subject:"\[Freeipa\-users\] strange DS errors trying to tune..."

Re: [Freeipa-users] strange DS errors trying to tune...

2014-11-11 Thread Alexander Bokovoy


On Tue, 11 Nov 2014, Janelle wrote:
In this case it is the exact password and it worked in the first line 
but not in the second.


Now to make things even more strange -- I have 8 replicas -- and 3 of 
them show this problem, the others do not -- WOW..

cn=config subtree is not replicated in FreeIPA, thus if you have
different passwords for Directory Manager (they are stored in
cn=config), this must be a problem local to a replica, not a replication
issue.

Perhaps some script or a person changed the directory manager's
password?

For the record, the password is stored in nsslapd-rootpw attribute of
cn=config:

dn: cn=config
nsslapd-rootdn: cn=Directory Manager
nsslapd-rootpw: {SSHA}some-hash-value

You can check the content of /etc/dirsrv/slapd-INSTANCE/dse.ldif
directly. Do not change the file while directory server is running as
your changes will be overridden.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] strange DS errors trying to tune...

2014-11-11 Thread Rich Megginson

On 11/11/2014 12:33 PM, Janelle wrote:
In this case it is the exact password and it worked in the first line 
but not in the second.

Now to make things even more strange -- I have 8 replicas -- and 3 of 
them show this problem, the others do not -- WOW..

My brain is going to explode today. :-)

Yeah, sorry, I have no idea.  Please let us know if you figure it out.

~J

Rich Megginson 
November 11, 2014 at 10:39 AM
On 11/11/2014 11:30 AM, Janelle wrote:

Hi all..

I continue to come up with strange and unusual problems. Here is a 
new one - use the dbmon.sh script and trying to tune the dbcache...

This is on a replica BTW

First -- THIS WORKS:

INCR=60 BINDDN="cn=directory manager" BINDPW="asecret" VERBOSE=2 
dbmon.sh

and I see all the info I need, BUT - now I want to tune it and get: 
(HOW CAN THIS BE?!?!)

# ldapmodify -x -D "cn=directory manager" -w asecret < dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 8589934592
> EOF
ldap_bind: Invalid credentials (49)

Is asecret the literal password?  If not, does it contain spaces or 
other shell metacharacters that need to be quoted or escaped?

Thanks
~J

Janelle 
November 11, 2014 at 10:30 AM
Hi all..

I continue to come up with strange and unusual problems. Here is a 
new one - use the dbmon.sh script and trying to tune the dbcache...

This is on a replica BTW

First -- THIS WORKS:

INCR=60 BINDDN="cn=directory manager" BINDPW="asecret" VERBOSE=2 dbmon.sh

and I see all the info I need, BUT - now I want to tune it and get: 
(HOW CAN THIS BE?!?!)

# ldapmodify -x -D "cn=directory manager" -w asecret < dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 8589934592
> EOF
ldap_bind: Invalid credentials (49)

Thanks
~J

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] strange DS errors trying to tune...

2014-11-11 Thread Janelle

In this case it is the exact password and it worked in the first line 
but not in the second.

Now to make things even more strange -- I have 8 replicas -- and 3 of 
them show this problem, the others do not -- WOW..

My brain is going to explode today. :-)

~J

Rich Megginson 
November 11, 2014 at 10:39 AM
On 11/11/2014 11:30 AM, Janelle wrote:

Hi all..

I continue to come up with strange and unusual problems. Here is a 
new one - use the dbmon.sh script and trying to tune the dbcache...

This is on a replica BTW

First -- THIS WORKS:

INCR=60 BINDDN="cn=directory manager" BINDPW="asecret"  VERBOSE=2 
dbmon.sh

and I see all the info I need, BUT - now I want to tune it and get: 
(HOW CAN THIS BE?!?!)

# ldapmodify -x -D "cn=directory manager" -w asecret < dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 8589934592
> EOF
ldap_bind: Invalid credentials (49)

Is asecret the literal password?  If not, does it contain spaces or 
other shell metacharacters that need to be quoted or escaped?

Thanks
~J

Janelle 
November 11, 2014 at 10:30 AM
Hi all..

I continue to come up with strange and unusual problems. Here is a new 
one - use the dbmon.sh script and trying to tune the dbcache...

This is on a replica BTW

First -- THIS WORKS:

INCR=60 BINDDN="cn=directory manager" BINDPW="asecret"  VERBOSE=2 dbmon.sh

and I see all the info I need, BUT - now I want to tune it and get: 
(HOW CAN THIS BE?!?!)

# ldapmodify -x -D "cn=directory manager" -w asecret < dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 8589934592
> EOF
ldap_bind: Invalid credentials (49)

Thanks
~J

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] strange DS errors trying to tune...

2014-11-11 Thread Rich Megginson

On 11/11/2014 11:30 AM, Janelle wrote:

Hi all..

I continue to come up with strange and unusual problems. Here is a new 
one - use the dbmon.sh script and trying to tune the dbcache...

This is on a replica BTW

First -- THIS WORKS:

INCR=60 BINDDN="cn=directory manager" BINDPW="asecret"  VERBOSE=2 dbmon.sh

and I see all the info I need, BUT - now I want to tune it and get: 
(HOW CAN THIS BE?!?!)

# ldapmodify -x -D "cn=directory manager" -w asecret < dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 8589934592
> EOF
ldap_bind: Invalid credentials (49)

Is asecret the literal password?  If not, does it contain spaces or 
other shell metacharacters that need to be quoted or escaped?

Thanks
~J

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

[Freeipa-users] strange DS errors trying to tune...

2014-11-11 Thread Janelle


Hi all..

I continue to come up with strange and unusual problems. Here is a new 
one - use the dbmon.sh script and trying to tune the dbcache...


This is on a replica BTW

First -- THIS WORKS:

INCR=60 BINDDN="cn=directory manager" BINDPW="asecret"  VERBOSE=2 dbmon.sh

and I see all the info I need, BUT - now I want to tune it and get: (HOW 
CAN THIS BE?!?!)


# ldapmodify -x -D "cn=directory manager" -w asecret < dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 8589934592
> EOF
ldap_bind: Invalid credentials (49)

Thanks
~J

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] strange DS errors trying to tune...

Re: [Freeipa-users] strange DS errors trying to tune...

Re: [Freeipa-users] strange DS errors trying to tune...

Re: [Freeipa-users] strange DS errors trying to tune...

[Freeipa-users] strange DS errors trying to tune...

5 matches

Site Navigation

Mail list logo

Footer information