Hey Mark, Well, to back up a bit, of the dual masters' (A & B) only A has been running consistently for many years. That is why I needed to do a re-initialization of B. The re-initialization was done at the 'my_suffix' level and not NetscapeRoot.
I assumed that the config data would be running on both dual masters. Maybe I am incorrect? access from Master A for 'admin' bind: [23/Apr/2012:16:07:50 -0700] conn=2575 fd=71 slot=71 connection from 10.10.10.24 to 10.10.10.24 [23/Apr/2012:16:07:50 -0700] conn=2575 op=0 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3 [23/Apr/2012:16:07:50 -0700] conn=2575 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [23/Apr/2012:16:07:50 -0700] conn=2575 op=1 SRCH base="cn=statusping, cn=operation, cn=tasks, cn=admin-serv-masterA, cn=fedora administration server, cn=server group, cn=masterA.sub.domain.biz, ou=sub.domain.biz, o=netscaperoot" scope=0 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [23/Apr/2012:16:07:50 -0700] conn=2575 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [23/Apr/2012:16:07:50 -0700] conn=2575 op=2 SRCH base="cn=admin-serv-masterA, cn=Fedora Administration Server, cn=Server Group, cn=masterA.sub.domain.biz, ou=sub.domain.biz, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [23/Apr/2012:16:07:50 -0700] conn=2575 op=2 RESULT err=0 tag=101 nentries=24 etime=0 [23/Apr/2012:16:07:50 -0700] conn=2575 op=3 SRCH base="cn=slapd-masterA, cn=Fedora Directory Server, cn=Server Group, cn=masterA.sub.domain.biz, ou= sub.domain.biz, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [23/Apr/2012:16:07:50 -0700] conn=2575 op=3 RESULT err=0 tag=101 nentries=13 etime=0 [23/Apr/2012:16:07:50 -0700] conn=2575 op=4 SRCH base="cn=Fedora Directory Server, cn=Server Group, cn=masterA.sub.domain.biz, ou=sub.domain.biz, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [23/Apr/2012:16:07:50 -0700] conn=2575 op=4 RESULT err=0 tag=101 nentries=17 etime=0 [23/Apr/2012:16:07:50 -0700] conn=2575 op=5 SRCH base="cn=Fedora Administration Server, cn=Server Group, cn=masterA.sub.domain.biz, ou= sub.domain.biz, o=NetscapeRoot" scope=2 filter="(nsExecRef=*)" attrs="nsExecRef nsLogSuppress" [23/Apr/2012:16:07:50 -0700] conn=2575 op=5 RESULT err=0 tag=101 nentries=24 etime=0 [23/Apr/2012:16:07:50 -0700] conn=2575 op=6 UNBIND [23/Apr/2012:16:07:50 -0700] conn=2575 op=6 fd=71 closed - U1 access from master A for 'cn=Directory Manager' bind: [23/Apr/2012:16:37:36 -0700] conn=2594 fd=68 slot=68 connection from 10.10.10.24 to 10.10.10.24 [23/Apr/2012:16:37:36 -0700] conn=2594 op=0 BIND dn="cn=admin-serv-masterA, cn=Fedora Administration Server, cn=Server Group, cn=masterA.sub.domain.biz, ou=sub.domain.biz, o=NetscapeRoot" method=128 version=3 [23/Apr/2012:16:37:36 -0700] conn=2594 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin-serv-masterA,cn=fedora administration server,cn=server group,cn=masterA.sub.domain.biz,ou=sub.domain.biz,o=netscaperoot" [23/Apr/2012:16:37:36 -0700] conn=2594 op=1 BIND dn="cn=Directory Manager" method=128 version=3 [23/Apr/2012:16:37:36 -0700] conn=2594 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [23/Apr/2012:16:37:36 -0700] conn=2594 op=2 UNBIND [23/Apr/2012:16:37:36 -0700] conn=2594 op=2 fd=68 closed - U1 This are from master A where logging in as either works fine. It looks like I need to configure o=netscaperoot on master B somehow? thanks, Herb On Mon, Apr 23, 2012 at 1:13 PM, Mark Reynolds <[email protected]> wrote: > Herb, > > Do you know which server is hosting the config data for the > console(o=netscaperoot)? If you do, please provide the access log output > showing the "cn=directory manager" and "admin" binds? It might not hurt to > restart the admin server. > > Thanks, > Mark > > > > On 04/23/2012 04:06 PM, Herb Burnswell wrote: > > Hi All, > > After re-initialization of a dual master server I now cannot log into the > directory management console as cn=Directory Manager. I receive the error: > > Cannot logon because of an incorrect user id, incorrect password, or > Directory problem. > httpException: > Resoponse: HTTP/1.1 401 Unauthorized > Status: 401 > URL: http://url/admin-serv/authenticate > > I know the password is correct as I can drop into an ldapmodify session > with ./ldapmodify -D "cn=Directory Manager" -w <passwd> without error. > > I've seen a few inquiries about this issue around the web but nothing to > resolve the issue. I see the following in > /opt/fedora-ds/admin-serv/logs/error: > > security (27749): for host <hostname> trying to GET > /admin-serv/authenticate, basic-ncsa reports: user cn=Directory Manager > does not exist in pwfile /opt/fedora-ds/admin-serv/config/admpw > > It is correct that there is not a line for cn=Directory Manager in admpw, > but it is not located in the admpw file on the other dual master and I can > log into its management console as cn=Directory Manager without error. > They both just contain a line for user 'admin'. > > When I try to log in as 'admin' (works fine on other dual master) I > receive: > > cannot connect to the directory server: > netscape.ldap.LDAPException: error result (32) matchedDN = ou > =<domain>,o=netscaperoot; no such object > > Is there something else that I need to do after re-initialization? Any > guidance is greatly appreciated. > > Thanks in advance, > > Herb > > > > > -- > 389 users mailing > [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users > >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
