FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 01-04-2011, 06:55 PM
 
Default Cannot login as cn=Directory Manager

I've been away from my 389-ds admin
for a few months (I'm just starting to get familiar with it), and I can't
login using the user ID "cn=Directory Manager". *A few months
ago I could using the GUI 389-console application. *But today I can't.
*It keeps saying:



"Can't login because of an incorrect
User ID, Incorrect password, or Directory problem."



The error log shows: "[error] [client
127.0.0.1] user cn=Directory Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter:
"ldapsearch -x -b o=netscaperoot -D "cn=Directory
Manager" -w <password> "objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.



Any thoughts on what to do to fix this?



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-04-2011, 08:39 PM
Rich Megginson
 
Default Cannot login as cn=Directory Manager

On 01/04/2011 12:55 PM, harry.devine@faa.gov wrote:



I've been away from my 389-ds
admin
for a few months (I'm just starting to get familiar with it),
and I can't
login using the user ID "cn=Directory Manager". *A few months
ago I could using the GUI 389-console application. *But today I
can't.
*It keeps saying:




"Can't login because of an
incorrect
User ID, Incorrect password, or Directory problem."




The error log shows: "[error]
[client
127.0.0.1] user cn=Directory Manager not found:
/admin-serv/authenticate"




I am able to get data back when I
enter:
"ldapsearch -x -b o=netscaperoot -D
"cn=Directory
Manager" -w <password> "objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix
this?



What platform?* What versions of 389-ds-base, 389-admin,
idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you will
first want to obscure any sensitive information)




Thanks!


Harry




Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-04-2011, 08:52 PM
Scott Harvey`
 
Default Cannot login as cn=Directory Manager

I am very new to the 389-ds.** I have spent the last few days
attempting to get samba up an running with 389-ds with ldap in ssl.*
or fefora-ds using

ldap not a whole lot of luck there.* In your case try adding -ZZ to
your command i.e.



"ldapsearch
-x* -ZZ -b o=netscaperoot -D "cn=Directory
Manager" -w <password> "objectclass=nsAdminConfig"



You might get more
descriptive response. *



Im attaching to shell scripts you my or may not find useful.* If you
cannot get into your with the 389-console you may be able use

the scripts to talk to you server.**



These shells were referenced* from a link I found
http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/



Scott









On 1/4/2011 11:55 AM, harry.devine@faa.gov wrote:



I've been away from my 389-ds
admin
for a few months (I'm just starting to get familiar with it),
and I can't
login using the user ID "cn=Directory Manager". *A few months
ago I could using the GUI 389-console application. *But today I
can't.
*It keeps saying:




"Can't login because of an
incorrect
User ID, Incorrect password, or Directory problem."




The error log shows: "[error]
[client
127.0.0.1] user cn=Directory Manager not found:
/admin-serv/authenticate"




I am able to get data back when I
enter:
"ldapsearch -x -b o=netscaperoot -D
"cn=Directory
Manager" -w <password> "objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix
this?




Thanks!


Harry




Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users






#!/bin/sh

ldapport=389
ldapsport=636
# enable SSL in the directory server
echo "Enabling SSL in the directory server - when prompted, provide the directory manager password"
ldapmodify -x -h localhost -p $ldapport -D "cn=directory manager" -W <<EOF
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
-
add: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa _rc2_40_md5,
+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_ fips_3des_sha,+fortezza,
+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_expo rt1024_with_rc4_56_sha,
+tls_rsa_export1024_with_des_cbc_sha

dn: cn=config
changetype: modify
add: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
-
replace: nsslapd-secureport
nsslapd-secureport: $ldapsport

dn: cn=RSA,cn=encryption,cn=config
changetype: add
objectclass: top
objectclass: nsEncryptionModule
cn: RSA
nsSSLPersonalitySSL: Server-Cert
nsSSLToken: internal (software)
nsSSLActivation: on

EOF

echo "Done. You must restart the directory server and the admin server for the changes to take effect."#!/bin/sh

if [ "$1" -a -d "$1" ] ; then
secdir="$1"
echo "Using $1 as sec directory"
assecdir=$secdir/../admin-serv
else
secdir=/etc/dirsrv/slapd-localhost
assecdir=/etc/dirsrv/admin-serv
fi

if [ "$2" ] ; then
ldapport=$2
else
ldapport=389
fi

if [ "$3" ] ; then
ldapsport=$3
else
ldapsport=636
fi

me=`whoami`
if [ "$me" = "root" ] ; then
isroot=1
fi

# see if there are already certs and keys
if [ -f $secdir/cert8.db ] ; then
# look for CA cert
if certutil -L -d $secdir -n "CA certificate" 2> /dev/null ; then
echo "Using existing CA certificate"
else
echo "No CA certificate found - will create new one"
needCA=1
fi

# look for server cert
if certutil -L -d $secdir -n "Server-Cert" 2> /dev/null ; then
echo "Using existing directory Server-Cert"
else
echo "No Server Cert found - will create new one"
needServerCert=1
fi

# look for admin server cert
if certutil -L -d $assecdir -n "server-cert" 2> /dev/null ; then
echo "Using existing admin server-cert"
else
echo "No Admin Server Cert found - will create new one"
needASCert=1
fi
prefix="new-"
prefixarg="-P $prefix"
else
needCA=1
needServerCert=1
needASCert=1
fi

if test -z "$needCA" -a -z "$needServerCert" -a -z "$needASCert" ; then
echo "No certs needed - exiting"
exit 0
fi

# get our user and group
if test -n "$isroot" ; then
uid=`/bin/ls -ald $secdir | awk '{print $3}'`
gid=`/bin/ls -ald $secdir | awk '{print $4}'`
fi

# 2. Create a password file for your security token password:
if [ -f $secdir/pwdfile.txt ] ; then
echo "Using existing $secdir/pwdfile.txt"
else
echo "Creating password file for security token"
(ps -ef ; w ) | sha1sum | awk '{print $1}' > $secdir/pwdfile.txt
if test -n "$isroot" ; then
chown $uid:$gid $secdir/pwdfile.txt
fi
chmod 400 $secdir/pwdfile.txt
fi

# 3. Create a "noise" file for your encryption mechanism:
if [ -f $secdir/noise.txt ] ; then
echo "Using existing $secdir/noise.txt file"
else
echo "Creating noise file"
(w ; ps -ef ; date ) | sha1sum | awk '{print $1}' > $secdir/noise.txt
if test -n "$isroot" ; then
chown $uid:$gid $secdir/noise.txt
fi
chmod 400 $secdir/noise.txt
fi

# 4. Create the key3.db and cert8.db databases:
if [ -z "$prefix" ] ; then
echo "Creating initial key and cert db"
else
echo "Creating new key and cert db"
fi
certutil -N $prefixarg -d $secdir -f $secdir/pwdfile.txt
if test -n "$isroot" ; then
chown $uid:$gid $secdir/${prefix}key3.db $secdir/${prefix}cert8.db
fi
chmod 600 $secdir/${prefix}key3.db $secdir/${prefix}cert8.db


if test -n "$needCA" ; then
# 5. Generate the encryption key:
echo "Creating encryption key for CA"
certutil -G $prefixarg -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt
# 6. Generate the self-signed certificate:
echo "Creating self-signed CA certificate"
# note - the basic constraints flag (-2) is required to generate a real CA cert
# it asks 3 questions that cannot be supplied on the command line
( echo y ; echo ; echo y ) | certutil -S $prefixarg -n "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt -2
# export the CA cert for use with other apps
echo Exporting the CA certificate to cacert.asc
certutil -L $prefixarg -d $secdir -n "CA certificate" -a > $secdir/cacert.asc
fi

if test -n "$MYHOST" ; then
myhost="$MYHOST"
else
myhost=`hostname --fqdn`
fi
if test -n "$needServerCert" ; then
# 7. Generate the server certificate:
echo "Generating server certificate for 389 Directory Server on host $myhost"
echo Using fully qualified hostname $myhost for the server name in the server cert subject DN
echo Note: If you do not want to use this hostname, edit this script to change myhost to the
echo real hostname you want to use
certutil -S $prefixarg -n "Server-Cert" -s "cn=$myhost,ou=389 Directory Server" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt
fi

if test -n "$needASCert" ; then
# Generate the admin server certificate
echo Creating the admin server certificate
certutil -S $prefixarg -n "server-cert" -s "cn=$myhost,ou=389 Administration Server" -c "CA certificate" -t "u,u,u" -m 1002 -v 120 -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt

# export the admin server certificate/private key for import into its key/cert db
echo Exporting the admin server certificate pk12 file
pk12util -d $secdir $prefixarg -o $secdir/adminserver.p12 -n server-cert -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt
if test -n "$isroot" ; then
chown $uid:$gid $secdir/adminserver.p12
fi
chmod 400 $secdir/adminserver.p12
fi

# create the pin file
if [ ! -f $secdir/pin.txt ] ; then
echo Creating pin file for directory server
pinfile=$secdir/pin.txt
echo 'Internal (Software) Token:'`cat $secdir/pwdfile.txt` > $pinfile
if test -n "$isroot" ; then
chown $uid:$gid $pinfile
fi
chmod 400 $pinfile
else
echo Using existing $secdir/pin.txt
fi

if [ -n "$prefix" ] ; then
# move the old files out of the way
mv $secdir/cert8.db $secdir/orig-cert8.db
mv $secdir/key3.db $secdir/orig-key3.db
# move in the new files - will be used after server restart
mv $secdir/${prefix}cert8.db $secdir/cert8.db
mv $secdir/${prefix}key3.db $secdir/key3.db
fi

# create the admin server key/cert db
if [ ! -f $assecdir/cert8.db ] ; then
echo Creating key and cert db for admin server
certutil -N -d $assecdir -f $secdir/pwdfile.txt
if test -n "$isroot" ; then
chown $uid:$gid $assecdir/*.db
fi
chmod 600 $assecdir/*.db
fi

if test -n "$needASCert" ; then
# import the admin server key/cert
echo "Importing the admin server key and cert (created above)"
pk12util -d $assecdir -n server-cert -i $secdir/adminserver.p12 -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt

# import the CA cert to the admin server cert db
echo Importing the CA certificate from cacert.asc
certutil -A -d $assecdir -n "CA certificate" -t "CT,," -a -i $secdir/cacert.asc
fi

if [ ! -f $assecdir/password.conf ] ; then
# create the admin server password file
echo Creating the admin server password file
echo 'internal:'`cat $secdir/pwdfile.txt` > $assecdir/password.conf
if test -n "$isroot" ; then
chown $uid:$gid $assecdir/password.conf
fi
chmod 400 $assecdir/password.conf
fi

# tell admin server to use the password file
if [ -f $assecdir/nss.conf ] ; then
cd $assecdir
echo Enabling the use of a password file in admin server
sed -e "s@^NSSPassPhraseDialog .*@NSSPassPhraseDialog file:`pwd`/password.conf@" nss.conf > /tmp/nss.conf && mv /tmp/nss.conf nss.conf
if test -n "$isroot" ; then
chown $uid:$gid nss.conf
fi
chmod 400 nss.conf
cd $secdir
fi

# enable SSL in the directory server
echo "Enabling SSL in the directory server - when prompted, provide the directory manager password"
ldapmodify -x -h localhost -p $ldapport -D "cn=directory manager" -W <<EOF
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
-
add: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa _rc2_40_md5,
+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_ fips_3des_sha,+fortezza,
+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_expo rt1024_with_rc4_56_sha,
+tls_rsa_export1024_with_des_cbc_sha

dn: cn=config
changetype: modify
add: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
-
replace: nsslapd-secureport
nsslapd-secureport: $ldapsport

dn: cn=RSA,cn=encryption,cn=config
changetype: add
objectclass: top
objectclass: nsEncryptionModule
cn: RSA
nsSSLPersonalitySSL: Server-Cert
nsSSLToken: internal (software)
nsSSLActivation: on

EOF

echo "Done. You must restart the directory server and the admin server for the changes to take effect."
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-05-2011, 11:59 AM
 
Default Cannot login as cn=Directory Manager

I'm on CentOS 5.4 and my 389 version
is 1.1.3 if I'm reading the console log properly. *The console log
that got generated when I ran "389-console -D 9 -f console.log"
is attached.



Thanks for the help!

Harry







Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov








From:
Rich Megginson <rmeggins@redhat.com>



To:
"General discussion list for the
389 Directory server project." <389-users@lists.fedoraproject.org>

Cc:
Harry Devine/ACT/FAA@FAA

Date:
01/04/2011 04:40 PM

Subject:
Re: [389-users] Cannot login as cn=Directory
Manager








On 01/04/2011 12:55 PM, harry.devine@faa.gov
wrote:



I've been away from my 389-ds admin for a few months (I'm just starting
to get familiar with it), and I can't login using the user ID "cn=Directory
Manager". *A few months ago I could using the GUI 389-console
application. *But today I can't. *It keeps saying:




"Can't login because of an incorrect User ID, Incorrect password,
or Directory problem."



The error log shows: "[error] [client 127.0.0.1] user cn=Directory
Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter: "ldapsearch
-x -b o=netscaperoot -D "cn=Directory Manager" -w <password>
"objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix this?

What platform? *What versions of 389-ds-base, 389-admin,
idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you will first
want to obscure any sensitive information)



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-05-2011, 02:13 PM
Rich Megginson
 
Default Cannot login as cn=Directory Manager

On 01/05/2011 05:59 AM, harry.devine@faa.gov wrote:



I'm on CentOS 5.4 and my 389
version
is 1.1.3 if I'm reading the console log properly. *The console
log
that got generated when I ran "389-console -D 9 -f console.log"
is attached.



What are the versions of the other components?

389-ds-base, 389-admin,
idm-console-framework



What does it say in the admin server logs in
/var/log/dirsrv/admin-serv/error and access?



Have you upgraded recently?* If so, did you run setup-ds-admin.pl
-u after upgrading?





Thanks for the help!


Harry








Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov









From:

Rich Megginson
<rmeggins@redhat.com>





To:

"General discussion
list for the
389 Directory server project."
<389-users@lists.fedoraproject.org>



Cc:

Harry
Devine/ACT/FAA@FAA



Date:

01/04/2011 04:40 PM



Subject:

Re: [389-users] Cannot
login as cn=Directory
Manager












On 01/04/2011 12:55 PM, harry.devine@faa.gov
wrote:




I've been away from my 389-ds admin for a few months (I'm just
starting
to get familiar with it), and I can't login using the user ID
"cn=Directory
Manager". *A few months ago I could using the GUI 389-console
application. *But today I can't. *It keeps saying:




"Can't login because of an incorrect User ID, Incorrect
password,
or Directory problem."



The error log shows: "[error] [client 127.0.0.1] user
cn=Directory
Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter: "ldapsearch
-x -b o=netscaperoot -D "cn=Directory Manager" -w
<password>
"objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix this?


What platform? *What versions of 389-ds-base,
389-admin,
idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you
will first
want to obscure any sensitive information)




Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov







--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users











--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-05-2011, 02:40 PM
 
Default Cannot login as cn=Directory Manager

How do I tell what the other versions
are? *I haven't upgraded or anything, so its the same version/installation
that I initially did a few months ago. *Should I upgrade? *Is
there a bug that's fixed in a newer version that could be causing what
I'm seeing?



The /var/log/dirsrv/admin-serv/error
log shows:

[Wed Jan 05 10:40:45 2011] [notice]
[client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not
resolve 127.0.0.1

[Wed Jan 05 10:40:45 2011] [notice]
[client 127.0.0.1] admserv_host_ip_check: host [localhost.localdomain]
did not match pattern [*.test.com] -will scan aliases

[Wed Jan 05 10:40:45 2011] [notice]
[client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not
match pattern [*.test.com]

[Wed Jan 05 10:41:25 2011] [crit] buildUGInfo():
unable to initialize TLS connection to LDAP host localhost.test.com port
389: 4

[Wed Jan 05 10:41:25 2011] [error]
[client 127.0.0.1] user cn=Directory Manager not found: /admin-serv/authenticate



The /var/log/dirsrv/admin-serv/access
log (which only got written to AFTER I closed 389-console) shows:

127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45
-0500] "GET /admin-serv/authenticate HTTP/1.0" 401 466



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov








From:
Rich Megginson <rmeggins@redhat.com>



To:
Harry Devine/ACT/FAA@FAA

Cc:
389-users@lists.fedoraproject.org

Date:
01/05/2011 10:23 AM

Subject:
Re: [389-users] Cannot login as cn=Directory
Manager








On 01/05/2011 05:59 AM, harry.devine@faa.gov
wrote:



I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the console
log properly. *The console log that got generated when I ran "389-console
-D 9 -f console.log" is attached.

What are the versions of the other components?

389-ds-base, 389-admin, idm-console-framework



What does it say in the admin server logs in /var/log/dirsrv/admin-serv/error
and access?



Have you upgraded recently? *If so, did you run setup-ds-admin.pl
-u after upgrading?



Thanks for the help!

Harry







Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov







From:

Rich Megginson <rmeggins@redhat.com>


To:

"General discussion list for the
389 Directory server project." <389-users@lists.fedoraproject.org>


Cc:

Harry Devine/ACT/FAA@FAA


Date:

01/04/2011 04:40 PM


Subject:

Re: [389-users] Cannot login as cn=Directory
Manager










On 01/04/2011 12:55 PM, harry.devine@faa.gov
wrote:



I've been away from my 389-ds admin for a few months (I'm just starting
to get familiar with it), and I can't login using the user ID "cn=Directory
Manager". *A few months ago I could using the GUI 389-console
application. *But today I can't. *It keeps saying:




"Can't login because of an incorrect User ID, Incorrect password,
or Directory problem."



The error log shows: "[error] [client 127.0.0.1] user cn=Directory
Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter: "ldapsearch
-x -b o=netscaperoot -D "cn=Directory Manager" -w <password>
"objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix this?

What platform? *What versions of 389-ds-base, 389-admin, idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you will first
want to obscure any sensitive information)



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users










--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-05-2011, 03:04 PM
Rich Megginson
 
Default Cannot login as cn=Directory Manager

On 01/05/2011 08:40 AM, harry.devine@faa.gov wrote:



How do I tell what the other
versions
are?
rpm -qi 389-console 389-ds-base 389-admin idm-console-framework
389-adminutil

I haven't upgraded or
anything, so its the same version/installation
that I initially did a few months ago.
So it just stopped working, with no explanation, and nothing has
changed?

Should I upgrade? *Is
there a bug that's fixed in a newer version that could be
causing what
I'm seeing?




The
/var/log/dirsrv/admin-serv/error
log shows:


[Wed Jan 05 10:40:45 2011]
[notice]
[client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host
could not
resolve 127.0.0.1


[Wed Jan 05 10:40:45 2011]
[notice]
[client 127.0.0.1] admserv_host_ip_check: host
[localhost.localdomain]
did not match pattern [*.test.com] -will scan aliases


[Wed Jan 05 10:40:45 2011]
[notice]
[client 127.0.0.1] admserv_host_ip_check: host alias [localhost]
did not
match pattern [*.test.com]


[Wed Jan 05 10:41:25 2011]
[crit] buildUGInfo():
unable to initialize TLS connection to LDAP host
localhost.test.com port
389: 4





This error message is somewhat misleading - it is not actually
attempting a TLS connection unless you have configured it to use
TLS.



What's in the directory server access log on or around [Wed Jan 05
10:41:25 2011] ?

[Wed Jan 05 10:41:25
2011] [error]
[client 127.0.0.1] user cn=Directory Manager not found:
/admin-serv/authenticate



If the directory server connection fails, it will fail to
lookup/bind too.




The
/var/log/dirsrv/admin-serv/access
log (which only got written to AFTER I closed 389-console)
shows:


127.0.0.1 - cn=Directory Manager
[05/Jan/2011:10:40:45
-0500] "GET /admin-serv/authenticate HTTP/1.0" 401 466




Thanks!


Harry




Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov









From:

Rich Megginson
<rmeggins@redhat.com>





To:

Harry
Devine/ACT/FAA@FAA



Cc:

389-users@lists.fedoraproject.org



Date:

01/05/2011 10:23 AM



Subject:

Re: [389-users] Cannot
login as cn=Directory
Manager












On 01/05/2011 05:59 AM, harry.devine@faa.gov
wrote:




I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the
console
log properly. *The console log that got generated when I ran
"389-console
-D 9 -f console.log" is attached.


What are the versions of the other components?

389-ds-base, 389-admin, idm-console-framework



What does it say in the admin server logs in
/var/log/dirsrv/admin-serv/error
and access?



Have you upgraded recently? *If so, did you run
setup-ds-admin.pl
-u after upgrading?




Thanks for the help!

Harry







Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov








From:


Rich
Megginson <rmeggins@redhat.com>




To:


"General discussion
list for the
389 Directory server project." <389-users@lists.fedoraproject.org>




Cc:


Harry
Devine/ACT/FAA@FAA




Date:


01/04/2011 04:40 PM




Subject:


Re: [389-users] Cannot
login as cn=Directory
Manager














On 01/04/2011 12:55 PM, harry.devine@faa.gov
wrote:



I've been away from my 389-ds admin for a few months (I'm just
starting
to get familiar with it), and I can't login using the user ID
"cn=Directory
Manager". *A few months ago I could using the GUI 389-console
application. *But today I can't. *It keeps saying:




"Can't login because of an incorrect User ID, Incorrect
password,
or Directory problem."



The error log shows: "[error] [client 127.0.0.1] user
cn=Directory
Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter: "ldapsearch
-x -b o=netscaperoot -D "cn=Directory Manager" -w
<password>
"objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix this?

What platform? *What versions of 389-ds-base, 389-admin,
idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you
will first
want to obscure any sensitive information)



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
















--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-05-2011, 03:30 PM
 
Default Cannot login as cn=Directory Manager

Yep, it appears to just have stopped
working. *I know that I had some similar issues back in October when
I first installed it, but I turned off the firewall on this PC and all
was good. *I verified that I still have the firewall off. *I'm
running this on an old laptop that we have here at work which is running
CentOS 5.4, and isn't connected to the network at all. *Just for evaluation
and familiarization purposes at this point.



Here's the versions that I could get:

389-console: 1.1.3

389-ds-base: 1.2.2

389-admin: 1.1.8

idm-console-framework: 1.1.3

389-adminutil: 1.1.8



Everything was (I assume) installed
at once when I did the initial installation following the instructions
I found at http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/.



Lastly, nothing is in the directory
server access log around 10:41:25. *Just that one line that said "GET
/admin-serv/authenticate HTTP/1.0" at 10:45:45.



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov








From:
Rich Megginson <rmeggins@redhat.com>



To:
Harry Devine/ACT/FAA@FAA

Cc:
389-users@lists.fedoraproject.org

Date:
01/05/2011 11:18 AM

Subject:
Re: [389-users] Cannot login as cn=Directory
Manager








On 01/05/2011 08:40 AM, harry.devine@faa.gov
wrote:



How do I tell what the other versions are?

rpm -qi 389-console 389-ds-base 389-admin idm-console-framework
389-adminutil

I haven't upgraded or anything, so its
the same version/installation that I initially did a few months ago.

So it just stopped working, with no explanation, and nothing
has changed?

Should I upgrade? *Is there a bug
that's fixed in a newer version that could be causing what I'm seeing?




The /var/log/dirsrv/admin-serv/error log shows:

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check:
ap_get_remote_host could not resolve 127.0.0.1

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check:
host [localhost.localdomain] did not match pattern [*.test.com] -will scan
aliases

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check:
host alias [localhost] did not match pattern [*.test.com]


[Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to initialize TLS
connection to LDAP host localhost.test.com port 389: 4




This error message is somewhat misleading - it is not actually attempting
a TLS connection unless you have configured it to use TLS.



What's in the directory server access log on or around [Wed Jan 05 10:41:25
2011] ?

[Wed Jan 05 10:41:25 2011] [error]
[client 127.0.0.1] user cn=Directory Manager not found: /admin-serv/authenticate


If the directory server connection fails, it will fail
to lookup/bind too.



The /var/log/dirsrv/admin-serv/access log (which only got written to AFTER
I closed 389-console) shows:

127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500] "GET
/admin-serv/authenticate HTTP/1.0" 401 466



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov







From:

Rich Megginson <rmeggins@redhat.com>


To:

Harry Devine/ACT/FAA@FAA


Cc:

389-users@lists.fedoraproject.org


Date:

01/05/2011 10:23 AM


Subject:

Re: [389-users] Cannot login as cn=Directory
Manager










On 01/05/2011 05:59 AM, harry.devine@faa.gov
wrote:



I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the console
log properly. *The console log that got generated when I ran "389-console
-D 9 -f console.log" is attached.

What are the versions of the other components?

389-ds-base, 389-admin, idm-console-framework



What does it say in the admin server logs in /var/log/dirsrv/admin-serv/error
and access?



Have you upgraded recently? *If so, did you run setup-ds-admin.pl
-u after upgrading?



Thanks for the help!

Harry







Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov





From:

Rich Megginson <rmeggins@redhat.com>


To:

"General discussion list for the
389 Directory server project." <389-users@lists.fedoraproject.org>


Cc:

Harry Devine/ACT/FAA@FAA


Date:

01/04/2011 04:40 PM


Subject:

Re: [389-users] Cannot login as cn=Directory
Manager












On 01/04/2011 12:55 PM, harry.devine@faa.gov
wrote:



I've been away from my 389-ds admin for a few months (I'm just starting
to get familiar with it), and I can't login using the user ID "cn=Directory
Manager". *A few months ago I could using the GUI 389-console
application. *But today I can't. *It keeps saying:




"Can't login because of an incorrect User ID, Incorrect password,
or Directory problem."



The error log shows: "[error] [client 127.0.0.1] user cn=Directory
Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter: "ldapsearch
-x -b o=netscaperoot -D "cn=Directory Manager" -w <password>
"objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix this?

What platform? *What versions of 389-ds-base, 389-admin, idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you will first
want to obscure any sensitive information)



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users














--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-05-2011, 03:56 PM
Rich Megginson
 
Default Cannot login as cn=Directory Manager

On 01/05/2011 09:30 AM, harry.devine@faa.gov wrote:



Yep, it appears to just have
stopped
working. *I know that I had some similar issues back in October
when
I first installed it, but I turned off the firewall on this PC
and all
was good. *I verified that I still have the firewall off. *I'm
running this on an old laptop that we have here at work which is
running
CentOS 5.4, and isn't connected to the network at all. *Just for
evaluation
and familiarization purposes at this point.




Here's the versions that I could
get:


389-console: 1.1.3


389-ds-base: 1.2.2


389-admin: 1.1.8


idm-console-framework: 1.1.3


389-adminutil: 1.1.8




Everything was (I assume)
installed
at once when I did the initial installation following the
instructions
I found at http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/.



I suggest upgrading to the latest 1.2.7 if only to make it easier to
support.




Lastly, nothing is in the
directory
server access log around 10:41:25. *Just that one line that said
"GET
/admin-serv/authenticate HTTP/1.0" at 10:45:45.



That's the admin server log - the directory server access log is in
/var/log/dirsrv/slapd-yourinstancename/access




Thanks!


Harry




Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov









From:

Rich Megginson
<rmeggins@redhat.com>





To:

Harry
Devine/ACT/FAA@FAA



Cc:

389-users@lists.fedoraproject.org



Date:

01/05/2011 11:18 AM



Subject:

Re: [389-users] Cannot
login as cn=Directory
Manager












On 01/05/2011 08:40 AM, harry.devine@faa.gov
wrote:




How do I tell what the other versions are?


rpm -qi 389-console 389-ds-base 389-admin
idm-console-framework
389-adminutil


I haven't upgraded or anything,
so its
the same version/installation that I initially did a few months
ago.


So it just stopped working, with no explanation,
and nothing
has changed?


Should I upgrade? *Is there a bug
that's fixed in a newer version that could be causing what I'm
seeing?




The /var/log/dirsrv/admin-serv/error log shows:

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1]
admserv_host_ip_check:
ap_get_remote_host could not resolve 127.0.0.1

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1]
admserv_host_ip_check:
host [localhost.localdomain] did not match pattern [*.test.com]
-will scan
aliases

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1]
admserv_host_ip_check:
host alias [localhost] did not match pattern [*.test.com]


[Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to
initialize TLS
connection to LDAP host localhost.test.com port 389: 4





This error message is somewhat misleading - it is not actually
attempting
a TLS connection unless you have configured it to use TLS.



What's in the directory server access log on or around [Wed Jan
05 10:41:25
2011] ?


[Wed Jan 05 10:41:25 2011]
[error]
[client 127.0.0.1] user cn=Directory Manager not found:
/admin-serv/authenticate



If the directory server connection fails, it will
fail
to lookup/bind too.




The /var/log/dirsrv/admin-serv/access log (which only got
written to AFTER
I closed 389-console) shows:

127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500]
"GET
/admin-serv/authenticate HTTP/1.0" 401 466




Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov








From:


Rich
Megginson <rmeggins@redhat.com>




To:


Harry
Devine/ACT/FAA@FAA




Cc:


389-users@lists.fedoraproject.org




Date:


01/05/2011 10:23 AM




Subject:


Re: [389-users] Cannot
login as cn=Directory
Manager














On 01/05/2011 05:59 AM, harry.devine@faa.gov
wrote:



I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the
console
log properly. *The console log that got generated when I ran
"389-console
-D 9 -f console.log" is attached.

What are the versions of the other components?

389-ds-base, 389-admin, idm-console-framework



What does it say in the admin server logs in
/var/log/dirsrv/admin-serv/error
and access?



Have you upgraded recently? *If so, did you run
setup-ds-admin.pl
-u after upgrading?



Thanks for the help!

Harry







Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov






From:


Rich
Megginson <rmeggins@redhat.com>




To:


"General discussion
list for the
389 Directory server project." <389-users@lists.fedoraproject.org>




Cc:


Harry
Devine/ACT/FAA@FAA




Date:


01/04/2011 04:40 PM




Subject:


Re: [389-users] Cannot
login as cn=Directory
Manager
















On 01/04/2011 12:55 PM, harry.devine@faa.gov
wrote:



I've been away from my 389-ds admin for a few months (I'm just
starting
to get familiar with it), and I can't login using the user ID
"cn=Directory
Manager". *A few months ago I could using the GUI 389-console
application. *But today I can't. *It keeps saying:




"Can't login because of an incorrect User ID, Incorrect
password,
or Directory problem."



The error log shows: "[error] [client 127.0.0.1] user
cn=Directory
Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter: "ldapsearch
-x -b o=netscaperoot -D "cn=Directory Manager" -w
<password>
"objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix this?

What platform? *What versions of 389-ds-base, 389-admin,
idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you
will first
want to obscure any sensitive information)



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users




















--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 01-05-2011, 05:25 PM
 
Default Cannot login as cn=Directory Manager

I tried to upgrade, but yum tells me
that there are no packages marked for update. *I did see that I had
the dirsrv.repo file renamed so it wouldn't be used, so I renamed it back
and tried the "yum upgrade" again, and got the same thing. *The
relevant contents of my dirsrv.repo file are:



[dirsrv]

name=389 Directory Server - 6 - $basearch

baseurl=http://port389.org/yum/dirsrv/fedora/6/$basearch/RPMS



I assume this repo isn't correct? *I
think I downloaded it from that CentOS link I included in my last email.



Thanks,

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov








From:
Rich Megginson <rmeggins@redhat.com>



To:
Harry Devine/ACT/FAA@FAA

Cc:
389-users@lists.fedoraproject.org

Date:
01/05/2011 11:57 AM

Subject:
Re: [389-users] Cannot login as cn=Directory
Manager








On 01/05/2011 09:30 AM, harry.devine@faa.gov
wrote:



Yep, it appears to just have stopped working. *I know that I had some
similar issues back in October when I first installed it, but I turned
off the firewall on this PC and all was good. *I verified that I still
have the firewall off. *I'm running this on an old laptop that we
have here at work which is running CentOS 5.4, and isn't connected to the
network at all. *Just for evaluation and familiarization purposes
at this point.



Here's the versions that I could get:

389-console: 1.1.3

389-ds-base: 1.2.2

389-admin: 1.1.8

idm-console-framework: 1.1.3

389-adminutil: 1.1.8



Everything was (I assume) installed at once when I did the initial installation
following the instructions I found at http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/.


I suggest upgrading to the latest 1.2.7 if only to make
it easier to support.



Lastly, nothing is in the directory server access log around 10:41:25.
*Just that one line that said "GET /admin-serv/authenticate HTTP/1.0"
at 10:45:45.

That's the admin server log - the directory server access
log is in /var/log/dirsrv/slapd-yourinstancename/access



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov







From:

Rich Megginson <rmeggins@redhat.com>


To:

Harry Devine/ACT/FAA@FAA


Cc:

389-users@lists.fedoraproject.org


Date:

01/05/2011 11:18 AM


Subject:

Re: [389-users] Cannot login as cn=Directory
Manager










On 01/05/2011 08:40 AM, harry.devine@faa.gov
wrote:



How do I tell what the other versions are?

rpm -qi 389-console 389-ds-base 389-admin idm-console-framework 389-adminutil


I haven't upgraded or anything, so its the same version/installation that
I initially did a few months ago.

So it just stopped working, with no explanation, and nothing has changed?


Should I upgrade? *Is there a bug that's fixed in a newer version
that could be causing what I'm seeing?



The /var/log/dirsrv/admin-serv/error log shows:

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check:
ap_get_remote_host could not resolve 127.0.0.1

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check:
host [localhost.localdomain] did not match pattern [*.test.com] -will scan
aliases

[Wed Jan 05 10:40:45 2011] [notice] [client 127.0.0.1] admserv_host_ip_check:
host alias [localhost] did not match pattern [*.test.com]


[Wed Jan 05 10:41:25 2011] [crit] buildUGInfo(): unable to initialize TLS
connection to LDAP host localhost.test.com port 389: 4




This error message is somewhat misleading - it is not actually attempting
a TLS connection unless you have configured it to use TLS.



What's in the directory server access log on or around [Wed Jan 05 10:41:25
2011] ?

[Wed Jan 05 10:41:25 2011] [error] [client 127.0.0.1] user cn=Directory
Manager not found: /admin-serv/authenticate

If the directory server connection fails, it will fail to lookup/bind too.




The /var/log/dirsrv/admin-serv/access log (which only got written to AFTER
I closed 389-console) shows:

127.0.0.1 - cn=Directory Manager [05/Jan/2011:10:40:45 -0500] "GET
/admin-serv/authenticate HTTP/1.0" 401 466



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov





From:

Rich Megginson <rmeggins@redhat.com>


To:

Harry Devine/ACT/FAA@FAA


Cc:

389-users@lists.fedoraproject.org


Date:

01/05/2011 10:23 AM


Subject:

Re: [389-users] Cannot login as cn=Directory
Manager












On 01/05/2011 05:59 AM, harry.devine@faa.gov
wrote:



I'm on CentOS 5.4 and my 389 version is 1.1.3 if I'm reading the console
log properly. *The console log that got generated when I ran "389-console
-D 9 -f console.log" is attached.

What are the versions of the other components?

389-ds-base, 389-admin, idm-console-framework



What does it say in the admin server logs in /var/log/dirsrv/admin-serv/error
and access?



Have you upgraded recently? *If so, did you run setup-ds-admin.pl
-u after upgrading?



Thanks for the help!

Harry







Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov



From:

Rich Megginson <rmeggins@redhat.com>


To:

"General discussion list for the
389 Directory server project." <389-users@lists.fedoraproject.org>


Cc:

Harry Devine/ACT/FAA@FAA


Date:

01/04/2011 04:40 PM


Subject:

Re: [389-users] Cannot login as cn=Directory
Manager














On 01/04/2011 12:55 PM, harry.devine@faa.gov
wrote:



I've been away from my 389-ds admin for a few months (I'm just starting
to get familiar with it), and I can't login using the user ID "cn=Directory
Manager". *A few months ago I could using the GUI 389-console
application. *But today I can't. *It keeps saying:




"Can't login because of an incorrect User ID, Incorrect password,
or Directory problem."



The error log shows: "[error] [client 127.0.0.1] user cn=Directory
Manager not found: /admin-serv/authenticate"



I am able to get data back when I enter: "ldapsearch
-x -b o=netscaperoot -D "cn=Directory Manager" -w <password>
"objectclass=nsAdminConfig""
from the command line, so I know that the password is correct.




Any thoughts on what to do to fix this?

What platform? *What versions of 389-ds-base, 389-admin, idm-console-framework?

run 389-console -D 9 -f console.log then send console.log (you will first
want to obscure any sensitive information)



Thanks!

Harry



Harry Devine

Common ARTS Software Development

AJT-144

(609)485-4218

Harry.Devine@faa.gov






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


















--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 10:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org