[Fedora-directory-users] Admin-server/config-server

Rich Megginson rmeggins at redhat.com
Sat Apr 25 00:36:23 UTC 2009 

tamarin p wrote:
>
>
> 2009/4/24 Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>>
>
>     tamarin p wrote:
>
>         Could be I'm missing some lib, but on the other hand, it looks
>         as if the ldapurl in adm.conf must point to the config
>         directory so it wouldn't do any good if it did correctly set
>         the hostname of the machine you install on (ldap2.test.com
>         <http://ldap2.test.com> <http://ldap2.test.com> in my case),
>         since the configdir is on another machine. The correct ldap
>         url for config directory is always going to be
>         ldap://ldap1.test.com:4000 <http://ldap1.test.com:4000>
>         <http://ldap1.test.com:4000> and looks like the script should
>         always just use the host:port from ConfigDirectoryLdapURL for
>         ldapurl in adm.conf. Also, regardless if fullmachinename is
>         set or not, when adm.conf already exists on running
>         setup-ds-admin, the property is always set correctly to
>         ldap://ldap1.test.com:4000 <http://ldap1.test.com:4000>
>         <http://ldap1.test.com:4000> and the
>         registration/unregistration works after.
>
>     So the problem is that it does not correctly parse the host:port
>     from the ConfigDirectoryLdapURL?
>
> Not really. There seems to be two things to what the script ends up doing.
> 1. if /etc/dirsrv/admin-serv/adm.conf exists, it applies the value 
> in ConfigDirectoryLdapURL correctly and everything works
If adm.conf exists, and did not have a correct ldapurl, then something 
went wrong with the original/initial setup.
> 2. if /etc/dirsrv/admin-serv/adm.conf does NOT exist, it tries to use 
> (based on observation) ldap://<FullMachineName>:<ServerPort> (no error 
> to see from the script output though I haven't tried with --debug)
Right - see below
> It seems to me option 1 is what it should ayways do, even when the 
> file doesn't exist. Option 2 is not likely to be correct for any 
> multihomed install. In my case, without FullMachineName, the result is 
> ldap://:4002. No hostname and the wrong port. This is the port of the 
> instance I'm creating with the inf, not the config dir. If I set 
> FullMachineName to point to the host with the config directory 
> (assuming this doesn't have other side effects elsewhere, the docs do 
> say it should be the full hostname for the machine you're installing 
> on after all) I would get ldap://ldap1.test.com:4002 
> <http://ldap1.test.com:4002> which is still the wrong port as my 
> actual ConfigDirectoryLdapURL is ldap://ldap1.test.com:4000/ 
> <http://ldap1.test.com:4000/> (plus o=NetscapeRoot)
The way it should work is that if you are registering a non-config DS 
with the config DS, you should provide ConfigDirectoryLdapURL.  If you 
do not, the script tries to use the one from adm.conf.  If that is not 
available, the script assumes that you have not yet set up a Config DS 
and admin server, and therefore assumes you are going to be creating the 
Config DS, so it tries to construct a URL based on the FullMachineName 
and ServerPort.

So it looks as though something somehow went wrong with the 
original/initial setup, and it wrote a bogus ldapurl without the 
hostname in adm.conf.
> Note that I dont actually know what ldapuri in adm.conf is used for. 
> I'm just guessing based on observation, but it seems to be used by 
> register-ds-admin and ds_removal among others, since ds_removal seems 
> to try that URL when unregistering (see error message from a previous 
> post in this thread)
It's used by the admin server to find the configuration DS (where it 
stores its config information and information needed by the console).  
If ldapurl is not correct, then admin server and console operations will 
likely fail.  It's also used by the scripts to find default config DS 
information (as your have surmised).
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090424/02444fa6/attachment.bin>

More information about the 389-users mailing list