[389-users] Cannot login as cn=Directory Manager

Rich Megginson rmeggins at redhat.com
Wed Jan 5 16:04:16 UTC 2011 

On 01/05/2011 08:40 AM, harry.devine at faa.gov wrote:
>
> How do I tell what the other versions are?
rpm -qi 389-console 389-ds-base 389-admin idm-console-framework 
389-adminutil
> I haven't upgraded or anything, so its the same version/installation 
> that I initially did a few months ago.
So it just stopped working, with no explanation, and nothing has changed?
> Should I upgrade?  Is there a bug that's fixed in a newer version that 
> could be causing what I'm seeing?
>
> The /var/log/dirsrv/admin-serv/error log shows:
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
> admserv_host_ip_check: host [localhost.localdomain] did not match 
> pattern [*.test.com] -will scan aliases
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
> admserv_host_ip_check: host alias [localhost] did not match pattern 
> [*.test.com]
> [Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to initialize 
> TLS connection to LDAP host localhost.test.com port 389: 4

This error message is somewhat misleading - it is not actually 
attempting a TLS connection unless you have configured it to use TLS.

What's in the directory server access log on or around [Wed Jan 05 
10:41:25 2011] ?
> [Wed Jan 05 10:41:25 2011] [error] [client 127.0.0.1] user 
> cn=Directory Manager not found: /admin-serv/authenticate
If the directory server connection fails, it will fail to lookup/bind too.
>
> The /var/log/dirsrv/admin-serv/access log (which only got written to 
> AFTER I closed 389-console) shows:
> 127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500] "GET 
> /admin-serv/authenticate HTTP/1.0" 401 466
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: 	Rich Megginson <rmeggins at redhat.com>
> To: 	Harry Devine/ACT/FAA at FAA
> Cc: 	389-users at lists.fedoraproject.org
> Date: 	01/05/2011 10:23 AM
> Subject: 	Re: [389-users] Cannot login as cn=Directory Manager
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/05/2011 05:59 AM, _harry.devine at faa.gov_ 
> <mailto:harry.devine at faa.gov>wrote:
>
> I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the 
> console log properly.  The console log that got generated when I ran 
> "389-console -D 9 -f console.log" is attached.
> What are the versions of the other components?
> 389-ds-base, 389-admin, idm-console-framework
>
> What does it say in the admin server logs in 
> /var/log/dirsrv/admin-serv/error and access?
>
> Have you upgraded recently?  If so, did you run setup-ds-admin.pl -u 
> after upgrading?
>
> Thanks for the help!
> Harry
>
>
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
>
> From:	Rich Megginson _<rmeggins at redhat.com>_ <mailto:rmeggins at redhat.com>
> To:	"General discussion list for the 389 Directory server project." 
> _<389-users at lists.fedoraproject.org>_ 
> <mailto:389-users at lists.fedoraproject.org>
> Cc:	Harry Devine/ACT/FAA at FAA
> Date:	01/04/2011 04:40 PM
> Subject:	Re: [389-users] Cannot login as cn=Directory Manager
>
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/04/2011 12:55 PM, _harry.devine at faa.gov_ 
> <mailto:harry.devine at faa.gov>wrote:
>
> I've been away from my 389-ds admin for a few months (I'm just 
> starting to get familiar with it), and I can't login using the user ID 
> "cn=Directory Manager".  A few months ago I could using the GUI 
> 389-console application.  But today I can't.  It keeps saying:
>
> "Can't login because of an incorrect User ID, Incorrect password, or 
> Directory problem."
>
> The error log shows: "[error] [client 127.0.0.1] user cn=Directory 
> Manager not found: /admin-serv/authenticate"
>
> I am able to get data back when I enter: "ldapsearch -x -b 
> o=netscaperoot -D "cn=Directory Manager" -w <password> 
> "objectclass=nsAdminConfig"" from the command line, so I know that the 
> password is correct.
>
> Any thoughts on what to do to fix this?
> What platform?  What versions of 389-ds-base, 389-admin, 
> idm-console-framework?
> run 389-console -D 9 -f console.log then send console.log (you will 
> first want to obscure any sensitive information)
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
>
>
> --
> 389 users mailing list_
> __389-users at lists.fedoraproject.org_ 
> <mailto:389-users at lists.fedoraproject.org>_
> __https://admin.fedoraproject.org/mailman/listinfo/389-users_
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110105/7b65b6a4/attachment.html>

More information about the 389-users mailing list