[389-users] Cannot login as cn=Directory Manager

harry.devine at faa.gov harry.devine at faa.gov
Wed Jan 5 18:25:04 UTC 2011 

I tried to upgrade, but yum tells me that there are no packages marked for 
update.  I did see that I had the dirsrv.repo file renamed so it wouldn't 
be used, so I renamed it back and tried the "yum upgrade" again, and got 
the same thing.  The relevant contents of my dirsrv.repo file are:

[dirsrv]
name=389 Directory Server - 6 - $basearch
baseurl=http://port389.org/yum/dirsrv/fedora/6/$basearch/RPMS

I assume this repo isn't correct?  I think I downloaded it from that 
CentOS link I included in my last email.

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov



From:
Rich Megginson <rmeggins at redhat.com>

To:
Harry Devine/ACT/FAA at FAA
Cc:
389-users at lists.fedoraproject.org
Date:
01/05/2011 11:57 AM
Subject:
Re: [389-users] Cannot login as cn=Directory Manager



On 01/05/2011 09:30 AM, harry.devine at faa.gov wrote: 

Yep, it appears to just have stopped working.  I know that I had some 
similar issues back in October when I first installed it, but I turned off 
the firewall on this PC and all was good.  I verified that I still have 
the firewall off.  I'm running this on an old laptop that we have here at 
work which is running CentOS 5.4, and isn't connected to the network at 
all.  Just for evaluation and familiarization purposes at this point. 

Here's the versions that I could get: 
389-console: 1.1.3 
389-ds-base: 1.2.2 
389-admin: 1.1.8 
idm-console-framework: 1.1.3 
389-adminutil: 1.1.8 

Everything was (I assume) installed at once when I did the initial 
installation following the instructions I found at 
http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/. 
I suggest upgrading to the latest 1.2.7 if only to make it easier to 
support.

Lastly, nothing is in the directory server access log around 10:41:25. 
Just that one line that said "GET /admin-serv/authenticate HTTP/1.0" at 
10:45:45. 
That's the admin server log - the directory server access log is in 
/var/log/dirsrv/slapd-yourinstancename/access

Thanks! 
Harry 

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov 


From: 
Rich Megginson <rmeggins at redhat.com> 
To: 
Harry Devine/ACT/FAA at FAA 
Cc: 
389-users at lists.fedoraproject.org 
Date: 
01/05/2011 11:18 AM 
Subject: 
Re: [389-users] Cannot login as cn=Directory Manager




On 01/05/2011 08:40 AM, harry.devine at faa.gov wrote: 

How do I tell what the other versions are? 
rpm -qi 389-console 389-ds-base 389-admin idm-console-framework 
389-adminutil 
I haven't upgraded or anything, so its the same version/installation that 
I initially did a few months ago. 
So it just stopped working, with no explanation, and nothing has changed? 
Should I upgrade?  Is there a bug that's fixed in a newer version that 
could be causing what I'm seeing? 

The /var/log/dirsrv/admin-serv/error log shows: 
[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 
[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
admserv_host_ip_check: host [localhost.localdomain] did not match pattern 
[*.test.com] -will scan aliases 
[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
admserv_host_ip_check: host alias [localhost] did not match pattern 
[*.test.com] 
[Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to initialize TLS 
connection to LDAP host localhost.test.com port 389: 4 

This error message is somewhat misleading - it is not actually attempting 
a TLS connection unless you have configured it to use TLS.

What's in the directory server access log on or around [Wed Jan 05 
10:41:25 2011] ? 
[Wed Jan 05 10:41:25 2011] [error] [client 127.0.0.1] user cn=Directory 
Manager not found: /admin-serv/authenticate 
If the directory server connection fails, it will fail to lookup/bind too. 


The /var/log/dirsrv/admin-serv/access log (which only got written to AFTER 
I closed 389-console) shows: 
127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500] "GET 
/admin-serv/authenticate HTTP/1.0" 401 466 

Thanks! 
Harry 

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov 

From: 
Rich Megginson <rmeggins at redhat.com> 
To: 
Harry Devine/ACT/FAA at FAA 
Cc: 
389-users at lists.fedoraproject.org 
Date: 
01/05/2011 10:23 AM 
Subject: 
Re: [389-users] Cannot login as cn=Directory Manager





On 01/05/2011 05:59 AM, harry.devine at faa.gov wrote: 

I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the console 
log properly.  The console log that got generated when I ran "389-console 
-D 9 -f console.log" is attached. 
What are the versions of the other components?
389-ds-base, 389-admin, idm-console-framework

What does it say in the admin server logs in 
/var/log/dirsrv/admin-serv/error and access?

Have you upgraded recently?  If so, did you run setup-ds-admin.pl -u after 
upgrading? 

Thanks for the help! 
Harry 



Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov 
From: 
Rich Megginson <rmeggins at redhat.com> 
To: 
"General discussion list for the 389 Directory server project." 
<389-users at lists.fedoraproject.org> 
Cc: 
Harry Devine/ACT/FAA at FAA 
Date: 
01/04/2011 04:40 PM 
Subject: 
Re: [389-users] Cannot login as cn=Directory Manager






On 01/04/2011 12:55 PM, harry.devine at faa.gov wrote: 

I've been away from my 389-ds admin for a few months (I'm just starting to 
get familiar with it), and I can't login using the user ID "cn=Directory 
Manager".  A few months ago I could using the GUI 389-console application. 
 But today I can't.  It keeps saying: 

"Can't login because of an incorrect User ID, Incorrect password, or 
Directory problem." 

The error log shows: "[error] [client 127.0.0.1] user cn=Directory Manager 
not found: /admin-serv/authenticate" 

I am able to get data back when I enter: "ldapsearch -x -b o=netscaperoot 
-D "cn=Directory Manager" -w <password> "objectclass=nsAdminConfig"" from 
the command line, so I know that the password is correct. 

Any thoughts on what to do to fix this? 
What platform?  What versions of 389-ds-base, 389-admin, 
idm-console-framework?
run 389-console -D 9 -f console.log then send console.log (you will first 
want to obscure any sensitive information) 

Thanks! 
Harry 

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov 


--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users 








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110105/d7de77a9/attachment.html>

More information about the 389-users mailing list