[389-users] Unable to Manage Registered Servers from Console
Rich Megginson
rmeggins at redhat.com
Thu Nov 10 20:31:00 UTC 2011
On 11/10/2011 01:16 PM, Tom Tucker wrote:
> The upgrade to a5 addressed the subroutine error, thanks.
> Unfortunately serverB is still refusing to be managed via the Console.
> I ran the -u update twice and bounced services for the helluva it.
> Additional output can be found below.
Ok. Run the console like this: 389-console -D 9 -f console.log -
remove/obscure any sensitive data in console.log - post console.log to
the list
>
>
> SERVER A
> ########
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverA.mydomain.com:389
> <http://serverA.mydomain.com:389> - trying regular connection
> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*':
> No such file or directory
> rm: cannot remove
> `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No such file or
> directory
> Registering the directory server instances with the configuration
> directory server . . .
> Beginning Admin Server reconfiguration . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server
> . . .
> Exiting . . .
> Log file is '/tmp/setupYUpMQ4.log'
>
>
> [root at serverA phpldapadmin]# rpm -qi 389-ds-base
> Name : 389-ds-base
> Version : 1.2.10
> Release : 0.5.a5.fc15
> Architecture: i686
> Install Date: Thu 10 Nov 2011 02:54:23 PM EST
> Group : System Environment/Daemons
> Size : 4738178
> License : GPLv2 with exceptions
> Signature : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
> b4ebf579069c8460
> Source RPM : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
> Build Date : Fri 04 Nov 2011 07:13:25 PM EDT
> Build Host : x86-11.phx2.fedoraproject.org
> <http://x86-11.phx2.fedoraproject.org>
> Relocations : (not relocatable)
> Packager : Fedora Project
> Vendor : Fedora Project
> URL : http://port389.org/
> Summary : 389 Directory Server (base)
> Description :
> 389 Directory Server is an LDAPv3 compliant server. The base package
> includes
> the LDAP server and command line utilities for server administration.
>
>
>
> SERVER B
> #########
>
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverB.mydomain.com:389
> <http://serverB.mydomain.com:389> - trying regular connection
> Registering the directory server instances with the configuration
> directory server . . .
> Beginning Admin Server reconfiguration . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server
> . . .
> Exiting . . .
> Log file is '/tmp/setupS0ZvAH.log'
>
>
> [root at serverB admin-serv]# !292
> rpm -qi 389-ds-base
> Name : 389-ds-base
> Version : 1.2.10
> Release : 0.5.a5.fc15
> Architecture: i686
> Install Date: Thu 10 Nov 2011 03:04:01 PM EST
> Group : System Environment/Daemons
> Size : 4738178
> License : GPLv2 with exceptions
> Signature : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
> b4ebf579069c8460
> Source RPM : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
> Build Date : Fri 04 Nov 2011 07:13:25 PM EDT
> Build Host : x86-11.phx2.fedoraproject.org
> <http://x86-11.phx2.fedoraproject.org>
> Relocations : (not relocatable)
> Packager : Fedora Project
> Vendor : Fedora Project
> URL : http://port389.org/
> Summary : 389 Directory Server (base)
>
>
>
> On Thu, Nov 10, 2011 at 2:36 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 11/10/2011 12:02 PM, Tom Tucker wrote:
>> Responding to the group..this time.
>>
>>
>> Thanks for the quick response, unfortunately no change.
>>
>> OS: FC 15
>> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495 <https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495>
>>
>> Server1
>> ##########
>> [root at serverA phpldapadmin]# setup-ds-admin.pl
>> <http://setup-ds-admin.pl/> -u
>>
>> ==============================================================================
>> The update option will allow you to re-register your servers with the
>> configuration directory server and update the information about your
>> servers that the console and admin server uses. You will need your
>> configuration directory server admin ID and password to continue.
>>
>> Continue? [yes]:
>>
>> ==============================================================================
>> Please specify the information about your configuration directory
>> server. The following information is required:
>> - host (fully qualified), port (non-secure or secure), suffix,
>> protocol (ldap or ldaps) - this information should be provided
>> in the
>> form of an LDAP url e.g. for non-secure
>> ldap://host.example.com:389/o=NetscapeRoot
>> <http://host.example.com:389/o=NetscapeRoot>
>> or for secure
>> ldaps://host.example.com:636/o=NetscapeRoot
>> <http://host.example.com:636/o=NetscapeRoot>
>> - admin ID and password
>> - admin domain
>> - a CA certificate file may be required if you choose to use
>> ldaps and
>> security has not yet been configured - the file must be in
>> PEM/ASCII
>> format - specify the absolute path and filename
>>
>> Configuration directory server URL
>> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>> Configuration directory server admin ID
>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>> Configuration directory server admin password:
>> Configuration directory server admin domain [mydomain.com
>> <http://mydomain.com/>]:
>>
>> ==============================================================================
>> The interactive phase is complete. The script will now set up your
>> servers. Enter No or go Back if you want to change something.
>>
>> Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverA.mydomain.com:389
>> <http://serverA.mydomain.com:389/> - trying regular connection
>> rm: cannot remove
>> `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': No such file
>> or directory
>> rm: cannot remove
>> `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No such
>> file or directory
>> Undefined subroutine &DSUpdate::updateSystemD called at
>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
> rpm -qi 389-ds-base
> this issue is fixed in 1.2.10.a5 in updates-testing
>
>>
>>
>> Server2
>> #########
>> [root at usg-ldap7901 admin-serv]# setup-ds-admin.pl
>> <http://setup-ds-admin.pl/> -u
>>
>> ==============================================================================
>> The update option will allow you to re-register your servers with the
>> configuration directory server and update the information about your
>> servers that the console and admin server uses. You will need your
>> configuration directory server admin ID and password to continue.
>>
>> Continue? [yes]: yes
>>
>> ==============================================================================
>> Please specify the information about your configuration directory
>> server. The following information is required:
>> - host (fully qualified), port (non-secure or secure), suffix,
>> protocol (ldap or ldaps) - this information should be provided
>> in the
>> form of an LDAP url e.g. for non-secure
>> ldap://host.example.com:389/o=NetscapeRoot
>> <http://host.example.com:389/o=NetscapeRoot>
>> or for secure
>> ldaps://host.example.com:636/o=NetscapeRoot
>> <http://host.example.com:636/o=NetscapeRoot>
>> - admin ID and password
>> - admin domain
>> - a CA certificate file may be required if you choose to use
>> ldaps and
>> security has not yet been configured - the file must be in
>> PEM/ASCII
>> format - specify the absolute path and filename
>>
>> Configuration directory server URL
>> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>> Configuration directory server admin ID
>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>> Configuration directory server admin password:
>> Configuration directory server admin domain [mydomain.com
>> <http://mydomain.com/>]:
>>
>> ==============================================================================
>> The interactive phase is complete. The script will now set up your
>> servers. Enter No or go Back if you want to change something.
>>
>> Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverA.mydomain.com:389
>> <http://serverA.mydomain.com:389/> - trying regular connection
>> Undefined subroutine &DSUpdate::updateSystemD called at
>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>>
>>
>>
>>
>> On Thu, Nov 10, 2011 at 1:48 PM, Rich Megginson
>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>
>> On 11/10/2011 11:48 AM, Tom Tucker wrote:
>>>
>>> I would appreciate any troubleshooting advise you might have
>>> regarding my registered ldap servers. I am referring to the
>>> first page you see when launching the console (servers
>>> listed underneath Servers and Applications). I see my
>>> servers listed, however I am unable to open them. Their
>>> "Server status" always reports "Stopped" even though the
>>> remote servers are running.
>>>
>>> Based on my tcpdump capture below the 'admin prohibited'
>>> message is a clear indication of the problem, but I can't
>>> seem to correct it. I have reran the setup several times,
>>> confirmed the password and such.
>>>
>>> What am I missing?
>> Have you tried running setup-ds-admin.pl
>> <http://setup-ds-admin.pl> -u on both the local servers and
>> the remote servers?
>>>
>>>
>>>
>>> ==============================================================================
>>>
>>> 13:35:27.458489 IP serverA.mydomain.com.30940 >
>>> serverB.mydomain.com.ldap: Flags [S], seq 404137883, win
>>> 14600, options [mss 1460,sackOK,TS val 348721371 ecr
>>> 0,nop,wscale 6], length 0
>>> 13:35:27.458591 IP serverB.mydomain.com
>>> <http://serverB.mydomain.com> > serverA.mydomain.com
>>> <http://serverA.mydomain.com>: ICMP host
>>> serverB.mydomain.com <http://serverB.mydomain.com>
>>> unreachable - admin prohibited, length 68
>>>
>>>
>>>
>>> Please specify the information about your configuration
>>> directory
>>> server. The following information is required:
>>> - host (fully qualified), port (non-secure or secure), suffix,
>>> protocol (ldap or ldaps) - this information should be
>>> provided in the
>>> form of an LDAP url e.g. for non-secure
>>> ldap://host.example.com:389/o=NetscapeRoot
>>> <http://host.example.com:389/o=NetscapeRoot>
>>> or for secure
>>> ldaps://host.example.com:636/o=NetscapeRoot
>>> <http://host.example.com:636/o=NetscapeRoot>
>>> - admin ID and password
>>> - admin domain
>>> - a CA certificate file may be required if you choose to use
>>> ldaps and
>>> security has not yet been configured - the file must be in
>>> PEM/ASCII
>>> format - specify the absolute path and filename
>>>
>>> Configuration directory server URL
>>> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>>> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>>> Configuration directory server admin ID
>>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>>>
>>> Configuration directory server admin password:
>>> Configuration directory server admin domain [mydomain.com
>>> <http://mydomain.com>]:
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/a42706c0/attachment.html>
More information about the 389-users
mailing list