentries=1 etime=0
> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=349 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=350 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=349 op=3 fd=112 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=350 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=350 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=351 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=350 op=2 fd=113 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=351 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 SRCH base="cn=slapd-ldap-01, cn=389 Directory Server, cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=351 op=1 RESULT err=0 tag=101 nentries=20 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=352 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=351 op=2 fd=112 closed - U1
> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example,dc=com" method=128 version=3
> [09/Mar/2011:09:57:49 -0500] conn=352 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example,dc=com"
> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
> [09/Mar/2011:09:57:49 -0500] conn=352 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 UNBIND
> [09/Mar/2011:09:57:49 -0500] conn=352 op=2 fd=113 closed - U1
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users