[389-users] Cannot login as cn=Directory Manager
Rich Megginson
rmeggins at redhat.com
Wed Jan 5 20:44:26 UTC 2011
On 01/05/2011 11:25 AM, harry.devine at faa.gov wrote:
>
> I tried to upgrade, but yum tells me that there are no packages marked
> for update. I did see that I had the dirsrv.repo file renamed so it
> wouldn't be used, so I renamed it back and tried the "yum upgrade"
> again, and got the same thing. The relevant contents of my
> dirsrv.repo file are:
>
> [dirsrv]
> name=389 Directory Server - 6 - $basearch
> baseurl=http://port389.org/yum/dirsrv/fedora/6/$basearch/RPMS
>
> I assume this repo isn't correct? I think I downloaded it from that
> CentOS link I included in my last email.
We've been using EPEL for a couple of years now - that repo is not used
any more.
http://directory.fedoraproject.org/wiki/Download
>
> Thanks,
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: Rich Megginson <rmeggins at redhat.com>
> To: Harry Devine/ACT/FAA at FAA
> Cc: 389-users at lists.fedoraproject.org
> Date: 01/05/2011 11:57 AM
> Subject: Re: [389-users] Cannot login as cn=Directory Manager
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/05/2011 09:30 AM, _harry.devine at faa.gov_
> <mailto:harry.devine at faa.gov>wrote:
>
> Yep, it appears to just have stopped working. I know that I had some
> similar issues back in October when I first installed it, but I turned
> off the firewall on this PC and all was good. I verified that I still
> have the firewall off. I'm running this on an old laptop that we have
> here at work which is running CentOS 5.4, and isn't connected to the
> network at all. Just for evaluation and familiarization purposes at
> this point.
>
> Here's the versions that I could get:
> 389-console: 1.1.3
> 389-ds-base: 1.2.2
> 389-admin: 1.1.8
> idm-console-framework: 1.1.3
> 389-adminutil: 1.1.8
>
> Everything was (I assume) installed at once when I did the initial
> installation following the instructions I found at
> _http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/_.
> I suggest upgrading to the latest 1.2.7 if only to make it easier to
> support.
>
> Lastly, nothing is in the directory server access log around 10:41:25.
> Just that one line that said "GET /admin-serv/authenticate HTTP/1.0"
> at 10:45:45.
> That's the admin server log - the directory server access log is in
> /var/log/dirsrv/slapd-yourinstancename/access
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
>
> From: Rich Megginson _<rmeggins at redhat.com>_ <mailto:rmeggins at redhat.com>
> To: Harry Devine/ACT/FAA at FAA
> Cc: _389-users at lists.fedoraproject.org_
> <mailto:389-users at lists.fedoraproject.org>
> Date: 01/05/2011 11:18 AM
> Subject: Re: [389-users] Cannot login as cn=Directory Manager
>
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/05/2011 08:40 AM, _harry.devine at faa.gov_
> <mailto:harry.devine at faa.gov>wrote:
>
> How do I tell what the other versions are?
> rpm -qi 389-console 389-ds-base 389-admin idm-console-framework
> 389-adminutil
> I haven't upgraded or anything, so its the same version/installation
> that I initially did a few months ago.
> So it just stopped working, with no explanation, and nothing has changed?
> Should I upgrade? Is there a bug that's fixed in a newer version that
> could be causing what I'm seeing?
>
> The /var/log/dirsrv/admin-serv/error log shows:
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1]
> admserv_host_ip_check: host [localhost.localdomain] did not match
> pattern [*.test.com] -will scan aliases
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1]
> admserv_host_ip_check: host alias [localhost] did not match pattern
> [*.test.com]
> [Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to initialize
> TLS connection to LDAP host localhost.test.com port 389: 4
>
> This error message is somewhat misleading - it is not actually
> attempting a TLS connection unless you have configured it to use TLS.
>
> What's in the directory server access log on or around [Wed Jan 05
> 10:41:25 2011] ?
> [Wed Jan 05 10:41:25 2011] [error] [client 127.0.0.1] user
> cn=Directory Manager not found: /admin-serv/authenticate
> If the directory server connection fails, it will fail to lookup/bind
> too.
>
> The /var/log/dirsrv/admin-serv/access log (which only got written to
> AFTER I closed 389-console) shows:
> 127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500] "GET
> /admin-serv/authenticate HTTP/1.0" 401 466
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
> From: Rich Megginson _<rmeggins at redhat.com>_ <mailto:rmeggins at redhat.com>
> To: Harry Devine/ACT/FAA at FAA
> Cc: _389-users at lists.fedoraproject.org_
> <mailto:389-users at lists.fedoraproject.org>
> Date: 01/05/2011 10:23 AM
> Subject: Re: [389-users] Cannot login as cn=Directory Manager
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/05/2011 05:59 AM, _harry.devine at faa.gov_
> <mailto:harry.devine at faa.gov>wrote:
>
> I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the
> console log properly. The console log that got generated when I ran
> "389-console -D 9 -f console.log" is attached.
> What are the versions of the other components?
> 389-ds-base, 389-admin, idm-console-framework
>
> What does it say in the admin server logs in
> /var/log/dirsrv/admin-serv/error and access?
>
> Have you upgraded recently? If so, did you run setup-ds-admin.pl -u
> after upgrading?
>
> Thanks for the help!
> Harry
>
>
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
> From: Rich Megginson _<rmeggins at redhat.com>_ <mailto:rmeggins at redhat.com>
> To: "General discussion list for the 389 Directory server project."
> _<389-users at lists.fedoraproject.org>_
> <mailto:389-users at lists.fedoraproject.org>
> Cc: Harry Devine/ACT/FAA at FAA
> Date: 01/04/2011 04:40 PM
> Subject: Re: [389-users] Cannot login as cn=Directory Manager
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/04/2011 12:55 PM, _harry.devine at faa.gov_
> <mailto:harry.devine at faa.gov>wrote:
>
> I've been away from my 389-ds admin for a few months (I'm just
> starting to get familiar with it), and I can't login using the user ID
> "cn=Directory Manager". A few months ago I could using the GUI
> 389-console application. But today I can't. It keeps saying:
>
> "Can't login because of an incorrect User ID, Incorrect password, or
> Directory problem."
>
> The error log shows: "[error] [client 127.0.0.1] user cn=Directory
> Manager not found: /admin-serv/authenticate"
>
> I am able to get data back when I enter: "ldapsearch -x -b
> o=netscaperoot -D "cn=Directory Manager" -w <password>
> "objectclass=nsAdminConfig"" from the command line, so I know that the
> password is correct.
>
> Any thoughts on what to do to fix this?
> What platform? What versions of 389-ds-base, 389-admin,
> idm-console-framework?
> run 389-console -D 9 -f console.log then send console.log (you will
> first want to obscure any sensitive information)
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
>
>
> --
> 389 users mailing list_
> __389-users at lists.fedoraproject.org_
> <mailto:389-users at lists.fedoraproject.org>_
> __https://admin.fedoraproject.org/mailman/listinfo/389-users_
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110105/c956b2ae/attachment.html>
More information about the 389-users
mailing list