On Tue, Mar 27, 2012 at 10:05 AM, Rich Megginson <rmeggins(a)redhat.com> wrote:
On 03/27/2012 06:46 AM, Mike Mercier wrote:
>
> Hello,
>
> On Mon, Mar 26, 2012 at 10:47 AM, Rich Megginson<rmeggins(a)redhat.com>
> wrote:
>>
>> On 03/26/2012 08:28 AM, Mike Mercier wrote:
>>>
>>> Hello,
>>>
>>> adm.conf attached.
>>
>> Have you configured the directory server to use TLS/SSL?
>
> No, TLS/SSL was not configured. I did the following to install 389.
>
> Install fedora 16
> run yum update
> install 389
> run setup-ds-admin.pl using the 'Typical' option
> run 389-console and try to login as cn=Directory Manager
>
>> Can you try with 389-admin-1.1.28 now in updates-testing?
>
> [root@localhost ~]# rpm -qa | grep 389
> 389-console-1.1.7-1.fc16.noarch
> 389-ds-console-doc-1.2.6-1.fc16.noarch
> 389-ds-base-libs-1.2.10.4-2.fc16.x86_64
> 389-ds-1.2.2-1.fc15.noarch
> 389-ds-base-1.2.10.4-2.fc16.x86_64
> 389-ds-console-1.2.6-1.fc16.noarch
> 389-admin-console-doc-1.1.8-2.fc16.noarch
> 389-admin-console-1.1.8-2.fc16.noarch
> 389-dsgw-1.1.7-2.fc16.x86_64
> 389-admin-1.1.28-1.fc16.x86_64
> 389-adminutil-1.1.14-1.fc16.x86_64
>
> When using 389-console
>
> /var/log/dirsrv/admin-serv/error
> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
> -1: Can't contact LDAP server
> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
> -1: Can't contact LDAP server
> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] unable to bind
> to server [localhost.localdomain:389] as [(anonymous)]
> [Tue Mar 27 08:36:31 2012] [crit] buildUGInfo(): unable to initialize
> TLS connection to LDAP host localhost.localdomain port 389: 4
> [Tue Mar 27 08:36:31 2012] [error] [client 127.0.0.1] user
> cn=Directory Manager not found: /admin-serv/authenticate
>
>
> /var/log/dirsrv/admin-serv/access
> 127.0.0.1 - cn=Directory Manager [27/Mar/2012:08:36:31 -0400] "GET
> /admin-serv/authenticate HTTP/1.0" 401 478
>
> When using
http://http://localhost.localdomain:9830/dist/download and
> clicking '389 Administration Express'
>
> /var/log/dirsrv/admin-serv/error
> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
> referer:
http://localhost.localdomain:9830/dist/download
> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
> referer:
http://localhost.localdomain:9830/dist/download
> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
> referer:
http://localhost.localdomain:9830/dist/download
> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
> -1: Can't contact LDAP server
> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
> -1: Can't contact LDAP server
> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] unable to bind
> to server [localhost.localdomain:389] as [(anonymous)], referer:
>
http://localhost.localdomain:9830/dist/download
> [Tue Mar 27 08:42:00 2012] [crit] buildUGInfo(): unable to initialize
> TLS connection to LDAP host localhost.localdomain port 389: 4
>
>
> /var/log/dirsrv/admin-serv/access
>
> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /dist/download
> HTTP/1.1" 200 4470
> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/spacer.gif
> HTTP/1.1" 200 43
> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/goto.gif HTTP/1.1"
> 200 86
> 127.0.0.1 - admin [27/Mar/2012:08:42:00 -0400] "GET
> /admin-serv/tasks/configuration/HTMLAdmin?op=index HTTP/1.1" 500 615
What's in your directory server access log from around this time?
/var/log/dirsrv/slapd-INSTANCE/access
Strangely, there are no entries in the file from that time... below
is the entire file
/var/log/dirsrv/slapd-mpls/access:
389-Directory/1.2.10.2 B2012.054.1543
localhost.localdomain:389 (/etc/dirsrv/slapd-mpls)
[22/Mar/2012:15:09:39 -0400] conn=8 op=-1 fd=64 closed - B1
[22/Mar/2012:15:09:39 -0400] conn=10 op=-1 fd=65 closed - B1
>
> Thanks,
> Mike
>
>
>
>>> Thanks,
>>> Mike
>>>
>>> On Fri, Mar 23, 2012 at 10:42 AM, Rich Megginson<rmeggins(a)redhat.com>
>>> wrote:
>>>>
>>>> On 03/22/2012 10:47 AM, Mike Mercier wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> Sorry for the delay...
>>>>>
>>>>> /var/log/dirsrv/admin-serv/access
>>>>>
>>>>> 127.0.0.1 - cn=Directory Manager [22/Mar/2012:12:43:32 -0400]
"GET
>>>>> /admin-serv/authenticate HTTP/1.0" 401 478
>>>>>
>>>>> /var/log/dirsrv/admin-serv/error
>>>>> [Thu Mar 22 12:43:26 2012] [notice] caught SIGTERM, shutting down
>>>>> [Thu Mar 22 12:43:27 2012] [notice] SELinux policy enabled; httpd
>>>>> running as context system_u:system_r:httpd_t:s0
>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
>>>>> -1: Can't contact LDAP server
>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
>>>>> -1: Can't contact LDAP server
>>>>> [Thu Mar 22 12:43:28 2012] [warn] Unable to bind as LocalAdmin to
>>>>> populate LocalAdmin tasks into cache.
>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Host filter is: *
>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Address filter is: *
>>>>> [Thu Mar 22 12:43:29 2012] [notice] Apache/2.2.22 (Unix) configured
--
>>>>> resuming normal operations
>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
>>>>> -1: Can't contact LDAP server
>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
>>>>> -1: Can't contact LDAP server
>>>>> [Thu Mar 22 12:43:29 2012] [warn] Unable to bind as LocalAdmin to
>>>>> populate LocalAdmin tasks into cache.
>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Host filter is: *
>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Address filter is: *
>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1]
>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve
127.0.0.1
>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
>>>>> -1: Can't contact LDAP server
>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
>>>>> -1: Can't contact LDAP server
>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] unable to
bind
>>>>> to server [localhost.localdomain:389] as [(anonymous)]
>>>>> [Thu Mar 22 12:43:32 2012] [crit] buildUGInfo(): unable to
initialize
>>>>> TLS connection to LDAP host localhost.localdomain port 389: 4
>>>>
>>>>
>>>> Can you post your /etc/dirsrv/admin-serv/adm.conf?
>>>> Have you configured your directory server to use SSL?
>>>>
>>>>> [Thu Mar 22 12:43:32 2012] [error] [client 127.0.0.1] user
>>>>> cn=Directory Manager not found: /admin-serv/authenticate
>>>>>
>>>>> NOTE: This is after modifying 'local.conf' with
>>>>> configuration.nsadminaccesshosts: *
>>>>>
>>>>> Thanks,
>>>>> Mike
>>>>>
>>>>> On Fri, Mar 16, 2012 at 5:43 PM, Mark
Reynolds<mareynol(a)redhat.com>
>>>>> wrote:
>>>>>>
>>>>>> Hi Michael,
>>>>>>
>>>>>> see comments below...
>>>>>>
>>>>>>
>>>>>> On 03/16/2012 02:42 PM, Michael Mercier wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I seem to be having problems using the 389-console GUI.
>>>>>>
>>>>>> I am entering the following information into each of the fields:
>>>>>>
>>>>>> User ID: cn=Directory Manager
>>>>>> Password: password
>>>>>> Administration URL:
http://localhost.localdomain:9830
>>>>>>
>>>>>> It fails with the following error:
>>>>>>
>>>>>> Cannot logon because of an incorrect User ID,
>>>>>> Incorrect password or Directory problem.
>>>>>>
>>>>>> HttpException:
>>>>>> Response: HTTP/1.1 401 Authorization Required
>>>>>> Status: 401
>>>>>> URL:
http://localhost.localdomain:9830/admin-serv/authenticate
>>>>>>
>>>>>> Do you have a DS access log snippet showing the bind&
result?
>>>>>>
>>>>>>
>>>>>> I might not hurt to restart the admin server as well.
>>>>>>
>>>>>> Thanks,
>>>>>> Mark
>>>>>>
>>>>>>
>>>>>> I have also tried with:
>>>>>> User ID: admin
>>>>>> Password: password
>>>>>> Administration URL:
http://localhost.localdomain:9830
>>>>>>
>>>>>> It fails with the following error:
>>>>>>
>>>>>> Cannot connect to the directory server:
>>>>>> netscape.ldap.LDAPException: error result (32): No such object
>>>>>>
>>>>>> I am able to run searches from the command line:
>>>>>>
>>>>>> [root@localhost ~]# ldapsearch -x -b o=netscaperoot -D
"cn=directory
>>>>>> manager" -w password "nsDirectoryURL=*"
>>>>>> # extended LDIF
>>>>>> #
>>>>>> # LDAPv3
>>>>>> # base<o=netscaperoot> with scope subtree
>>>>>> # filter: nsDirectoryURL=*
>>>>>> # requesting: ALL
>>>>>> #
>>>>>>
>>>>>> # UserDirectory, Global Preferences, MyDomain, NetscapeRoot
>>>>>> dn: cn=UserDirectory,ou=Global
Preferences,ou=MyDomain,o=NetscapeRoot
>>>>>> objectClass: top
>>>>>> objectClass: nsDirectoryInfo
>>>>>> nsDirectoryURL: ldap://localhost.localdomain:389/dc=mpls
>>>>>> cn: UserDirectory
>>>>>>
>>>>>> # search result
>>>>>> search: 2
>>>>>> result: 0 Success
>>>>>>
>>>>>> # numResponses: 2
>>>>>> # numEntries: 1
>>>>>> [root@localhost ~]#
>>>>>>
>>>>>> If I try to access
http://localhost.localdomain:9830 with a web
>>>>>> browser, I am shown the "Services for users" page, but
when I click
>>>>>> on
>>>>>> "389 Administration Express" i get the following
error:
>>>>>>
>>>>>> Internal Server Error
>>>>>>
>>>>>> The server encountered an internal error or misconfiguration and
was
>>>>>> unable to complete your request.
>>>>>>
>>>>>> Please contact the server administrator, [no address given] and
>>>>>> inform
>>>>>> them of the time the error occurred, and anything you might have
done
>>>>>> that may have caused the error.
>>>>>>
>>>>>> More information about this error may be available in the server
>>>>>> error
>>>>>> log.
>>>>>> Apache/2.2 Server at localhost.localdomain Port 9830
>>>>>>
>>>>>> Anyone have any ideas?
>>>>>>
>>>>>> Thanks,
>>>>>> Mike
>>>>>>
>>>>>> [root@localhost ~]# more /etc/redhat-release
>>>>>> Fedora release 16 (Verne)
>>>>>> [root@localhost ~]# rpm -qa|grep 389
>>>>>> 389-console-1.1.7-1.fc16.noarch
>>>>>> 389-ds-console-doc-1.2.6-1.fc16.noarch
>>>>>> 389-ds-base-libs-1.2.10.2-1.fc16.x86_64
>>>>>> 389-ds-1.2.2-1.fc15.noarch
>>>>>> 389-ds-console-1.2.6-1.fc16.noarch
>>>>>> 389-admin-1.1.23-1.fc16.x86_64
>>>>>> 389-admin-console-doc-1.1.8-2.fc16.noarch
>>>>>> 389-admin-console-1.1.8-2.fc16.noarch
>>>>>> 389-dsgw-1.1.7-2.fc16.x86_64
>>>>>> 389-adminutil-1.1.14-1.fc16.x86_64
>>>>>> 389-ds-base-1.2.10.2-1.fc16.x86_64
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users(a)lists.fedoraproject.org
>>>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users(a)lists.fedoraproject.org
>>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>
>>>>