> On Jan 5, 2016, at 10:57, Noriko Hosoi <[email protected]> wrote: > > Could you also tell us the version of the 389-admin and adminutil? > rpm -q 389-admin 389-adminutil
Installed Packages 389-admin.x86_64 1.1.38-1.el7 @epel 389-adminutil.x86_64 1.1.21-2.el7 @epel 389-ds-base.x86_64 1.3.4.0-21.el7_2 @updates 389-ds-base-libs.x86_64 1.3.4.0-21.el7_2 @updates > On Jan 5, 2016, at 07:30, Rich Megginson <[email protected]> wrote: > > OK. So it is possible that the problem is that we don't clearly document how > to blow everything away and start over from scratch. The setup-ds-admin.pl > --force is supposed to do that, but perhaps it has a bug. Honestly, I hadn’t looked. I just figured if I were going to blow away an installation I mostly didn’t care about anyway, I may as well do a thorough job of it... ;-) > Does it work if you enable anonymous access and/or disable secure binds? ``` root# ldapmodify blah blah blah <<EOMODIFY dn: cn=config changetype: modify replace: nsslapd-allow-anonymous-access nsslapd-allow-anonymous-access: on EOMODIFY root# systemctl restart dirsrv@${instance} ``` Click the “StartConfigDS” button on the web page and get the same error. I get nothing out of slapd-${instance}/errors log file, and this out of the slapd-${instance}/access log: ``` [05/Jan/2016:19:31:07 -0800] conn=1 fd=64 slot=64 SSL connection from ${correct_ip} to ${correct_ip} [05/Jan/2016:19:31:08 -0800] conn=1 TLS1.2 256-bit AES [05/Jan/2016:19:31:08 -0800] conn=1 op=0 BIND dn="cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" method=128 version=3 [05/Jan/2016:19:31:08 -0800] conn=1 op=0 RESULT err=53 tag=97 nentries=0 etime=1 [05/Jan/2016:19:31:08 -0800] conn=1 op=1 SRCH base="cn=configuration,cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" scope=0 filter="(objectClass=nsDirectoryInfo)" attrs=ALL [05/Jan/2016:19:31:08 -0800] conn=1 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [05/Jan/2016:19:31:08 -0800] conn=1 op=2 UNBIND [05/Jan/2016:19:31:08 -0800] conn=1 op=2 fd=64 closed - U1 [05/Jan/2016:19:31:08 -0800] conn=2 fd=65 slot=65 SSL connection from ${correct_ip} to ${correct_ip} [05/Jan/2016:19:31:08 -0800] conn=2 TLS1.2 256-bit AES [05/Jan/2016:19:31:08 -0800] conn=2 op=0 BIND dn="cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" method=128 version=3 [05/Jan/2016:19:31:08 -0800] conn=2 op=0 RESULT err=53 tag=97 nentries=0 etime=0 [05/Jan/2016:19:31:08 -0800] conn=2 op=1 SRCH base="cn=configuration,cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" scope=0 filter="(objectClass=nsDirectoryInfo)" attrs=ALL [05/Jan/2016:19:31:08 -0800] conn=2 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [05/Jan/2016:19:31:08 -0800] conn=2 op=2 UNBIND [05/Jan/2016:19:31:08 -0800] conn=2 op=2 fd=65 closed - U1 ``` RESULT err=53 is LDAP_UNWILLING_TO_PERFORM on the BIND[1]? But it still accepts and runs (err=0) the SRCH, returning an empty result (nentries=0)? The secure connection portion seems fine to me, but I can try un-setting that if someone thinks it will advance the troubleshooting. Thanks! David [1]: http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes -- David - Offbeat dafydd - Online http://pgp.mit.edu/ ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- Pavlov walks into a bar. The phone rings and he says, "Damn! I forgot to feed the dog!"
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/[email protected]
