[Fedora-directory-users] Admin Server Failure
Ian Marks
imarks at comcast.net
Wed Aug 9 20:21:40 UTC 2006
Thanks again for all your help, I think I just figured it out. The
dbswitch.conf file was owned by root when it should have been owned by
nobody.
Ian
Ian Marks wrote:
> I really appreciate your help!!
>
> adm.conf
> ldapHost: cac.example.com
> ldapPort: 389
> sie: cn=admin-serv-cac, cn=Fedora Administration Server, cn=Server
> Group, cn=cac.example.com, ou=example.com, o=NetscapeRoot
> siepid: xxxxxxxx
> isie: cn=Fedora Administration Server, cn=Server Group,
> cn=cac.example.com, ou=example.com, o=NetscapeRoot
> port: 1389
> ldapStart: slapd-cac/start-slapd
>
>
> dbswitch.conf
>
> directory default ldap://cac.example.com:389/o%3DNetscapeRoot
>
>
> Richard Megginson wrote:
>> Ian Marks wrote:
>>> Here is the last few lines from the error log after enabling debug.
>>>
>>>
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=htmladmin,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:htmladmin:]
>>> for user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=statpingserv,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:statpingserv:]
>>> for user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=viewdata,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewdata:]
>>> for user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=viewlog,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:viewlog:] for
>>> user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=monreplication,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:monreplication:]
>>> for user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=repl-monitor-cgi.pl,cn=configuration,cn=tasks,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:repl-monitor-cgi.pl:]
>>> for user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=sync-task-sie-data,cn=commands,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for
>>> user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [debug] mod_admserv.c(1428):
>>> populate_tasks_from_server(): Added task entry
>>> [cn=change-sie-password,cn=commands,cn=admin-serv-cac,cn=fedora
>>> administration server,cn=server
>>> group,cn=cac.example.com,ou=example.com,o=netscaperoot:runtime:] for
>>> user [LocalSuper]
>>> [Wed Aug 09 19:22:22 2006] [crit] host_ip_init(): PSET failure:
>>> Failed to create PSET handle (pset error = )
>> Hm - just pset? The other ldap stuff is working fine. Please post
>> your admin-serv/config/adm.conf and shared/config/dbswitch.conf - be
>> sure to obscure any sensitive information first.
>>>
>>>
>>> Ian
>>>
>>> Richard Megginson wrote:
>>>> Ian Marks wrote:
>>>>> I have the following ssl packages installed.
>>>>> rpm -qa |grep ssl
>>>>> openssl-0.9.7a-43.8
>>>>> mod_ssl-2.0.52-22.ent.centos4
>>>>> openssl-devel-0.9.7a-43.8
>>>>> xmlsec1-openssl-1.2.6-3
>>>>>
>>>>> The directory server is running and appears to be working
>>>>> correctly. Several other hosts are able to authenticate via pam
>>>>> against this DS server. Here is the output of "sh -xv
>>>>> start-admin", minus the copyright stuff:
>>>>>
>>>>> SERVER_ROOT=/opt/fedora-ds ; export SERVER_ROOT
>>>>> + SERVER_ROOT=/opt/fedora-ds
>>>>> + export SERVER_ROOT
>>>>> NETSITE_ROOT=$SERVER_ROOT ; export NETSITE_ROOT
>>>>> + NETSITE_ROOT=/opt/fedora-ds
>>>>> + export NETSITE_ROOT
>>>>> ADMSERV_ROOT=$SERVER_ROOT/admin-serv ; export ADMSERV_ROOT
>>>>> + ADMSERV_ROOT=/opt/fedora-ds/admin-serv
>>>>> + export ADMSERV_ROOT
>>>>>
>>>>> unset PASSWORD_PIPE
>>>>> + unset PASSWORD_PIPE
>>>>>
>>>>> LD_LIBRARY_PATH=${SERVER_ROOT}/bin/admin/lib:${SERVER_ROOT}/lib:${LD_LIBRARY_PATH};export
>>>>> LD_LIBRARY_PATH
>>>>> + LD_LIBRARY_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:
>>>>> + export LD_LIBRARY_PATH
>>>>> LIBPATH=${LD_LIBRARY_PATH}:${LIBPATH}:/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib;
>>>>> export LIBPATH
>>>>> +
>>>>> LIBPATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib:::/usr/threads/lib:/usr/ibmcxx/lib:/usr/lib:/lib
>>>>>
>>>>> + export LIBPATH
>>>>> SHLIB_PATH=${LD_LIBRARY_PATH}:${SHLIB_PATH}; export SHLIB_PATH
>>>>> + SHLIB_PATH=/opt/fedora-ds/bin/admin/lib:/opt/fedora-ds/lib::
>>>>> + export SHLIB_PATH
>>>>>
>>>>> NS_SERVER_HOME=${SERVER_ROOT}; export NS_SERVER_HOME
>>>>> + NS_SERVER_HOME=/opt/fedora-ds
>>>>> + export NS_SERVER_HOME
>>>>> PATH=${SERVER_ROOT}/bin/admin/bin:${PATH}; export PATH
>>>>> +
>>>>> PATH=/opt/fedora-ds/bin/admin/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
>>>>>
>>>>> + export PATH
>>>>>
>>>>> HTTPD=/usr/sbin//httpd.worker
>>>>> + HTTPD=/usr/sbin//httpd.worker
>>>>>
>>>>> # see if httpd is linked with the openldap libraries - we need to
>>>>> override them
>>>>> OS=`uname -s`
>>>>> uname -s
>>>>> ++ uname -s
>>>>> + OS=Linux
>>>>> if [ $OS = "Linux" ]; then
>>>>> hasol=0
>>>>>
>>>>> /usr/bin/ldd $HTTPD 2>&1 | grep libldap > /dev/null 2>&1 &&
>>>>> hasol=1
>>>>>
>>>>> if [ $hasol -eq 1 ] ; then
>>>>> LD_PRELOAD="${SERVER_ROOT}/bin/admin/lib/libssl3.so
>>>>> ${SERVER_ROOT}/bin/admin/lib/libldap50.so"
>>>>> export LD_PRELOAD
>>>>> fi
>>>>> fi
>>>>> + '[' Linux = Linux ']'
>>>>> + hasol=0
>>>>> + /usr/bin/ldd /usr/sbin//httpd.worker
>>>>> + grep libldap
>>>>> + hasol=1
>>>>> + '[' 1 -eq 1 ']'
>>>>> + LD_PRELOAD='/opt/fedora-ds/bin/admin/lib/libssl3.so
>>>>> /opt/fedora-ds/bin/admin/lib/libldap50.so'
>>>>> + export LD_PRELOAD
>>>>>
>>>>> $HTTPD -k start -d $ADMSERV_ROOT -f
>>>>> $ADMSERV_ROOT/config/httpd.conf "$@"
>>>>> + /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f
>>>>> /opt/fedora-ds/admin-serv/config/httpd.conf
>>>> So it correctly detects that httpd is linked against openldap and
>>>> does the LD_PRELOAD. Next, try turning up the debug level. First,
>>>> edit admin-serv/config/httpd.conf and change LogLevel to debug.
>>>> Then, do start-admin -e debug. There should be a bunch of stuff in
>>>> admin-serv/logs/error
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Richard Megginson wrote:
>>>>>> Ian Marks wrote:
>>>>>>> Does anyone have a good idea where I can start troubleshooting
>>>>>>> the error below. I get the error when I attempt to start the
>>>>>>> admin server. I also posted an error from the htttpd logs which
>>>>>>> could be related. I'm running Centos 4.3 with FDS 1.0.2.
>>>>>>>
>>>>>>> /opt/fedora-ds/admin-serv/logs/error
>>>>>>> [Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure:
>>>>>>> Failed to create PSET handle (pset error = )
>>>>>>> Configuration Failed
>>>>>> 1) The directory server must be up and running before attempting
>>>>>> to start the admin server
>>>>>> 2) If the DS is running, what is the output of doing sh -xv
>>>>>> start-admin?
>>>>>>>
>>>>>>> /var/log/httpd/error_log
>>>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP
>>>>>>> LDAP SDK
>>>>>>> [Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Ian
>>>>>>>
>>>>>>> --
>>>>>>> Fedora-directory-users mailing list
>>>>>>> Fedora-directory-users at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Fedora-directory-users mailing list
>>>>>> Fedora-directory-users at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>
>>>>> --
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the 389-users
mailing list