[389-users] Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

Rich Megginson rmeggins at redhat.com
Sat Mar 31 14:50:42 UTC 2012 

On 03/31/2012 02:20 AM, Maurizio Marini wrote:
> On Fri, 30 Mar 2012 14:45:28 -0600
> Rich Megginson<rmeggins at redhat.com>  wrote:
>
> Hello Richard
>
>
>>> Is there any dsgw log to diagnose better the issue?
>> ls -al /var/run/dirsrv/dsgw
> empty
>
>> ls -al /var/run/dirsrv/dsgw/cookies
> empty

But they exist?  I wanted to see the ownership and permissions on these 
directories.  If you ran setup-ds-admin.pl and chose the defaults, these 
directories should be owned by nobody:nobody and should be mode 0700 
(-rwx------)


>
>> the admin server logs are in /var/log/dirsrv/admin-serv
> there is nothing newer than 1 day ago
>
>
> if i enter a wrong password, i get an error on
>   /var/log/dirsrv/slapd-ds/access
> and using credentials i am able to exec ldap search
>
> [code]
> ldapsearch -x -b "ou=People,dc=xx,dc=it" -D "uid=xxx,ou=People,dc=xxx,dc=it" -w xxx  "(objectClass=person)"  uid
> # extended LDIF
> #
> # LDAPv3
> # base<ou=People,dc=xxx,dc=it>  with scope subtree
> # filter: (objectClass=person)
> # requesting: uid
> #
>
> # udiprova, People, xxx.it
> dn: uid=udiprova,ou=People,dc=xxx,dc=it
> uid: udiprova
>
> # bpb001, People, xxx.it
> dn: uid=bpb001,ou=People,dc=xxx,dc=it
> uid: bpb001
>
> # xxx, People, xxx.it
> dn: uid=xxx,ou=People,dc=xxx,dc=it
> uid: xxx
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 4
> # numEntries: 3
> [/code]
>
> the issue is *after* authentication, the authentication with ldap is ok,
> but after that, something into dsgw goes wrong
>
> maybe there is something wrong in dsgw.conf:
> [code]
> baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
> dirmgr "cn=Directory Manager"
> location-suffix dc=xxx, dc=it
This should not have a space in it - it should be dc=xxx,dc=it - if 
there are spaces in the values, then quote it like this:

location-suffix "dc=xxx, dc=it"


> securitypath /etc/dirsrv/dsgw
> htmldir /usr/share/dirsrv/dsgw/html/
> configdir /usr/share/dirsrv/dsgw/config/
> gwnametrans /dsgw/
> authlifetime 7200
> template group groupOfNames
> template ntgroup groupOfUniqueNames ntGroup
> template groupun groupOfUniqueNames
> template org organization
> template dc domain
> template orgunit organizationalUnit
> template ntperson person inetOrgPerson nTUser
> template orgperson person inetOrgPerson
> template person person
> template country country
> location country "Italy" "c=IT#"
Does this really have a "#" in it?
> location org "This Organization" ""
> location dc "This Domaincomponent" ""
> location groups "Groups" "ou=Groups"
> location people "People" "ou=People"
> location special "Special Users" "ou=Special Users"
> charset UTF-8
> include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini<maumar at cost.it>"
Does this really have the string "Maurizio Marini <maumar at cost.it>" in it?
> [/code]
>
> sadly, without a specific dsgw log, i cannot diagnose anything
> there is no trace in any log of what is doing dsgw ;(
> at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
> isn't it?
Trac - https://fedorahosted.org/389
>
> thnx for your attention
> regards
>
> -m

More information about the 389-users mailing list