<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 11/10/2011 11:48 AM, Tom Tucker wrote:
<blockquote
cite="mid:CAGymF1CpRMou30iMcf=d49wakdx9k_HieRfwYj=r03EN-aAm6A@mail.gmail.com"
type="cite"><br>
<div>
<div>I would appreciate any troubleshooting advise you might
have regarding my registered ldap servers. I am referring to
the first page you see when launching the console (servers
listed underneath Servers and Applications). I see my servers
listed, however I am unable to open them. Their "Server
status" always reports "Stopped" even though the remote
servers are running.</div>
<div><br>
</div>
<div>Based on my tcpdump capture below the 'admin prohibited'
message is a clear indication of the problem, but I can't seem
to correct it. I have reran the setup several times,
confirmed the password and such. </div>
<div><br>
</div>
<div>What am I missing?</div>
</div>
</blockquote>
Have you tried running setup-ds-admin.pl -u on both the local
servers and the remote servers?<br>
<blockquote
cite="mid:CAGymF1CpRMou30iMcf=d49wakdx9k_HieRfwYj=r03EN-aAm6A@mail.gmail.com"
type="cite">
<div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>==============================================================================</div>
<div><br>
</div>
<div>13:35:27.458489 IP serverA.mydomain.com.30940 >
serverB.mydomain.com.ldap: Flags [S], seq 404137883, win
14600, options [mss 1460,sackOK,TS val 348721371 ecr
0,nop,wscale 6], length 0</div>
<div>13:35:27.458591 IP <a moz-do-not-send="true"
href="http://serverB.mydomain.com">serverB.mydomain.com</a>
> <a moz-do-not-send="true"
href="http://serverA.mydomain.com">serverA.mydomain.com</a>:
ICMP host <a moz-do-not-send="true"
href="http://serverB.mydomain.com">serverB.mydomain.com</a>
unreachable - admin prohibited, length 68</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Please specify the information about your configuration
directory</div>
<div>server. The following information is required:</div>
<div>- host (fully qualified), port (non-secure or secure),
suffix,</div>
<div> protocol (ldap or ldaps) - this information should be
provided in the</div>
<div> form of an LDAP url e.g. for non-secure</div>
<div><a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://host.example.com:389/o=NetscapeRoot">host.example.com:389/o=NetscapeRoot</a></div>
<div> or for secure</div>
<div><a class="moz-txt-link-freetext" href="ldaps://">ldaps://</a><a moz-do-not-send="true"
href="http://host.example.com:636/o=NetscapeRoot">host.example.com:636/o=NetscapeRoot</a></div>
<div>- admin ID and password</div>
<div>- admin domain</div>
<div>- a CA certificate file may be required if you choose to
use ldaps and</div>
<div> security has not yet been configured - the file must be
in PEM/ASCII</div>
<div> format - specify the absolute path and filename</div>
<div><br>
</div>
<div>Configuration directory server URL [<a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://serverA.mydomain.com:389/o=NetscapeRoot">serverA.mydomain.com:389/o=NetscapeRoot</a>]: </div>
<div>Configuration directory server admin ID
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]: </div>
<div>Configuration directory server admin password: </div>
<div>Configuration directory server admin domain [<a
moz-do-not-send="true" href="http://mydomain.com">mydomain.com</a>]: </div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>