[389-users] upgraded to latest 389, now anon binds return no results
Rich Megginson
rmeggins at redhat.com
Thu Dec 8 23:31:16 UTC 2011
On 12/08/2011 04:17 PM, Brian High wrote:
> Thanks, Rich. I was able to reproduce, even after removing the
> nsNumGroups.
>
> Here is how I did it. The server is running an updated RHEL5 64 bit
> server with the latest 389 Directory Server from "epel". (398-ds-base
> 1.2.9.9)
>
>> From a Fedora 16 Live CD session (as my desktop client), I loaded
>> mgmt console through ssh tunnel:
>
> $ ssh -X root at 192.168.1.16 "389-console -D 9 -f /tmp/console.log"
Ah ha - this may explain the crashes - ssh -X + java apps == trouble
>
> Logged into Management Console and went to Server Group -> Directory
> Server -> Directory [tab]
>
> The selected the entry for the dn which holds my site's info. Then
> right clicked and chose "Set access permissions", clicked "Enable
> anonymous access", pressed "Edit" button, clicked "Targets" tab.
>
> The first time I did this, the application crashed immediately and I
> was returned to my local shell prompt, showing this:
>
> [...]
> Corrupted MAC on input.
> Disconnecting: Packet corrupt
This looks like a message from ssh, not the console. In fact the
console doesn't show any exceptions or errors.
>
> Where the [...] is also contained in the console.log.
>
> The second time I tried this, I was able to get the "Targets" to show
> okay, but after a couple seconds of scrolling the list, the
> application crashed again. Only if I click "Edit manually" can I work
> with the Targets items.
>
> Here is the log output (sanitized). [Sorry for the long log (1869
> lines).]
>
> java.util.prefs.userRoot=/root/.389-console
<snip>
> TableSorter.checkModel: table size was changed - need to reallocate
> indexes
> TableSorter.reallocateIndexes: getRowCount=404
No console errors - only ssh errors.
If you can reproduce this problem without using ssh -X let us know.
>
>
> On Wed, 7 Dec 2011, Rich Megginson wrote:
>
>> On 12/07/2011 06:07 PM, Brian High wrote:
>> I think I found something...
>>
>> I was looking at:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Mana
>>
>> ging_Access_Control-Access_Control_Usage_Examples.html
>>
>> And went to check on the ACI permissions for my main search
>> base. I see an "All
>> Users" entry under Users and the correct three boxes are
>> checked on the rights
>> tab. But when clicking on the "Targets" tab, I get a popup
>> error message saying
>> "The targetattr list contains unknown attributes or unsupported
>> syntax." Then
>> when I click OK and try to scroll the list, the console crashes.
>>
>> Please run 389-console -D 9 -f console.log and reproduce the crash.
>> Then remove any sensitive
>> information from console.log and send it to the list.
>>
>> I see some Bugzilla entries related to ACI lists, such as this
>> one:
>> https://bugzilla.redhat.com/show_bug.cgi?id=733103
>>
>> So, I will look those over and see if I might find one that
>> matches my situation.
>>
>> --Brian
>>
>> On Wed, 7 Dec 2011, Brian High wrote:
>>
>> Jeremy,
>>
>> Thanks for the suggestion.
>>
>> I have found that setting this to "off" or "on" (and
>> restarting
>> dirsrv) makes no difference.
>>
>> Any other ideas?
>>
>> --Brian
>>
>> On Thu, 8 Dec 2011, Jeremy A. Mates wrote:
>>
>> El día 7 de diciembre de 2011 22:35, Brian High
>> <high at uw.edu> escribió:
>> Hi 389-users,
>>
>> Perhaps you can help solve a mystery for me.
>>
>>
>> nsslapd-allow-unauthenticated-binds: on perhaps?
>>
>> Jeremy
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>
>
>
> --
> Brian High
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111208/86737a85/attachment.html>
More information about the 389-users
mailing list