On 11/30/2010 04:33 PM, trisooma wrote:
On 11/30/2010 02:32 PM, Trisooma wrote:
On 11/30/2010 10:23 PM, Rich Megginson wrote:On 11/30/2010 02:20 PM, trisooma wrote:
If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, "openLDAPConnection(): util_ldap_init failedfor ldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the testing repo yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil
Then, run setup-ds-admin.pl -u
Then try
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
and
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
Using the above i can confirm that i can now use the console to log in and administer my DS (though i had to remove selinux-policy-targeted). The command 'setup-ds-admin.pl -u' ran without a hitch.
the results of both ldap queries are below:
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma .nl,o=NetscapeRoot nsBuildSecurity: domestic objectClass: top objectClass: nsApplication objectClass: groupOfUniqueNames cn: 389 Administration Server nsVendor: 389 Project installationTimeStamp: 20101124210830Z nsBuildNumber: 2010.328.157 uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct @389-admin-1.1.jar nsProductName: 389 Administration Server nsProductVersion: 1.1.13 nsNickName: admin
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicl e.phasma.nl,ou=phasma.nl,o=NetscapeRoot objectClass: top objectClass: netscapeServer objectClass: nsAdminServer objectClass: nsResourceRef objectClass: groupOfUniqueNames serverHostName: icicle.phasma.nl cn: admin-serv-icicle installationTimeStamp: 20101124210830Z serverProductName: Administration Server uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerID: admin-serv
I proceeded to restart dirsrv-admin, and the log now looks like this:
[Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10 [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not exist: /usr/share/dirsrv/html/java/jars
This should be ok - it should fallback to /usr/share/dirsrv/html/java
Still some errors are visible in the logfile,
The one marked [error] above, or are there others? [notice] messages are ok.
but i can log in and add users/groups using the console. When i navigate to 'Directory Server'> 'Configuration' i get the following error message: 'Insufficient Permissions': The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation. When i enter the correct credentials, it seems that everything is working as it is supposed to.
"correct credentials"?
The log complains about not being able to do a reverse lookup on 192.168.134.10, but this seems wrong (DNS works both ways):
Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
[shadowuser@icicle ~]$ host 192.168.134.10 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. [shadowuser@icicle ~]$ host icicle.phasma.nl icicle.phasma.nl has address 192.168.134.10
Thanks for your patience,
Regards,
Trisooma
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users