[389-users] Unable to Manage Registered Servers from Console

Rich Megginson rmeggins at redhat.com
Thu Nov 10 19:36:34 UTC 2011


On 11/10/2011 12:02 PM, Tom Tucker wrote:
> Responding to the group..this time.
>
>
> Thanks for the quick response, unfortunately no change.
>
> OS: FC 15
> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495 
> <https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495>
>
> Server1
> ##########
> [root at serverA phpldapadmin]# setup-ds-admin.pl 
> <http://setup-ds-admin.pl/> -u
>
> ==============================================================================
> The update option will allow you to re-register your servers with the
> configuration directory server and update the information about your
> servers that the console and admin server uses.  You will need your
> configuration directory server admin ID and password to continue.
>
> Continue? [yes]:
>
> ==============================================================================
> Please specify the information about your configuration directory
> server.  The following information is required:
> - host (fully qualified), port (non-secure or secure), suffix,
>   protocol (ldap or ldaps) - this information should be provided in the
>   form of an LDAP url e.g. for non-secure
> ldap://host.example.com:389/o=NetscapeRoot 
> <http://host.example.com:389/o=NetscapeRoot>
>   or for secure
> ldaps://host.example.com:636/o=NetscapeRoot 
> <http://host.example.com:636/o=NetscapeRoot>
> - admin ID and password
> - admin domain
> - a CA certificate file may be required if you choose to use ldaps and
>   security has not yet been configured - the file must be in PEM/ASCII
>   format - specify the absolute path and filename
>
> Configuration directory server URL 
> [ldap://serverA.mydomain.com:389/o=NetscapeRoot 
> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
> Configuration directory server admin ID 
> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
> Configuration directory server admin password:
> Configuration directory server admin domain [mydomain.com 
> <http://mydomain.com/>]:
>
> ==============================================================================
> The interactive phase is complete.  The script will now set up your
> servers.  Enter No or go Back if you want to change something.
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverA.mydomain.com:389 
> <http://serverA.mydomain.com:389/> - trying regular connection
> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': 
> No such file or directory
> rm: cannot remove 
> `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No such file or 
> directory
> Undefined subroutine &DSUpdate::updateSystemD called at 
> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
rpm -qi 389-ds-base
this issue is fixed in 1.2.10.a5 in updates-testing
>
>
> Server2
> #########
> [root at usg-ldap7901 admin-serv]# setup-ds-admin.pl 
> <http://setup-ds-admin.pl/> -u
>
> ==============================================================================
> The update option will allow you to re-register your servers with the
> configuration directory server and update the information about your
> servers that the console and admin server uses.  You will need your
> configuration directory server admin ID and password to continue.
>
> Continue? [yes]: yes
>
> ==============================================================================
> Please specify the information about your configuration directory
> server.  The following information is required:
> - host (fully qualified), port (non-secure or secure), suffix,
>   protocol (ldap or ldaps) - this information should be provided in the
>   form of an LDAP url e.g. for non-secure
> ldap://host.example.com:389/o=NetscapeRoot 
> <http://host.example.com:389/o=NetscapeRoot>
>   or for secure
> ldaps://host.example.com:636/o=NetscapeRoot 
> <http://host.example.com:636/o=NetscapeRoot>
> - admin ID and password
> - admin domain
> - a CA certificate file may be required if you choose to use ldaps and
>   security has not yet been configured - the file must be in PEM/ASCII
>   format - specify the absolute path and filename
>
> Configuration directory server URL 
> [ldap://serverA.mydomain.com:389/o=NetscapeRoot 
> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
> Configuration directory server admin ID 
> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
> Configuration directory server admin password:
> Configuration directory server admin domain [mydomain.com 
> <http://mydomain.com/>]:
>
> ==============================================================================
> The interactive phase is complete.  The script will now set up your
> servers.  Enter No or go Back if you want to change something.
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverA.mydomain.com:389 
> <http://serverA.mydomain.com:389/> - trying regular connection
> Undefined subroutine &DSUpdate::updateSystemD called at 
> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>
>
>
>
> On Thu, Nov 10, 2011 at 1:48 PM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     On 11/10/2011 11:48 AM, Tom Tucker wrote:
>>
>>     I would appreciate any troubleshooting advise you might have
>>     regarding my registered ldap servers.  I am referring to the
>>     first page you see when launching the console (servers listed
>>     underneath Servers and Applications). I see my servers listed,
>>     however I am unable to open them. Their  "Server status" always
>>     reports "Stopped" even though the remote servers are running.
>>
>>     Based on my tcpdump capture below the 'admin prohibited' message
>>     is a clear indication of the problem, but I can't seem to correct
>>     it.  I have reran the setup several times, confirmed the password
>>     and such.
>>
>>     What am I missing?
>     Have you tried running setup-ds-admin.pl
>     <http://setup-ds-admin.pl> -u on both the local servers and the
>     remote servers?
>>
>>
>>
>>     ==============================================================================
>>
>>     13:35:27.458489 IP serverA.mydomain.com.30940 >
>>     serverB.mydomain.com.ldap: Flags [S], seq 404137883, win 14600,
>>     options [mss 1460,sackOK,TS val 348721371 ecr 0,nop,wscale 6],
>>     length 0
>>     13:35:27.458591 IP serverB.mydomain.com
>>     <http://serverB.mydomain.com> > serverA.mydomain.com
>>     <http://serverA.mydomain.com>: ICMP host serverB.mydomain.com
>>     <http://serverB.mydomain.com> unreachable - admin prohibited,
>>     length 68
>>
>>
>>
>>     Please specify the information about your configuration directory
>>     server.  The following information is required:
>>     - host (fully qualified), port (non-secure or secure), suffix,
>>       protocol (ldap or ldaps) - this information should be provided
>>     in the
>>       form of an LDAP url e.g. for non-secure
>>     ldap://host.example.com:389/o=NetscapeRoot
>>     <http://host.example.com:389/o=NetscapeRoot>
>>       or for secure
>>     ldaps://host.example.com:636/o=NetscapeRoot
>>     <http://host.example.com:636/o=NetscapeRoot>
>>     - admin ID and password
>>     - admin domain
>>     - a CA certificate file may be required if you choose to use
>>     ldaps and
>>       security has not yet been configured - the file must be in
>>     PEM/ASCII
>>       format - specify the absolute path and filename
>>
>>     Configuration directory server URL
>>     [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>>     <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>>     Configuration directory server admin ID
>>     [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>>     Configuration directory server admin password:
>>     Configuration directory server admin domain [mydomain.com
>>     <http://mydomain.com>]:
>>
>>
>>     --
>>     389 users mailing list
>>     389-users at lists.fedoraproject.org  <mailto:389-users at lists.fedoraproject.org>
>>     https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/ff80f616/attachment.html 


More information about the 389-users mailing list