On 11/10/2011 12:02 PM, Tom Tucker wrote:
Responding to the group..this time.
Thanks for the quick response, unfortunately no change.
OS: FC 15
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495
<https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495>
Server1
##########
[root@serverA phpldapadmin]# setup-ds-admin.pl
<http://setup-ds-admin.pl/> -u
==============================================================================
The update option will allow you to re-register your servers with the
configuration directory server and update the information about your
servers that the console and admin server uses. You will need your
configuration directory server admin ID and password to continue.
Continue? [yes]:
==============================================================================
Please specify the information about your configuration directory
server. The following information is required:
- host (fully qualified), port (non-secure or secure), suffix,
protocol (ldap or ldaps) - this information should be provided in the
form of an LDAP url e.g. for non-secure
ldap://host.example.com:389/o=NetscapeRoot
<http://host.example.com:389/o=NetscapeRoot>
or for secure
ldaps://host.example.com:636/o=NetscapeRoot
<http://host.example.com:636/o=NetscapeRoot>
- admin ID and password
- admin domain
- a CA certificate file may be required if you choose to use ldaps and
security has not yet been configured - the file must be in PEM/ASCII
format - specify the absolute path and filename
Configuration directory server URL
[ldap://serverA.mydomain.com:389/o=NetscapeRoot
<http://serverA.mydomain.com:389/o=NetscapeRoot>]:
Configuration directory server admin ID
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
Configuration directory server admin password:
Configuration directory server admin domain [mydomain.com
<http://mydomain.com/>]:
==============================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]:
Could not open TLS connection to serverA.mydomain.com:389
<http://serverA.mydomain.com:389/> - trying regular connection
rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*':
No such file or directory
rm: cannot remove
`/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No such file or
directory
Undefined subroutine &DSUpdate::updateSystemD called at
/usr/lib/dirsrv/perl/DSUpdate.pm line 419.
rpm -qi 389-ds-base
this issue is fixed in 1.2.10.a5 in updates-testing
Server2
#########
[root@usg-ldap7901 admin-serv]# setup-ds-admin.pl
<http://setup-ds-admin.pl/> -u
==============================================================================
The update option will allow you to re-register your servers with the
configuration directory server and update the information about your
servers that the console and admin server uses. You will need your
configuration directory server admin ID and password to continue.
Continue? [yes]: yes
==============================================================================
Please specify the information about your configuration directory
server. The following information is required:
- host (fully qualified), port (non-secure or secure), suffix,
protocol (ldap or ldaps) - this information should be provided in the
form of an LDAP url e.g. for non-secure
ldap://host.example.com:389/o=NetscapeRoot
<http://host.example.com:389/o=NetscapeRoot>
or for secure
ldaps://host.example.com:636/o=NetscapeRoot
<http://host.example.com:636/o=NetscapeRoot>
- admin ID and password
- admin domain
- a CA certificate file may be required if you choose to use ldaps and
security has not yet been configured - the file must be in PEM/ASCII
format - specify the absolute path and filename
Configuration directory server URL
[ldap://serverA.mydomain.com:389/o=NetscapeRoot
<http://serverA.mydomain.com:389/o=NetscapeRoot>]:
Configuration directory server admin ID
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
Configuration directory server admin password:
Configuration directory server admin domain [mydomain.com
<http://mydomain.com/>]:
==============================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]:
Could not open TLS connection to serverA.mydomain.com:389
<http://serverA.mydomain.com:389/> - trying regular connection
Undefined subroutine &DSUpdate::updateSystemD called at
/usr/lib/dirsrv/perl/DSUpdate.pm line 419.
On Thu, Nov 10, 2011 at 1:48 PM, Rich Megginson <[email protected]
<mailto:[email protected]>> wrote:
On 11/10/2011 11:48 AM, Tom Tucker wrote:
I would appreciate any troubleshooting advise you might have
regarding my registered ldap servers. I am referring to the
first page you see when launching the console (servers listed
underneath Servers and Applications). I see my servers listed,
however I am unable to open them. Their "Server status" always
reports "Stopped" even though the remote servers are running.
Based on my tcpdump capture below the 'admin prohibited' message
is a clear indication of the problem, but I can't seem to correct
it. I have reran the setup several times, confirmed the password
and such.
What am I missing?
Have you tried running setup-ds-admin.pl
<http://setup-ds-admin.pl> -u on both the local servers and the
remote servers?
==============================================================================
13:35:27.458489 IP serverA.mydomain.com.30940 >
serverB.mydomain.com.ldap: Flags [S], seq 404137883, win 14600,
options [mss 1460,sackOK,TS val 348721371 ecr 0,nop,wscale 6],
length 0
13:35:27.458591 IP serverB.mydomain.com
<http://serverB.mydomain.com> > serverA.mydomain.com
<http://serverA.mydomain.com>: ICMP host serverB.mydomain.com
<http://serverB.mydomain.com> unreachable - admin prohibited,
length 68
Please specify the information about your configuration directory
server. The following information is required:
- host (fully qualified), port (non-secure or secure), suffix,
protocol (ldap or ldaps) - this information should be provided
in the
form of an LDAP url e.g. for non-secure
ldap://host.example.com:389/o=NetscapeRoot
<http://host.example.com:389/o=NetscapeRoot>
or for secure
ldaps://host.example.com:636/o=NetscapeRoot
<http://host.example.com:636/o=NetscapeRoot>
- admin ID and password
- admin domain
- a CA certificate file may be required if you choose to use
ldaps and
security has not yet been configured - the file must be in
PEM/ASCII
format - specify the absolute path and filename
Configuration directory server URL
[ldap://serverA.mydomain.com:389/o=NetscapeRoot
<http://serverA.mydomain.com:389/o=NetscapeRoot>]:
Configuration directory server admin ID
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
Configuration directory server admin password:
Configuration directory server admin domain [mydomain.com
<http://mydomain.com>]:
--
389 users mailing list
[email protected]
<mailto:[email protected]>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
