bah, you were right earlier, and i missed something.
examining the dse.ldif file, i found that it was indeed the passthrough
authentication plug-in. i manually turned it off for the secondary-master,
shut down the primary-master, and was then able to restart the
secondary-master admin-server
they entry is:
dn: cn=Pass Through Authentication,cn=plugins,cn=config
nsslapd-pluginEnabled
it might help to update the HowTo to reference that change
From: Richard Megginson <rmeggins(a)redhat.com>
Reply-To: "General discussion list for the Fedora Directory server
project." <fedora-directory-users(a)redhat.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Subject: Re: [Fedora-directory-users] Problem with
AdminConsole failoverusingFedoraDS
Date: Fri, 27 Apr 2007 08:17:43 -0600
Kyley Engle wrote:
>
>so here's where i'm at now.....
>
>primary-master and secondary-master running...everything is fine. i shut
>down the primary-master and i can log into the admin console on the
>secondary-master fine. however, if i try to restart the admin server, it
>fails with:
>
>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing NSS library
>[Thu Apr 26 22:48:50 2007] [info] Initializing SSL Session Cache of size
>10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing (virtual) servers for
>SSL
>[Thu Apr 26 22:48:50 2007] [info] Server: Apache/2.0.52, Interface:
>mod_nss/2.0.52, Library: NSS/3.11
>[Thu Apr 26 22:48:50 2007] [debug] mod_admserv.c(2154): [30854] Cache
>expiration set to 600 seconds
>[Thu Apr 26 22:48:50 2007] [crit] mod_admserv_post_config(): unable to
>build user/group LDAP server info: unable to set User/Group baseDN
>Configuration Failed
>
>I change the 2 files and 1 directory entry listed in the HowTo: and i get
>the exact same behavior.
There are probably some other values under o=NetscapeRoot somewhere that
reference the old directory server. Try this:
cd /opt/fedora-ds/shared/bin ; ./ldapsearch -T -h host -p port -D
"cn=directory manager" -w password -s sub -b o=netscaperoot
"objectclass=*"
| grep "old ldap server host and/or port"
>
>I have no pass through authentication configured. I'm doing some testing
>on 2 freshly installed instances that don't have anything other than
>o=NetscapeRoot replication enabled and working.
>
>hope this is useful....
>
>-ke
>
>
>>From: Richard Megginson <rmeggins(a)redhat.com>
>>Reply-To: "General discussion list for the Fedora Directory server
>>project." <fedora-directory-users(a)redhat.com>
>>To: "General discussion list for the Fedora Directory server project."
>><fedora-directory-users(a)redhat.com>
>>Subject: Re: [Fedora-directory-users] Problem with Admin Console
>>failoverusingFedoraDS
>>Date: Thu, 26 Apr 2007 16:01:22 -0600
>>
>>Kyley Engle wrote:
>>>
>>>
>>>i have done that, as well as changing the directory in the
>>>nsDirectoryURL entry and the file
>>>/opt/fedora-ds/admin-serv/config/adm.conf
>>>
>>>is there maybe a way to increase the debug logging on the admin-serv?
>>>i'm not finding very much documentation on it.
>>I think you'll also need to change or disable the pass through
>>authentication plug-in in your backup configuration directory server.
>>
>>edit admin-serv/config/httpd.conf and set the LogLevel to debug
>>>
>>>ke
>>>
>>>>From: Richard Megginson <rmeggins(a)redhat.com>
>>>>Reply-To: "General discussion list for the Fedora Directory server
>>>>project." <fedora-directory-users(a)redhat.com>
>>>>To: "General discussion list for the Fedora Directory server
project."
>>>><fedora-directory-users(a)redhat.com>
>>>>Subject: Re: [Fedora-directory-users] Problem with Admin Console
>>>>failoverusing FedoraDS
>>>>Date: Thu, 26 Apr 2007 15:17:43 -0600
>>>>
>>>>Kyley Engle wrote:
>>>>>
>>>>>Hello,
>>>>>
>>>>>I am having problems with the admin-serv when doing failure testing in
>>>>>my multi-master environmnet.
>>>>>
>>>>>What I have:
>>>>>
>>>>>2 masters replicating the userRoot and NetscapeRoot directories
>>>>>various hub and consumer/search servers
>>>>>
>>>>>When I installed the instances on each of these servers, i pointed
>>>>>them at one of the masters, let's call it primary-master, for
it's
>>>>>configuration directory. when both masters are up and running, i can
>>>>>connect my admin consoel to either directory and manage my fleet of
>>>>>servers
>>>>>
>>>>>While doing failure mode testing, I discovered that if the
>>>>>primary-master was turned off, that the secondary master admin-serv
>>>>>would not start properly. it gives the following in
>>>>>/opt/fedora-ds/admin-serv/logs/error:
>>>>>
>>>>>[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to
>>>>>build user/group LDAP server info: unable to set User/Group baseDN
>>>>>Configuration Failed
>>>>>
>>>>>I followed the instructions found here:
>>>>>http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>to change the admin server running on secondary-master to point to
>>>>>itself instead of to the primary master. this did not resolve the
>>>>>issue.
>>>>>
>>>>>Has anyone out there gotten the configuration directory successfully
>>>>>working in a failover capacity in a multi-master environment?
>>>>Try updating shared/config/dbswitch.conf to point to the backup
>>>>configuration ds.
>>>>>
>>>>>ke
>>>>>
>>>>>_________________________________________________________________
>>>>>The average US Credit Score is 675. The cost to see yours: $0 by
>>>>>Experian.
>>>>>http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list
>>>>>Fedora-directory-users(a)redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
<< smime.p7s >>
>>>
>>>
>>>
>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users(a)redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>_________________________________________________________________
>>>Download Messenger. Join the im Initiative. Help make a difference
>>>today.
http://im.live.com/messenger/im/home/?source=TAGHM_APR07
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users(a)redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
<< smime.p7s >>
>
>
>
>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>_________________________________________________________________
>Mortgage refinance is Hot. *Terms. Get a 5.375%* fix rate. Check savings
>https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2bbb&disc=y&vers=925&s=4056&p=5117
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
_________________________________________________________________
Exercise your brain! Try Flexicon.