FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-23-2010, 04:27 AM
Steven Jones
 
Default restarting the 389 after a reboot

Hi,

After a system reboot the Ldap admin service appears not to be running.

How do I restart it?

I tried "service dirsrv-admin start" but this just hangs / never returns to the console.

thanks

Steven
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 05:29 AM
Techie
 
Default restarting the 389 after a reboot

What does /var/log/dirsrv/admin-serv/error say? Should give you a good
clue. Kind of sounds like an SSL instance trying to start without a
pin file but just guessing there.

TC

On Tue, Jun 22, 2010 at 9:27 PM, Steven Jones <Steven.Jones@vuw.ac.nz> wrote:
> Hi,
>
> After a system reboot the Ldap admin service appears not to be running.
>
> How do I restart it?
>
> I tried "service dirsrv-admin start" but this just hangs / never returns to the console.
>
> thanks
>
> Steven
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 10:16 PM
Steven Jones
 
Default restarting the 389 after a reboot

Hi,

I eventually thought that....ie pin file.....however I am not aware Ive set the admin server for ssl.....the actual directory server is, and has a pin file and it starts....so I'll go back and make one.

However from the docs, starting it at the command line should then see it asking for the password....I dont see that.

There is nothing in the error log....

========
[root@vuwunicooimm001 admin-serv]# ls -l
total 32
-rw-r--r-- 1 root root 28866 Jun 22 14:49 access
-rw-r--r-- 1 root root 0 Jun 23 16:30 error
[root@vuwunicooimm001 admin-serv]# tail access
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:03:44 +1200] "GET /slapd-vuwunicooimm001/Tasks/Operation/Restart HTTP/1.0" 200 2384
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:04:30 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 643
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:04:30 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1338
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:04:40 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1872
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:05:06 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 643
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:05:06 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1338
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:05:16 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1815
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:14:47:34 +1200] "POST /slapd-vuwunicooimm001/Tasks/Operation/ViewLog HTTP/1.0" 200 3883
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:14:47:58 +1200] "POST /slapd-vuwunicooimm001/Tasks/Operation/ViewLog HTTP/1.0" 200 2174
130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:14:49:45 +1200] "GET /slapd-vuwunicooimm001/Tasks/Operation/Restart HTTP/1.0" 200 2270
[root@vuwunicooimm001 admin-serv]#
========


regards

Steve n

-----Original Message-----
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Techie
Sent: Wednesday, 23 June 2010 5:30 p.m.
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] restarting the 389 after a reboot

What does /var/log/dirsrv/admin-serv/error say? Should give you a good
clue. Kind of sounds like an SSL instance trying to start without a
pin file but just guessing there.

TC

On Tue, Jun 22, 2010 at 9:27 PM, Steven Jones <Steven.Jones@vuw.ac.nz> wrote:
> Hi,
>
> After a system reboot the Ldap admin service appears not to be running.
>
> How do I restart it?
>
> I tried "service dirsrv-admin start" but this just hangs / never returns to the console.
>
> thanks
>
> Steven
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-23-2010, 10:34 PM
Rich Megginson
 
Default restarting the 389 after a reboot

Steven Jones wrote:
> Hi,
>
> I eventually thought that....ie pin file.....however I am not aware Ive set the admin server for ssl.....the actual directory server is, and has a pin file and it starts....so I'll go back and make one.
>
> However from the docs, starting it at the command line should then see it asking for the password....I dont see that.
>
> There is nothing in the error log....
>
start the admin server like this:
/usr/sbin/start-ds-admin -e debug
> ========
> [root@vuwunicooimm001 admin-serv]# ls -l
> total 32
> -rw-r--r-- 1 root root 28866 Jun 22 14:49 access
> -rw-r--r-- 1 root root 0 Jun 23 16:30 error
> [root@vuwunicooimm001 admin-serv]# tail access
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:03:44 +1200] "GET /slapd-vuwunicooimm001/Tasks/Operation/Restart HTTP/1.0" 200 2384
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:04:30 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 643
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:04:30 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1338
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:04:40 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1872
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:05:06 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 643
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:05:06 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1338
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:13:05:16 +1200] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 1815
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:14:47:34 +1200] "POST /slapd-vuwunicooimm001/Tasks/Operation/ViewLog HTTP/1.0" 200 3883
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:14:47:58 +1200] "POST /slapd-vuwunicooimm001/Tasks/Operation/ViewLog HTTP/1.0" 200 2174
> 130.195.53.100 - uid=ldapadmin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [22/Jun/2010:14:49:45 +1200] "GET /slapd-vuwunicooimm001/Tasks/Operation/Restart HTTP/1.0" 200 2270
> [root@vuwunicooimm001 admin-serv]#
> ========
>
>
> regards
>
> Steve n
>
> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Techie
> Sent: Wednesday, 23 June 2010 5:30 p.m.
> To: General discussion list for the 389 Directory server project.
> Subject: Re: [389-users] restarting the 389 after a reboot
>
> What does /var/log/dirsrv/admin-serv/error say? Should give you a good
> clue. Kind of sounds like an SSL instance trying to start without a
> pin file but just guessing there.
>
> TC
>
> On Tue, Jun 22, 2010 at 9:27 PM, Steven Jones <Steven.Jones@vuw.ac.nz> wrote:
>
>> Hi,
>>
>> After a system reboot the Ldap admin service appears not to be running.
>>
>> How do I restart it?
>>
>> I tried "service dirsrv-admin start" but this just hangs / never returns to the console.
>>
>> thanks
>>
>> Steven
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-24-2010, 02:59 AM
Steven Jones
 
Default restarting the 389 after a reboot

8><----

>start the admin server like this:
>/usr/sbin/start-ds-admin -e debug

8><----

Great thanks...nice output.....

====================
[root@vuwunicooimm001 admin-serv]# /usr/sbin/start-ds-admin -e debug
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module authz_host_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module auth_basic_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module authn_file_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module log_config_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module env_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module mime_magic_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module expires_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module deflate_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module headers_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module unique_id_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module setenvif_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module mime_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module vhost_alias_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module negotiation_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module dir_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module actions_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module alias_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module rewrite_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module cache_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module disk_cache_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module cgi_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module restartd_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module nss_module
[Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module admserv_module
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2506): [18043] create_server_config [0xbogus %p for (null)
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for (null)
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2567): [18043] Set [0xbogus %p [ADMCacheLifeTime] to 600
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2585): [18043] Set [0xbogus %p [ADMServerVersionString] to 389-Administrator/1.1.10
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/*
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2519): [18043] adminsdk [0xbogus %p flag 1
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for /*/[tT]asks/[Cc]onfiguration/*
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2519): [18043] adminsdk [0xbogus %p flag 1
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove )$
[Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2519): [18043] adminsdk [0xbogus %p flag 0
httpd (pid 11347) already running
[root@vuwunicooimm001 admin-serv]# pwd
/etc/dirsrv/admin-serv
=============

So I stopped it with,

"stop-ds-admin"

and restarted it,

=====================
[root@vuwunicooimm001 sbin]# /usr/sbin/start-ds-admin -e debug
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module authz_host_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module auth_basic_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module authn_file_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module log_config_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module env_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module mime_magic_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module expires_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module deflate_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module headers_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module unique_id_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module setenvif_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module mime_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module vhost_alias_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module negotiation_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module dir_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module actions_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module alias_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module rewrite_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module cache_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module disk_cache_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module cgi_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module restartd_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module nss_module
[Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module admserv_module
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2506): [18668] create_server_config [0xbogus %p for (null)
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for (null)
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2567): [18668] Set [0xbogus %p [ADMCacheLifeTime] to 600
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2585): [18668] Set [0xbogus %p [ADMServerVersionString] to 389-Administrator/1.1.10
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/*
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2519): [18668] adminsdk [0xbogus %p flag 1
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for /*/[tT]asks/[Cc]onfiguration/*
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2519): [18668] adminsdk [0xbogus %p flag 1
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove )$
[Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2519): [18668] adminsdk [0xbogus %p flag 0
[root@vuwunicooimm001 sbin]#
====================

So I try the console, and I get a pop up box saying,

"Cannot logon because of an incorrect User ID, incorrect password or directory problem"

"java.io.InterruptedIOException: HTTP response timeout"

It appears to disappear on the second or tenth attempt, the admin server seems to take 2 to 7 minutes to get ready to answer.......

Then I get cannot connect to the directory server blah:389.

Now I have some error messages,

===========
[Thu Jun 24 14:05:46 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain] did not match pattern [*.vuw.ac.nz] -will scan aliases
[Thu Jun 24 14:05:46 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not match pattern [*.vuw.ac.nz]
[Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(2762): admserv_check_user_id
[Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(1910): [18934] cache entry not found for user [ldapadmin]
[Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(1918): [18934] user [ldapadmin] not cached - reason user not in cache
[Thu Jun 24 14:05:46 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
[Thu Jun 24 14:05:46 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler
[Thu Jun 24 14:05:46 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
[Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(2609): userauth, bind (null)
[Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain] did not match pattern [*.vuw.ac.nz] -will scan aliases
[Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not match pattern [*.vuw.ac.nz]
[Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(2762): admserv_check_user_id
[Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(1910): [18934] cache entry not found for user [ldapadmin]
[Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(1918): [18934] user [ldapadmin] not cached - reason user not in cache
[Thu Jun 24 14:52:25 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
[Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler
[Thu Jun 24 14:52:25 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
[Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(2609): userauth, bind (null)
[root@vuwunicooimm001 admin-serv]#
====================

regards

Steven










--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-24-2010, 03:00 PM
Rich Megginson
 
Default restarting the 389 after a reboot

Steven Jones wrote:
> 8><----
>
>
>> start the admin server like this:
>> /usr/sbin/start-ds-admin -e debug
>>
>
> 8><----
>
> Great thanks...nice output.....
>
> ====================
> [root@vuwunicooimm001 admin-serv]# /usr/sbin/start-ds-admin -e debug
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module authz_host_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module auth_basic_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module authn_file_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module log_config_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module env_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module mime_magic_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module expires_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module deflate_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module headers_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module unique_id_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module setenvif_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module mime_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module vhost_alias_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module negotiation_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module dir_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module actions_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module alias_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module rewrite_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module cache_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module disk_cache_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module cgi_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module restartd_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module nss_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_so.c(246): loaded module admserv_module
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2506): [18043] create_server_config [0xbogus %p for (null)
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for (null)
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2567): [18043] Set [0xbogus %p [ADMCacheLifeTime] to 600
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2585): [18043] Set [0xbogus %p [ADMServerVersionString] to 389-Administrator/1.1.10
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/*
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2519): [18043] adminsdk [0xbogus %p flag 1
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for /*/[tT]asks/[Cc]onfiguration/*
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2519): [18043] adminsdk [0xbogus %p flag 1
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2494): [18043] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove )$
> [Thu Jun 24 13:44:55 2010] [debug] mod_admserv/mod_admserv.c(2519): [18043] adminsdk [0xbogus %p flag 0
> httpd (pid 11347) already running
> [root@vuwunicooimm001 admin-serv]# pwd
> /etc/dirsrv/admin-serv
> =============
>
> So I stopped it with,
>
> "stop-ds-admin"
>
> and restarted it,
>
> =====================
> [root@vuwunicooimm001 sbin]# /usr/sbin/start-ds-admin -e debug
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module authz_host_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module auth_basic_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module authn_file_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module log_config_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module env_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module mime_magic_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module expires_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module deflate_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module headers_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module unique_id_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module setenvif_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module mime_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module vhost_alias_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module negotiation_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module dir_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module actions_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module alias_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module rewrite_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module cache_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module disk_cache_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module cgi_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module restartd_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module nss_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_so.c(246): loaded module admserv_module
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2506): [18668] create_server_config [0xbogus %p for (null)
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for (null)
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2567): [18668] Set [0xbogus %p [ADMCacheLifeTime] to 600
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2585): [18668] Set [0xbogus %p [ADMServerVersionString] to 389-Administrator/1.1.10
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/*
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2519): [18668] adminsdk [0xbogus %p flag 1
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for /*/[tT]asks/[Cc]onfiguration/*
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2519): [18668] adminsdk [0xbogus %p flag 1
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2494): [18668] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove )$
> [Thu Jun 24 13:56:59 2010] [debug] mod_admserv/mod_admserv.c(2519): [18668] adminsdk [0xbogus %p flag 0
> [root@vuwunicooimm001 sbin]#
>
Note that more debug output will go to the
/var/log/dirsrv/admin-serv/error file.
> ====================
>
> So I try the console, and I get a pop up box saying,
>
> "Cannot logon because of an incorrect User ID, incorrect password or directory problem"
>
> "java.io.InterruptedIOException: HTTP response timeout"
>
> It appears to disappear on the second or tenth attempt, the admin server seems to take 2 to 7 minutes to get ready to answer.......
>
> Then I get cannot connect to the directory server blah:389.
>
> Now I have some error messages,
>
> ===========
> [Thu Jun 24 14:05:46 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain] did not match pattern [*.vuw.ac.nz] -will scan aliases
> [Thu Jun 24 14:05:46 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not match pattern [*.vuw.ac.nz]
> [Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(2762): admserv_check_user_id
> [Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(1910): [18934] cache entry not found for user [ldapadmin]
> [Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(1918): [18934] user [ldapadmin] not cached - reason user not in cache
> [Thu Jun 24 14:05:46 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
>
This is the real problem I think - looks like you've told the
console/admin server to use SSL to connect to the directory server, but
you haven't specified to use port 636

http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information

see also the configuration directory ldap url - ldapurl in
/etc/dirsrv/admin-serv/adm.conf
> [Thu Jun 24 14:05:46 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler
> [Thu Jun 24 14:05:46 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
> [Thu Jun 24 14:05:46 2010] [debug] mod_admserv/mod_admserv.c(2609): userauth, bind (null)
> [Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
> [Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain] did not match pattern [*.vuw.ac.nz] -will scan aliases
> [Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not match pattern [*.vuw.ac.nz]
> [Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(2762): admserv_check_user_id
> [Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(1910): [18934] cache entry not found for user [ldapadmin]
> [Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(1918): [18934] user [ldapadmin] not cached - reason user not in cache
> [Thu Jun 24 14:52:25 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
> [Thu Jun 24 14:52:25 2010] [notice] [client 127.0.0.1] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler
> [Thu Jun 24 14:52:25 2010] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 389: 4
> [Thu Jun 24 14:52:25 2010] [debug] mod_admserv/mod_admserv.c(2609): userauth, bind (null)
> [root@vuwunicooimm001 admin-serv]#
> ====================
>
> regards
>
> Steven
>
>
>
>
>
>
>
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-24-2010, 09:31 PM
Steven Jones
 
Default restarting the 389 after a reboot

8><-----


*


This is the real problem I think - looks like you've told
the


console/admin server to use SSL to connect to the
directory server, but


you haven't specified to use port 636


*


8><-----


Im not aware I did....


8><-----


*


http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information


*


see also the configuration directory ldap url - ldapurl
in


/etc/dirsrv/admin-serv/adm.conf


*


8><-----


*


Ok, I fixed the latter by
editing the adm.conf to point at 636....however I now have a SSL error...


*


============


[root@vuwunicooimm001
admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w XXXXXXX -b
o=netscaperoot "(&(nsServerID=slapd-vuwunicooimm001))"


ldap_bind: Can't contact LDAP
server (-1)


*******
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


============


*


Ive tried using this syntax but
with no joy...


*


ldapmodify -x -D
"cn=directory manager" -w password


dn: dn of your server instance
entry


changetype: modify


replace: nsServerSecurity


nsServerSecurity: on


*


so my command is,


*


ldapmodify -x -D
"cn=lpdapadmin" -w password XXXXXXX dn:vuwunicooimm001.vuw.ac.nz changetype:
modify replace: nsServerSecurity nsServerSecurity on


*


which fails......


*


Doing a,


*


[root@vuwunicooimm001
admin-serv]# certutil -d . -L


*


===============


Certificate
Nickname****************************************
Trust Attributes


************************************************** **********
SSL,S/MIME,JAR/XPI


*


VUW CA
cert********************************************** ***
CT,,


==============


*


So I dont know if cutting and
pasting the errors work, anyway, attempting to restart the console I get,


*





*


So I put in the details,


*





*


Which fails,


*


*


error log for adminserv....


*


*


==========================


[Fri Jun 25 09:19:22 2010]
[notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not
resolve 127.0.0.1


[Fri Jun 25 09:19:22 2010]
[notice] [client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain]
did not match pattern [*.vuw.ac.nz] -will scan aliases


[Fri Jun 25 09:19:22 2010]
[notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did
not match pattern [*.vuw.ac.nz]


[Fri Jun 25 09:19:22 2010]
[debug] mod_admserv/mod_admserv.c(2762): admserv_check_user_id


[Fri Jun 25 09:19:22 2010]
[debug] mod_admserv/mod_admserv.c(1910): [25584] cache entry not found for user
[ldapadmin]


[Fri Jun 25 09:19:22 2010]
[debug] mod_admserv/mod_admserv.c(1918): [25584] user [ldapadmin] not cached -
reason user not in cache


[Fri Jun 25 09:19:22 2010]
[crit] buildUGInfo(): unable to initialize TLS connection to LDAP host
vuwunicooimm001.vuw.ac.nz port 636: 4


[Fri Jun 25 09:19:22 2010]
[notice] [client 127.0.0.1] admserv_check_authz(): passing
[/admin-serv/authenticate] to the userauth handler


[Fri Jun 25 09:19:22 2010]
[crit] buildUGInfo(): unable to initialize TLS connection to LDAP host
vuwunicooimm001.vuw.ac.nz port 636: 4


[Fri Jun 25 09:19:22 2010]
[debug] mod_admserv/mod_admserv.c(2609): userauth, bind (null)


=========================


*


*


regards


*


*


*


*


*


*


*







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-24-2010, 09:48 PM
Rich Megginson
 
Default restarting the 389 after a reboot

Steven Jones wrote:
>
> 8><-----
>
>
>
> This is the real problem I think - looks like you've told the
>
> console/admin server to use SSL to connect to the directory server, but
>
> you haven't specified to use port 636
>
>
>
> 8><-----
>
> Im not aware I did....
>
> 8><-----
>
>
>
> http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information
>
>
>
> see also the configuration directory ldap url - ldapurl in
>
> /etc/dirsrv/admin-serv/adm.conf
>
>
>
> 8><-----
>
>
>
> Ok, I fixed the latter by editing the adm.conf to point at
> 636....however I now have a SSL error...
>
>
>
> ============
>
> [root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w
> XXXXXXX -b o=netscaperoot "(&(nsServerID=slapd-vuwunicooimm001))"
>
> ldap_bind: Can't contact LDAP server (-1)
>
> additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
Why is /usr/bin/ldapsearch attempting to use SSL by default? What's in
your /etc/openldap/ldap.conf or ~/.ldaprc?
>
> ============
>
>
>
> Ive tried using this syntax but with no joy...
>
>
>
> ldapmodify -x -D "cn=directory manager" -w password
>
> dn: dn of your server instance entry
>
> changetype: modify
>
> replace: nsServerSecurity
>
> nsServerSecurity: on
>
>
>
> so my command is,
>
>
>
> ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
> dn:vuwunicooimm001.vuw.ac.nz changetype: modify replace:
> nsServerSecurity nsServerSecurity on
>
? this is all on one command line? I guess it's not clear from the
example, but ldapmodify by default wants to read the LDIF input from
stdin - so after you type in
$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
it will wait for you to type in the rest on stdin, followed by a blank
line (i.e. hit Enter twice) followed by Ctrl-C or Ctrl-D to "get out" of
ldapmodify

you could also dump those commands in a file and run
$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX -f /path/to/file.ldif
>
>
>
> which fails......
>
>
>
> Doing a,
>
>
>
> [root@vuwunicooimm001 admin-serv]# certutil -d . -L
>
>
>
> ===============
>
> Certificate Nickname Trust
> Attributes
>
>
> SSL,S/MIME,JAR/XPI
>
>
>
> VUW CA cert CT,,
>
> ==============
>
>
>
> So I dont know if cutting and pasting the errors work, anyway,
> attempting to restart the console I get,
>
>
>
>
>
> So I put in the details,
>
>
>
>
>
> Which fails,
>
Is the directory server listening for TLS/SSL requests on port 636?
That is, have you configured the directory server for TLS/SSL and have
you confirmed that it is listening?
>
>
>
>
>
> error log for adminserv....
>
>
>
>
>
> ==========================
>
> [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>
> [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: host [localhost.localdomain] did not match
> pattern [*.vuw.ac.nz] -will scan aliases
>
> [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: host alias [localhost] did not match pattern
> [*.vuw.ac.nz]
>
> [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(2762):
> admserv_check_user_id
>
> [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(1910):
> [25584] cache entry not found for user [ldapadmin]
>
> [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(1918):
> [25584] user [ldapadmin] not cached - reason user not in cache
>
> [Fri Jun 25 09:19:22 2010] [crit] buildUGInfo(): unable to initialize
> TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 636: 4
>
> [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1]
> admserv_check_authz(): passing [/admin-serv/authenticate] to the
> userauth handler
>
> [Fri Jun 25 09:19:22 2010] [crit] buildUGInfo(): unable to initialize
> TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 636: 4
>
> [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(2609):
> userauth, bind (null)
>
> =========================
>
>
>
>
>
> regards
>
Before you do anything else, confirm that the directory server is indeed
listening for TLS/SSL requests on port 636.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-24-2010, 10:49 PM
Steven Jones
 
Default restarting the 389 after a reboot

Steven Jones wrote:
>
8><-----
>
>
> see also the configuration directory ldap url - ldapurl in
>
> /etc/dirsrv/admin-serv/adm.conf
>
8><-----
>
> Ok, I fixed the latter by editing the adm.conf to point at
> 636....however I now have a SSL error...
>
> ============
>
> [root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w
> XXXXXXX -b o=netscaperoot "(&(nsServerID=slapd-vuwunicooimm001))"
>
> ldap_bind: Can't contact LDAP server (-1)
>
> additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
Why is /usr/bin/ldapsearch attempting to use SSL by default? What's in
your /etc/openldap/ldap.conf or ~/.ldaprc?

Ok, fixed

ldaps changed to ldap

>
> ============
>
>
>
> Ive tried using this syntax but with no joy...
>
>
>
> ldapmodify -x -D "cn=directory manager" -w password
>
> dn: dn of your server instance entry
>
> changetype: modify
>
> replace: nsServerSecurity
>
> nsServerSecurity: on
>
>
>
> so my command is,
>
>
>
> ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
> dn:vuwunicooimm001.vuw.ac.nz changetype: modify replace:
> nsServerSecurity nsServerSecurity on
>
? this is all on one command line?


Yes...


I guess it's not clear from the
example, but ldapmodify by default wants to read the LDIF input from
stdin - so after you type in

OK.......


$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
it will wait for you to type in the rest on stdin, followed by a blank
line (i.e. hit Enter twice) followed by Ctrl-C or Ctrl-D to "get out" of
ldapmodify


===================
[root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin"
ldap_bind: Server is unwilling to perform (53)
additional info: Unauthenticated binds are not allowed
[root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w XXXXXX
ldap_bind: No such object (32)
[root@vuwunicooimm001 admin-serv]#
===================

um?


you could also dump those commands in a file and run
$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX -f /path/to/file.ldif

===================
[root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin" -w cvbrty542 -f file.ldif
ldap_bind: No such object (32)
[root@vuwunicooimm001 admin-serv]#
===================

8><----------
>
Is the directory server listening for TLS/SSL requests on port 636?
That is, have you configured the directory server for TLS/SSL and have
you confirmed that it is listening?
>
8><-----
>
Before you do anything else, confirm that the directory server is indeed
listening for TLS/SSL requests on port 636.
>

=============
[root@vuwunicooimm001 admin-serv]# netstat -a -n |grep :636
tcp 0 0 127.0.0.1:49186 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:49185 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35428 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35429 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35430 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35424 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35425 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35426 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35427 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35412 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35413 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35414 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35415 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35408 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35409 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35410 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35411 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35420 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35421 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35422 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35423 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35416 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35417 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35418 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35419 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35404 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35405 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35406 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35407 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35403 127.0.0.1:636 TIME_WAIT
tcp 0 0 :::636 :::* LISTEN
[root@vuwunicooimm001 admin-serv]#
============

regards

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-25-2010, 02:44 PM
Nathan Kinder
 
Default restarting the 389 after a reboot

On 06/24/2010 03:49 PM, Steven Jones wrote:
> Steven Jones wrote:
>
>>
> 8><-----
>
>>
>> see also the configuration directory ldap url - ldapurl in
>>
>> /etc/dirsrv/admin-serv/adm.conf
>>
>>
> 8><-----
>
>> Ok, I fixed the latter by editing the adm.conf to point at
>> 636....however I now have a SSL error...
>>
>> ============
>>
>> [root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w
>> XXXXXXX -b o=netscaperoot "(&(nsServerID=slapd-vuwunicooimm001))"
>>
>> ldap_bind: Can't contact LDAP server (-1)
>>
>> additional info: error:14090086:SSL
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>
>>
> Why is /usr/bin/ldapsearch attempting to use SSL by default? What's in
> your /etc/openldap/ldap.conf or ~/.ldaprc?
>
> Ok, fixed
>
> ldaps changed to ldap
>
>
>> ============
>>
>>
>>
>> Ive tried using this syntax but with no joy...
>>
>>
>>
>> ldapmodify -x -D "cn=directory manager" -w password
>>
>> dn: dn of your server instance entry
>>
>> changetype: modify
>>
>> replace: nsServerSecurity
>>
>> nsServerSecurity: on
>>
>>
>>
>> so my command is,
>>
>>
>>
>> ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
>> dn:vuwunicooimm001.vuw.ac.nz changetype: modify replace:
>> nsServerSecurity nsServerSecurity on
>>
>>
> ? this is all on one command line?
>
>
> Yes...
>
>
> I guess it's not clear from the
> example, but ldapmodify by default wants to read the LDIF input from
> stdin - so after you type in
>
> OK.......
>
>
> $ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
> it will wait for you to type in the rest on stdin, followed by a blank
> line (i.e. hit Enter twice) followed by Ctrl-C or Ctrl-D to "get out" of
> ldapmodify
>
>
> ===================
> [root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin"
> ldap_bind: Server is unwilling to perform (53)
> additional info: Unauthenticated binds are not allowed
> [root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w XXXXXX
> ldap_bind: No such object (32)
> [root@vuwunicooimm001 admin-serv]#
> ===================
>
> um?
>
You need to specify a password with the "-w" option to ldapmodify.
Supplying a bind DN with no password is considered an "unauthenticated"
bind, which is not allowed by default.

I believe the ldapsearch error is saying that the "cn=ldapadmin" entry
does not exist. This does not appear to be a full DN. You can check
what your ldap "superuser" account is by looking at your nsslapd-rootdn
setting /etc/dirsrv/slapd-<foo>/dse.ldif. The default is "cn=Directory
Manager". If you actually created a "cn=ldapadmin" user in your
database, you need to specify the rest of the DN when binding as that user.
>
> you could also dump those commands in a file and run
> $ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX -f /path/to/file.ldif
>
> ===================
> [root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin" -w cvbrty542 -f file.ldif
> ldap_bind: No such object (32)
> [root@vuwunicooimm001 admin-serv]#
> ===================
>
> 8><----------
>
>>
> Is the directory server listening for TLS/SSL requests on port 636?
> That is, have you configured the directory server for TLS/SSL and have
> you confirmed that it is listening?
>
>>
> 8><-----
>
>>
> Before you do anything else, confirm that the directory server is indeed
> listening for TLS/SSL requests on port 636.
>
>>
> =============
> [root@vuwunicooimm001 admin-serv]# netstat -a -n |grep :636
> tcp 0 0 127.0.0.1:49186 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:49185 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35428 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35429 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35430 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35424 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35425 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35426 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35427 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35412 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35413 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35414 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35415 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35408 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35409 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35410 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35411 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35420 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35421 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35422 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35423 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35416 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35417 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35418 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35419 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35404 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35405 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35406 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35407 127.0.0.1:636 TIME_WAIT
> tcp 0 0 127.0.0.1:35403 127.0.0.1:636 TIME_WAIT
> tcp 0 0 :::636 :::* LISTEN
> [root@vuwunicooimm001 admin-serv]#
> ============
>
> regards
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 09:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org