[389-users] Problems logging in with 389-console

Rich Megginson rmeggins at redhat.com
Tue Mar 27 15:14:32 UTC 2012 

On 03/27/2012 09:07 AM, Mike Mercier wrote:
> On Tue, Mar 27, 2012 at 10:05 AM, Rich Megginson<rmeggins at redhat.com>  wrote:
>> On 03/27/2012 06:46 AM, Mike Mercier wrote:
>>> Hello,
>>>
>>> On Mon, Mar 26, 2012 at 10:47 AM, Rich Megginson<rmeggins at redhat.com>
>>>   wrote:
>>>> On 03/26/2012 08:28 AM, Mike Mercier wrote:
>>>>> Hello,
>>>>>
>>>>> adm.conf attached.
>>>> Have you configured the directory server to use TLS/SSL?
>>> No, TLS/SSL was not configured. I did the following to install 389.
>>>
>>> Install fedora 16
>>> run yum update
>>> install 389
>>> run setup-ds-admin.pl using the 'Typical' option
>>> run 389-console and try to login as cn=Directory Manager
>>>
>>>> Can you try with 389-admin-1.1.28 now in updates-testing?
>>> [root at localhost ~]# rpm -qa | grep 389
>>> 389-console-1.1.7-1.fc16.noarch
>>> 389-ds-console-doc-1.2.6-1.fc16.noarch
>>> 389-ds-base-libs-1.2.10.4-2.fc16.x86_64
>>> 389-ds-1.2.2-1.fc15.noarch
>>> 389-ds-base-1.2.10.4-2.fc16.x86_64
>>> 389-ds-console-1.2.6-1.fc16.noarch
>>> 389-admin-console-doc-1.1.8-2.fc16.noarch
>>> 389-admin-console-1.1.8-2.fc16.noarch
>>> 389-dsgw-1.1.7-2.fc16.x86_64
>>> 389-admin-1.1.28-1.fc16.x86_64
>>> 389-adminutil-1.1.14-1.fc16.x86_64
>>>
>>> When using 389-console
>>>
>>> /var/log/dirsrv/admin-serv/error
>>> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>>> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
>>> -1: Can't contact LDAP server
>>> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
>>> -1: Can't contact LDAP server
>>> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] unable to bind
>>> to server [localhost.localdomain:389] as [(anonymous)]
>>> [Tue Mar 27 08:36:31 2012] [crit] buildUGInfo(): unable to initialize
>>> TLS connection to LDAP host localhost.localdomain port 389: 4
>>> [Tue Mar 27 08:36:31 2012] [error] [client 127.0.0.1] user
>>> cn=Directory Manager not found: /admin-serv/authenticate
>>>
>>>
>>> /var/log/dirsrv/admin-serv/access
>>> 127.0.0.1 - cn=Directory Manager [27/Mar/2012:08:36:31 -0400] "GET
>>> /admin-serv/authenticate HTTP/1.0" 401 478
>>>
>>> When using http://http://localhost.localdomain:9830/dist/download and
>>> clicking '389 Administration Express'
>>>
>>> /var/log/dirsrv/admin-serv/error
>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
>>> referer: http://localhost.localdomain:9830/dist/download
>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
>>> referer: http://localhost.localdomain:9830/dist/download
>>> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
>>> referer: http://localhost.localdomain:9830/dist/download
>>> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
>>> -1: Can't contact LDAP server
>>> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
>>> -1: Can't contact LDAP server
>>> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] unable to bind
>>> to server [localhost.localdomain:389] as [(anonymous)], referer:
>>> http://localhost.localdomain:9830/dist/download
>>> [Tue Mar 27 08:42:00 2012] [crit] buildUGInfo(): unable to initialize
>>> TLS connection to LDAP host localhost.localdomain port 389: 4
>>>
>>>
>>> /var/log/dirsrv/admin-serv/access
>>>
>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /dist/download
>>> HTTP/1.1" 200 4470
>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/spacer.gif
>>> HTTP/1.1" 200 43
>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/goto.gif HTTP/1.1"
>>> 200 86
>>> 127.0.0.1 - admin [27/Mar/2012:08:42:00 -0400] "GET
>>> /admin-serv/tasks/configuration/HTMLAdmin?op=index HTTP/1.1" 500 615
>> What's in your directory server access log from around this time?
>> /var/log/dirsrv/slapd-INSTANCE/access
> Strangely, there are no entries in the file from that time...  below
> is the entire file
> /var/log/dirsrv/slapd-mpls/access:
>
> 	389-Directory/1.2.10.2 B2012.054.1543
> 	localhost.localdomain:389 (/etc/dirsrv/slapd-mpls)
>
> [22/Mar/2012:15:09:39 -0400] conn=8 op=-1 fd=64 closed - B1
> [22/Mar/2012:15:09:39 -0400] conn=10 op=-1 fd=65 closed - B1
The access log is buffered - if you're not hitting the directory server 
with any operations, then it won't flush it's buffer.  The other way to 
make it flush is to shut it down.
>
>
>
>
>>> Thanks,
>>> Mike
>>>
>>>
>>>
>>>>> Thanks,
>>>>> Mike
>>>>>
>>>>> On Fri, Mar 23, 2012 at 10:42 AM, Rich Megginson<rmeggins at redhat.com>
>>>>>   wrote:
>>>>>> On 03/22/2012 10:47 AM, Mike Mercier wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Sorry for the delay...
>>>>>>>
>>>>>>> /var/log/dirsrv/admin-serv/access
>>>>>>>
>>>>>>> 127.0.0.1 - cn=Directory Manager [22/Mar/2012:12:43:32 -0400] "GET
>>>>>>> /admin-serv/authenticate HTTP/1.0" 401 478
>>>>>>>
>>>>>>> /var/log/dirsrv/admin-serv/error
>>>>>>> [Thu Mar 22 12:43:26 2012] [notice] caught SIGTERM, shutting down
>>>>>>> [Thu Mar 22 12:43:27 2012] [notice] SELinux policy enabled; httpd
>>>>>>> running as context system_u:system_r:httpd_t:s0
>>>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
>>>>>>> -1: Can't contact LDAP server
>>>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
>>>>>>> -1: Can't contact LDAP server
>>>>>>> [Thu Mar 22 12:43:28 2012] [warn] Unable to bind as LocalAdmin to
>>>>>>> populate LocalAdmin tasks into cache.
>>>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Host filter is: *
>>>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Address filter is: *
>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Apache/2.2.22 (Unix) configured --
>>>>>>> resuming normal operations
>>>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
>>>>>>> -1: Can't contact LDAP server
>>>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
>>>>>>> -1: Can't contact LDAP server
>>>>>>> [Thu Mar 22 12:43:29 2012] [warn] Unable to bind as LocalAdmin to
>>>>>>> populate LocalAdmin tasks into cache.
>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Host filter is: *
>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Address filter is: *
>>>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1]
>>>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>>>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
>>>>>>> -1: Can't contact LDAP server
>>>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
>>>>>>> -1: Can't contact LDAP server
>>>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] unable to bind
>>>>>>> to server [localhost.localdomain:389] as [(anonymous)]
>>>>>>> [Thu Mar 22 12:43:32 2012] [crit] buildUGInfo(): unable to initialize
>>>>>>> TLS connection to LDAP host localhost.localdomain port 389: 4
>>>>>>
>>>>>> Can you post your /etc/dirsrv/admin-serv/adm.conf?
>>>>>> Have you configured your directory server to use SSL?
>>>>>>
>>>>>>> [Thu Mar 22 12:43:32 2012] [error] [client 127.0.0.1] user
>>>>>>> cn=Directory Manager not found: /admin-serv/authenticate
>>>>>>>
>>>>>>> NOTE: This is after modifying 'local.conf' with
>>>>>>> configuration.nsadminaccesshosts: *
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Mike
>>>>>>>
>>>>>>> On Fri, Mar 16, 2012 at 5:43 PM, Mark Reynolds<mareynol at redhat.com>
>>>>>>>   wrote:
>>>>>>>> Hi Michael,
>>>>>>>>
>>>>>>>> see comments below...
>>>>>>>>
>>>>>>>>
>>>>>>>> On 03/16/2012 02:42 PM, Michael Mercier wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I seem to be having problems using the 389-console GUI.
>>>>>>>>
>>>>>>>> I am entering the following information into each of the fields:
>>>>>>>>
>>>>>>>> User ID: cn=Directory Manager
>>>>>>>> Password: password
>>>>>>>> Administration URL: http://localhost.localdomain:9830
>>>>>>>>
>>>>>>>> It fails with the following error:
>>>>>>>>
>>>>>>>> Cannot logon because of an incorrect User ID,
>>>>>>>> Incorrect password or Directory problem.
>>>>>>>>
>>>>>>>> HttpException:
>>>>>>>> Response: HTTP/1.1 401 Authorization Required
>>>>>>>> Status: 401
>>>>>>>> URL:     http://localhost.localdomain:9830/admin-serv/authenticate
>>>>>>>>
>>>>>>>> Do you have a DS access log snippet showing the bind&        result?
>>>>>>>>
>>>>>>>>
>>>>>>>> I might not hurt to restart the admin server as well.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Mark
>>>>>>>>
>>>>>>>>
>>>>>>>> I have also tried with:
>>>>>>>> User ID: admin
>>>>>>>> Password: password
>>>>>>>> Administration URL: http://localhost.localdomain:9830
>>>>>>>>
>>>>>>>> It fails with the following error:
>>>>>>>>
>>>>>>>> Cannot connect to the directory server:
>>>>>>>> netscape.ldap.LDAPException: error result (32): No such object
>>>>>>>>
>>>>>>>> I am able to run searches from the command line:
>>>>>>>>
>>>>>>>> [root at localhost ~]# ldapsearch -x -b o=netscaperoot -D "cn=directory
>>>>>>>> manager" -w password "nsDirectoryURL=*"
>>>>>>>> # extended LDIF
>>>>>>>> #
>>>>>>>> # LDAPv3
>>>>>>>> # base<o=netscaperoot>        with scope subtree
>>>>>>>> # filter: nsDirectoryURL=*
>>>>>>>> # requesting: ALL
>>>>>>>> #
>>>>>>>>
>>>>>>>> # UserDirectory, Global Preferences, MyDomain, NetscapeRoot
>>>>>>>> dn: cn=UserDirectory,ou=Global Preferences,ou=MyDomain,o=NetscapeRoot
>>>>>>>> objectClass: top
>>>>>>>> objectClass: nsDirectoryInfo
>>>>>>>> nsDirectoryURL: ldap://localhost.localdomain:389/dc=mpls
>>>>>>>> cn: UserDirectory
>>>>>>>>
>>>>>>>> # search result
>>>>>>>> search: 2
>>>>>>>> result: 0 Success
>>>>>>>>
>>>>>>>> # numResponses: 2
>>>>>>>> # numEntries: 1
>>>>>>>> [root at localhost ~]#
>>>>>>>>
>>>>>>>> If I try to access http://localhost.localdomain:9830 with a web
>>>>>>>> browser, I am shown the "Services for users" page, but when I click
>>>>>>>> on
>>>>>>>> "389 Administration Express" i get the following error:
>>>>>>>>
>>>>>>>> Internal Server Error
>>>>>>>>
>>>>>>>> The server encountered an internal error or misconfiguration and was
>>>>>>>> unable to complete your request.
>>>>>>>>
>>>>>>>> Please contact the server administrator, [no address given] and
>>>>>>>> inform
>>>>>>>> them of the time the error occurred, and anything you might have done
>>>>>>>> that may have caused the error.
>>>>>>>>
>>>>>>>> More information about this error may be available in the server
>>>>>>>> error
>>>>>>>> log.
>>>>>>>> Apache/2.2 Server at localhost.localdomain Port 9830
>>>>>>>>
>>>>>>>> Anyone have any ideas?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Mike
>>>>>>>>
>>>>>>>> [root at localhost ~]# more /etc/redhat-release
>>>>>>>> Fedora release 16 (Verne)
>>>>>>>> [root at localhost ~]# rpm -qa|grep 389
>>>>>>>> 389-console-1.1.7-1.fc16.noarch
>>>>>>>> 389-ds-console-doc-1.2.6-1.fc16.noarch
>>>>>>>> 389-ds-base-libs-1.2.10.2-1.fc16.x86_64
>>>>>>>> 389-ds-1.2.2-1.fc15.noarch
>>>>>>>> 389-ds-console-1.2.6-1.fc16.noarch
>>>>>>>> 389-admin-1.1.23-1.fc16.x86_64
>>>>>>>> 389-admin-console-doc-1.1.8-2.fc16.noarch
>>>>>>>> 389-admin-console-1.1.8-2.fc16.noarch
>>>>>>>> 389-dsgw-1.1.7-2.fc16.x86_64
>>>>>>>> 389-adminutil-1.1.14-1.fc16.x86_64
>>>>>>>> 389-ds-base-1.2.10.2-1.fc16.x86_64
>>>>>>>>
>>>>>>>> --
>>>>>>>> 389 users mailing list
>>>>>>>> 389-users at lists.fedoraproject.org
>>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>>>> --
>>>>>>> 389 users mailing list
>>>>>>> 389-users at lists.fedoraproject.org
>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>>>

More information about the 389-users mailing list