I have configured dsgw using:
http://directory.fedoraproject.org/wiki/DSGW
when i try to authenticate a test user, using
/var/log/dirsrv/slapd-ds/access
i see authentication is ok:
[30/Mar/2012:22:30:23 +0200] conn=103 op=1 BIND dn="uid=xxx,ou=People,dc=xxx,dc=it" method=128 version=3
[30/Mar/2012:22:30:23+0200] conn=103 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=xxx,ou=people,dc=xxx,dc=it"
i use xxx to obfuscate real names to protect my customer privacy.
but something goes wrong after it, into dsgw
Is there any dsgw log to diagnose better the issue?
regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
03-30-2012, 08:45 PM
Rich Megginson
Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.
I have configured dsgw using:
http://directory.fedoraproject.org/wiki/DSGW
when i try to authenticate a test user, using
/var/log/dirsrv/slapd-ds/access
i see authentication is ok:
[30/Mar/2012:22:30:23 +0200] conn=103 op=1 BIND dn="uid=xxx,ou=People,dc=xxx,dc=it" method=128 version=3
[30/Mar/2012:22:30:23+0200] conn=103 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=xxx,ou=people,dc=xxx,dc=it"
i use xxx to obfuscate real names to protect my customer privacy.
but something goes wrong after it, into dsgw
Is there any dsgw log to diagnose better the issue?
ls -al /var/run/dirsrv/dsgw
ls -al /var/run/dirsrv/dsgw/cookies
the admin server logs are in /var/log/dirsrv/admin-serv
regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
03-31-2012, 08:20 AM
Maurizio Marini
Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.
On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson <rmeggins@redhat.com> wrote:
Hello Richard
> > Is there any dsgw log to diagnose better the issue?
> ls -al /var/run/dirsrv/dsgw
empty
> ls -al /var/run/dirsrv/dsgw/cookies
empty
>
> the admin server logs are in /var/log/dirsrv/admin-serv
there is nothing newer than 1 day ago
if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong
maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"
location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini <maumar@cost.it>"
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?
thnx for your attention
regards
-m
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
03-31-2012, 02:46 PM
Rich Megginson
Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.
On 03/31/2012 02:20 AM, Maurizio Marini wrote:
On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson<rmeggins@redhat.com> wrote:
Hello Richard
Is there any dsgw log to diagnose better the issue?
ls -al /var/run/dirsrv/dsgw
empty
ls -al /var/run/dirsrv/dsgw/cookies
empty
This is the problem. How did you install dsgw? From yum? Did you run
setup-ds-dsgw after installing the packages?
the admin server logs are in /var/log/dirsrv/admin-serv
there is nothing newer than 1 day ago
if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong
maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"
location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini<maumar@cost.it>"
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?
thnx for your attention
regards
-m
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
03-31-2012, 02:50 PM
Rich Megginson
Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.
On 03/31/2012 02:20 AM, Maurizio Marini wrote:
On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson<rmeggins@redhat.com> wrote:
Hello Richard
Is there any dsgw log to diagnose better the issue?
ls -al /var/run/dirsrv/dsgw
empty
ls -al /var/run/dirsrv/dsgw/cookies
empty
But they exist? I wanted to see the ownership and permissions on these
directories. If you ran setup-ds-admin.pl and chose the defaults, these
directories should be owned by nobody:nobody and should be mode 0700
(-rwx------)
the admin server logs are in /var/log/dirsrv/admin-serv
there is nothing newer than 1 day ago
if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong
maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
This should not have a space in it - it should be dc=xxx,dc=it - if
there are spaces in the values, then quote it like this:
location-suffix "dc=xxx, dc=it"
securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"
Does this really have a "#" in it?
location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini<maumar@cost.it>"
Does this really have the string "Maurizio Marini <maumar@cost.it>" in it?
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?
Trac - https://fedorahosted.org/389
thnx for your attention
regards
-m
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
03-31-2012, 03:12 PM
Rich Megginson
Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.
On 03/31/2012 02:20 AM, Maurizio Marini wrote:
On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson<rmeggins@redhat.com> wrote:
Hello Richard
Is there any dsgw log to diagnose better the issue?
ls -al /var/run/dirsrv/dsgw
empty
ls -al /var/run/dirsrv/dsgw/cookies
empty
But they exist? I wanted to see the ownership and permissions on these
directories. If you ran setup-ds-admin.pl and chose the defaults, these
directories should be owned by nobody:nobody and should be mode 0700
(-rwx------)
the admin server logs are in /var/log/dirsrv/admin-serv
there is nothing newer than 1 day ago
if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong
maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
This should not have a space in it - it should be dc=xxx,dc=it - if
there are spaces in the values, then quote it like this:
location-suffix "dc=xxx, dc=it"
securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"
Does this really have a "#" in it?
location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini<maumar@cost.it>"
Does this really have the string "Maurizio Marini <maumar@cost.it>" in it?
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?
Trac - https://fedorahosted.org/389
thnx for your attention
regards
-m
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
03-31-2012, 05:13 PM
Maurizio Marini
Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.
On Sat, 31 Mar 2012 09:12:43 -0600
Rich Megginson <rmeggins@redhat.com> wrote:
> > This is the problem. How did you install dsgw? From yum? Did you run
> setup-ds-dsgw after installing the packages?
no, i didn't, my fault
Now i did, and all went well, all is working smoothly
this is the wiki to be used first of all:
http://directory.fedoraproject.org/wiki/WebApps_Install
as pointed out at the bottom of the wiki i started with:
http://directory.fedoraproject.org/wiki/DSGW
best regards
-m
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.
