New 389 ds install - cannot logon to adm console
Hi all,
I just installed 389 directory server, but somehow I cannot log on to the administration console: /var/log/dirsrv/admin-serv/error: [Fri Nov 26 16:15:06 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Fri Nov 26 16:15:06 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:23395496 [Fri Nov 26 16:15:06 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Fri Nov 26 16:15:26 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected This is the config on the server: nsAdminAccessAddresses: *.surfnet.nl 192.87.*.* 127.0.0.1 nsAdminAccessHosts: * Installed software: 389-adminutil-1.1.10-2.fc14.i686 389-admin-1.1.12-2.fc14.i686 389-ds-console-1.2.3-1.fc14.noarch 389-ds-console-doc-1.2.3-1.fc14.noarch 389-ds-1.2.1-1.fc14.noarch 389-console-1.1.4-1.fc14.noarch 389-ds-base-1.2.7-2.fc14.i686 389-admin-console-1.1.5-1.fc14.noarch 389-dsgw-1.1.5-2.fc14.i686 389-admin-console-doc-1.1.5-1.fc14.noarch I try to log in to the console as the admin user, I start the console through a tunneled ssh session. The server is running F14 (i686) by the way. What am I missing here ? Kind regards, Eric -- Eric Donkersloot SURFnet Radboudkwartier 273 3511 CK Utrecht The Netherlands M +31 6 4115 4547 eric.donkersloot@surfnet.nl -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- > bounces@lists.fedoraproject.org] On Behalf Of Eric Donkersloot > Sent: 26 November 2010 15:25 > To: 389-users@lists.fedoraproject.org > Subject: [389-users] New 389 ds install - cannot logon to adm console > > Hi all, > > I just installed 389 directory server, but somehow I cannot log on to > the administration console: > > /var/log/dirsrv/admin-serv/error: > > [Fri Nov 26 16:15:06 2010] [notice] Apache/2.2.17 (Unix) configured -- > resuming normal operations > [Fri Nov 26 16:15:06 2010] [crit] openLDAPConnection(): util_ldap_init > failed for ldap://:23395496 > [Fri Nov 26 16:15:06 2010] [warn] Unable to open initial LDAPConnection > to populate LocalAdmin tasks into cache. > [Fri Nov 26 16:15:26 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection > rejected > > This is the config on the server: > > nsAdminAccessAddresses: *.surfnet.nl 192.87.*.* 127.0.0.1 > nsAdminAccessHosts: * > > Installed software: > > 389-adminutil-1.1.10-2.fc14.i686 > 389-admin-1.1.12-2.fc14.i686 > 389-ds-console-1.2.3-1.fc14.noarch > 389-ds-console-doc-1.2.3-1.fc14.noarch > 389-ds-1.2.1-1.fc14.noarch > 389-console-1.1.4-1.fc14.noarch > 389-ds-base-1.2.7-2.fc14.i686 > 389-admin-console-1.1.5-1.fc14.noarch > 389-dsgw-1.1.5-2.fc14.i686 > 389-admin-console-doc-1.1.5-1.fc14.noarch > > I try to log in to the console as the admin user, I start the console > through a tunneled ssh session. The server is running F14 (i686) by the > way. > > What am I missing here ? > > Kind regards, > > Eric > > -- > Eric Donkersloot > Hi Eric, As a start always use the fqdn of the host rather than 127.0.0.1 when connecting via the console. Secondly, 389-console has a debug flag available that you can use while connecting that will shed additional light on any other problems that may be causing issues. Regards __________________________________________________ ______________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. __________________________________________________ ______________________ -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
Hi Gerrard,
Unfortunately it doesn't. I tried to login as the admin user using the fqdn. The debug console output gives me: 389-Management-Console/1.1.5 B2010.123.2251 CommManager> New CommRecord (http://bla.blablabla.bla:9830/admin-serv/authenticate) http://bla.blablabla.bla:9830/[0:0] open> Ready http://bla.blablabla.bla:9830/[0:0] accept> http://bla.blablabla.bla:9830/admin-serv/authenticate http://bla.blablabla.bla:9830/[0:0] send> GET http://bla.blablabla.bla:9830/[0:0] send> /admin-serv/authenticate http://bla.blablabla.bla:9830/[0:0] send> HTTP/1.0 http://bla.blablabla.bla:9830/[0:0] send> Host: bla.blablabla.bla:9830 http://bla.blablabla.bla:9830/[0:0] send> Connection: Keep-Alive http://bla.blablabla.bla:9830/[0:0] send> User-Agent: 389-Management-Console/1.1.5 http://bla.blablabla.bla:9830/[0:0] send> Accept-Language: en http://bla.blablabla.bla:9830/[0:0] send> Authorization: Basic http://bla.blablabla.bla:9830/[0:0] send> YWRtaW46U1VSRm5ldDIwMTA= http://bla.blablabla.bla:9830/[0:0] send> http://bla.blablabla.bla:9830/[0:0] send> http://bla.blablabla.bla:9830/[0:0] recv> HTTP/1.1 401 Authorization Required http://bla.blablabla.bla:9830/[0:0] error> HttpException: Response: HTTP/1.1 401 Authorization Required Status: 401 URL: http://bla.blablabla.bla:9830/admin-serv/authenticate http://<our>.<testserver>.<suffix>:9830/[0:0] close> Closed /var/log/dirsrv/admin-serv/error: [Mon Nov 29 10:48:07 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Mon Nov 29 10:48:07 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Nov 29 10:48:08 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Mon Nov 29 10:48:08 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Mon Nov 29 10:48:08 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Nov 29 10:48:51 2010] [notice] [client xxx.xx.xxx.xx] admserv_host_ip_check: Unauthorized host ip=xxx.xx.xxx.xx, connection rejected Kind regards, Eric Gerrard Geldenhuis wrote: > Hi Eric, As a start always use the fqdn of the host rather than > 127.0.0.1 when connecting via the console. Secondly, 389-console has > a debug flag available that you can use while connecting that will > shed additional light on any other problems that may be causing > issues. > > Regards -- Eric Donkersloot SURFnet Radboudkwartier 273 3511 CK Utrecht M +31 6 4115 4547 eric.donkersloot@surfnet.nl -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
Hi Eric,
The console has given me a few headaches in the past but so has my own mistakes... :) Obvious things that can be wrong include: Firewall issues Is the admin server running, that may sound obvious but you will be surprised the number of times it has caught me. If you have anonymous access disabled and ssl only access then the console will not work without doing some extra things. There is a bug related to this were the internals still try to use anonymous which will fail for obvious reasons because you have disallowed it. Please feel free to contact me via msn or yahoo as per the private email or alternatively if you can give a complete listing of what settings you have set and configured that might help to shed light on the problem. Can you access 9830 with curl locally on the box? have a look in the admin server's logs for why you are getting 401 errors. Regards > -----Original Message----- > From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- > bounces@lists.fedoraproject.org] On Behalf Of Eric Donkersloot > Sent: 29 November 2010 09:51 > To: General discussion list for the 389 Directory server project. > Subject: Re: [389-users] New 389 ds install - cannot logon to adm console > > Hi Gerrard, > > Unfortunately it doesn't. I tried to login as the admin user using the fqdn. > The debug console output gives me: > > 389-Management-Console/1.1.5 B2010.123.2251 > CommManager> New CommRecord > (http://bla.blablabla.bla:9830/admin-serv/authenticate) > http://bla.blablabla.bla:9830/[0:0] open> Ready > http://bla.blablabla.bla:9830/[0:0] accept> > http://bla.blablabla.bla:9830/admin-serv/authenticate > http://bla.blablabla.bla:9830/[0:0] send> GET > http://bla.blablabla.bla:9830/[0:0] send> /admin-serv/authenticate > http://bla.blablabla.bla:9830/[0:0] send> HTTP/1.0 > http://bla.blablabla.bla:9830/[0:0] send> Host: bla.blablabla.bla:9830 > http://bla.blablabla.bla:9830/[0:0] send> Connection: Keep-Alive > http://bla.blablabla.bla:9830/[0:0] send> User-Agent: > 389-Management-Console/1.1.5 > http://bla.blablabla.bla:9830/[0:0] send> Accept-Language: en > http://bla.blablabla.bla:9830/[0:0] send> Authorization: Basic > http://bla.blablabla.bla:9830/[0:0] send> YWRtaW46U1VSRm5ldDIwMTA= > http://bla.blablabla.bla:9830/[0:0] send> http://bla.blablabla.bla:9830/[0:0] > send> http://bla.blablabla.bla:9830/[0:0] recv> HTTP/1.1 401 Authorization > Required http://bla.blablabla.bla:9830/[0:0] error> HttpException: > Response: HTTP/1.1 401 Authorization Required > Status: 401 > URL: http://bla.blablabla.bla:9830/admin-serv/authenticate > http://<our>.<testserver>.<suffix>:9830/[0:0] close> Closed > > /var/log/dirsrv/admin-serv/error: > > [Mon Nov 29 10:48:07 2010] [crit] openLDAPConnection(): util_ldap_init > failed for ldap://:389 [Mon Nov 29 10:48:07 2010] [warn] Unable to open > initial LDAPConnection to populate LocalAdmin tasks into cache. > [Mon Nov 29 10:48:08 2010] [notice] Apache/2.2.17 (Unix) configured -- > resuming normal operations [Mon Nov 29 10:48:08 2010] [crit] > openLDAPConnection(): util_ldap_init failed for ldap://:389 [Mon Nov 29 > 10:48:08 2010] [warn] Unable to open initial LDAPConnection to populate > LocalAdmin tasks into cache. > [Mon Nov 29 10:48:51 2010] [notice] [client xxx.xx.xxx.xx] > admserv_host_ip_check: Unauthorized host ip=xxx.xx.xxx.xx, connection > rejected > > Kind regards, > > Eric > > Gerrard Geldenhuis wrote: > > Hi Eric, As a start always use the fqdn of the host rather than > > 127.0.0.1 when connecting via the console. Secondly, 389-console has a > > debug flag available that you can use while connecting that will shed > > additional light on any other problems that may be causing issues. > > > > Regards > > -- > Eric Donkersloot > > SURFnet > Radboudkwartier 273 > 3511 CK Utrecht > M +31 6 4115 4547 > eric.donkersloot@surfnet.nl > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users __________________________________________________ ______________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. __________________________________________________ ______________________ -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
On 11/29/2010 03:43 AM, Gerrard Geldenhuis wrote:
> Hi Eric, > The console has given me a few headaches in the past but so has my own mistakes... :) > > Obvious things that can be wrong include: > Firewall issues > Is the admin server running, that may sound obvious but you will be surprised the number of times it has caught me. > If you have anonymous access disabled and ssl only access then the console will not work without doing some extra things. There is a bug related to this were the internals still try to use anonymous which will fail for obvious reasons because you have disallowed it. > > Please feel free to contact me via msn or yahoo as per the private email or alternatively if you can give a complete listing of what settings you have set and configured that might help to shed light on the problem. > > Can you access 9830 with curl locally on the box? have a look in the admin server's logs for why you are getting 401 errors. Also try to disable SELinux and see if that helps, and check the selinux log. > Regards > >> -----Original Message----- >> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users- >> bounces@lists.fedoraproject.org] On Behalf Of Eric Donkersloot >> Sent: 29 November 2010 09:51 >> To: General discussion list for the 389 Directory server project. >> Subject: Re: [389-users] New 389 ds install - cannot logon to adm console >> >> Hi Gerrard, >> >> Unfortunately it doesn't. I tried to login as the admin user using the fqdn. >> The debug console output gives me: >> >> 389-Management-Console/1.1.5 B2010.123.2251 >> CommManager> New CommRecord >> (http://bla.blablabla.bla:9830/admin-serv/authenticate) >> http://bla.blablabla.bla:9830/[0:0] open> Ready >> http://bla.blablabla.bla:9830/[0:0] accept> >> http://bla.blablabla.bla:9830/admin-serv/authenticate >> http://bla.blablabla.bla:9830/[0:0] send> GET >> http://bla.blablabla.bla:9830/[0:0] send> /admin-serv/authenticate >> http://bla.blablabla.bla:9830/[0:0] send> HTTP/1.0 >> http://bla.blablabla.bla:9830/[0:0] send> Host: bla.blablabla.bla:9830 >> http://bla.blablabla.bla:9830/[0:0] send> Connection: Keep-Alive >> http://bla.blablabla.bla:9830/[0:0] send> User-Agent: >> 389-Management-Console/1.1.5 >> http://bla.blablabla.bla:9830/[0:0] send> Accept-Language: en >> http://bla.blablabla.bla:9830/[0:0] send> Authorization: Basic >> http://bla.blablabla.bla:9830/[0:0] send> YWRtaW46U1VSRm5ldDIwMTA= >> http://bla.blablabla.bla:9830/[0:0] send> http://bla.blablabla.bla:9830/[0:0] >> send> http://bla.blablabla.bla:9830/[0:0] recv> HTTP/1.1 401 Authorization >> Required http://bla.blablabla.bla:9830/[0:0] error> HttpException: >> Response: HTTP/1.1 401 Authorization Required >> Status: 401 >> URL: http://bla.blablabla.bla:9830/admin-serv/authenticate >> http://<our>.<testserver>.<suffix>:9830/[0:0] close> Closed >> >> /var/log/dirsrv/admin-serv/error: >> >> [Mon Nov 29 10:48:07 2010] [crit] openLDAPConnection(): util_ldap_init >> failed for ldap://:389 [Mon Nov 29 10:48:07 2010] [warn] Unable to open >> initial LDAPConnection to populate LocalAdmin tasks into cache. >> [Mon Nov 29 10:48:08 2010] [notice] Apache/2.2.17 (Unix) configured -- >> resuming normal operations [Mon Nov 29 10:48:08 2010] [crit] >> openLDAPConnection(): util_ldap_init failed for ldap://:389 [Mon Nov 29 >> 10:48:08 2010] [warn] Unable to open initial LDAPConnection to populate >> LocalAdmin tasks into cache. >> [Mon Nov 29 10:48:51 2010] [notice] [client xxx.xx.xxx.xx] >> admserv_host_ip_check: Unauthorized host ip=xxx.xx.xxx.xx, connection >> rejected >> >> Kind regards, >> >> Eric >> >> Gerrard Geldenhuis wrote: >>> Hi Eric, As a start always use the fqdn of the host rather than >>> 127.0.0.1 when connecting via the console. Secondly, 389-console has a >>> debug flag available that you can use while connecting that will shed >>> additional light on any other problems that may be causing issues. >>> >>> Regards >> -- >> Eric Donkersloot >> >> SURFnet >> Radboudkwartier 273 >> 3511 CK Utrecht >> M +31 6 4115 4547 >> eric.donkersloot@surfnet.nl >> >> -- >> 389 users mailing list >> 389-users@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users > __________________________________________________ ______________________ > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > __________________________________________________ ______________________ > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
Hi,
I am having the exact same issue: - fresh install of 389-ds (version 1.2.1-1.fc14) - server config: (as per http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt) nsAdminAccessAddresses: * nsAdminAccessHosts: - servers are running (dirsrv/dirsrv-admin) - firewall is disabled (all traffic is accepted) - SELinux is disabled - curl can access auth url locally, see below: [shadowuser@icicle ~]$ curl http://localhost:9830/admin-serv/authenticate <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> <hr> <address>Apache/2.2 Server at localhost Port 9830</address> </body></html> server log insists that access is denied for this ip, see below: [Mon Nov 29 22:26:37 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Mon Nov 29 22:26:37 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Nov 29 22:26:38 2010] [notice] Apache/2.2.17 (Unix) configured -- resuming normal operations [Mon Nov 29 22:26:38 2010] [crit] openLDAPConnection(): util_ldap_init failed for ldap://:389 [Mon Nov 29 22:26:38 2010] [warn] Unable to open initial LDAPConnection to populate LocalAdmin tasks into cache. [Mon Nov 29 22:26:56 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected [Mon Nov 29 22:27:37 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected [Mon Nov 29 22:27:54 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected [Mon Nov 29 22:28:02 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected [Mon Nov 29 22:28:05 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected [Mon Nov 29 22:41:27 2010] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected What could be wrong? Regards Trisooma -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
Hi,
This is indeed exactly the same issue I'm experiencing as well. I also already disabled SELinux and ip(6)tables. Kind regards, Eric Trisooma wrote: > Hi, > > I am having the exact same issue: > > - fresh install of 389-ds (version 1.2.1-1.fc14) > - server config: (as per > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt) > nsAdminAccessAddresses: * > nsAdminAccessHosts: > - servers are running (dirsrv/dirsrv-admin) > - firewall is disabled (all traffic is accepted) > - SELinux is disabled > - curl can access auth url locally, see below: > > [shadowuser@icicle ~]$ curl http://localhost:9830/admin-serv/authenticate > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>401 Authorization Required</title> > </head><body> > <h1>Authorization Required</h1> > <p>This server could not verify that you > are authorized to access the document > requested. Either you supplied the wrong > credentials (e.g., bad password), or your > browser doesn't understand how to supply > the credentials required.</p> > <hr> > <address>Apache/2.2 Server at localhost Port 9830</address> > </body></html> > > server log insists that access is denied for this ip, see below: > > [Mon Nov 29 22:26:37 2010] [crit] openLDAPConnection(): util_ldap_init > failed for ldap://:389 > [Mon Nov 29 22:26:37 2010] [warn] Unable to open initial LDAPConnection > to populate LocalAdmin tasks into cache. > [Mon Nov 29 22:26:38 2010] [notice] Apache/2.2.17 (Unix) configured -- > resuming normal operations > [Mon Nov 29 22:26:38 2010] [crit] openLDAPConnection(): util_ldap_init > failed for ldap://:389 > [Mon Nov 29 22:26:38 2010] [warn] Unable to open initial LDAPConnection > to populate LocalAdmin tasks into cache. > [Mon Nov 29 22:26:56 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:27:37 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:27:54 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:28:02 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:28:05 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:41:27 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > > What could be wrong? > > Regards > > Trisooma -- Eric Donkersloot SURFnet Radboudkwartier 273 3511 CK Utrecht M +31 6 4115 4547 eric.donkersloot@surfnet.nl -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
On 11/29/2010 02:49 PM, Trisooma wrote:
> Hi, > > I am having the exact same issue: > > - fresh install of 389-ds (version 1.2.1-1.fc14) rpm -qi 389-ds-base 389-adminutil 389-admin > - server config: (as per > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt) > nsAdminAccessAddresses: * > nsAdminAccessHosts: > - servers are running (dirsrv/dirsrv-admin) > - firewall is disabled (all traffic is accepted) > - SELinux is disabled > - curl can access auth url locally, see below: > > [shadowuser@icicle ~]$ curl http://localhost:9830/admin-serv/authenticate > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>401 Authorization Required</title> > </head><body> > <h1>Authorization Required</h1> > <p>This server could not verify that you > are authorized to access the document > requested. Either you supplied the wrong > credentials (e.g., bad password), or your > browser doesn't understand how to supply > the credentials required.</p> > <hr> > <address>Apache/2.2 Server at localhost Port 9830</address> > </body></html> > > server log insists that access is denied for this ip, see below: > > [Mon Nov 29 22:26:37 2010] [crit] openLDAPConnection(): util_ldap_init > failed for ldap://:389 > [Mon Nov 29 22:26:37 2010] [warn] Unable to open initial LDAPConnection > to populate LocalAdmin tasks into cache. > [Mon Nov 29 22:26:38 2010] [notice] Apache/2.2.17 (Unix) configured -- > resuming normal operations > [Mon Nov 29 22:26:38 2010] [crit] openLDAPConnection(): util_ldap_init > failed for ldap://:389 This is not good - if the admin server cannot contact the directory server, it cannot read its configuration, including the list of accepted and rejected hosts/ip. Can you provide your /etc/dirsrv/admin-serv/adm.conf? > [Mon Nov 29 22:26:38 2010] [warn] Unable to open initial LDAPConnection > to populate LocalAdmin tasks into cache. > [Mon Nov 29 22:26:56 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:27:37 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:27:54 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:28:02 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:28:05 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > [Mon Nov 29 22:41:27 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection rejected > > What could be wrong? > > Regards > > Trisooma > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
Here's my info:
[donkersloot@389-ds ~]$ rpm -qi 389-ds-base 389-adminutil 389-admin Name : 389-ds-base Relocations: (not relocatable) Version : 1.2.7 Vendor: Fedora Project Release : 2.fc14 Build Date: Tue 16 Nov 2010 07:21:59 PM CET Install Date: Fri 26 Nov 2010 01:40:16 PM CET Build Host: x86-16.phx2.fedoraproject.org Group : System Environment/Daemons Source RPM: 389-ds-base-1.2.7-2.fc14.src.rpm Size : 5574559 License: GPLv2 with exceptions Signature : RSA/SHA256, Sat 20 Nov 2010 09:54:28 PM CET, Key ID 421caddb97a1071f Packager : Fedora Project URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Name : 389-adminutil Relocations: (not relocatable) Version : 1.1.10 Vendor: Fedora Project Release : 2.fc14 Build Date: Fri 02 Apr 2010 03:54:55 PM CEST Install Date: Fri 26 Nov 2010 01:40:15 PM CET Build Host: x86-01.phx2.fedoraproject.org Group : Development/Libraries Source RPM: 389-adminutil-1.1.10-2.fc14.src.rpm Size : 155108 License: LGPLv2 Signature : RSA/SHA256, Tue 27 Jul 2010 03:02:24 AM CEST, Key ID 421caddb97a1071f Packager : Fedora Project URL : http://port389.org/wiki/AdminUtil Summary : Utility library for 389 administration Description : 389-adminutil is libraries of functions used to administer directory servers, usually in conjunction with the admin server. 389-adminutil is broken into two libraries - libadminutil contains the basic functionality, and libadmsslutil contains SSL versions and wrappers around the basic functions. The PSET functions allow applications to store their preferences and configuration parameters in LDAP, without having to know anything about LDAP. The configuration is cached in a local file, allowing applications to function even if the LDAP server is down. The other code is typically used by CGI programs used for directory server management, containing GET/POST processing code as well as resource handling (ICU ures API). Name : 389-admin Relocations: (not relocatable) Version : 1.1.12 Vendor: Fedora Project Release : 2.fc14 Build Date: Thu 18 Nov 2010 07:56:53 PM CET Install Date: Fri 26 Nov 2010 01:40:16 PM CET Build Host: x86-05.phx2.fedoraproject.org Group : System Environment/Daemons Source RPM: 389-admin-1.1.12-2.fc14.src.rpm Size : 1091939 License: GPLv2 and ASL 2.0 Signature : RSA/SHA256, Sat 20 Nov 2010 09:51:01 PM CET, Key ID 421caddb97a1071f Packager : Fedora Project URL : http://port389.org/ Summary : 389 Administration Server (admin) Description : 389 Administration Server is an HTTP agent that provides management features for 389 Directory Server. It provides some management web apps that can be used through a web browser. It provides the authentication, access control, and CGI utilities used by the console. [donkersloot@389-ds ~]$ [donkersloot@389-ds ~]$ sudo cat /etc/dirsrv/admin-serv/adm.conf [sudo] password for donkersloot: AdminDomain: surfnet.nl sysuser: ldapuser isie: cn=389 Administration Server,cn=Server Group,cn=389-ds.surfnet.nl,ou=surfnet.nl,o=NetscapeRoot SuiteSpotGroup: ldapuser sysgroup: ldapuser userdn: uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot ldapStart: /usr/lib/dirsrv/slapd-389-ds/start-slapd ldapurl: ldap://389-ds.surfnet.nl:389/o=NetscapeRoot SuiteSpotUserID: ldapuser sie: cn=admin-serv-389-ds,cn=389 Administration Server,cn=Server Group,cn=389-ds.surfnet.nl,ou=surfnet.nl,o=NetscapeRoot Cheers, Eric Rich Megginson wrote: > rpm -qi 389-ds-base 389-adminutil 389-admin -- Eric Donkersloot SURFnet Radboudkwartier 273 3511 CK Utrecht M +31 6 4115 4547 eric.donkersloot@surfnet.nl -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
New 389 ds install - cannot logon to adm console
See below for my info, it looks like i am using the exact same versions of
the program. [shadowuser@icicle ~]$ rpm -qi 389-ds-base 389-adminutil 389-admin Name : 389-ds-base Relocations: (not relocatable) Version : 1.2.7 Vendor: Fedora Project Release : 2.fc14 Build Date: Tue 16 Nov 2010 07:21:59 PM CET Install Date: Mon 29 Nov 2010 09:06:52 PM CET Build Host: x86-16.phx2.fedoraproject.org Group : System Environment/Daemons Source RPM: 389-ds-base-1.2.7-2.fc14.src.rpm Size : 5574559 License: GPLv2 with exceptions Signature : RSA/SHA256, Sat 20 Nov 2010 09:54:28 PM CET, Key ID 421caddb97a1071f Packager : Fedora Project URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Name : 389-adminutil Relocations: (not relocatable) Version : 1.1.10 Vendor: Fedora Project Release : 2.fc14 Build Date: Fri 02 Apr 2010 03:54:55 PM CEST Install Date: Mon 29 Nov 2010 09:06:37 PM CET Build Host: x86-01.phx2.fedoraproject.org Group : Development/Libraries Source RPM: 389-adminutil-1.1.10-2.fc14.src.rpm Size : 155108 License: LGPLv2 Signature : RSA/SHA256, Tue 27 Jul 2010 03:02:24 AM CEST, Key ID 421caddb97a1071f Packager : Fedora Project URL : http://port389.org/wiki/AdminUtil Summary : Utility library for 389 administration Description : 389-adminutil is libraries of functions used to administer directory servers, usually in conjunction with the admin server. 389-adminutil is broken into two libraries - libadminutil contains the basic functionality, and libadmsslutil contains SSL versions and wrappers around the basic functions. The PSET functions allow applications to store their preferences and configuration parameters in LDAP, without having to know anything about LDAP. The configuration is cached in a local file, allowing applications to function even if the LDAP server is down. The other code is typically used by CGI programs used for directory server management, containing GET/POST processing code as well as resource handling (ICU ures API). Name : 389-admin Relocations: (not relocatable) Version : 1.1.12 Vendor: Fedora Project Release : 2.fc14 Build Date: Thu 18 Nov 2010 07:56:53 PM CET Install Date: Mon 29 Nov 2010 09:06:58 PM CET Build Host: x86-05.phx2.fedoraproject.org Group : System Environment/Daemons Source RPM: 389-admin-1.1.12-2.fc14.src.rpm Size : 1091939 License: GPLv2 and ASL 2.0 Signature : RSA/SHA256, Sat 20 Nov 2010 09:51:01 PM CET, Key ID 421caddb97a1071f Packager : Fedora Project URL : http://port389.org/ Summary : 389 Administration Server (admin) Description : 389 Administration Server is an HTTP agent that provides management features for 389 Directory Server. It provides some management web apps that can be used through a web browser. It provides the authentication, access control, and CGI utilities used by the console. [root@icicle shadowuser]# cat /etc/dirsrv/admin-serv/adm.conf AdminDomain: phasma.nl sysuser: nobody isie: cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot SuiteSpotGroup: nobody sysgroup: nobody userdn: uid=admin,ou=Administrators,ou=TopologyManagement, o=NetscapeRoot ldapStart: /usr/lib/dirsrv/slapd-icicle/start-slapd ldapurl: ldap://icicle.phasma.nl:389/o=NetscapeRoot SuiteSpotUserID: nobody sie: cn=admin-serv-icicle,cn=389 Administration Server,cn=Server Group,cn=icicle.phasma.nl,ou=phasma.nl,o=NetscapeR oot The directory server starts without errors, and i can use commands like ldapsearch/ldapmodify without a problem. Any suggestions? Regards, Trisooma -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
| All times are GMT. The time now is 12:22 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.