FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 11-30-2010, 08:20 PM
"trisooma"
 
Default New 389 ds install - cannot logon to adm console

If i am reading the code correctly (and looking at the logging below), the
line that has a severity of 'crit' should dump info for the ldap server we
are connecting to.
In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even
with an odd number like 23395496 (see Eric's first post).

[Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init
failed for ldap://:389
[Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to
populate LocalAdmin tasks into cache.
[Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured --
resuming normal operations
[Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init
failed for ldap://:389
[Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to
populate LocalAdmin tasks into cache.

The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]

ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
"openLDAPConnection(): util_ldap_init failed for
ldap%s://%s:%d",
data->secure ? "s" : "",
data->host, data->port);

It seems that the struct 'data' is not filled with the correct values.

BTW. this code was taken from 389-admin-1.1.12.a2

I hope this helps,

Regards,

Trisooma

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-30-2010, 08:23 PM
Rich Megginson
 
Default New 389 ds install - cannot logon to adm console

On 11/30/2010 02:20 PM, trisooma wrote:
> If i am reading the code correctly (and looking at the logging below), the
> line that has a severity of 'crit' should dump info for the ldap server we
> are connecting to.
> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes even
> with an odd number like 23395496 (see Eric's first post).
>
> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init
> failed for ldap://:389
> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial LDAPConnection to
> populate LocalAdmin tasks into cache.
> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured --
> resuming normal operations
> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init
> failed for ldap://:389
> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial LDAPConnection to
> populate LocalAdmin tasks into cache.
>
> The code that logs this error looks like this [mod_admserv/mod_admserv.c:517]
>
> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
> "openLDAPConnection(): util_ldap_init failed for
> ldap%s://%s:%d",
> data->secure ? "s" : "",
> data->host, data->port);
>
> It seems that the struct 'data' is not filled with the correct values.
That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
> BTW. this code was taken from 389-admin-1.1.12.a2
>
> I hope this helps,
>
> Regards,
>
> Trisooma
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-30-2010, 08:32 PM
Trisooma
 
Default New 389 ds install - cannot logon to adm console

On 11/30/2010 10:23 PM, Rich Megginson wrote:
> On 11/30/2010 02:20 PM, trisooma wrote:
>> If i am reading the code correctly (and looking at the logging
>> below), the
>> line that has a severity of 'crit' should dump info for the ldap
>> server we
>> are connecting to.
>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>> even
>> with an odd number like 23395496 (see Eric's first post).
>>
>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init
>> failed for ldap://:389
>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>> LDAPConnection to
>> populate LocalAdmin tasks into cache.
>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured --
>> resuming normal operations
>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init
>> failed for ldap://:389
>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>> LDAPConnection to
>> populate LocalAdmin tasks into cache.
>>
>> The code that logs this error looks like this
>> [mod_admserv/mod_admserv.c:517]
>>
>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
>> "openLDAPConnection(): util_ldap_init failed for
>> ldap%s://%s:%d",
>> data->secure ? "s" : "",
>> data->host, data->port);
>>
>> It seems that the struct 'data' is not filled with the correct values.
> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
My bad, see
http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
>> BTW. this code was taken from 389-admin-1.1.12.a2
>>
>> I hope this helps,
>>
>> Regards,
>>
>> Trisooma
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-30-2010, 08:51 PM
Rich Megginson
 
Default New 389 ds install - cannot logon to adm console

On 11/30/2010 02:32 PM, Trisooma wrote:
> On 11/30/2010 10:23 PM, Rich Megginson wrote:
>> On 11/30/2010 02:20 PM, trisooma wrote:
>>> If i am reading the code correctly (and looking at the logging
>>> below), the
>>> line that has a severity of 'crit' should dump info for the ldap
>>> server we
>>> are connecting to.
>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>>> even
>>> with an odd number like 23395496 (see Eric's first post).
>>>
>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init
>>> failed for ldap://:389
>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>>> LDAPConnection to
>>> populate LocalAdmin tasks into cache.
>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured --
>>> resuming normal operations
>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init
>>> failed for ldap://:389
>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>>> LDAPConnection to
>>> populate LocalAdmin tasks into cache.
>>>
>>> The code that logs this error looks like this
>>> [mod_admserv/mod_admserv.c:517]
>>>
>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
>>> "openLDAPConnection(): util_ldap_init failed for
>>> ldap%s://%s:%d",
>>> data->secure ? "s" : "",
>>> data->host, data->port);
>>>
>>> It seems that the struct 'data' is not filled with the correct values.
>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
> My bad, see
> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
First, upgrade to the latest versions of these components from the
testing repo
yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base 389-adminutil

Then, run
setup-ds-admin.pl -u

Then try

ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
youradminpassword -s base -b "cn=389 Administration Server,cn=Server
Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

and

ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration
Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>>> BTW. this code was taken from 389-admin-1.1.12.a2
>>>
>>> I hope this helps,
>>>
>>> Regards,
>>>
>>> Trisooma
>>>
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-30-2010, 10:33 PM
"trisooma"
 
Default New 389 ds install - cannot logon to adm console

> On 11/30/2010 02:32 PM, Trisooma wrote:
>> On 11/30/2010 10:23 PM, Rich Megginson wrote:
>>> On 11/30/2010 02:20 PM, trisooma wrote:
>>>> If i am reading the code correctly (and looking at the logging
>>>> below), the
>>>> line that has a severity of 'crit' should dump info for the ldap
>>>> server we
>>>> are connecting to.
>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>>>> even
>>>> with an odd number like 23395496 (see Eric's first post).
>>>>
>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init
>>>> failed for ldap://:389
>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>>>> LDAPConnection to
>>>> populate LocalAdmin tasks into cache.
>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured --
>>>> resuming normal operations
>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init
>>>> failed for ldap://:389
>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>>>> LDAPConnection to
>>>> populate LocalAdmin tasks into cache.
>>>>
>>>> The code that logs this error looks like this
>>>> [mod_admserv/mod_admserv.c:517]
>>>>
>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
>>>> "openLDAPConnection(): util_ldap_init failed
>>>> for
>>>> ldap%s://%s:%d",
>>>> data->secure ? "s" : "",
>>>> data->host, data->port);
>>>>
>>>> It seems that the struct 'data' is not filled with the correct values.
>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
>> My bad, see
>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
> First, upgrade to the latest versions of these components from the
> testing repo
> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base
> 389-adminutil
>
> Then, run
> setup-ds-admin.pl -u
>
> Then try
>
> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
> youradminpassword -s base -b "cn=389 Administration Server,cn=Server
> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>
> and
>
> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration
> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>

Using the above i can confirm that i can now use the console to log in and
administer my DS (though i had to remove selinux-policy-targeted). The
command 'setup-ds-admin.pl -u' ran without a hitch.

the results of both ldap queries are below:

[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
base -b "cn=389 Administration Server,cn=Server
Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
Enter LDAP Password:
dn: cn=389 Administration Server,cn=Server
Group,cn=icicle.phasma.nl,ou=phasma
.nl,o=NetscapeRoot
nsBuildSecurity: domestic
objectClass: top
objectClass: nsApplication
objectClass: groupOfUniqueNames
cn: 389 Administration Server
nsVendor: 389 Project
installationTimeStamp: 20101124210830Z
nsBuildNumber: 2010.328.157
uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
Grou
p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
nsServerMigrationClassname:
com.netscape.management.admserv.AdminServerProduct
@389-admin-1.1.jar
nsProductName: 389 Administration Server
nsProductVersion: 1.1.13
nsNickName: admin

[root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
Enter LDAP Password:
dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
Group,cn=icicl
e.phasma.nl,ou=phasma.nl,o=NetscapeRoot
objectClass: top
objectClass: netscapeServer
objectClass: nsAdminServer
objectClass: nsResourceRef
objectClass: groupOfUniqueNames
serverHostName: icicle.phasma.nl
cn: admin-serv-icicle
installationTimeStamp: 20101124210830Z
serverProductName: Administration Server
uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
Grou
p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
nsServerID: admin-serv

I proceeded to restart dirsrv-admin, and the log now looks like this:

[Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl
[Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: *
[Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured --
resuming normal operations
[Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl
[Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: *
[Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1]
admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth
handler
[Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10]
admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10
[Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not
exist: /usr/share/dirsrv/html/java/jars

Still some errors are visible in the logfile, but i can log in and add
users/groups using the console. When i navigate to 'Directory Server' >
'Configuration' i get the following error message:
'Insufficient Permissions': The user
uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot does not
have permission to perform this operation.
When i enter the correct credentials, it seems that everything is working
as it is supposed to.

The log complains about not being able to do a reverse lookup on
192.168.134.10, but this seems wrong (DNS works both ways):

[shadowuser@icicle ~]$ host 192.168.134.10
10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.
[shadowuser@icicle ~]$ host icicle.phasma.nl
icicle.phasma.nl has address 192.168.134.10

Thanks for your patience,

Regards,

Trisooma



>>>> BTW. this code was taken from 389-admin-1.1.12.a2
>>>>
>>>> I hope this helps,
>>>>
>>>> Regards,
>>>>
>>>> Trisooma
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users@lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-30-2010, 10:38 PM
Rich Megginson
 
Default New 389 ds install - cannot logon to adm console

On 11/30/2010 04:33 PM, trisooma wrote:
>> On 11/30/2010 02:32 PM, Trisooma wrote:
>>> On 11/30/2010 10:23 PM, Rich Megginson wrote:
>>>> On 11/30/2010 02:20 PM, trisooma wrote:
>>>>> If i am reading the code correctly (and looking at the logging
>>>>> below), the
>>>>> line that has a severity of 'crit' should dump info for the ldap
>>>>> server we
>>>>> are connecting to.
>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>>>>> even
>>>>> with an odd number like 23395496 (see Eric's first post).
>>>>>
>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection(): util_ldap_init
>>>>> failed for ldap://:389
>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>>>>> LDAPConnection to
>>>>> populate LocalAdmin tasks into cache.
>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured --
>>>>> resuming normal operations
>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection(): util_ldap_init
>>>>> failed for ldap://:389
>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>>>>> LDAPConnection to
>>>>> populate LocalAdmin tasks into cache.
>>>>>
>>>>> The code that logs this error looks like this
>>>>> [mod_admserv/mod_admserv.c:517]
>>>>>
>>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, NULL,
>>>>> "openLDAPConnection(): util_ldap_init failed
>>>>> for
>>>>> ldap%s://%s:%d",
>>>>> data->secure ? "s" : "",
>>>>> data->host, data->port);
>>>>>
>>>>> It seems that the struct 'data' is not filled with the correct values.
>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
>>> My bad, see
>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
>> First, upgrade to the latest versions of these components from the
>> testing repo
>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base
>> 389-adminutil
>>
>> Then, run
>> setup-ds-admin.pl -u
>>
>> Then try
>>
>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server
>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>
>> and
>>
>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389 Administration
>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>
> Using the above i can confirm that i can now use the console to log in and
> administer my DS (though i had to remove selinux-policy-targeted). The
> command 'setup-ds-admin.pl -u' ran without a hitch.
>
> the results of both ldap queries are below:
>
> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
> base -b "cn=389 Administration Server,cn=Server
> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
> Enter LDAP Password:
> dn: cn=389 Administration Server,cn=Server
> Group,cn=icicle.phasma.nl,ou=phasma
> .nl,o=NetscapeRoot
> nsBuildSecurity: domestic
> objectClass: top
> objectClass: nsApplication
> objectClass: groupOfUniqueNames
> cn: 389 Administration Server
> nsVendor: 389 Project
> installationTimeStamp: 20101124210830Z
> nsBuildNumber: 2010.328.157
> uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
> Grou
> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
> nsServerMigrationClassname:
> com.netscape.management.admserv.AdminServerProduct
> @389-admin-1.1.jar
> nsProductName: 389 Administration Server
> nsProductVersion: 1.1.13
> nsNickName: admin
>
> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
> Enter LDAP Password:
> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
> Group,cn=icicl
> e.phasma.nl,ou=phasma.nl,o=NetscapeRoot
> objectClass: top
> objectClass: netscapeServer
> objectClass: nsAdminServer
> objectClass: nsResourceRef
> objectClass: groupOfUniqueNames
> serverHostName: icicle.phasma.nl
> cn: admin-serv-icicle
> installationTimeStamp: 20101124210830Z
> serverProductName: Administration Server
> uniqueMember: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
> Grou
> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
> nsServerID: admin-serv
>
> I proceeded to restart dirsrv-admin, and the log now looks like this:
>
> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl
> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: *
> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured --
> resuming normal operations
> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl
> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: *
> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1]
> admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth
> handler
> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10]
> admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.134.10
> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not
> exist: /usr/share/dirsrv/html/java/jars
This should be ok - it should fallback to /usr/share/dirsrv/html/java
> Still some errors are visible in the logfile,
The one marked [error] above, or are there others? [notice] messages
are ok.
> but i can log in and add
> users/groups using the console. When i navigate to 'Directory Server'>
> 'Configuration' i get the following error message:
> 'Insufficient Permissions': The user
> uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot does not
> have permission to perform this operation.
> When i enter the correct credentials, it seems that everything is working
> as it is supposed to.
"correct credentials"?
> The log complains about not being able to do a reverse lookup on
> 192.168.134.10, but this seems wrong (DNS works both ways):
Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
> [shadowuser@icicle ~]$ host 192.168.134.10
> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.
> [shadowuser@icicle ~]$ host icicle.phasma.nl
> icicle.phasma.nl has address 192.168.134.10
>
> Thanks for your patience,
>
> Regards,
>
> Trisooma
>
>
>
>>>>> BTW. this code was taken from 389-admin-1.1.12.a2
>>>>>
>>>>> I hope this helps,
>>>>>
>>>>> Regards,
>>>>>
>>>>> Trisooma
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@lists.fedoraproject.org
>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 12-01-2010, 11:00 AM
"trisooma"
 
Default New 389 ds install - cannot logon to adm console

> On 11/30/2010 04:33 PM, trisooma wrote:
>>> On 11/30/2010 02:32 PM, Trisooma wrote:
>>>> On 11/30/2010 10:23 PM, Rich Megginson wrote:
>>>>> On 11/30/2010 02:20 PM, trisooma wrote:
>>>>>> If i am reading the code correctly (and looking at the logging
>>>>>> below), the
>>>>>> line that has a severity of 'crit' should dump info for the ldap
>>>>>> server we
>>>>>> are connecting to.
>>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>>>>>> even
>>>>>> with an odd number like 23395496 (see Eric's first post).
>>>>>>
>>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection():
>>>>>> util_ldap_init
>>>>>> failed for ldap://:389
>>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>>>>>> LDAPConnection to
>>>>>> populate LocalAdmin tasks into cache.
>>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured
>>>>>> --
>>>>>> resuming normal operations
>>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection():
>>>>>> util_ldap_init
>>>>>> failed for ldap://:389
>>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>>>>>> LDAPConnection to
>>>>>> populate LocalAdmin tasks into cache.
>>>>>>
>>>>>> The code that logs this error looks like this
>>>>>> [mod_admserv/mod_admserv.c:517]
>>>>>>
>>>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */,
>>>>>> NULL,
>>>>>> "openLDAPConnection(): util_ldap_init failed
>>>>>> for
>>>>>> ldap%s://%s:%d",
>>>>>> data->secure ? "s" : "",
>>>>>> data->host, data->port);
>>>>>>
>>>>>> It seems that the struct 'data' is not filled with the correct
>>>>>> values.
>>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
>>>> My bad, see
>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
>>> First, upgrade to the latest versions of these components from the
>>> testing repo
>>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base
>>> 389-adminutil
>>>
>>> Then, run
>>> setup-ds-admin.pl -u
>>>
>>> Then try
>>>
>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
>>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>>
>>> and
>>>
>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
>>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389
>>> Administration
>>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>>
>> Using the above i can confirm that i can now use the console to log in
>> and
>> administer my DS (though i had to remove selinux-policy-targeted). The
>> command 'setup-ds-admin.pl -u' ran without a hitch.
>>
>> the results of both ldap queries are below:
>>
>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
>> base -b "cn=389 Administration Server,cn=Server
>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>> Enter LDAP Password:
>> dn: cn=389 Administration Server,cn=Server
>> Group,cn=icicle.phasma.nl,ou=phasma
>> .nl,o=NetscapeRoot
>> nsBuildSecurity: domestic
>> objectClass: top
>> objectClass: nsApplication
>> objectClass: groupOfUniqueNames
>> cn: 389 Administration Server
>> nsVendor: 389 Project
>> installationTimeStamp: 20101124210830Z
>> nsBuildNumber: 2010.328.157
>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>> Server,cn=Server
>> Grou
>> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>> nsServerMigrationClassname:
>> com.netscape.management.admserv.AdminServerProduct
>> @389-admin-1.1.jar
>> nsProductName: 389 Administration Server
>> nsProductVersion: 1.1.13
>> nsNickName: admin
>>
>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
>> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>> Enter LDAP Password:
>> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>> Group,cn=icicl
>> e.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>> objectClass: top
>> objectClass: netscapeServer
>> objectClass: nsAdminServer
>> objectClass: nsResourceRef
>> objectClass: groupOfUniqueNames
>> serverHostName: icicle.phasma.nl
>> cn: admin-serv-icicle
>> installationTimeStamp: 20101124210830Z
>> serverProductName: Administration Server
>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>> Server,cn=Server
>> Grou
>> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>> nsServerID: admin-serv
>>
>> I proceeded to restart dirsrv-admin, and the log now looks like this:
>>
>> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl
>> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: *
>> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured --
>> resuming normal operations
>> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl
>> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: *
>> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1]
>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1]
>> admserv_check_authz(): passing [/admin-serv/authenticate] to the
>> userauth
>> handler
>> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10]
>> admserv_host_ip_check: ap_get_remote_host could not resolve
>> 192.168.134.10
>> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not
>> exist: /usr/share/dirsrv/html/java/jars
> This should be ok - it should fallback to /usr/share/dirsrv/html/java
>> Still some errors are visible in the logfile,
> The one marked [error] above, or are there others? [notice] messages
> are ok.

No, this is the only one marked as error.

>> but i can log in and add
>> users/groups using the console. When i navigate to 'Directory Server'>
>> 'Configuration' i get the following error message:
>> 'Insufficient Permissions': The user
>> uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot does
>> not
>> have permission to perform this operation.
>> When i enter the correct credentials, it seems that everything is
>> working
>> as it is supposed to.
> "correct credentials"?

the password that is set for uid=admin,.......; This is only a minor
annoyance, however it does seem strange that i am asked for the password
again.

>> The log complains about not being able to do a reverse lookup on
>> 192.168.134.10, but this seems wrong (DNS works both ways):
> Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups

oke, got it.

>> [shadowuser@icicle ~]$ host 192.168.134.10
>> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.
>> [shadowuser@icicle ~]$ host icicle.phasma.nl
>> icicle.phasma.nl has address 192.168.134.10
>>
>> Thanks for your patience,
>>
>> Regards,
>>
>> Trisooma
>>
>>
>>
>>>>>> BTW. this code was taken from 389-admin-1.1.12.a2
>>>>>>
>>>>>> I hope this helps,
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Trisooma
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users@lists.fedoraproject.org
>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>> --
>>>> 389 users mailing list
>>>> 389-users@lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 12-01-2010, 12:56 PM
Eric Donkersloot
 
Default New 389 ds install - cannot logon to adm console

Works for me as well. Thank you very much.

Cheers,

Eric

trisooma wrote:
>> On 11/30/2010 04:33 PM, trisooma wrote:
>>>> On 11/30/2010 02:32 PM, Trisooma wrote:
>>>>> On 11/30/2010 10:23 PM, Rich Megginson wrote:
>>>>>> On 11/30/2010 02:20 PM, trisooma wrote:
>>>>>>> If i am reading the code correctly (and looking at the logging
>>>>>>> below), the
>>>>>>> line that has a severity of 'crit' should dump info for the ldap
>>>>>>> server we
>>>>>>> are connecting to.
>>>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes
>>>>>>> even
>>>>>>> with an odd number like 23395496 (see Eric's first post).
>>>>>>>
>>>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection():
>>>>>>> util_ldap_init
>>>>>>> failed for ldap://:389
>>>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial
>>>>>>> LDAPConnection to
>>>>>>> populate LocalAdmin tasks into cache.
>>>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured
>>>>>>> --
>>>>>>> resuming normal operations
>>>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection():
>>>>>>> util_ldap_init
>>>>>>> failed for ldap://:389
>>>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial
>>>>>>> LDAPConnection to
>>>>>>> populate LocalAdmin tasks into cache.
>>>>>>>
>>>>>>> The code that logs this error looks like this
>>>>>>> [mod_admserv/mod_admserv.c:517]
>>>>>>>
>>>>>>> ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */,
>>>>>>> NULL,
>>>>>>> "openLDAPConnection(): util_ldap_init failed
>>>>>>> for
>>>>>>> ldap%s://%s:%d",
>>>>>>> data->secure ? "s" : "",
>>>>>>> data->host, data->port);
>>>>>>>
>>>>>>> It seems that the struct 'data' is not filled with the correct
>>>>>>> values.
>>>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -
>>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html
>>>>> My bad, see
>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html
>>>> First, upgrade to the latest versions of these components from the
>>>> testing repo
>>>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base
>>>> 389-adminutil
>>>>
>>>> Then, run
>>>> setup-ds-admin.pl -u
>>>>
>>>> Then try
>>>>
>>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
>>>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server
>>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>>>
>>>> and
>>>>
>>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w
>>>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389
>>>> Administration
>>>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>>>
>>> Using the above i can confirm that i can now use the console to log in
>>> and
>>> administer my DS (though i had to remove selinux-policy-targeted). The
>>> command 'setup-ds-admin.pl -u' ran without a hitch.
>>>
>>> the results of both ldap queries are below:
>>>
>>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
>>> base -b "cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>> Enter LDAP Password:
>>> dn: cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma
>>> .nl,o=NetscapeRoot
>>> nsBuildSecurity: domestic
>>> objectClass: top
>>> objectClass: nsApplication
>>> objectClass: groupOfUniqueNames
>>> cn: 389 Administration Server
>>> nsVendor: 389 Project
>>> installationTimeStamp: 20101124210830Z
>>> nsBuildNumber: 2010.328.157
>>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>>> Server,cn=Server
>>> Grou
>>> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>>> nsServerMigrationClassname:
>>> com.netscape.management.admserv.AdminServerProduct
>>> @389-admin-1.1.jar
>>> nsProductName: 389 Administration Server
>>> nsProductVersion: 1.1.13
>>> nsNickName: admin
>>>
>>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D
>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s
>>> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"
>>> Enter LDAP Password:
>>> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server
>>> Group,cn=icicl
>>> e.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>>> objectClass: top
>>> objectClass: netscapeServer
>>> objectClass: nsAdminServer
>>> objectClass: nsResourceRef
>>> objectClass: groupOfUniqueNames
>>> serverHostName: icicle.phasma.nl
>>> cn: admin-serv-icicle
>>> installationTimeStamp: 20101124210830Z
>>> serverProductName: Administration Server
>>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration
>>> Server,cn=Server
>>> Grou
>>> p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot
>>> nsServerID: admin-serv
>>>
>>> I proceeded to restart dirsrv-admin, and the log now looks like this:
>>>
>>> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl
>>> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: *
>>> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured --
>>> resuming normal operations
>>> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl
>>> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: *
>>> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
>>> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1]
>>> admserv_check_authz(): passing [/admin-serv/authenticate] to the
>>> userauth
>>> handler
>>> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10]
>>> admserv_host_ip_check: ap_get_remote_host could not resolve
>>> 192.168.134.10
>>> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not
>>> exist: /usr/share/dirsrv/html/java/jars
>> This should be ok - it should fallback to /usr/share/dirsrv/html/java
>>> Still some errors are visible in the logfile,
>> The one marked [error] above, or are there others? [notice] messages
>> are ok.
>
> No, this is the only one marked as error.
>
>>> but i can log in and add
>>> users/groups using the console. When i navigate to 'Directory Server'>
>>> 'Configuration' i get the following error message:
>>> 'Insufficient Permissions': The user
>>> uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot does
>>> not
>>> have permission to perform this operation.
>>> When i enter the correct credentials, it seems that everything is
>>> working
>>> as it is supposed to.
>> "correct credentials"?
>
> the password that is set for uid=admin,.......; This is only a minor
> annoyance, however it does seem strange that i am asked for the password
> again.
>
>>> The log complains about not being able to do a reverse lookup on
>>> 192.168.134.10, but this seems wrong (DNS works both ways):
>> Yes. See /etc/dirsrv/admin-serv/console.conf - HostnameLookups
>
> oke, got it.
>
>>> [shadowuser@icicle ~]$ host 192.168.134.10
>>> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.
>>> [shadowuser@icicle ~]$ host icicle.phasma.nl
>>> icicle.phasma.nl has address 192.168.134.10
>>>
>>> Thanks for your patience,
>>>
>>> Regards,
>>>
>>> Trisooma
>>>
>>>
>>>
>>>>>>> BTW. this code was taken from 389-admin-1.1.12.a2
>>>>>>>
>>>>>>> I hope this helps,
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Trisooma
>>>>>>>
>>>>>>> --
>>>>>>> 389 users mailing list
>>>>>>> 389-users@lists.fedoraproject.org
>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@lists.fedoraproject.org
>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
Eric Donkersloot

SURFnet
Radboudkwartier 273
3511 CK Utrecht
M +31 6 4115 4547
eric.donkersloot@surfnet.nl

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-14-2011, 11:27 PM
Brian LaMere
 
Default New 389 ds install - cannot logon to adm console

well hello all, seems I'm having this problem myself....fresh install, and when I go to the configuration tab of the 389-console it tells me:
"The user uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot does not have permission to perform this operation."

When I click ok, a box appears asking for DN/pass. *If I put the password in the box...it continues on with no errors (thus the "mind annoyance"). *Then again, if I just click "ok" and then "cancel" (meaning, I don't put in new credentials) the config tab works then too. *I don't actually see in the logs either what it is that I'm not being allowed to do, it seems to just be a superfluous re-prompting for the password. *On a lark, I tried putting in the /wrong/ password...which it did indeed not like, telling me "invalid credentials." *Clicked ok, then cancel...and I'm able to access the configuration tab even after putting in the wrong pass and not correcting it. *I'm assuming it is just using the original credentials that should have prevented the initial error in the first place, even though I tried putting in new credentials...

Again, fresh install, on a fresh build of Fedora14. *I am tunneling the console, but that shouldn't matter (?). *Is this just a bug in 389-console? *Should I open a ticket? *I'm going to continue past it, since it...doesn't seem to be stopping me from doing anything. *I'm using the standard repos, everything is current:

389-admin-console-1.1.5-1.fc14.noarch389-admin-console-doc-1.1.5-1.fc14.noarch389-adminutil-1.1.13-1.fc14.x86_64389-admin-1.1.13-2.fc14.x86_64389-ds-console-1.2.3-1.fc14.noarch
389-ds-console-doc-1.2.3-1.fc14.noarch389-console-1.1.4-1.fc14.noarch389-ds-base-1.2.7.5-1.fc14.x86_64389-dsgw-1.1.6-1.fc14.x86_64389-ds-1.2.1-1.fc14.noarch

Did I miss the response about what might have been causing this?
Brian
On Wed, Dec 1, 2010 at 4:00 AM, trisooma <trisooma@xs4all.nl> wrote:

> On 11/30/2010 04:33 PM, trisooma wrote:

>>> On 11/30/2010 02:32 PM, Trisooma wrote:

>>>> * * On 11/30/2010 10:23 PM, Rich Megginson wrote:

>>>>> On 11/30/2010 02:20 PM, trisooma wrote:

>>>>>> If i am reading the code correctly (and looking at the logging

>>>>>> below), the

>>>>>> line that has a severity of 'crit' should dump info for the ldap

>>>>>> server we

>>>>>> are connecting to.

>>>>>> In my case (and Eric's too) only 'ldap://:389' is printed; sometimes

>>>>>> even

>>>>>> with an odd number like 23395496 (see Eric's first post).

>>>>>>

>>>>>> [Tue Nov 30 22:01:43 2010] [crit] openLDAPConnection():

>>>>>> util_ldap_init

>>>>>> failed for ldap://:389

>>>>>> [Tue Nov 30 22:01:43 2010] [warn] Unable to open initial

>>>>>> LDAPConnection to

>>>>>> populate LocalAdmin tasks into cache.

>>>>>> [Tue Nov 30 22:01:44 2010] [notice] Apache/2.2.17 (Unix) configured

>>>>>> --

>>>>>> resuming normal operations

>>>>>> [Tue Nov 30 22:01:44 2010] [crit] openLDAPConnection():

>>>>>> util_ldap_init

>>>>>> failed for ldap://:389

>>>>>> [Tue Nov 30 22:01:44 2010] [warn] Unable to open initial

>>>>>> LDAPConnection to

>>>>>> populate LocalAdmin tasks into cache.

>>>>>>

>>>>>> The code that logs this error looks like this

>>>>>> [mod_admserv/mod_admserv.c:517]

>>>>>>

>>>>>> * * * * * *ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */,

>>>>>> NULL,

>>>>>> * * * * * * * * * * * * "openLDAPConnection(): util_ldap_init failed

>>>>>> for

>>>>>> ldap%s://%s:%d",

>>>>>> * * * * * * * * * * * * data->secure ? "s" : "",

>>>>>> * * * * * * * * * * * * data->host, data->port);

>>>>>>

>>>>>> It seems that the struct 'data' is not filled with the correct

>>>>>> values.

>>>>> That's why I asked for your /etc/dirsrv/admin-serv/adm.conf -

>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html

>>>> My bad, see

>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html

>>> First, upgrade to the latest versions of these components from the

>>> testing repo

>>> yum upgrade --enablerepo=updates-testing 389-admin 389-ds-base

>>> 389-adminutil

>>>

>>> Then, run

>>> setup-ds-admin.pl -u

>>>

>>> Then try

>>>

>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D

>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w

>>> youradminpassword -s base -b "cn=389 Administration Server,cn=Server

>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>>>

>>> and

>>>

>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D

>>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -w

>>> youradminpassword -s base -b "cn=admin-serv-icicle,cn=389

>>> Administration

>>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>>>

>> Using the above i can confirm that i can now use the console to log in

>> and

>> administer my DS (though i had to remove selinux-policy-targeted). The

>> command 'setup-ds-admin.pl -u' ran without a hitch.

>>

>> the results of both ldap queries are below:

>>

>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D

>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s

>> base -b "cn=389 Administration Server,cn=Server

>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>> Enter LDAP Password:

>> dn: cn=389 Administration Server,cn=Server

>> Group,cn=icicle.phasma.nl,ou=phasma

>> * .nl,o=NetscapeRoot

>> nsBuildSecurity: domestic

>> objectClass: top

>> objectClass: nsApplication

>> objectClass: groupOfUniqueNames

>> cn: 389 Administration Server

>> nsVendor: 389 Project

>> installationTimeStamp: 20101124210830Z

>> nsBuildNumber: 2010.328.157

>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration

>> Server,cn=Server

>> Grou

>> * p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot

>> nsServerMigrationClassname:

>> com.netscape.management.admserv.AdminServerProduct

>> * @389-admin-1.1.jar

>> nsProductName: 389 Administration Server

>> nsProductVersion: 1.1.13

>> nsNickName: admin

>>

>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/ -D

>> "uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot" -W -s

>> base -b "cn=admin-serv-icicle,cn=389 Administration Server,cn=Server

>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>> Enter LDAP Password:

>> dn: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server

>> Group,cn=icicl

>> * e.phasma.nl,ou=phasma.nl,o=NetscapeRoot

>> objectClass: top

>> objectClass: netscapeServer

>> objectClass: nsAdminServer

>> objectClass: nsResourceRef

>> objectClass: groupOfUniqueNames

>> serverHostName: icicle.phasma.nl

>> cn: admin-serv-icicle

>> installationTimeStamp: 20101124210830Z

>> serverProductName: Administration Server

>> uniqueMember: cn=admin-serv-icicle,cn=389 Administration

>> Server,cn=Server

>> Grou

>> * p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot

>> nsServerID: admin-serv

>>

>> I proceeded to restart dirsrv-admin, and the log now looks like this:

>>

>> [Tue Nov 30 23:59:20 2010] [notice] Access Host filter is: *.phasma.nl

>> [Tue Nov 30 23:59:20 2010] [notice] Access Address filter is: *

>> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17 (Unix) configured --

>> resuming normal operations

>> [Tue Nov 30 23:59:21 2010] [notice] Access Host filter is: *.phasma.nl

>> [Tue Nov 30 23:59:21 2010] [notice] Access Address filter is: *

>> [Wed Dec 01 00:00:17 2010] [notice] [client 127.0.0.1]

>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1

>> [Wed Dec 01 00:00:18 2010] [notice] [client 127.0.0.1]

>> admserv_check_authz(): passing [/admin-serv/authenticate] to the

>> userauth

>> handler

>> [Wed Dec 01 00:00:33 2010] [notice] [client 192.168.134.10]

>> admserv_host_ip_check: ap_get_remote_host could not resolve

>> 192.168.134.10

>> [Wed Dec 01 00:00:33 2010] [error] [client 192.168.134.10] File does not

>> exist: /usr/share/dirsrv/html/java/jars

> This should be ok - it should fallback to /usr/share/dirsrv/html/java

>> Still some errors are visible in the logfile,

> The one marked [error] above, or are there others? *[notice] messages

> are ok.



No, this is the only one marked as error.



>> but i can log in and add

>> users/groups using the console. When i navigate to 'Directory Server'>

>> 'Configuration' i get the following error message:

>> 'Insufficient Permissions': The user

>> uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot does

>> not

>> have permission to perform this operation.

>> When i enter the correct credentials, it seems that everything is

>> working

>> as it is supposed to.

> "correct credentials"?



the password that is set for uid=admin,.......; This is only a minor

annoyance, however it does seem strange that i am asked for the password

again.



>> The log complains about not being able to do a reverse lookup on

>> 192.168.134.10, but this seems wrong (DNS works both ways):

> Yes. *See /etc/dirsrv/admin-serv/console.conf - HostnameLookups



oke, got it.



>> [shadowuser@icicle ~]$ host 192.168.134.10

>> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.

>> [shadowuser@icicle ~]$ host icicle.phasma.nl

>> icicle.phasma.nl has address 192.168.134.10

>>

>> Thanks for your patience,

>>

>> Regards,

>>

>> Trisooma

>>

>>

>>

>>>>>> BTW. this code was taken from 389-admin-1.1.12.a2

>>>>>>

>>>>>> I hope this helps,

>>>>>>

>>>>>> Regards,

>>>>>>

>>>>>> Trisooma

>>>>>>

>>>>>> --

>>>>>> 389 users mailing list

>>>>>> 389-users@lists.fedoraproject.org

>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>>>> --

>>>> 389 users mailing list

>>>> 389-users@lists.fedoraproject.org

>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>>>

>>

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>





--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-14-2011, 11:34 PM
Rich Megginson
 
Default New 389 ds install - cannot logon to adm console

On 01/14/2011 05:27 PM, Brian LaMere wrote:


well hello all, seems I'm having this problem myself....fresh
install, and when I go to the configuration tab of the 389-console
it tells me:



"The user
uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot
does not have permission to perform this operation."



When I click ok, a box appears asking for DN/pass. *If I put
the password in the box...it continues on with no errors (thus
the "mind annoyance"). *Then again, if I just click "ok" and
then "cancel" (meaning, I don't put in new credentials) the
config tab works then too. *I don't actually see in the logs
either what it is that I'm not being allowed to do, it seems to
just be a superfluous re-prompting for the password. *On a lark,
I tried putting in the /wrong/ password...which it did indeed
not like, telling me "invalid credentials." *Clicked ok, then
cancel...and I'm able to access the configuration tab even after
putting in the wrong pass and not correcting it. *I'm assuming
it is just using the original credentials that should have
prevented the initial error in the first place, even though I
tried putting in new credentials...



Again, fresh install, on a fresh build of Fedora14. *I am
tunneling the console, but that shouldn't matter (?). *Is this
just a bug in 389-console? *Should I open a ticket?

Sure.* It's really not a permissions issue, it was caused by bug fix
to 1.2.7


I'm going to continue past it, since it...doesn't seem to be
stopping me from doing anything. *I'm using the standard repos,
everything is current:

Right.* It is annoying and should not stop you from doing anything.






389-admin-console-1.1.5-1.fc14.noarch
389-admin-console-doc-1.1.5-1.fc14.noarch
389-adminutil-1.1.13-1.fc14.x86_64
389-admin-1.1.13-2.fc14.x86_64
389-ds-console-1.2.3-1.fc14.noarch
389-ds-console-doc-1.2.3-1.fc14.noarch
389-console-1.1.4-1.fc14.noarch
389-ds-base-1.2.7.5-1.fc14.x86_64
389-dsgw-1.1.6-1.fc14.x86_64
389-ds-1.2.1-1.fc14.noarch





Did I miss the response about what might have been causing
this?



Brian


On Wed, Dec 1, 2010 at 4:00 AM, trisooma
<trisooma@xs4all.nl>
wrote:



> On 11/30/2010 04:33 PM, trisooma wrote:

>>> On 11/30/2010 02:32 PM, Trisooma wrote:

>>>> * * On 11/30/2010 10:23 PM, Rich
Megginson wrote:

>>>>> On 11/30/2010 02:20 PM, trisooma
wrote:

>>>>>> If i am reading the code
correctly (and looking at the logging

>>>>>> below), the

>>>>>> line that has a severity of
'crit' should dump info for the ldap

>>>>>> server we

>>>>>> are connecting to.

>>>>>> In my case (and Eric's too) only
'ldap://:389' is printed; sometimes

>>>>>> even

>>>>>> with an odd number like 23395496
(see Eric's first post).

>>>>>>

>>>>>> [Tue Nov 30 22:01:43 2010] [crit]
openLDAPConnection():

>>>>>> util_ldap_init

>>>>>> failed for ldap://:389

>>>>>> [Tue Nov 30 22:01:43 2010] [warn]
Unable to open initial

>>>>>> LDAPConnection to

>>>>>> populate LocalAdmin tasks into
cache.

>>>>>> [Tue Nov 30 22:01:44 2010]
[notice] Apache/2.2.17 (Unix) configured

>>>>>> --

>>>>>> resuming normal operations

>>>>>> [Tue Nov 30 22:01:44 2010] [crit]
openLDAPConnection():

>>>>>> util_ldap_init

>>>>>> failed for ldap://:389

>>>>>> [Tue Nov 30 22:01:44 2010] [warn]
Unable to open initial

>>>>>> LDAPConnection to

>>>>>> populate LocalAdmin tasks into
cache.

>>>>>>

>>>>>> The code that logs this error
looks like this

>>>>>> [mod_admserv/mod_admserv.c:517]

>>>>>>

>>>>>> * * * * *
*ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */,

>>>>>> NULL,

>>>>>> * * * * * * * * * * * *
"openLDAPConnection(): util_ldap_init failed

>>>>>> for

>>>>>> ldap%s://%s:%d",

>>>>>> * * * * * * * * * * * *
data->secure ? "s" : "",

>>>>>> * * * * * * * * * * * *
data->host, data->port);

>>>>>>

>>>>>> It seems that the struct 'data'
is not filled with the correct

>>>>>> values.

>>>>> That's why I asked for your
/etc/dirsrv/admin-serv/adm.conf -

>>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012548.html

>>>> My bad, see

>>>> http://lists.fedoraproject.org/pipermail/389-users/2010-November/012551.html

>>> First, upgrade to the latest versions of
these components from the

>>> testing repo

>>> yum upgrade --enablerepo=updates-testing
389-admin 389-ds-base

>>> 389-adminutil

>>>

>>> Then, run

>>> setup-ds-admin.pl
-u

>>>

>>> Then try

>>>

>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/
-D

>>>
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot"
-w

>>> youradminpassword -s base -b "cn=389
Administration Server,cn=Server

>>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>>>

>>> and

>>>

>>> ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/
-D

>>>
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot"
-w

>>> youradminpassword -s base -b
"cn=admin-serv-icicle,cn=389

>>> Administration

>>> Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>>>

>> Using the above i can confirm that i can now use
the console to log in

>> and

>> administer my DS (though i had to remove
selinux-policy-targeted). The

>> command 'setup-ds-admin.pl
-u' ran without a hitch.

>>

>> the results of both ldap queries are below:

>>

>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/
-D

>>
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot"
-W -s

>> base -b "cn=389 Administration Server,cn=Server

>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>> Enter LDAP Password:

>> dn: cn=389 Administration Server,cn=Server

>> Group,cn=icicle.phasma.nl,ou=phasma

>> * .nl,o=NetscapeRoot

>> nsBuildSecurity: domestic

>> objectClass: top

>> objectClass: nsApplication

>> objectClass: groupOfUniqueNames

>> cn: 389 Administration Server

>> nsVendor: 389 Project

>> installationTimeStamp: 20101124210830Z

>> nsBuildNumber: 2010.328.157

>> uniqueMember: cn=admin-serv-icicle,cn=389
Administration

>> Server,cn=Server

>> Grou

>> * p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot

>> nsServerMigrationClassname:

>>
com.netscape.management.admserv.AdminServerProduct

>> * @389-admin-1.1.jar

>> nsProductName: 389 Administration Server

>> nsProductVersion: 1.1.13

>> nsNickName: admin

>>

>> [root@icicle /]# ldapsearch -x -LLL -H ldap://icicle.phasma.nl:389/
-D

>>
"uid=admin,ou=Administrators,ou=TopologyManagement ,o=NetscapeRoot"
-W -s

>> base -b "cn=admin-serv-icicle,cn=389
Administration Server,cn=Server

>> Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot"

>> Enter LDAP Password:

>> dn: cn=admin-serv-icicle,cn=389 Administration
Server,cn=Server

>> Group,cn=icicl

>> * e.phasma.nl,ou=phasma.nl,o=NetscapeRoot

>> objectClass: top

>> objectClass: netscapeServer

>> objectClass: nsAdminServer

>> objectClass: nsResourceRef

>> objectClass: groupOfUniqueNames

>> serverHostName: icicle.phasma.nl

>> cn: admin-serv-icicle

>> installationTimeStamp: 20101124210830Z

>> serverProductName: Administration Server

>> uniqueMember: cn=admin-serv-icicle,cn=389
Administration

>> Server,cn=Server

>> Grou

>> * p,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeRoot

>> nsServerID: admin-serv

>>

>> I proceeded to restart dirsrv-admin, and the log
now looks like this:

>>

>> [Tue Nov 30 23:59:20 2010] [notice] Access Host
filter is: *.phasma.nl

>> [Tue Nov 30 23:59:20 2010] [notice] Access
Address filter is: *

>> [Tue Nov 30 23:59:21 2010] [notice] Apache/2.2.17
(Unix) configured --

>> resuming normal operations

>> [Tue Nov 30 23:59:21 2010] [notice] Access Host
filter is: *.phasma.nl

>> [Tue Nov 30 23:59:21 2010] [notice] Access
Address filter is: *

>> [Wed Dec 01 00:00:17 2010] [notice] [client
127.0.0.1]

>> admserv_host_ip_check: ap_get_remote_host could
not resolve 127.0.0.1

>> [Wed Dec 01 00:00:18 2010] [notice] [client
127.0.0.1]

>> admserv_check_authz(): passing
[/admin-serv/authenticate] to the

>> userauth

>> handler

>> [Wed Dec 01 00:00:33 2010] [notice] [client
192.168.134.10]

>> admserv_host_ip_check: ap_get_remote_host could
not resolve

>> 192.168.134.10

>> [Wed Dec 01 00:00:33 2010] [error] [client
192.168.134.10] File does not

>> exist: /usr/share/dirsrv/html/java/jars

> This should be ok - it should fallback to
/usr/share/dirsrv/html/java

>> Still some errors are visible in the logfile,

> The one marked [error] above, or are there others?
*[notice] messages

> are ok.





No, this is the only one marked as error.



>> but i can log in and add

>> users/groups using the console. When i navigate to
'Directory Server'>

>> 'Configuration' i get the following error message:

>> 'Insufficient Permissions': The user

>>
uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot
does

>> not

>> have permission to perform this operation.

>> When i enter the correct credentials, it seems that
everything is

>> working

>> as it is supposed to.

> "correct credentials"?




the password that is set for uid=admin,.......; This is only a
minor

annoyance, however it does seem strange that i am asked for
the password

again.



>> The log complains about not being able to do a
reverse lookup on

>> 192.168.134.10, but this seems wrong (DNS works
both ways):

> Yes. *See /etc/dirsrv/admin-serv/console.conf -
HostnameLookups




oke, got it.




>> [shadowuser@icicle ~]$ host 192.168.134.10

>> 10.134.168.192.in-addr.arpa domain name pointer icicle.phasma.nl.

>> [shadowuser@icicle ~]$ host icicle.phasma.nl

>> icicle.phasma.nl
has address 192.168.134.10

>>

>> Thanks for your patience,

>>

>> Regards,

>>

>> Trisooma

>>

>>

>>

>>>>>> BTW. this code was taken from
389-admin-1.1.12.a2

>>>>>>

>>>>>> I hope this helps,

>>>>>>

>>>>>> Regards,

>>>>>>

>>>>>> Trisooma

>>>>>>

>>>>>> --

>>>>>> 389 users mailing list

>>>>>> 389-users@lists.fedoraproject.org

>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>>>> --

>>>> 389 users mailing list

>>>> 389-users@lists.fedoraproject.org

>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>>>

>>

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>





--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users









--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 03:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org