[389-users] Cannot login as cn=Directory Manager

Wed Jan 5 20:44:26 UTC 2011

On 01/05/2011 11:25 AM, harry.devine at faa.gov wrote:
>
> I tried to upgrade, but yum tells me that there are no packages marked 
> for update.  I did see that I had the dirsrv.repo file renamed so it 
> wouldn't be used, so I renamed it back and tried the "yum upgrade" 
> again, and got the same thing.  The relevant contents of my 
> dirsrv.repo file are:
>
> [dirsrv]
> name=389 Directory Server - 6 - $basearch
> baseurl=http://port389.org/yum/dirsrv/fedora/6/$basearch/RPMS
>
> I assume this repo isn't correct?  I think I downloaded it from that 
> CentOS link I included in my last email.
We've been using EPEL for a couple of years now - that repo is not used 
any more.
http://directory.fedoraproject.org/wiki/Download
>
> Thanks,
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: 	Rich Megginson <rmeggins at redhat.com>
> To: 	Harry Devine/ACT/FAA at FAA
> Cc: 	389-users at lists.fedoraproject.org
> Date: 	01/05/2011 11:57 AM
> Subject: 	Re: [389-users] Cannot login as cn=Directory Manager
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/05/2011 09:30 AM, _harry.devine at faa.gov_ 
> <mailto:harry.devine at faa.gov>wrote:
>
> Yep, it appears to just have stopped working.  I know that I had some 
> similar issues back in October when I first installed it, but I turned 
> off the firewall on this PC and all was good.  I verified that I still 
> have the firewall off.  I'm running this on an old laptop that we have 
> here at work which is running CentOS 5.4, and isn't connected to the 
> network at all.  Just for evaluation and familiarization purposes at 
> this point.
>
> Here's the versions that I could get:
> 389-console: 1.1.3
> 389-ds-base: 1.2.2
> 389-admin: 1.1.8
> idm-console-framework: 1.1.3
> 389-adminutil: 1.1.8
>
> Everything was (I assume) installed at once when I did the initial 
> installation following the instructions I found at 
> _http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/_.
> I suggest upgrading to the latest 1.2.7 if only to make it easier to 
> support.
>
> Lastly, nothing is in the directory server access log around 10:41:25. 
>  Just that one line that said "GET /admin-serv/authenticate HTTP/1.0" 
> at 10:45:45.
> That's the admin server log - the directory server access log is in 
> /var/log/dirsrv/slapd-yourinstancename/access
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
>
> From:	Rich Megginson _<rmeggins at redhat.com>_ <mailto:rmeggins at redhat.com>
> To:	Harry Devine/ACT/FAA at FAA
> Cc:	_389-users at lists.fedoraproject.org_ 
> <mailto:389-users at lists.fedoraproject.org>
> Date:	01/05/2011 11:18 AM
> Subject:	Re: [389-users] Cannot login as cn=Directory Manager
>
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/05/2011 08:40 AM, _harry.devine at faa.gov_ 
> <mailto:harry.devine at faa.gov>wrote:
>
> How do I tell what the other versions are?
> rpm -qi 389-console 389-ds-base 389-admin idm-console-framework 
> 389-adminutil
> I haven't upgraded or anything, so its the same version/installation 
> that I initially did a few months ago.
> So it just stopped working, with no explanation, and nothing has changed?
> Should I upgrade?  Is there a bug that's fixed in a newer version that 
> could be causing what I'm seeing?
>
> The /var/log/dirsrv/admin-serv/error log shows:
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
> admserv_host_ip_check: host [localhost.localdomain] did not match 
> pattern [*.test.com] -will scan aliases
> [Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] 
> admserv_host_ip_check: host alias [localhost] did not match pattern 
> [*.test.com]
> [Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to initialize 
> TLS connection to LDAP host localhost.test.com port 389: 4
>
> This error message is somewhat misleading - it is not actually 
> attempting a TLS connection unless you have configured it to use TLS.
>
> What's in the directory server access log on or around [Wed Jan 05 
> 10:41:25 2011] ?
> [Wed Jan 05 10:41:25 2011] [error] [client 127.0.0.1] user 
> cn=Directory Manager not found: /admin-serv/authenticate
> If the directory server connection fails, it will fail to lookup/bind 
> too.
>
> The /var/log/dirsrv/admin-serv/access log (which only got written to 
> AFTER I closed 389-console) shows:
> 127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500] "GET 
> /admin-serv/authenticate HTTP/1.0" 401 466
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
> From:	Rich Megginson _<rmeggins at redhat.com>_ <mailto:rmeggins at redhat.com>
> To:	Harry Devine/ACT/FAA at FAA
> Cc:	_389-users at lists.fedoraproject.org_ 
> <mailto:389-users at lists.fedoraproject.org>
> Date:	01/05/2011 10:23 AM
> Subject:	Re: [389-users] Cannot login as cn=Directory Manager
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/05/2011 05:59 AM, _harry.devine at faa.gov_ 
> <mailto:harry.devine at faa.gov>wrote:
>
> I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the 
> console log properly.  The console log that got generated when I ran 
> "389-console -D 9 -f console.log" is attached.
> What are the versions of the other components?
> 389-ds-base, 389-admin, idm-console-framework
>
> What does it say in the admin server logs in 
> /var/log/dirsrv/admin-serv/error and access?
>
> Have you upgraded recently?  If so, did you run setup-ds-admin.pl -u 
> after upgrading?
>
> Thanks for the help!
> Harry
>
>
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
> From:	Rich Megginson _<rmeggins at redhat.com>_ <mailto:rmeggins at redhat.com>
> To:	"General discussion list for the 389 Directory server project." 
> _<389-users at lists.fedoraproject.org>_ 
> <mailto:389-users at lists.fedoraproject.org>
> Cc:	Harry Devine/ACT/FAA at FAA
> Date:	01/04/2011 04:40 PM
> Subject:	Re: [389-users] Cannot login as cn=Directory Manager
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
> On 01/04/2011 12:55 PM, _harry.devine at faa.gov_ 
> <mailto:harry.devine at faa.gov>wrote:
>
> I've been away from my 389-ds admin for a few months (I'm just 
> starting to get familiar with it), and I can't login using the user ID 
> "cn=Directory Manager".  A few months ago I could using the GUI 
> 389-console application.  But today I can't.  It keeps saying:
>
> "Can't login because of an incorrect User ID, Incorrect password, or 
> Directory problem."
>
> The error log shows: "[error] [client 127.0.0.1] user cn=Directory 
> Manager not found: /admin-serv/authenticate"
>
> I am able to get data back when I enter: "ldapsearch -x -b 
> o=netscaperoot -D "cn=Directory Manager" -w <password> 
> "objectclass=nsAdminConfig"" from the command line, so I know that the 
> password is correct.
>
> Any thoughts on what to do to fix this?
> What platform?  What versions of 389-ds-base, 389-admin, 
> idm-console-framework?
> run 389-console -D 9 -f console.log then send console.log (you will 
> first want to obscure any sensitive information)
>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218_
> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov>
>
>
> --
> 389 users mailing list_
> __389-users at lists.fedoraproject.org_ 
> <mailto:389-users at lists.fedoraproject.org>_
> __https://admin.fedoraproject.org/mailman/listinfo/389-users_
>
>
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110105/c956b2ae/attachment.html>