[389-users] Unable to Manage Registered Servers from Console
Rich Megginson
rmeggins at redhat.com
Thu Nov 10 19:36:34 UTC 2011
On 11/10/2011 12:02 PM, Tom Tucker wrote:
> Responding to the group..this time.
>
>
> Thanks for the quick response, unfortunately no change.
>
> OS: FC 15
> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495
> <https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495>
>
> Server1
> ##########
> [root at serverA phpldapadmin]# setup-ds-admin.pl
> <http://setup-ds-admin.pl/> -u
>
> ==============================================================================
> The update option will allow you to re-register your servers with the
> configuration directory server and update the information about your
> servers that the console and admin server uses. You will need your
> configuration directory server admin ID and password to continue.
>
> Continue? [yes]:
>
> ==============================================================================
> Please specify the information about your configuration directory
> server. The following information is required:
> - host (fully qualified), port (non-secure or secure), suffix,
> protocol (ldap or ldaps) - this information should be provided in the
> form of an LDAP url e.g. for non-secure
> ldap://host.example.com:389/o=NetscapeRoot
> <http://host.example.com:389/o=NetscapeRoot>
> or for secure
> ldaps://host.example.com:636/o=NetscapeRoot
> <http://host.example.com:636/o=NetscapeRoot>
> - admin ID and password
> - admin domain
> - a CA certificate file may be required if you choose to use ldaps and
> security has not yet been configured - the file must be in PEM/ASCII
> format - specify the absolute path and filename
>
> Configuration directory server URL
> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
> Configuration directory server admin ID
> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
> Configuration directory server admin password:
> Configuration directory server admin domain [mydomain.com
> <http://mydomain.com/>]:
>
> ==============================================================================
> The interactive phase is complete. The script will now set up your
> servers. Enter No or go Back if you want to change something.
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverA.mydomain.com:389
> <http://serverA.mydomain.com:389/> - trying regular connection
> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*':
> No such file or directory
> rm: cannot remove
> `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No such file or
> directory
> Undefined subroutine &DSUpdate::updateSystemD called at
> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
rpm -qi 389-ds-base
this issue is fixed in 1.2.10.a5 in updates-testing
>
>
> Server2
> #########
> [root at usg-ldap7901 admin-serv]# setup-ds-admin.pl
> <http://setup-ds-admin.pl/> -u
>
> ==============================================================================
> The update option will allow you to re-register your servers with the
> configuration directory server and update the information about your
> servers that the console and admin server uses. You will need your
> configuration directory server admin ID and password to continue.
>
> Continue? [yes]: yes
>
> ==============================================================================
> Please specify the information about your configuration directory
> server. The following information is required:
> - host (fully qualified), port (non-secure or secure), suffix,
> protocol (ldap or ldaps) - this information should be provided in the
> form of an LDAP url e.g. for non-secure
> ldap://host.example.com:389/o=NetscapeRoot
> <http://host.example.com:389/o=NetscapeRoot>
> or for secure
> ldaps://host.example.com:636/o=NetscapeRoot
> <http://host.example.com:636/o=NetscapeRoot>
> - admin ID and password
> - admin domain
> - a CA certificate file may be required if you choose to use ldaps and
> security has not yet been configured - the file must be in PEM/ASCII
> format - specify the absolute path and filename
>
> Configuration directory server URL
> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
> Configuration directory server admin ID
> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
> Configuration directory server admin password:
> Configuration directory server admin domain [mydomain.com
> <http://mydomain.com/>]:
>
> ==============================================================================
> The interactive phase is complete. The script will now set up your
> servers. Enter No or go Back if you want to change something.
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverA.mydomain.com:389
> <http://serverA.mydomain.com:389/> - trying regular connection
> Undefined subroutine &DSUpdate::updateSystemD called at
> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>
>
>
>
> On Thu, Nov 10, 2011 at 1:48 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 11/10/2011 11:48 AM, Tom Tucker wrote:
>>
>> I would appreciate any troubleshooting advise you might have
>> regarding my registered ldap servers. I am referring to the
>> first page you see when launching the console (servers listed
>> underneath Servers and Applications). I see my servers listed,
>> however I am unable to open them. Their "Server status" always
>> reports "Stopped" even though the remote servers are running.
>>
>> Based on my tcpdump capture below the 'admin prohibited' message
>> is a clear indication of the problem, but I can't seem to correct
>> it. I have reran the setup several times, confirmed the password
>> and such.
>>
>> What am I missing?
> Have you tried running setup-ds-admin.pl
> <http://setup-ds-admin.pl> -u on both the local servers and the
> remote servers?
>>
>>
>>
>> ==============================================================================
>>
>> 13:35:27.458489 IP serverA.mydomain.com.30940 >
>> serverB.mydomain.com.ldap: Flags [S], seq 404137883, win 14600,
>> options [mss 1460,sackOK,TS val 348721371 ecr 0,nop,wscale 6],
>> length 0
>> 13:35:27.458591 IP serverB.mydomain.com
>> <http://serverB.mydomain.com> > serverA.mydomain.com
>> <http://serverA.mydomain.com>: ICMP host serverB.mydomain.com
>> <http://serverB.mydomain.com> unreachable - admin prohibited,
>> length 68
>>
>>
>>
>> Please specify the information about your configuration directory
>> server. The following information is required:
>> - host (fully qualified), port (non-secure or secure), suffix,
>> protocol (ldap or ldaps) - this information should be provided
>> in the
>> form of an LDAP url e.g. for non-secure
>> ldap://host.example.com:389/o=NetscapeRoot
>> <http://host.example.com:389/o=NetscapeRoot>
>> or for secure
>> ldaps://host.example.com:636/o=NetscapeRoot
>> <http://host.example.com:636/o=NetscapeRoot>
>> - admin ID and password
>> - admin domain
>> - a CA certificate file may be required if you choose to use
>> ldaps and
>> security has not yet been configured - the file must be in
>> PEM/ASCII
>> format - specify the absolute path and filename
>>
>> Configuration directory server URL
>> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>> Configuration directory server admin ID
>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>> Configuration directory server admin password:
>> Configuration directory server admin domain [mydomain.com
>> <http://mydomain.com>]:
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/ff80f616/attachment.html>
More information about the 389-users
mailing list