[389-users] dirsrv-admin stat not working

Guillaume Chanaud guillaume.chanaud at connecting-nature.com
Fri Jan 20 17:56:32 UTC 2012 

Le 20/01/2012 18:49, Dan Whitmire a écrit :
> On 01/20/2012 11:32 AM, Guillaume Chanaud wrote:
>> Hi,
>>
>> i've already given a solution for this problem days ago :
>> http://lists.fedoraproject.org/pipermail/389-users/2012-January/013960.html 
>>
>>
>> And the original thread is here (i made a mistake while answering to 
>> the list, so it appears disconnected from the rest of the thread).
>> http://lists.fedoraproject.org/pipermail/389-users/2012-January/013948.html 
>>
>>
>> Good luck !
>> Guillaume
>>> On 01/20/2012 09:16 AM, Dan Whitmire wrote:
>>>> I am having a terrible time attempting to get dirsrv-admin working 
>>>> on Fedora 15.  Can someone please help me?  I have selinux in 
>>>> permissive mode.  I have tried all that I know to do, so any advice 
>>>> is welcome.  I get the following:
>>>>
>>>> # service dirsrv-admin start
>>>> Starting dirsrv-admin:
>>>> /usr/sbin/start-ds-admin: line 105:  2275 Segmentation fault      
>>>> $SELINUX_CMD $HTTPD $OMIT_DEFLATE -k start -f 
>>>> /etc/dirsrv/admin-serv/httpd.conf "$@"
>>>>
>>>> The logs are as follows:
>>>> /var/log/messages
>>>> Jan 20 10:12:42 SonshineServer kernel: [ 1779.299009] 
>>>> httpd.worker[2275]: segfault at 10 ip 00007fdc0f5019b0 sp 
>>>> 00007fff855d6528 error 4 in libpthread-2.14.1.so[7fdc0f4f8000+16000]
>>> rpm -qa |grep 389
>>>>
>>>> /var/log/dirsrv/admin-serv/error
>>>> [Fri Jan 20 10:12:42 2012] [error] Could not bind as []: ldap error 
>>>> -1: Can't contact LDAP server
>>>> [Fri Jan 20 10:12:42 2012] [error] Could not bind as []: ldap error 
>>>> -1: Can't contact LDAP server
>>>> [Fri Jan 20 10:12:42 2012] [warn] Unable to bind as LocalAdmin to 
>>>> populate LocalAdmin tasks into cache.
>>>> [Fri Jan 20 10:12:42 2012] [notice] Access Host filter is: 
>>>> *.SonshineAccess.com
>>>> [Fri Jan 20 10:12:42 2012] [notice] Access Address filter is: *
>>>>
>>>> /var/log/audit/audit.log
>>>> type=CRED_DISP msg=audit(1327075262.337:65): user pid=2144 uid=0 
>>>> auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 
>>>> msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? 
>>>> addr=? terminal=cron res=success'
>>>> type=USER_END msg=audit(1327075262.373:66): user pid=2144 uid=0 
>>>> auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 
>>>> msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" 
>>>> hostname=? addr=? terminal=cron res=success'
>>>> type=ANOM_ABEND msg=audit(1327075962.009:67): auid=500 uid=0 gid=0 
>>>> ses=1 subj=unconfined_u:system_r:httpd_t:s0 pid=2275 
>>>> comm="httpd.worker" sig=11
>>
> Awesome...Thanks.  My next step is to setup Dogtag.  Is this going to 
> affect my certificate at some point?

I don't think so as it disable NSS only for the admin-console connection 
(which is an http connection) (in fact by default nss is disable on 
admin-console...we are just removing the mod_nss loading).
I don't use DogTag but i'm pretty sure it's just managing everything in 
the ldap directory through the ldap/ldaps protocol (it's agnostic from 
which ldap server you use right ?), which is not affected by disabling 
mod_nss. Unless DogTag uses admin-console connection through an ssl 
connection, you'll not have any problem !

Guillaume


> -- 
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list