On 03/27/2012 11:22 AM, Mike Mercier wrote:
On Tue, Mar 27, 2012 at 11:14 AM, Rich Megginson<rmegg...@redhat.com> wrote:
On 03/27/2012 09:07 AM, Mike Mercier wrote:
On Tue, Mar 27, 2012 at 10:05 AM, Rich Megginson<rmegg...@redhat.com>
wrote:
On 03/27/2012 06:46 AM, Mike Mercier wrote:
Hello,
On Mon, Mar 26, 2012 at 10:47 AM, Rich Megginson<rmegg...@redhat.com>
wrote:
On 03/26/2012 08:28 AM, Mike Mercier wrote:
Hello,
adm.conf attached.
Have you configured the directory server to use TLS/SSL?
No, TLS/SSL was not configured. I did the following to install 389.
Install fedora 16
run yum update
install 389
run setup-ds-admin.pl using the 'Typical' option
run 389-console and try to login as cn=Directory Manager
Can you try with 389-admin-1.1.28 now in updates-testing?
[root@localhost ~]# rpm -qa | grep 389
389-console-1.1.7-1.fc16.noarch
389-ds-console-doc-1.2.6-1.fc16.noarch
389-ds-base-libs-1.2.10.4-2.fc16.x86_64
389-ds-1.2.2-1.fc15.noarch
389-ds-base-1.2.10.4-2.fc16.x86_64
389-ds-console-1.2.6-1.fc16.noarch
389-admin-console-doc-1.1.8-2.fc16.noarch
389-admin-console-1.1.8-2.fc16.noarch
389-dsgw-1.1.7-2.fc16.x86_64
389-admin-1.1.28-1.fc16.x86_64
389-adminutil-1.1.14-1.fc16.x86_64
When using 389-console
/var/log/dirsrv/admin-serv/error
[Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] unable to bind
to server [localhost.localdomain:389] as [(anonymous)]
[Tue Mar 27 08:36:31 2012] [crit] buildUGInfo(): unable to initialize
TLS connection to LDAP host localhost.localdomain port 389: 4
[Tue Mar 27 08:36:31 2012] [error] [client 127.0.0.1] user
cn=Directory Manager not found: /admin-serv/authenticate
/var/log/dirsrv/admin-serv/access
127.0.0.1 - cn=Directory Manager [27/Mar/2012:08:36:31 -0400] "GET
/admin-serv/authenticate HTTP/1.0" 401 478
When using http://http://localhost.localdomain:9830/dist/download and
clicking '389 Administration Express'
/var/log/dirsrv/admin-serv/error
[Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
referer: http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
referer: http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
referer: http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] unable to bind
to server [localhost.localdomain:389] as [(anonymous)], referer:
http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:42:00 2012] [crit] buildUGInfo(): unable to initialize
TLS connection to LDAP host localhost.localdomain port 389: 4
/var/log/dirsrv/admin-serv/access
127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /dist/download
HTTP/1.1" 200 4470
127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/spacer.gif
HTTP/1.1" 200 43
127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/goto.gif
HTTP/1.1"
200 86
127.0.0.1 - admin [27/Mar/2012:08:42:00 -0400] "GET
/admin-serv/tasks/configuration/HTMLAdmin?op=index HTTP/1.1" 500 615
What's in your directory server access log from around this time?
/var/log/dirsrv/slapd-INSTANCE/access
Strangely, there are no entries in the file from that time... below
is the entire file
/var/log/dirsrv/slapd-mpls/access:
389-Directory/1.2.10.2 B2012.054.1543
localhost.localdomain:389 (/etc/dirsrv/slapd-mpls)
[22/Mar/2012:15:09:39 -0400] conn=8 op=-1 fd=64 closed - B1
[22/Mar/2012:15:09:39 -0400] conn=10 op=-1 fd=65 closed - B1
The access log is buffered - if you're not hitting the directory server with
any operations, then it won't flush it's buffer. The other way to make it
flush is to shut it down.
Nothing shows up in the log when trying to connect with 389-console.
Do you have more than one directory server? If so, check the access
logs on your configuration directory server, the first one you
installed, the one with o=netscaperoot.
I do get entries in the log when running:
ldapsearch -x -b -o=netscaperoot -D "cn=directory manager" -w password
"nsDirectoryURL=*"
I did just notice that I am seeing SELinux errors when trying to
connect with the console:
SELinux is preventing /usr/sbin/httpd.worker from name_connect access
on the tcp_socket .
***** Plugin catchall_boolean (24.7 confidence) suggests *******************
If you want to allow httpd to connect to the ldap port
Then you must tell SELinux about this by enabling the
'httpd_can_connect_ldap' boolean. You can read 'httpd_selinux' man
page for more details.
Do
setsebool -P httpd_can_connect_ldap 1
...... (much more information)
Hmm - setup-ds-admin.pl is supposed to take care of this
try running
setup-ds-admin.pl -u
Thanks,
Mike
Thanks,
Mike
Thanks,
Mike
On Fri, Mar 23, 2012 at 10:42 AM, Rich Megginson<rmegg...@redhat.com>
wrote:
On 03/22/2012 10:47 AM, Mike Mercier wrote:
Hi,
Sorry for the delay...
/var/log/dirsrv/admin-serv/access
127.0.0.1 - cn=Directory Manager [22/Mar/2012:12:43:32 -0400] "GET
/admin-serv/authenticate HTTP/1.0" 401 478
/var/log/dirsrv/admin-serv/error
[Thu Mar 22 12:43:26 2012] [notice] caught SIGTERM, shutting down
[Thu Mar 22 12:43:27 2012] [notice] SELinux policy enabled; httpd
running as context system_u:system_r:httpd_t:s0
[Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:28 2012] [warn] Unable to bind as LocalAdmin to
populate LocalAdmin tasks into cache.
[Thu Mar 22 12:43:28 2012] [notice] Access Host filter is: *
[Thu Mar 22 12:43:28 2012] [notice] Access Address filter is: *
[Thu Mar 22 12:43:29 2012] [notice] Apache/2.2.22 (Unix) configured
--
resuming normal operations
[Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:29 2012] [warn] Unable to bind as LocalAdmin to
populate LocalAdmin tasks into cache.
[Thu Mar 22 12:43:29 2012] [notice] Access Host filter is: *
[Thu Mar 22 12:43:29 2012] [notice] Access Address filter is: *
[Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve
127.0.0.1
[Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] unable to
bind
to server [localhost.localdomain:389] as [(anonymous)]
[Thu Mar 22 12:43:32 2012] [crit] buildUGInfo(): unable to
initialize
TLS connection to LDAP host localhost.localdomain port 389: 4
Can you post your /etc/dirsrv/admin-serv/adm.conf?
Have you configured your directory server to use SSL?
[Thu Mar 22 12:43:32 2012] [error] [client 127.0.0.1] user
cn=Directory Manager not found: /admin-serv/authenticate
NOTE: This is after modifying 'local.conf' with
configuration.nsadminaccesshosts: *
Thanks,
Mike
On Fri, Mar 16, 2012 at 5:43 PM, Mark Reynolds<marey...@redhat.com>
wrote:
Hi Michael,
see comments below...
On 03/16/2012 02:42 PM, Michael Mercier wrote:
Hello,
I seem to be having problems using the 389-console GUI.
I am entering the following information into each of the fields:
User ID: cn=Directory Manager
Password: password
Administration URL: http://localhost.localdomain:9830
It fails with the following error:
Cannot logon because of an incorrect User ID,
Incorrect password or Directory problem.
HttpException:
Response: HTTP/1.1 401 Authorization Required
Status: 401
URL: http://localhost.localdomain:9830/admin-serv/authenticate
Do you have a DS access log snippet showing the bind&
result?
I might not hurt to restart the admin server as well.
Thanks,
Mark
I have also tried with:
User ID: admin
Password: password
Administration URL: http://localhost.localdomain:9830
It fails with the following error:
Cannot connect to the directory server:
netscape.ldap.LDAPException: error result (32): No such object
I am able to run searches from the command line:
[root@localhost ~]# ldapsearch -x -b o=netscaperoot -D
"cn=directory
manager" -w password "nsDirectoryURL=*"
# extended LDIF
#
# LDAPv3
# base<o=netscaperoot> with scope subtree
# filter: nsDirectoryURL=*
# requesting: ALL
#
# UserDirectory, Global Preferences, MyDomain, NetscapeRoot
dn: cn=UserDirectory,ou=Global
Preferences,ou=MyDomain,o=NetscapeRoot
objectClass: top
objectClass: nsDirectoryInfo
nsDirectoryURL: ldap://localhost.localdomain:389/dc=mpls
cn: UserDirectory
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@localhost ~]#
If I try to access http://localhost.localdomain:9830 with a web
browser, I am shown the "Services for users" page, but when I click
on
"389 Administration Express" i get the following error:
Internal Server Error
The server encountered an internal error or misconfiguration and
was
unable to complete your request.
Please contact the server administrator, [no address given] and
inform
them of the time the error occurred, and anything you might have
done
that may have caused the error.
More information about this error may be available in the server
error
log.
Apache/2.2 Server at localhost.localdomain Port 9830
Anyone have any ideas?
Thanks,
Mike
[root@localhost ~]# more /etc/redhat-release
Fedora release 16 (Verne)
[root@localhost ~]# rpm -qa|grep 389
389-console-1.1.7-1.fc16.noarch
389-ds-console-doc-1.2.6-1.fc16.noarch
389-ds-base-libs-1.2.10.2-1.fc16.x86_64
389-ds-1.2.2-1.fc15.noarch
389-ds-console-1.2.6-1.fc16.noarch
389-admin-1.1.23-1.fc16.x86_64
389-admin-console-doc-1.1.8-2.fc16.noarch
389-admin-console-1.1.8-2.fc16.noarch
389-dsgw-1.1.7-2.fc16.x86_64
389-adminutil-1.1.14-1.fc16.x86_64
389-ds-base-1.2.10.2-1.fc16.x86_64
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
