[389-users] upgraded to latest 389, now anon binds return no results

Rich Megginson rmeggins at redhat.com
Thu Dec 8 23:31:16 UTC 2011 

On 12/08/2011 04:17 PM, Brian High wrote:
> Thanks, Rich.  I was able to reproduce, even after removing the 
> nsNumGroups.
>
> Here is how I did it.  The server is running an updated RHEL5 64 bit 
> server with the latest 389 Directory Server from "epel".  (398-ds-base 
> 1.2.9.9)
>
>> From a Fedora 16 Live CD session (as my desktop client), I loaded 
>> mgmt console through ssh tunnel:
>
> $ ssh -X root at 192.168.1.16 "389-console -D 9 -f /tmp/console.log"
Ah ha - this may explain the crashes - ssh -X + java apps == trouble
>
> Logged into Management Console and went to Server Group -> Directory 
> Server -> Directory [tab]
>
> The selected the entry for the dn which holds my site's info.  Then 
> right clicked and chose "Set access permissions", clicked "Enable 
> anonymous access", pressed "Edit" button, clicked "Targets" tab.
>
> The first time I did this, the application crashed immediately and I 
> was returned to my local shell prompt, showing this:
>
> [...]
> Corrupted MAC on input.
> Disconnecting: Packet corrupt
This looks like a message from ssh, not the console.  In fact the 
console doesn't show any exceptions or errors.
>
> Where the [...] is also contained in the console.log.
>
> The second time I tried this, I was able to get the "Targets" to show 
> okay, but after a couple seconds of scrolling the list, the 
> application crashed again.  Only if I click "Edit manually" can I work 
> with the Targets items.
>
> Here is the log output (sanitized).  [Sorry for the long log (1869 
> lines).]
>
> java.util.prefs.userRoot=/root/.389-console
<snip>
> TableSorter.checkModel: table size was changed - need to reallocate 
> indexes
> TableSorter.reallocateIndexes: getRowCount=404
No console errors - only ssh errors.

If you can reproduce this problem without using ssh -X let us know.
>
>
> On Wed, 7 Dec 2011, Rich Megginson wrote:
>
>> On 12/07/2011 06:07 PM, Brian High wrote:
>>       I think I found something...
>>
>>       I was looking at:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Mana 
>>
>>       ging_Access_Control-Access_Control_Usage_Examples.html
>>
>>       And went to check on the ACI permissions for my main search 
>> base.  I see an "All
>>       Users" entry under Users and the correct three boxes are 
>> checked on the rights
>>       tab.  But when clicking on the "Targets" tab, I get a popup 
>> error message saying
>>       "The targetattr list contains unknown attributes or unsupported 
>> syntax."  Then
>>       when I click OK and try to scroll the list, the console crashes.
>>
>> Please run 389-console -D 9 -f console.log and reproduce the crash.  
>> Then remove any sensitive
>> information from console.log and send it to the list.
>>
>>       I see some Bugzilla entries related to ACI lists, such as this 
>> one:
>>       https://bugzilla.redhat.com/show_bug.cgi?id=733103
>>
>>       So, I will look those over and see if I might find one that 
>> matches my situation.
>>
>>       --Brian
>>
>>       On Wed, 7 Dec 2011, Brian High wrote:
>>
>>             Jeremy,
>>
>>             Thanks for the suggestion.
>>
>>             I have found that setting this to "off" or "on" (and 
>> restarting
>>             dirsrv) makes no difference.
>>
>>             Any other ideas?
>>
>>             --Brian
>>
>>             On Thu, 8 Dec 2011, Jeremy A. Mates wrote:
>>
>>                   El día 7 de diciembre de 2011 22:35, Brian High
>> <high at uw.edu> escribió:
>>                         Hi 389-users,
>>
>>                         Perhaps you can help solve a mystery for me.
>>
>>
>>                   nsslapd-allow-unauthenticated-binds: on  perhaps?
>>
>>                   Jeremy
>>                   --
>>                   389 users mailing list
>>                   389-users at lists.fedoraproject.org
>>                   
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>             --
>>             389 users mailing list
>>             389-users at lists.fedoraproject.org
>>             https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>> -- 
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>
>
>
> -- 
> Brian High
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111208/86737a85/attachment.html>

More information about the 389-users mailing list