[Fedora-directory-users] Admin Server Failure

Ian Marks imarks at comcast.net
Wed Aug 9 20:14:31 UTC 2006 

I really appreciate your help!!

adm.conf
ldapHost:   cac.example.com
ldapPort:   389
sie:   cn=admin-serv-cac, cn=Fedora Administration Server, cn=Server 
Group, cn=cac.example.com, ou=example.com, o=NetscapeRoot
siepid:   xxxxxxxx
isie:   cn=Fedora Administration Server, cn=Server Group, 
cn=cac.example.com, ou=example.com, o=NetscapeRoot
port:   1389
ldapStart:   slapd-cac/start-slapd


dbswitch.conf

directory default ldap://cac.example.com:389/o%3DNetscapeRoot


Richard Megginson wrote:
> Ian Marks wrote:
>> Here is the last few lines from the error log after enabling debug.
>>
>>
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=htmladmin,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:htmladmin:] 
>> for user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=statpingserv,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:statpingserv:] 
>> for user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=viewdata,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewdata:] for 
>> user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=viewlog,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewlog:] for 
>> user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=monreplication,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:monreplication:] 
>> for user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=repl-monitor-cgi.pl,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:repl-monitor-cgi.pl:] 
>> for user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=sync-task-sie-data,cn=commands,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for 
>> user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428): 
>> populate_tasks_from_server(): Added task entry 
>> [cn=change-sie-password,cn=commands,cn=admin-serv-cac,cn=fedora 
>> administration server,cn=server 
>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for 
>> user [LocalSuper]
>> [Wed Aug 09 19:22:22 2006] [crit] host_ip_init(): PSET failure: 
>> Failed to create PSET handle (pset error = )
> Hm - just pset?  The other ldap stuff is working fine.  Please post 
> your admin-serv/config/adm.conf and shared/config/dbswitch.conf - be 
> sure to obscure any sensitive information first.
>>
>>
>> Ian
>>
>> Richard Megginson wrote:
>>> Ian Marks wrote:
>>>> I have the following ssl packages installed.
>>>> rpm -qa |grep ssl
>>>> openssl-0.9.7a-43.8
>>>> mod_ssl-2.0.52-22.ent.centos4
>>>> openssl-devel-0.9.7a-43.8
>>>> xmlsec1-openssl-1.2.6-3
>>>>
>>>> The directory server is running and appears to be working 
>>>> correctly.  Several other hosts are able to authenticate via pam 
>>>> against this DS server.  Here is the output of "sh -xv 
>>>> start-admin", minus the copyright stuff:
>>>>
>>>> SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT
>>>> + SERVER_ROOT=/opt/fedora-ds
>>>> + export SERVER_ROOT
>>>> NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT
>>>> + NETSITE_ROOT=/opt/fedora-ds
>>>> + export NETSITE_ROOT
>>>> ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT
>>>> + ADMSERV_ROOT=/opt/fedora-ds/admin-serv
>>>> + export ADMSERV_ROOT
>>>>
>>>> unset PASSWORD_PIPE
>>>> + unset PASSWORD_PIPE
>>>>
>>>> LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export 
>>>> LD_LIBRARY_PATH
>>>> + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:
>>>> + export LD_LIBRARY_PATH
>>>> LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib; 
>>>> export LIBPATH
>>>> + 
>>>> LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib 
>>>>
>>>> + export LIBPATH
>>>> SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH
>>>> + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib::
>>>> + export SHLIB_PATH
>>>>
>>>> NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME
>>>> + NS_SERVER_HOME=/opt/fedora-ds
>>>> + export NS_SERVER_HOME
>>>> PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH
>>>> + 
>>>> PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin 
>>>>
>>>> + export PATH
>>>>
>>>> HTTPD=/usr/sbin//httpd.worker
>>>> + HTTPD=/usr/sbin//httpd.worker
>>>>
>>>> # see if httpd is linked with the openldap libraries - we need to 
>>>> override them
>>>> OS=`uname -s`
>>>> uname -s
>>>> ++ uname -s
>>>> + OS=Linux
>>>> if [ $OS = "Linux" ]; then
>>>>    hasol=0
>>>>
>>>>    /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 && hasol=1
>>>>
>>>>    if [ $hasol -eq 1 ] ; then
>>>>        LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so 
>>>> ${SERVER_ROOT}/bin/admin/lib/libldap50.so"
>>>>        export LD_PRELOAD
>>>>    fi
>>>> fi
>>>> + '[' Linux = Linux ']'
>>>> + hasol=0
>>>> + /usr/bin/ldd /usr/sbin//httpd.worker
>>>> + grep libldap
>>>> + hasol=1
>>>> + '[' 1 -eq 1 ']'
>>>> + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so 
>>>> /opt/fedora-ds/bin/admin/lib/libldap50.so'
>>>> + export LD_PRELOAD
>>>>
>>>> $HTTPD -k start -d $ADMSERV_ROOT -f $ADMSERV_ROOT/config/httpd.conf 
>>>> "$@"
>>>> + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f 
>>>> /opt/fedora-ds/admin-serv/config/httpd.conf
>>> So it correctly detects that httpd is linked against openldap and 
>>> does the LD_PRELOAD.  Next, try turning up the debug level.  First, 
>>> edit admin-serv/config/httpd.conf and change LogLevel to debug.  
>>> Then, do start-admin -e debug.  There should be a bunch of stuff in 
>>> admin-serv/logs/error
>>>>
>>>>
>>>>
>>>>
>>>> Richard Megginson wrote:
>>>>> Ian Marks wrote:
>>>>>> Does anyone have a good idea where I can start troubleshooting 
>>>>>> the error below.  I get the error when I attempt to start the 
>>>>>> admin server.  I also posted an error from the htttpd logs which 
>>>>>> could be related.  I'm running Centos 4.3 with FDS 1.0.2.
>>>>>>
>>>>>> /opt/fedora-ds/admin-serv/logs/error
>>>>>> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: 
>>>>>> Failed to create PSET handle (pset error = )
>>>>>> Configuration Failed
>>>>> 1) The directory server must be up and running before attempting 
>>>>> to start the admin server
>>>>> 2) If the DS is running, what is the output of doing sh -xv 
>>>>> start-admin?
>>>>>>
>>>>>> /var/log/httpd/error_log
>>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP 
>>>>>> LDAP SDK
>>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable
>>>>>>
>>>>>> Thanks,
>>>>>> Ian
>>>>>>
>>>>>> -- 
>>>>>> Fedora-directory-users mailing list
>>>>>> Fedora-directory-users at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>> ------------------------------------------------------------------------ 
>>>>>
>>>>>
>>>>> -- 
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>   
>>>>
>>>> -- 
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>   
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

More information about the 389-users mailing list