If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, "openLDAPConnection(): util_ldap_init failed for ldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
On 11/30/2010 02:20 PM, trisooma wrote:
If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, "openLDAPConnection(): util_ldap_init failed forldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/30/2010 10:23 PM, Rich Megginson wrote:
On 11/30/2010 02:20 PM, trisooma wrote:
If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, "openLDAPConnection(): util_ldap_init failed forldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/30/2010 02:32 PM, Trisooma wrote:
On 11/30/2010 10:23 PM, Rich Megginson wrote:
On 11/30/2010 02:20 PM, trisooma wrote:
If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, "openLDAPConnection(): util_ldap_init failed forldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the testing repo yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil
Then, run setup-ds-admin.pl -u
Then try
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
and
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/30/2010 02:32 PM, Trisooma wrote:
On 11/30/2010 10:23 PM, Rich Megginson wrote:
On 11/30/2010 02:20 PM, trisooma wrote:
If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, "openLDAPConnection(): util_ldap_init failedfor ldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the testing repo yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil
Then, run setup-ds-admin.pl -u
Then try
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
and
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
Using the above i can confirm that i can now use the console to log in and administer my DS (though i had to remove selinux-policy-targeted). The command 'setup-ds-admin.pl -u' ran without a hitch.
the results of both ldap queries are below:
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma .nl,o=NetscapeRoot nsBuildSecurity: domestic objectClass: top objectClass: nsApplication objectClass: groupOfUniqueNames cn: 389 Administration Server nsVendor: 389 Project installationTimeStamp: 20101124210830Z nsBuildNumber: 2010.328.157 uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct @389-admin-1.1.jar nsProductName: 389 Administration Server nsProductVersion: 1.1.13 nsNickName: admin
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicl e.phasma.nl,ou=phasma.nl,o=NetscapeRoot objectClass: top objectClass: netscapeServer objectClass: nsAdminServer objectClass: nsResourceRef objectClass: groupOfUniqueNames serverHostName: icicle.phasma.nl cn: admin-serv-icicle installationTimeStamp: 20101124210830Z serverProductName: Administration Server uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerID: admin-serv
I proceeded to restart dirsrv-admin, and the log now looks like this:
[Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10 [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not exist: /usr/share/dirsrv/html/java/jars
Still some errors are visible in the logfile, but i can log in and add users/groups using the console. When i navigate to 'Directory Server' > 'Configuration' i get the following error message: 'Insufficient Permissions': The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation. When i enter the correct credentials, it seems that everything is working as it is supposed to.
The log complains about not being able to do a reverse lookup on 192.168.134.10, but this seems wrong (DNS works both ways):
[shadowuser@icicle ~]$ host 192.168.134.10 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. [shadowuser@icicle ~]$ host icicle.phasma.nl icicle.phasma.nl has address 192.168.134.10
Thanks for your patience,
Regards,
Trisooma
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/30/2010 04:33 PM, trisooma wrote:
On 11/30/2010 02:32 PM, Trisooma wrote:
On 11/30/2010 10:23 PM, Rich Megginson wrote:On 11/30/2010 02:20 PM, trisooma wrote:
If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL, "openLDAPConnection(): util_ldap_init failedfor ldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the testing repo yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil
Then, run setup-ds-admin.pl -u
Then try
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
and
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
Using the above i can confirm that i can now use the console to log in and administer my DS (though i had to remove selinux-policy-targeted). The command 'setup-ds-admin.pl -u' ran without a hitch.
the results of both ldap queries are below:
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma .nl,o=NetscapeRoot nsBuildSecurity: domestic objectClass: top objectClass: nsApplication objectClass: groupOfUniqueNames cn: 389 Administration Server nsVendor: 389 Project installationTimeStamp: 20101124210830Z nsBuildNumber: 2010.328.157 uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct @389-admin-1.1.jar nsProductName: 389 Administration Server nsProductVersion: 1.1.13 nsNickName: admin
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicl e.phasma.nl,ou=phasma.nl,o=NetscapeRoot objectClass: top objectClass: netscapeServer objectClass: nsAdminServer objectClass: nsResourceRef objectClass: groupOfUniqueNames serverHostName: icicle.phasma.nl cn: admin-serv-icicle installationTimeStamp: 20101124210830Z serverProductName: Administration Server uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerID: admin-serv
I proceeded to restart dirsrv-admin, and the log now looks like this:
[Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10 [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not exist: /usr/share/dirsrv/html/java/jars
This should be ok - it should fallback to /usr/share/dirsrv/html/java
Still some errors are visible in the logfile,
The one marked [error] above, or are there others? [notice] messages are ok.
but i can log in and add users/groups using the console. When i navigate to 'Directory Server'> 'Configuration' i get the following error message: 'Insufficient Permissions': The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation. When i enter the correct credentials, it seems that everything is working as it is supposed to.
"correct credentials"?
The log complains about not being able to do a reverse lookup on 192.168.134.10, but this seems wrong (DNS works both ways):
Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
[shadowuser@icicle ~]$ host 192.168.134.10 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. [shadowuser@icicle ~]$ host icicle.phasma.nl icicle.phasma.nl has address 192.168.134.10
Thanks for your patience,
Regards,
Trisooma
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/30/2010 04:33 PM, trisooma wrote:
On 11/30/2010 02:32 PM, Trisooma wrote:
On 11/30/2010 10:23 PM, Rich Megginson wrote:On 11/30/2010 02:20 PM, trisooma wrote:
If i am reading the code correctly (and looking at the logging below), the line that has a severity of 'crit' should dump info for the ldap server we are connecting to. In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even with an odd number like 23395496 (see Eric's first post).
[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache.
The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */,NULL, "openLDAPConnection(): util_ldap_init failed for ldap%s://%s:%d", data->secure ? "s" : "", data->host, data->port);
It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the testing repo yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil
Then, run setup-ds-admin.pl -u
Then try
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
and
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
Using the above i can confirm that i can now use the console to log in and administer my DS (though i had to remove selinux-policy-targeted). The command 'setup-ds-admin.pl -u' ran without a hitch.
the results of both ldap queries are below:
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma .nl,o=NetscapeRoot nsBuildSecurity: domestic objectClass: top objectClass: nsApplication objectClass: groupOfUniqueNames cn: 389 Administration Server nsVendor: 389 Project installationTimeStamp: 20101124210830Z nsBuildNumber: 2010.328.157 uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct @389-admin-1.1.jar nsProductName: 389 Administration Server nsProductVersion: 1.1.13 nsNickName: admin
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicl e.phasma.nl,ou=phasma.nl,o=NetscapeRoot objectClass: top objectClass: netscapeServer objectClass: nsAdminServer objectClass: nsResourceRef objectClass: groupOfUniqueNames serverHostName: icicle.phasma.nl cn: admin-serv-icicle installationTimeStamp: 20101124210830Z serverProductName: Administration Server uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerID: admin-serv
I proceeded to restart dirsrv-admin, and the log now looks like this:
[Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10 [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not exist: /usr/share/dirsrv/html/java/jars
This should be ok - it should fallback to /usr/share/dirsrv/html/java
Still some errors are visible in the logfile,
The one marked [error] above, or are there others? [notice] messages are ok.
No, this is the only one marked as error.
but i can log in and add users/groups using the console. When i navigate to 'Directory Server'> 'Configuration' i get the following error message: 'Insufficient Permissions': The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation. When i enter the correct credentials, it seems that everything is working as it is supposed to.
"correct credentials"?
the password that is set for uid=admin,.......; This is only a minor annoyance, however it does seem strange that i am asked for the password again.
The log complains about not being able to do a reverse lookup on 192.168.134.10, but this seems wrong (DNS works both ways):
Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
oke, got it.
[shadowuser@icicle ~]$ host 192.168.134.10 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. [shadowuser@icicle ~]$ host icicle.phasma.nl icicle.phasma.nl has address 192.168.134.10
Thanks for your patience,
Regards,
Trisooma
BTW. this code was taken from 389-admin-1.1.12.a2
I hope this helps,
Regards,
Trisooma
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Works for me as well. Thank you very much.
Cheers,
Eric
trisooma wrote:
On 11/30/2010 04:33 PM, trisooma wrote:
On 11/30/2010 02:32 PM, Trisooma wrote:
On 11/30/2010 10:23 PM, Rich Megginson wrote:On 11/30/2010 02:20 PM, trisooma wrote: > If i am reading the code correctly (and looking at the logging > below), the > line that has a severity of 'crit' should dump info for the ldap > server we > are connecting to. > In my case (and Eric's too) only 'ldap://:389' is printed; sometimes > even > with an odd number like 23395496 (see Eric's first post). > > [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): > util_ldap_init > failed for ldap://:389 > [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial > LDAPConnection to > populate LocalAdmin tasks into cache. > [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured > -- > resuming normal operations > [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): > util_ldap_init > failed for ldap://:389 > [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial > LDAPConnection to > populate LocalAdmin tasks into cache. > > The code that logs this error looks like this > [mod_admserv/mod_admserv.c:517] > > ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, > NULL, > "openLDAPConnection(): util_ldap_init failed > for > ldap%s://%s:%d", > data->secure ? "s" : "", > data->host, data->port); > > It seems that the struct 'data' is not filled with the correct > values. That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the testing repo yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil
Then, run setup-ds-admin.pl -u
Then try
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
and
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
Using the above i can confirm that i can now use the console to log in and administer my DS (though i had to remove selinux-policy-targeted). The command 'setup-ds-admin.pl -u' ran without a hitch.
the results of both ldap queries are below:
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma .nl,o=NetscapeRoot nsBuildSecurity: domestic objectClass: top objectClass: nsApplication objectClass: groupOfUniqueNames cn: 389 Administration Server nsVendor: 389 Project installationTimeStamp: 20101124210830Z nsBuildNumber: 2010.328.157 uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct @389-admin-1.1.jar nsProductName: 389 Administration Server nsProductVersion: 1.1.13 nsNickName: admin
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicl e.phasma.nl,ou=phasma.nl,o=NetscapeRoot objectClass: top objectClass: netscapeServer objectClass: nsAdminServer objectClass: nsResourceRef objectClass: groupOfUniqueNames serverHostName: icicle.phasma.nl cn: admin-serv-icicle installationTimeStamp: 20101124210830Z serverProductName: Administration Server uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerID: admin-serv
I proceeded to restart dirsrv-admin, and the log now looks like this:
[Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10 [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not exist: /usr/share/dirsrv/html/java/jars
This should be ok - it should fallback to /usr/share/dirsrv/html/java
Still some errors are visible in the logfile,
The one marked [error] above, or are there others? [notice] messages are ok.
No, this is the only one marked as error.
but i can log in and add users/groups using the console. When i navigate to 'Directory Server'> 'Configuration' i get the following error message: 'Insufficient Permissions': The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation. When i enter the correct credentials, it seems that everything is working as it is supposed to.
"correct credentials"?
the password that is set for uid=admin,.......; This is only a minor annoyance, however it does seem strange that i am asked for the password again.
The log complains about not being able to do a reverse lookup on 192.168.134.10, but this seems wrong (DNS works both ways):
Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
oke, got it.
[shadowuser@icicle ~]$ host 192.168.134.10 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. [shadowuser@icicle ~]$ host icicle.phasma.nl icicle.phasma.nl has address 192.168.134.10
Thanks for your patience,
Regards,
Trisooma
> BTW. this code was taken from 389-admin-1.1.12.a2 > > I hope this helps, > > Regards, > > Trisooma > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
well hello all, seems I'm having this problem myself....fresh install, and when I go to the configuration tab of the 389-console it tells me:
"The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation."
When I click ok, a box appears asking for DN/pass. If I put the password in the box...it continues on with no errors (thus the "mind annoyance"). Then again, if I just click "ok" and then "cancel" (meaning, I don't put in new credentials) the config tab works then too. I don't actually see in the logs either what it is that I'm not being allowed to do, it seems to just be a superfluous re-prompting for the password. On a lark, I tried putting in the /wrong/ password...which it did indeed not like, telling me "invalid credentials." Clicked ok, then cancel...and I'm able to access the configuration tab even after putting in the wrong pass and not correcting it. I'm assuming it is just using the original credentials that should have prevented the initial error in the first place, even though I tried putting in new credentials...
Again, fresh install, on a fresh build of Fedora14. I am tunneling the console, but that shouldn't matter (?). Is this just a bug in 389-console? Should I open a ticket? I'm going to continue past it, since it...doesn't seem to be stopping me from doing anything. I'm using the standard repos, everything is current:
389-admin-console-1.1.5-1.fc14.noarch 389-admin-console-doc-1.1.5-1.fc14.noarch 389-adminutil-1.1.13-1.fc14.x86_64 389-admin-1.1.13-2.fc14.x86_64 389-ds-console-1.2.3-1.fc14.noarch 389-ds-console-doc-1.2.3-1.fc14.noarch 389-console-1.1.4-1.fc14.noarch 389-ds-base-1.2.7.5-1.fc14.x86_64 389-dsgw-1.1.6-1.fc14.x86_64 389-ds-1.2.1-1.fc14.noarch
Did I miss the response about what might have been causing this?
Brian
On Wed, Dec 1, 2010 at 4:00 AM, trisooma trisooma@xs4all.nl wrote:
On 11/30/2010 04:33 PM, trisooma wrote:
On 11/30/2010 02:32 PM, Trisooma wrote:
On 11/30/2010 10:23 PM, Rich Megginson wrote:On 11/30/2010 02:20 PM, trisooma wrote: > If i am reading the code correctly (and looking at the logging > below), the > line that has a severity of 'crit' should dump info for the ldap > server we > are connecting to. > In my case (and Eric's too) only 'ldap://:389' is printed; sometimes > even > with an odd number like 23395496 (see Eric's first post). > > [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): > util_ldap_init > failed for ldap://:389 > [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial > LDAPConnection to > populate LocalAdmin tasks into cache. > [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured > -- > resuming normal operations > [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): > util_ldap_init > failed for ldap://:389 > [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial > LDAPConnection to > populate LocalAdmin tasks into cache. > > The code that logs this error looks like this > [mod_admserv/mod_admserv.c:517] > > ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, > NULL, > "openLDAPConnection(): util_ldap_init failed > for > ldap%s://%s:%d", > data->secure ? "s" : "", > data->host, data->port); > > It seems that the struct 'data' is not filled with the correct > values. That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see
http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the testing repo yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil
Then, run setup-ds-admin.pl -u
Then try
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot"
and
ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl
,o=NetscapeRoot"
Using the above i can confirm that i can now use the console to log in and administer my DS (though i had to remove selinux-policy-targeted). The command 'setup-ds-admin.pl -u' ran without a hitch.
the results of both ldap queries are below:
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma .nl,o=NetscapeRoot nsBuildSecurity: domestic objectClass: top objectClass: nsApplication objectClass: groupOfUniqueNames cn: 389 Administration Server nsVendor: 389 Project installationTimeStamp: 20101124210830Z nsBuildNumber: 2010.328.157 uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct @389-admin-1.1.jar nsProductName: 389 Administration Server nsProductVersion: 1.1.13 nsNickName: admin
[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot" Enter LDAP Password: dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicl e.phasma.nl,ou=phasma.nl,o=NetscapeRoot objectClass: top objectClass: netscapeServer objectClass: nsAdminServer objectClass: nsResourceRef objectClass: groupOfUniqueNames serverHostName: icicle.phasma.nl cn: admin-serv-icicle installationTimeStamp: 20101124210830Z serverProductName: Administration Server uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Grou p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot nsServerID: admin-serv
I proceeded to restart dirsrv-admin, and the log now looks like this:
[Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10 [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not exist: /usr/share/dirsrv/html/java/jars
This should be ok - it should fallback to /usr/share/dirsrv/html/java
Still some errors are visible in the logfile,
The one marked [error] above, or are there others? [notice] messages are ok.
No, this is the only one marked as error.
but i can log in and add users/groups using the console. When i navigate to 'Directory Server'> 'Configuration' i get the following error message: 'Insufficient Permissions': The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation. When i enter the correct credentials, it seems that everything is working as it is supposed to.
"correct credentials"?
the password that is set for uid=admin,.......; This is only a minor annoyance, however it does seem strange that i am asked for the password again.
The log complains about not being able to do a reverse lookup on 192.168.134.10, but this seems wrong (DNS works both ways):
Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
oke, got it.
[shadowuser@icicle ~]$ host 192.168.134.10 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl. [shadowuser@icicle ~]$ host icicle.phasma.nl icicle.phasma.nl has address 192.168.134.10
Thanks for your patience,
Regards,
Trisooma
> BTW. this code was taken from 389-admin-1.1.12.a2 > > I hope this helps, > > Regards, > > Trisooma > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 01/14/2011 05:27 PM, Brian LaMere wrote:
well hello all, seems I'm having this problem myself....fresh install, and when I go to the configuration tab of the 389-console it tells me:
"The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation."
When I click ok, a box appears asking for DN/pass. If I put the password in the box...it continues on with no errors (thus the "mind annoyance"). Then again, if I just click "ok" and then "cancel" (meaning, I don't put in new credentials) the config tab works then too. I don't actually see in the logs either what it is that I'm not being allowed to do, it seems to just be a superfluous re-prompting for the password. On a lark, I tried putting in the /wrong/ password...which it did indeed not like, telling me "invalid credentials." Clicked ok, then cancel...and I'm able to access the configuration tab even after putting in the wrong pass and not correcting it. I'm assuming it is just using the original credentials that should have prevented the initial error in the first place, even though I tried putting in new credentials...
Again, fresh install, on a fresh build of Fedora14. I am tunneling the console, but that shouldn't matter (?). Is this just a bug in 389-console? Should I open a ticket?
Sure. It's really not a permissions issue, it was caused by bug fix to 1.2.7
I'm going to continue past it, since it...doesn't seem to be stopping me from doing anything. I'm using the standard repos, everything is current:
Right. It is annoying and should not stop you from doing anything.
389-admin-console-1.1.5-1.fc14.noarch 389-admin-console-doc-1.1.5-1.fc14.noarch 389-adminutil-1.1.13-1.fc14.x86_64 389-admin-1.1.13-2.fc14.x86_64 389-ds-console-1.2.3-1.fc14.noarch 389-ds-console-doc-1.2.3-1.fc14.noarch 389-console-1.1.4-1.fc14.noarch 389-ds-base-1.2.7.5-1.fc14.x86_64 389-dsgw-1.1.6-1.fc14.x86_64 389-ds-1.2.1-1.fc14.noarch
Did I miss the response about what might have been causing this?
Brian
On Wed, Dec 1, 2010 at 4:00 AM, trisooma <trisooma@xs4all.nl mailto:trisooma@xs4all.nl> wrote:
> On 11/30/2010 04:33 PM, trisooma wrote: >>> On 11/30/2010 02:32 PM, Trisooma wrote: >>>> On 11/30/2010 10:23 PM, Rich Megginson wrote: >>>>> On 11/30/2010 02:20 PM, trisooma wrote: >>>>>> If i am reading the code correctly (and looking at the logging >>>>>> below), the >>>>>> line that has a severity of 'crit' should dump info for the ldap >>>>>> server we >>>>>> are connecting to. >>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes >>>>>> even >>>>>> with an odd number like 23395496 (see Eric's first post). >>>>>> >>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): >>>>>> util_ldap_init >>>>>> failed for ldap://:389 >>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial >>>>>> LDAPConnection to >>>>>> populate LocalAdmin tasks into cache. >>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured >>>>>> -- >>>>>> resuming normal operations >>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): >>>>>> util_ldap_init >>>>>> failed for ldap://:389 >>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial >>>>>> LDAPConnection to >>>>>> populate LocalAdmin tasks into cache. >>>>>> >>>>>> The code that logs this error looks like this >>>>>> [mod_admserv/mod_admserv.c:517] >>>>>> >>>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, >>>>>> NULL, >>>>>> "openLDAPConnection(): util_ldap_init failed >>>>>> for >>>>>> ldap%s://%s:%d", >>>>>> data->secure ? "s" : "", >>>>>> data->host, data->port); >>>>>> >>>>>> It seems that the struct 'data' is not filled with the correct >>>>>> values. >>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf - >>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html >>>> My bad, see >>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html >>> First, upgrade to the latest versions of these components from the >>> testing repo >>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base >>> 389-adminutil >>> >>> Then, run >>> setup-ds-admin.pl <http://setup-ds-admin.pl> -u >>> >>> Then try >>> >>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ <http://icicle.phasma.nl:389/> -D >>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server >>> Group,cn=icicle.phasma.nl <http://icicle.phasma.nl>,ou=phasma.nl <http://phasma.nl>,o=NetscapeRoot" >>> >>> and >>> >>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ <http://icicle.phasma.nl:389/> -D >>> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -w >>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 >>> Administration >>> Server,cn=Server Group,cn=icicle.phasma.nl <http://icicle.phasma.nl>,ou=phasma.nl <http://phasma.nl>,o=NetscapeRoot" >>> >> Using the above i can confirm that i can now use the console to log in >> and >> administer my DS (though i had to remove selinux-policy-targeted). The >> command 'setup-ds-admin.pl <http://setup-ds-admin.pl> -u' ran without a hitch. >> >> the results of both ldap queries are below: >> >> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ <http://icicle.phasma.nl:389/> -D >> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s >> base -b "cn=389 Administration Server,cn=Server >> Group,cn=icicle.phasma.nl <http://icicle.phasma.nl>,ou=phasma.nl <http://phasma.nl>,o=NetscapeRoot" >> Enter LDAP Password: >> dn: cn=389 Administration Server,cn=Server >> Group,cn=icicle.phasma.nl <http://icicle.phasma.nl>,ou=phasma >> .nl,o=NetscapeRoot >> nsBuildSecurity: domestic >> objectClass: top >> objectClass: nsApplication >> objectClass: groupOfUniqueNames >> cn: 389 Administration Server >> nsVendor: 389 Project >> installationTimeStamp: 20101124210830Z >> nsBuildNumber: 2010.328.157 >> uniqueMember: cn=admin-serv-icicle,cn=389 Administration >> Server,cn=Server >> Grou >> p,cn=icicle.phasma.nl <http://icicle.phasma.nl>,ou=phasma.nl <http://phasma.nl>,o=NetscapeRoot >> nsServerMigrationClassname: >> com.netscape.management.admserv.AdminServerProduct >> @389-admin-1.1.jar >> nsProductName: 389 Administration Server >> nsProductVersion: 1.1.13 >> nsNickName: admin >> >> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ <http://icicle.phasma.nl:389/> -D >> "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" -W -s >> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server >> Group,cn=icicle.phasma.nl <http://icicle.phasma.nl>,ou=phasma.nl <http://phasma.nl>,o=NetscapeRoot" >> Enter LDAP Password: >> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server >> Group,cn=icicl >> e.phasma.nl <http://e.phasma.nl>,ou=phasma.nl <http://phasma.nl>,o=NetscapeRoot >> objectClass: top >> objectClass: netscapeServer >> objectClass: nsAdminServer >> objectClass: nsResourceRef >> objectClass: groupOfUniqueNames >> serverHostName: icicle.phasma.nl <http://icicle.phasma.nl> >> cn: admin-serv-icicle >> installationTimeStamp: 20101124210830Z >> serverProductName: Administration Server >> uniqueMember: cn=admin-serv-icicle,cn=389 Administration >> Server,cn=Server >> Grou >> p,cn=icicle.phasma.nl <http://icicle.phasma.nl>,ou=phasma.nl <http://phasma.nl>,o=NetscapeRoot >> nsServerID: admin-serv >> >> I proceeded to restart dirsrv-admin, and the log now looks like this: >> >> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl <http://phasma.nl> >> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: * >> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured -- >> resuming normal operations >> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl <http://phasma.nl> >> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: * >> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1] >> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1] >> admserv_check_authz(): passing [/admin-serv/authenticate] to the >> userauth >> handler >> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10] >> admserv_host_ip_check: ap_get_remote_host could not resolve >> 192.168.134.10 >> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not >> exist: /usr/share/dirsrv/html/java/jars > This should be ok - it should fallback to /usr/share/dirsrv/html/java >> Still some errors are visible in the logfile, > The one marked [error] above, or are there others? [notice] messages > are ok. No, this is the only one marked as error. >> but i can log in and add >> users/groups using the console. When i navigate to 'Directory Server'> >> 'Configuration' i get the following error message: >> 'Insufficient Permissions': The user >> uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does >> not >> have permission to perform this operation. >> When i enter the correct credentials, it seems that everything is >> working >> as it is supposed to. > "correct credentials"? the password that is set for uid=admin,.......; This is only a minor annoyance, however it does seem strange that i am asked for the password again. >> The log complains about not being able to do a reverse lookup on >> 192.168.134.10, but this seems wrong (DNS works both ways): > Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups oke, got it. >> [shadowuser@icicle ~]$ host 192.168.134.10 >> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl <http://icicle.phasma.nl>. >> [shadowuser@icicle ~]$ host icicle.phasma.nl <http://icicle.phasma.nl> >> icicle.phasma.nl <http://icicle.phasma.nl> has address 192.168.134.10 >> >> Thanks for your patience, >> >> Regards, >> >> Trisooma >> >> >> >>>>>> BTW. this code was taken from 389-admin-1.1.12.a2 >>>>>> >>>>>> I hope this helps, >>>>>> >>>>>> Regards, >>>>>> >>>>>> Trisooma >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> >>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> -- >>>> 389 users mailing list >>>> 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> >> -- >> 389 users mailing list >> 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Brian LaMere -
Eric Donkersloot -
Rich Megginson -
trisooma