From rmeggins at redhat.com Tue Nov 30 15:33:51 2010
Content-Type: multipart/mixed; boundary="===============7313036650315352465=="
MIME-Version: 1.0
From: Rich Megginson <rmeggins at redhat.com>
To: 389-users at lists.fedoraproject.org
Subject: Re: [389-users] New 389 ds install - cannot logon to adm console
Date: Tue, 30 Nov 2010 08:33:14 -0700
Message-ID: <4CF5193A.30702@redhat.com>
In-Reply-To: 4CF41FFA.90506@xs4all.nl

--===============7313036650315352465==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 11/29/2010 02:49 PM, Trisooma wrote:
> Hi,
>
> I am having the exact same issue:
>
> - fresh install of 389-ds (version 1.2.1-1.fc14)
rpm -qi 389-ds-base 389-adminutil 389-admin
> - server config: (as per
> http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt)
>     nsAdminAccessAddresses: *
>     nsAdminAccessHosts:
> - servers are running (dirsrv/dirsrv-admin)
> - firewall is disabled (all traffic is accepted)
> - SELinux is disabled
> - curl can access auth url locally, see below:
>
> [shadowuser(a)icicle ~]$ curl http://localhost:9830/admin-serv/authentica=
te
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>401 Authorization Required</title>
> </head><body>
> <h1>Authorization Required</h1>
> <p>This server could not verify that you
> are authorized to access the document
> requested.  Either you supplied the wrong
> credentials (e.g., bad password), or your
> browser doesn't understand how to supply
> the credentials required.</p>
> <hr>
> <address>Apache/2.2 Server at localhost Port 9830</address>
> </body></html>
>
> server log insists that access is denied for this ip, see below:
>
> [Mon Nov 29 22:26:37 2010] [crit] openLDAPConnection(): util_ldap_init
> failed for ldap://:389
> [Mon Nov 29 22:26:37 2010] [warn] Unable to open initial LDAPConnection
> to populate LocalAdmin tasks into cache.
> [Mon Nov 29 22:26:38 2010] [notice] Apache/2.2.17 (Unix) configured --
> resuming normal operations
> [Mon Nov 29 22:26:38 2010] [crit] openLDAPConnection(): util_ldap_init
> failed for ldap://:389
This is not good - if the admin server cannot contact the directory =

server, it cannot read its configuration, including the list of accepted =

and rejected hosts/ip.

Can you provide your /etc/dirsrv/admin-serv/adm.conf?
> [Mon Nov 29 22:26:38 2010] [warn] Unable to open initial LDAPConnection
> to populate LocalAdmin tasks into cache.
> [Mon Nov 29 22:26:56 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: Unauthorized host ip=3D127.0.0.1, connection rejec=
ted
> [Mon Nov 29 22:27:37 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: Unauthorized host ip=3D127.0.0.1, connection rejec=
ted
> [Mon Nov 29 22:27:54 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: Unauthorized host ip=3D127.0.0.1, connection rejec=
ted
> [Mon Nov 29 22:28:02 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: Unauthorized host ip=3D127.0.0.1, connection rejec=
ted
> [Mon Nov 29 22:28:05 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: Unauthorized host ip=3D127.0.0.1, connection rejec=
ted
> [Mon Nov 29 22:41:27 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: Unauthorized host ip=3D127.0.0.1, connection rejec=
ted
>
> What could be wrong?
>
> Regards
>
> Trisooma
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users


--===============7313036650315352465==--