Hi,
recently our LDAP server (CentOS 5.4) got upgraded, so we no longer have
the command fedora-idm-console, but instead have gotten 389-console. The
LDAP service it self works flawlessly, but when trying to open the admin
console it fails with

"netscape.ldap.LDAPException: error result (32); No such object"

Running "service dirsrv-admin status" returns that the admin server is
running, and running 389-console with -D indicates that the server
indeed replies.

So, is there some extra configuration needed after upgrading, such as
running setup-ds-admin.pl again? If so, where can I look up the
information provided on the initial setup?

This is using 389-ds version 1.1.3, CentOS 5.4, Java 1.6.0 (OpenJDK
Runtime Environment (build 1.6.0-b09))

--
mvh Jens Ådne Rydland

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Jens Ådne Rydland wrote:
Hi,
recently our LDAP server (CentOS 5.4) got upgraded, so we no longer have

the command fedora-idm-console, but instead have gotten 389-console. The
LDAP service it self works flawlessly, but when trying to open the admin
console it fails with


"netscape.ldap.LDAPException: error result (32); No such object"

Running "service dirsrv-admin status" returns that the admin server is
running, and running 389-console with -D indicates that the server
indeed replies.


So, is there some extra configuration needed after upgrading, such as
running setup-ds-admin.pl again?
Yes. You always have to run setup-ds-admin.pl -u after an upgrade, to
refresh the console information.

http://directory.fedoraproject.org/wiki/Install_Guide#Upgrading
Note that 389-ds-base 1.2.2 and 389-admin 1.1.8 and earlier have a bug
in that they do not update the console information properly. If you run
into this problem, you might consider upgrading to 389-ds-base 1.2.3 and
389-admin 1.1.9 which you can find in the testing repo.

http://directory.fedoraproject.org/wiki/Release_Notes

If so, where can I look up the
information provided on the initial setup?

This is using 389-ds version 1.1.3, CentOS 5.4, Java 1.6.0 (OpenJDK
Runtime Environment (build 1.6.0-b09))





--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

On Tue, Nov 03, 2009 at 10:28:19AM -0700, Rich Megginson wrote:
> Jens Ådne Rydland wrote:
>> Hi, recently our LDAP server (CentOS 5.4) got upgraded, so we no longer
>> have
>> the command fedora-idm-console, but instead have gotten 389-console. The
>> LDAP service it self works flawlessly, but when trying to open the admin
>> console it fails with
>>
>> "netscape.ldap.LDAPException: error result (32); No such object"
>>
>> Running "service dirsrv-admin status" returns that the admin server is
>> running, and running 389-console with -D indicates that the server
>> indeed replies.
>>
>> So, is there some extra configuration needed after upgrading, such as
>> running setup-ds-admin.pl again?

> Yes. You always have to run setup-ds-admin.pl -u after an upgrade, to
> refresh the console information.
> http://directory.fedoraproject.org/wiki/Install_Guide#Upgrading
> Note that 389-ds-base 1.2.2 and 389-admin 1.1.8 and earlier have a bug
> in that they do not update the console information properly. If you run
> into this problem, you might consider upgrading to 389-ds-base 1.2.3 and
> 389-admin 1.1.9 which you can find in the testing repo.
> http://directory.fedoraproject.org/wiki/Release_Notes

Right. And when I try to run setup-ds-admin.pl -u I'm asked about misc.
information that I don't have readily available, but most of it is
auto-filled in, and I guess it stored in some configuration file from
the previous time the admin-server was set up?

Seems like no matter what I enter it returns "Error: No such object" or
"Error: Invalid credentials". At least the last one I suppose means it
managed to connect to the LDAP server, but got the wrong admin password
or something? If it is the wrong password, how can I reset it?

--
regards, Jens Ådne Rydland

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Jens Ådne Rydland wrote:

On Tue, Nov 03, 2009 at 10:28:19AM -0700, Rich Megginson wrote:


Jens Ådne Rydland wrote:

Hi, recently our LDAP server (CentOS 5.4) got upgraded, so we no longer
have

the command fedora-idm-console, but instead have gotten 389-console. The
LDAP service it self works flawlessly, but when trying to open the admin
console it fails with


"netscape.ldap.LDAPException: error result (32); No such object"

Running "service dirsrv-admin status" returns that the admin server is
running, and running 389-console with -D indicates that the server
indeed replies.


So, is there some extra configuration needed after upgrading, such as
running setup-ds-admin.pl again?




Yes. You always have to run setup-ds-admin.pl -u after an upgrade, to
refresh the console information.

http://directory.fedoraproject.org/wiki/Install_Guide#Upgrading
Note that 389-ds-base 1.2.2 and 389-admin 1.1.8 and earlier have a bug
in that they do not update the console information properly. If you run
into this problem, you might consider upgrading to 389-ds-base 1.2.3 and
389-admin 1.1.9 which you can find in the testing repo.

http://directory.fedoraproject.org/wiki/Release_Notes



Right. And when I try to run setup-ds-admin.pl -u I'm asked about misc.
information that I don't have readily available, but most of it is
auto-filled in, and I guess it stored in some configuration file from
the previous time the admin-server was set up?

Right. /etc/dirsrv/admin-serv/adm.conf mostly. The only information
you must provide is the admin password. Everything else should be
auto-filled in.

Seems like no matter what I enter it returns "Error: No such object" or
"Error: Invalid credentials". At least the last one I suppose means it
managed to connect to the LDAP server, but got the wrong admin password
or something? If it is the wrong password, how can I reset it?
Do you use the console? What username and password do you use? I
suppose you could also use the directory manager DN and password for
your configuration directory server (the server that holds the
o=NetscapeRoot information).


--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

On Wed, Nov 04, 2009 at 07:22:53AM -0700, Rich Megginson wrote:
> Jens Ådne Rydland wrote:
>> Right. And when I try to run setup-ds-admin.pl -u I'm asked about misc.
>> information that I don't have readily available, but most of it is
>> auto-filled in, and I guess it stored in some configuration file from
>> the previous time the admin-server was set up?

> Right. /etc/dirsrv/admin-serv/adm.conf mostly. The only information
> you must provide is the admin password. Everything else should be
> auto-filled in.

Yes, everything is auto-filled in, except that when using just the
auto-filled in information I get the error "Invalid credentials". So I
suspected that I had somehow gotten the password wrong, and tried
resetting it, but this didn't help.

>> Seems like no matter what I enter it returns "Error: No such object" or
>> "Error: Invalid credentials". At least the last one I suppose means it
>> managed to connect to the LDAP server, but got the wrong admin password
>> or something? If it is the wrong password, how can I reset it?

> Do you use the console? What username and password do you use? I
> suppose you could also use the directory manager DN and password for
> your configuration directory server (the server that holds the
> o=NetscapeRoot information).

Using the console isn't possible as the console doesn't start, as stated
in my first message in this thread. That is, I can't login with the
console at least, it fails with
"netscape.ldap.LDAPException: error result (32); No such object".

I use the same username and password for the console that I've always
used, and this is the same as what I enter when running
setup-ds-admin.pl, which is rejected with "Error: Invalid credentials".

I have also tried resetting this password following the howto at
http://directory.fedoraproject.org/wiki/Howto:ResetDirMgrPassword, but
this didn't help either.

--
regards, Jens Ådne Rydland

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Jens Ådne Rydland wrote:

On Wed, Nov 04, 2009 at 07:22:53AM -0700, Rich Megginson wrote:


Jens Ådne Rydland wrote:


Right. And when I try to run setup-ds-admin.pl -u I'm asked about misc.
information that I don't have readily available, but most of it is
auto-filled in, and I guess it stored in some configuration file from
the previous time the admin-server was set up?




Right. /etc/dirsrv/admin-serv/adm.conf mostly. The only information
you must provide is the admin password. Everything else should be
auto-filled in.



Yes, everything is auto-filled in, except that when using just the
auto-filled in information I get the error "Invalid credentials". So I
suspected that I had somehow gotten the password wrong, and tried
resetting it, but this didn't help.



Seems like no matter what I enter it returns "Error: No such object" or
"Error: Invalid credentials". At least the last one I suppose means it
managed to connect to the LDAP server, but got the wrong admin password
or something? If it is the wrong password, how can I reset it?




Do you use the console? What username and password do you use? I
suppose you could also use the directory manager DN and password for
your configuration directory server (the server that holds the
o=NetscapeRoot information).



Using the console isn't possible as the console doesn't start, as stated
in my first message in this thread. That is, I can't login with the
console at least, it fails with
"netscape.ldap.LDAPException: error result (32); No such object".


I use the same username and password for the console that I've always
used, and this is the same as what I enter when running
setup-ds-admin.pl, which is rejected with "Error: Invalid credentials".


Try this:
ldapsearch -x -h configdshostname -D "uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot" -w "consoleuserpassword" -s base
-b "o=netscaperoot"


The -D binddn should be the same as what's in
/etc/dirsrv/admin-serv/adm.conf


If this command gives you Invalid credentials, then you have most likely
forgotten your console admin password, which is _not_ the same as the
directory manager password, which is why following the directions below
did not do anything.


If you need to reset your console admin password, do something like this:
ldapmodify -x -h configdshostname -D "cn=directory manager" -w
dirmgrpassword

dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
changetype: modify
replace: userPassword
userPassword: thenewpassword

I have also tried resetting this password following the howto at
http://directory.fedoraproject.org/wiki/Howto:ResetDirMgrPassword, but
this didn't help either.


--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

On Wed, Nov 04, 2009 at 08:34:40AM -0700, Rich Megginson wrote:
> Try this:
> ldapsearch -x -h configdshostname -D "uid=admin, ou=Administrators,
> ou=TopologyManagement, o=NetscapeRoot" -w "consoleuserpassword" -s base
> -b "o=netscaperoot"
>
> The -D binddn should be the same as what's in
> /etc/dirsrv/admin-serv/adm.conf
>
> If this command gives you Invalid credentials, then you have most likely
> forgotten your console admin password, which is _not_ the same as the
> directory manager password, which is why following the directions below
> did not do anything.
>
> If you need to reset your console admin password, do something like this:
> ldapmodify -x -h configdshostname -D "cn=directory manager" -w
> dirmgrpassword
> dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
> changetype: modify
> replace: userPassword
> userPassword: thenewpassword

Ah, yes, that fixed it, now the console works, thank you.

--
regards, Jens Ådne Rydland

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users