Fedora directory users - Dec 2005 - Re: Re: admserv_host_ip_check

Thanks for the information, and sorry I missed that before.  I believe
this will likely solve some other questions I had about the admin
console.
> http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf
> Chapter 7 - Administration Server Configuration

Ok, I''ve tried for the "Host Names to allow", * and *.*,
neither work.
I''ve tried for the "Ips to allow", * and 10.*.*.*
Neither work again with the same error message:

[Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202] admserv_host_ip_check:
ap_get_remote_host could not resolve 10.5.1.202
[Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202] admserv_check_authz():
passing [/admin-serv/authenticate] to the userauth handler
[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_host_ip_check:
ap_get_remote_host could not resolve 10.5.1.202
[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202] admserv_check_authz():
passing [/admin-serv/authenticate] to the userauth handler
[Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202] admserv_host_ip_check:
ap_get_remote_host could not resolve 10.5.1.202
[Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202] admserv_check_authz():
passing [/admin-serv/authenticate] to the userauth handler

Using Version 1.0.2 on a fresh RHEL4 install.

What am I missing here?

Thanks again.

On Thu, 2005-12-15 at 10:03 -0600, Michael Montgomery
wrote:
> Thanks for the information, and sorry I missed that before.  I believe
> this will likely solve some other questions I had about the admin
> console.
> 
> > http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf
> > Chapter 7 - Administration Server Configuration
>

I''m not sure, but it''s really just an annoyance, assuming your
console
works fine otherwise.  You can probably change the default log level to 
"warn" to make these messages go away.  It looks like your log level
is
set to "notice" or higher.  This is the LogLevel setting in 
admin-serv/config/httpd.conf.  If you change this, you will have to 
restart-admin.

Michael Montgomery wrote:
>Ok, I''ve tried for the "Host Names to allow", * and *.*,
neither work.
>I''ve tried for the "Ips to allow", * and 10.*.*.*
>Neither work again with the same error message:
>
>[Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202]
admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202
>[Wed Dec 14 15:20:14 2005] [notice] [client 10.5.1.202]
admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth
handler
>[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202]
admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202
>[Wed Dec 14 15:22:27 2005] [notice] [client 10.5.1.202]
admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth
handler
>[Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202]
admserv_host_ip_check: ap_get_remote_host could not resolve 10.5.1.202
>[Thu Dec 15 09:12:08 2005] [notice] [client 10.5.1.202]
admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth
handler
>
>Using Version 1.0.2 on a fresh RHEL4 install.
>
>What am I missing here?
>
>Thanks again.
>
>On Thu, 2005-12-15 at 10:03 -0600, Michael Montgomery wrote:
>  
>
>>Thanks for the information, and sorry I missed that before.  I believe
>>this will likely solve some other questions I had about the admin
>>console.
>>
>>    
>>
>>>http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf
>>>Chapter 7 - Administration Server Configuration
>>>      
>>>
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

Actually, I''ll clarify, it''s still not allowing a remote admin
client
instance to connect to it, and these are the errors it''s spitting out.

The error from ''startconsole'' is this:

"Cannot logon because of an incorrect User ID, Incorrect password, or
Directory problem.  
HttpException:
Response HTTP/1.1 401 Authorization Required
Status: 401
URL: http://ldap02:43845/admin-serv/authenticate"

I''ve gotten this error before, and it seems quite generic, and
I''ve
found it to be a sign of dns issues, among other things.  These are the
last lines in any of the log files for slapd, or admin.

[Thu Dec 15 13:52:56 2005] [warn] [client 10.5.1.202] admserv_host_ip_check:
failed to get host by ip addr [10.5.1.202] - check your host and DNS
configuration
[Thu Dec 15 13:52:56 2005] [notice] [client 10.5.1.202] admserv_host_ip_check:
Unauthorized host ip=10.5.1.202, connection rejected

Any help would certainly be greatly appreciated.

On Thu, 2005-12-15 at 10:48 -0600, Michael Montgomery
wrote:
> Ok, I''ve tried for the "Host Names to allow", * and *.*,
neither work.
> I''ve tried for the "Ips to allow", * and 10.*.*.*

Michael Montgomery wrote:
>Actually, I''ll clarify, it''s still not allowing a remote
admin client
>instance to connect to it, and these are the errors it''s spitting
out.
>
>The error from ''startconsole'' is this:
>
>"Cannot logon because of an incorrect User ID, Incorrect password, or
>Directory problem.  
>HttpException:
>Response HTTP/1.1 401 Authorization Required
>Status: 401
>URL: http://ldap02:43845/admin-serv/authenticate"
>
>I''ve gotten this error before, and it seems quite generic, and
I''ve
>found it to be a sign of dns issues, among other things.  These are the
>last lines in any of the log files for slapd, or admin.
>
>[Thu Dec 15 13:52:56 2005] [warn] [client 10.5.1.202] admserv_host_ip_check:
failed to get host by ip addr [10.5.1.202] - check your host and DNS
configuration
>[Thu Dec 15 13:52:56 2005] [notice] [client 10.5.1.202]
admserv_host_ip_check: Unauthorized host ip=10.5.1.202, connection rejected
>
>Any help would certainly be greatly appreciated.
>
>On Thu, 2005-12-15 at 10:48 -0600, Michael Montgomery wrote:
>  
>
>>Ok, I''ve tried for the "Host Names to allow", * and
*.*, neither work.
>>    
>>
You need to set hostnames to allow to NULL or empty - if there is 
anything there, it will assume you want to do access based on 
host/domain name, which must have the correct DNS /etc/nsswitch.conf or 
/etc/hosts configuration.
>>I''ve tried for the "Ips to allow", * and 10.*.*.*
>>    
>>
This should work if you''re not using Host Names to allow.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

>You need to set hostnames to allow to NULL or empty - if there is anything
there, it will assume you want to do access based on host/domain name, which
must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration.
Thank you, 
Thank you.  

When it mentions that you can use wildcards, it simply causes confusion.

Ok, this is just great.  I''ve locked myself out of the admin server
now,
and no ips can connect.  So... I''ll try the admconfig tool mentioned in
the console.pdf file... oh great, that doesn''t work either:

[root@corporate-ds admin]# ./admconfig --h
./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or
directory
./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot
execute: No such file or directory

[root@corporate-ds admin]# ls -l /opt/fedora-ds/bin/
admin/ slapd/ user/

Can I manually edit some config files somewhere to allow this to work?

Also, I come in today to find the replication server''s admin console
doing this:

[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server
[ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration
Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com,
o=NetscapeRoot]
[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search
[cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group,
cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for
LDAPConnection [ldap02.inside.*********.com:389]
[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz():
Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora
administration server, cn=server group, cn=ldap02.inside.*************.com,
ou=inside.*********************.com, o=netscaperoot] not found for user
[uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either
the task was not registered or the user was not authorized

And the admin console server won''t start with this error:

[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build
user/group LDAP server info: unable to set User/Group baseDN

Anybody got any clues what is going on?  I seem to be having some pretty bad
luck here.

Thanks again.

On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery
wrote:
> >You need to set hostnames to allow to NULL or empty - if there is
anything there, it will assume you want to do access based on host/domain name,
which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration.
> 
> Thank you, 
> Thank you.  
> 
> When it mentions that you can use wildcards, it simply causes confusion.

On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery
wrote:
> Ok, this is just great.  I''ve locked myself out of the admin
server now,
> and no ips can connect.  So... I''ll try the admconfig tool
mentioned in
> the console.pdf file... oh great, that doesn''t work either:
> 
> [root@corporate-ds admin]# ./admconfig --h
> ./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or
directory
> ./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot
execute: No such file or directory
> 
> [root@corporate-ds admin]# ls -l /opt/fedora-ds/bin/
> admin/ slapd/ user/
> 
> Can I manually edit some config files somewhere to allow this to work?
> 
> Also, I come in today to find the replication server''s admin
console doing this:
> 
> [Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to
server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora
Administration Server, cn=Server Group, cn=ldap02.inside.******.com,
ou=inside.*******.com, o=NetscapeRoot]
> [Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to
search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group,
cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for
LDAPConnection [ldap02.inside.*********.com:389]
> [Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202]
admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks,
cn=admin-serv-ldap02, cn=fedora administration server, cn=server group,
cn=ldap02.inside.*************.com, ou=inside.*********************.com,
o=netscaperoot] not found for user [uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or
the user was not authorized
> 
> And the admin console server won''t start with this error:
> 
> [Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
> 
> Anybody got any clues what is going on?  I seem to be having some pretty
bad luck here.
> 
> Thanks again.
> 
> On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote:
> > >You need to set hostnames to allow to NULL or empty - if there is
anything there, it will assume you want to do access based on host/domain name,
which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration.
> > 
> > Thank you, 
> > Thank you.  
> > 
> > When it mentions that you can use wildcards, it simply causes
confusion.
----
ls -l /opt/fedora-ds/admin-serv/config

Craig

http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt

Michael Montgomery wrote:
>Ok, this is just great.  I''ve locked myself out of the admin server
now,
>and no ips can connect.  So... I''ll try the admconfig tool
mentioned in
>the console.pdf file... oh great, that doesn''t work either:
>
>[root@corporate-ds admin]# ./admconfig --h
>./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or
directory
>./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot
execute: No such file or directory
>
>[root@corporate-ds admin]# ls -l /opt/fedora-ds/bin/
>admin/ slapd/ user/
>
>Can I manually edit some config files somewhere to allow this to work?
>
>Also, I come in today to find the replication server''s admin
console doing this:
>
>[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to
server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora
Administration Server, cn=Server Group, cn=ldap02.inside.******.com,
ou=inside.*******.com, o=NetscapeRoot]
>[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to
search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group,
cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for
LDAPConnection [ldap02.inside.*********.com:389]
>[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz():
Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora
administration server, cn=server group, cn=ldap02.inside.*************.com,
ou=inside.*********************.com, o=netscaperoot] not found for user
[uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either
the task was not registered or the user was not authorized
>
>And the admin console server won''t start with this error:
>
>[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build
user/group LDAP server info: unable to set User/Group baseDN
>
>Anybody got any clues what is going on?  I seem to be having some pretty bad
luck here.
>
>Thanks again.
>
>On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote:
>  
>
>>>You need to set hostnames to allow to NULL or empty - if there is
anything there, it will assume you want to do access based on host/domain name,
which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration.
>>>      
>>>
>>Thank you, 
>>Thank you.  
>>
>>When it mentions that you can use wildcards, it simply causes confusion.
>>    
>>
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

On Fri, 2005-12-16 at 11:22 -0700, Craig White wrote:
> On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery wrote:
> > Ok, this is just great.  I''ve locked myself out of the admin
server now,
> > and no ips can connect.  So... I''ll try the admconfig tool
mentioned in
> > the console.pdf file... oh great, that doesn''t work either:
> > 
> > [root@corporate-ds admin]# ./admconfig --h
> > ./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such
file or directory
> > ./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java:
cannot execute: No such file or directory
> > 
> > [root@corporate-ds admin]# ls -l /opt/fedora-ds/bin/
> > admin/ slapd/ user/
> > 
> > Can I manually edit some config files somewhere to allow this to work?
> > 
> > Also, I come in today to find the replication server''s admin
console doing this:
> > 
> > [Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind
to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora
Administration Server, cn=Server Group, cn=ldap02.inside.******.com,
ou=inside.*******.com, o=NetscapeRoot]
> > [Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable
to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server
Group, cn=ldap02.inside.*****.com, ou=inside.***************.com,
o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389]
> > [Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202]
admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks,
cn=admin-serv-ldap02, cn=fedora administration server, cn=server group,
cn=ldap02.inside.*************.com, ou=inside.*********************.com,
o=netscaperoot] not found for user [uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or
the user was not authorized
> > 
> > And the admin console server won''t start with this error:
> > 
> > [Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
> > 
> > Anybody got any clues what is going on?  I seem to be having some
pretty bad luck here.
> > 
> > Thanks again.
> > 
> > On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote:
> > > >You need to set hostnames to allow to NULL or empty - if
there is anything there, it will assume you want to do access based on
host/domain name, which must have the correct DNS /etc/nsswitch.conf or
/etc/hosts configuration.
> > > 
> > > Thank you, 
> > > Thank you.  
> > > 
> > > When it mentions that you can use wildcards, it simply causes
confusion.
> ----
> ls -l /opt/fedora-ds/admin-serv/config
> 
> Craig
Thank you

Strangely, any changes made in the local.conf file, specifically the
below field, seem to get overwritten when the admin server starts again,
so this also will not allow me to connect.

local.conf:configuration.nsAdminAccessAddresses: *
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

Michael Montgomery wrote:
>On Fri, 2005-12-16 at 11:22 -0700, Craig White wrote:
>  
>
>>On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery wrote:
>>    
>>
>>>Ok, this is just great.  I''ve locked myself out of the
admin server now,
>>>and no ips can connect.  So... I''ll try the admconfig tool
mentioned in
>>>the console.pdf file... oh great, that doesn''t work either:
>>>
>>>[root@corporate-ds admin]# ./admconfig --h
>>>./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such
file or directory
>>>./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java:
cannot execute: No such file or directory
>>>
>>>[root@corporate-ds admin]# ls -l /opt/fedora-ds/bin/
>>>admin/ slapd/ user/
>>>
>>>Can I manually edit some config files somewhere to allow this to
work?
>>>
>>>Also, I come in today to find the replication server''s
admin console doing this:
>>>
>>>[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to
bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora
Administration Server, cn=Server Group, cn=ldap02.inside.******.com,
ou=inside.*******.com, o=NetscapeRoot]
>>>[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server():
Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server,
cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com,
o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389]
>>>[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202]
admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks,
cn=admin-serv-ldap02, cn=fedora administration server, cn=server group,
cn=ldap02.inside.*************.com, ou=inside.*********************.com,
o=netscaperoot] not found for user [uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or
the user was not authorized
>>>
>>>And the admin console server won''t start with this error:
>>>
>>>[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable
to build user/group LDAP server info: unable to set User/Group baseDN
>>>
>>>Anybody got any clues what is going on?  I seem to be having some
pretty bad luck here.
>>>
>>>Thanks again.
>>>
>>>On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote:
>>>      
>>>
>>>>>You need to set hostnames to allow to NULL or empty - if
there is anything there, it will assume you want to do access based on
host/domain name, which must have the correct DNS /etc/nsswitch.conf or
/etc/hosts configuration.
>>>>>          
>>>>>
>>>>Thank you, 
>>>>Thank you.  
>>>>
>>>>When it mentions that you can use wildcards, it simply causes
confusion.
>>>>        
>>>>
>>----
>>ls -l /opt/fedora-ds/admin-serv/config
>>
>>Craig
>>    
>>
>
>Thank you
>
>Strangely, any changes made in the local.conf file, specifically the
>below field, seem to get overwritten when the admin server starts again,
>so this also will not allow me to connect.
>
>local.conf:configuration.nsAdminAccessAddresses: *
>  
>
That file is simply a bootstrap config file.  The real configuration 
lives in the Directory Server.  The admin server config entry is 
"cn=configuration, cn=admin-serv-<hostname>, cn=Fedora Administration
Server, cn=Server Group, cn=<hostname>, ou=<domainname>, 
o=NetscapeRoot".  You can modify the config with ldapmodify.

-NGK
>  
>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users@redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>    
>>
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

Thank you

There''s just so many different wiki posts, pdfs, documents, webpages,
that I guess I''ve just missed a couple of relevant articles.

Thanks again for being so understanding.

On Fri, 2005-12-16 at 11:27 -0700, Richard Megginson
wrote:
> http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt
> 
> Michael Montgomery wrote:
> 
> >Ok, this is just great.  I''ve locked myself out of the admin
server now,
> >and no ips can connect.  So... I''ll try the admconfig tool
mentioned in
> >the console.pdf file... oh great, that doesn''t work either:
> >
> >[root@corporate-ds admin]# ./admconfig --h
> >./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such
file or directory
> >./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java:
cannot execute: No such file or directory
> >
> >[root@corporate-ds admin]# ls -l /opt/fedora-ds/bin/
> >admin/ slapd/ user/
> >
> >Can I manually edit some config files somewhere to allow this to work?
> >
> >Also, I come in today to find the replication server''s admin
console doing this:
> >
> >[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind
to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora
Administration Server, cn=Server Group, cn=ldap02.inside.******.com,
ou=inside.*******.com, o=NetscapeRoot]
> >[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable
to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server
Group, cn=ldap02.inside.*****.com, ou=inside.***************.com,
o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389]
> >[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202]
admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks,
cn=admin-serv-ldap02, cn=fedora administration server, cn=server group,
cn=ldap02.inside.*************.com, ou=inside.*********************.com,
o=netscaperoot] not found for user [uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or
the user was not authorized
> >
> >And the admin console server won''t start with this error:
> >
> >[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
> >
> >Anybody got any clues what is going on?  I seem to be having some
pretty bad luck here.
> >
> >Thanks again.
> >
> >On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote:
> >  
> >
> >>>You need to set hostnames to allow to NULL or empty - if there
is anything there, it will assume you want to do access based on host/domain
name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts
configuration.
> >>>      
> >>>
> >>Thank you, 
> >>Thank you.  
> >>
> >>When it mentions that you can use wildcards, it simply causes
confusion.
> >>    
> >>
> >
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users@redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >  
> >
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users