[389-users] GUI errors when viewing replication agreements

Wes Hardin wes.hardin at maxim-ic.com
Wed Aug 29 21:11:54 UTC 2012 

On 08/28/2012 03:43 PM, Rich Megginson wrote:
> On 08/28/2012 02:35 PM, Wes Hardin wrote:
>> On 08/28/2012 12:16 PM, Rich Megginson wrote:
>>> On 08/28/2012 09:23 AM, Wes Hardin wrote:
>>>> When viewing replication agreements in the 389-console (under the Configuration
>>>> tab, Replication, userRoot), the first time I select each replication agreement,
>>>> I am greeted by an error window titled "Insufficient Permissions" stating "The
>>>> user cn=root does not have the permission to perform this operation."
>>> That should have been fixed, although I can't seem to find the ticket.

attached console.log

When I ran the 389-console in debug mode, I think I located the where the issue arises.  Starting at line 1778:

DSEntrySet.getAttributes(): failed to get attribute nsslapd-referral in cn=config
ServerSettingsPanel.ReferralText.show: <>
DSEntrySet.show(): some of the attributes of cn=config could not be read.  Either they are not present in the entry or there is an ACI which prevents that attribute from being read. Try authenticating as a user with more access

In a quick test, this only seems to occur on my single master.  The consumers I tested did not complain when selecting the "configuration" tab.

>>>> cn=root is my directory manager account.  I am not trying to make any changes, I
>>>> get this error simply by selecting the agreement so I can view it and check the
>>>> status.  I can click OK to acknowledge the error and then I am prompted to login
>>>> again.  I can hit cancel and continue navigating, but if I attempt to make any
>>>> change in this area, the "Save" button does not activate to let me do so.  I can
>>>> use the Directory tab and navigate down through cn=config tree and change the
>>>> agreement entries via the normal property editor window.  I can also delete the
>>>> agreement from the Configuration tab.
>>>>
>>>> I'm using 389-console 1.1.7-0ubuntu1 on Kubuntu 12.04, but I have colleagues who
>>>> run the 389-console from the server (389-console-1.1.7-3.el5.noarch) and see the
>>>> same error.
>>>>
>>>> These are the packages on the server, which is CentOS 5.7:
>>>> # rpm -qa 389-\*
>>>> 389-admin-1.1.29-1.el5.x86_64
>>>> 389-console-1.1.7-3.el5.noarch
>>>> 389-ds-base-libs-1.2.10.4-5.el5.x86_64
>>>> 389-admin-console-1.1.8-1.el5.noarch
>>>> 389-ds-base-devel-1.2.10.4-5.el5.x86_64
>>>> 389-ds-base-1.2.10.4-5.el5.x86_64
>>>> 389-ds-console-1.2.6-1.el5.noarch
>>>> 389-ds-console-doc-1.2.6-1.el5.noarch
>>>> 389-adminutil-1.1.15-1.el5.x86_64
>>>> 389-admin-console-doc-1.1.8-1.el5.noarch
>>>> 389-adminutil-devel-1.1.15-1.el5.x86_64
>>>>
>>>> While troubleshooting replication a while back, I lost all my replication
>>>> agreements and recreated them all from the CLI using some instructions I found
>>>> for RHDS.  I don't recall if this error occurred before that or not.  If I
>>>> delete and re-create the agreement through the GUI, I do not get this error when
>>>> selecting that same agreement, even after restarting the GUI.
>>> So if you create the agreements via the CLI, the console gives an error
>>> when you try to edit the agreements, but when you create the agreements
>>> via the console, the console will allow you to edit the agreements?
>> I cannot edit any replication agreements (except for the description field)
>> regardless of their origin from the "Configuration" tab.  I don't receive any
>> error, but if I make a change to the schedule for instance, the tab gets the
>> little red dot indicating a change occurred, but the "Save" button remains
>> grayed out and unclickable.
>>
> Ok.  I would like to see
> excerpts from the directory server and admin server access log and 
> errors log from around the time of this console behavior
> /var/log/dirsrv/slapd-INSTANCE/errors and access
> /var/log/dirsrv/admin-serv/error and access
> 
> run the console with 389-console -D 9 -f console.log - then reproduce 
> the problem and post the console.log
> 
> before you post any logs, be sure to scrub or obscure any sensitive data

Getting these logs will take a little bit longer.  But to make sure I provide useful logs, what debug logging options should I enable for access and error?

-- 
/* Wes Hardin */
UNIX/Linux Systems Administrator, IT Engineering Support
Maxim Integrated Products | Innovation Delivered® | www.maxim-ic.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: console.log
Type: text/x-log
Size: 179837 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120829/95b2999c/attachment.bin>

More information about the 389-users mailing list