FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-09-2011, 04:22 PM
"Bowden, Brendan"
 
Default Error finding "Registered server" on DSGW with HTTP auth enabled

Hello all,

I'm getting an odd error from the admin server after enabling authentication on the DSGW as described here: http://directory.fedoraproject.org/wiki/DSGW#Requiring_Authenticated_Access

At first it wouldn't find any users; I tracked that back to it searching under o=NetscapeRoot instead of the real baseDN where the users are, so I adjusted ldapurl in adm.conf (names slightly changed to protect the innocent):

>From - ldapurl: ldap://ldap-01.example.com:389/o=NetscapeRoot
To - ldapurl: ldap://ldap-01.example.com:389/dc=example,dc=com

Now it finds the users OK, but is erroring on this:

[Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd)

I've searched all over for this one and can't find any hints. The source code says it's searching for "dsgwcmd" as a serverID under Server Groups in LDAP somewhere?

Any help would be appreciated, thanks!

---------------------------------------------------------------------



Admin-serv errors log with debug enabled:


[Wed Mar 09 09:57:49 2011] [info] Connection to child 9 established (server ldap-01.example.com:443, client 1.2.3.4)
[Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4, referer: https://password.leve
l3sa.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuratio
n, referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2754): [client 1.2.3.4] checking user cache for: testaccount, referer: https://password.example.com/clien
ts/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(2761): [client 1.2.3.4] not in cache, trying DS, referer: https://password.example.com/clients/dsgw/bin/la
ng?context=pb
[Wed Mar 09 09:57:50 2011] [debug] mod_admserv.c(1586): [client 1.2.3.4] admserv_check_authz: request for uri [/dsgwcmd/lang], referer: https://password.lev
el3sa.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] admserv_check_authz(): unable to find registered server (dsgwcmd), referer: https://password.example.com/clients/dsgw/bin/lang?context=pb
[Wed Mar 09 09:57:50 2011] [info] Connection to child 9 closed (server ldap-01.example.com:443, client 1.2.3.4)
[Wed Mar 09 09:57:50 2011] [info] Connection to child 10 established (server ldap-01.example.com:443, client 1.2.3.4)
[Wed Mar 09 09:57:50 2011] [notice] [client 1.2.3.4] admserv_host_ip_check: ap_get_remote_host could not resolve 1.2.3.4
[Wed Mar 09 09:57:50 2011] [warn] [client 1.2.3.4] admserv_host_ip_check: failed to get host by ip addr [1.2.3.4] - check your host and DNS configuration
[Wed Mar 09 09:57:50 2011] [info] Initial (No.1) HTTPS request received for child 10 (server ldap-01.example.com:443)
[Wed Mar 09 09:57:50 2011] [error] [client 1.2.3.4] File does not exist: /usr/share/dirsrv/html/favicon.ico
[Wed Mar 09 09:57:50 2011] [info] Connection to child 10 closed (server ldap-01.example.com:443, client 1.2.3.4)


LDAPd access log for the same access attempt:

[09/Mar/2011:09:57:49 -0500] conn=349 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=349 op=0 BIND dn="" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=349 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[09/Mar/2011:09:57:49 -0500] conn=349 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=testaccount)" attrs="c"
[09/Mar/2011:09:57:49 -0500] conn=349 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[09/Mar/2011:09:57:49 -0500] conn=349 op=2 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=349 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=350 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=349 op=3 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=349 op=3 fd=112 closed - U1
[09/Mar/2011:09:57:49 -0500] conn=350 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=350 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=350 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
[09/Mar/2011:09:57:49 -0500] conn=350 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
[09/Mar/2011:09:57:49 -0500] conn=351 fd=112 slot=112 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=350 op=2 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=350 op=2 fd=113 closed - U1
[09/Mar/2011:09:57:49 -0500] conn=351 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=351 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=351 op=1 SRCH base="cn=slapd-ldap-01, cn=389 Directory Server, cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
[09/Mar/2011:09:57:49 -0500] conn=351 op=1 RESULT err=0 tag=101 nentries=20 etime=0 notes=U
[09/Mar/2011:09:57:49 -0500] conn=352 fd=113 slot=113 connection from 127.0.0.1 to 127.0.0.1
[09/Mar/2011:09:57:49 -0500] conn=351 op=2 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=351 op=2 fd=112 closed - U1
[09/Mar/2011:09:57:49 -0500] conn=352 op=0 BIND dn="uid=Testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com" method=128 version=3
[09/Mar/2011:09:57:49 -0500] conn=352 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testaccount,ou=vpn,dc=subdomain,dc=example ,dc=com"
[09/Mar/2011:09:57:49 -0500] conn=352 op=1 SRCH base="cn=Server Group, cn=ldap-01.example.com, ou=example.com, o=NetscapeRoot" scope=2 filter="(objectClass=*)" attrs=ALL
[09/Mar/2011:09:57:49 -0500] conn=352 op=1 RESULT err=0 tag=101 nentries=62 etime=0 notes=U
[09/Mar/2011:09:57:49 -0500] conn=352 op=2 UNBIND
[09/Mar/2011:09:57:49 -0500] conn=352 op=2 fd=113 closed - U1

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 04:57 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org