I''m having problems with fedora-idm-console after updateing a redhat 5 machine and would appreciate any help you guys can offer. These are the versions after updating: fedora-ds-1.1.2-1.fc6.x86_64.rpm fedora-ds-admin-1.1.6-1.fc6.x86_64.rpm fedora-ds-admin-console-1.1.2-1.fc6.noarch.rpm fedora-ds-base-1.1.3-2.fc6.x86_64.rpm fedora-ds-console-1.1.2-1.fc6.noarch.rpm fedora-ds-dsgw-1.1.1-1.fc6.x86_64.rpm fedora-idm-console-1.1.1-1.fc6.x86_64.rpm These were the versions before updating: fedora-admin-console-1.1.0-4.fc6.noarch.rpm fedora-ds-1.1.0-3.fc6.x86_64.rpm fedora-ds-admin-1.1.2-2.fc6.x86_64.rpm fedora-ds-base-1.1.1-1.fc6.x86_64.rpm fedora-ds-console-1.1.1-2.fc6.noarch.rpm fedora-idm-console-1.1.1-1.fc6.x86_64.rpm The error message I get when logging into the console is: Cannot connect to the directory server. netscape.ldap.LDAPException: error result (32); No such object When I run fedora-idm-console -D I get: Fedora-Management-Console/1.1.2 B2008.248.1527 CommManager> New CommRecord (http://localhost:9830/admin-serv/authenticate) http://localhost:9830/[0:0] open> Ready http://localhost:9830/[0:0] accept> http://localhost:9830/admin-serv/authenticate http://localhost:9830/[0:0] send> GET \ http://localhost:9830/[0:0] send> /admin-serv/authenticate \ http://localhost:9830/[0:0] send> HTTP/1.0 http://localhost:9830/[0:0] send> Host: localhost:9830 http://localhost:9830/[0:0] send> Connection: Keep-Alive http://localhost:9830/[0:0] send> User-Agent: Fedora-Management-Console/1.1.2 http://localhost:9830/[0:0] send> Accept-Language: en http://localhost:9830/[0:0] send> Authorization: Basic \ http://localhost:9830/[0:0] send> YWRtaW46QjBndXNMZEBw \ http://localhost:9830/[0:0] send> http://localhost:9830/[0:0] send> http://localhost:9830/[0:0] recv> HTTP/1.1 200 OK http://localhost:9830/[0:0] recv> Date: Tue, 16 Dec 2008 19:38:34 GMT http://localhost:9830/[0:0] recv> Server: Apache/2.2 HttpChannel.invoke: admin version = 2.2 http://localhost:9830/[0:0] recv> Admin-Server: Fedora-Administrator/1.1.6 HttpChannel.invoke: admin version = 1.1.6 http://localhost:9830/[0:0] recv> Content-Length: 281 http://localhost:9830/[0:0] recv> Connection: close http://localhost:9830/[0:0] recv> Content-Type: text/html http://localhost:9830/[0:0] recv> http://localhost:9830/[0:0] recv> Reading 281 bytes... http://localhost:9830/[0:0] recv> 281 bytes read Console.replyHandler: adminVersion = 1.1.6 http://localhost:9830/[0:0] close> Closed I hope this is enough information for some to help me. Thanks for looking into it!! Steve
Rich Megginson
2008-Dec-16 22:29 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
Steve Fletcher wrote:> I''m having problems with fedora-idm-console after updateing a redhat > 5 machine and > would appreciate any help you guys can offer. > > These are the versions after updating: > fedora-ds-1.1.2-1.fc6.x86_64.rpm > fedora-ds-admin-1.1.6-1.fc6.x86_64.rpm > fedora-ds-admin-console-1.1.2-1.fc6.noarch.rpm > fedora-ds-base-1.1.3-2.fc6.x86_64.rpm > fedora-ds-console-1.1.2-1.fc6.noarch.rpm > fedora-ds-dsgw-1.1.1-1.fc6.x86_64.rpm > fedora-idm-console-1.1.1-1.fc6.x86_64.rpm > > These were the versions before updating: > fedora-admin-console-1.1.0-4.fc6.noarch.rpm > fedora-ds-1.1.0-3.fc6.x86_64.rpm > fedora-ds-admin-1.1.2-2.fc6.x86_64.rpm > fedora-ds-base-1.1.1-1.fc6.x86_64.rpm > fedora-ds-console-1.1.1-2.fc6.noarch.rpm > fedora-idm-console-1.1.1-1.fc6.x86_64.rpm > > The error message I get when logging into the console is: > Cannot connect to the directory server. > netscape.ldap.LDAPException: error result (32); No such object > > When I run fedora-idm-console -D I get: > Fedora-Management-Console/1.1.2 B2008.248.1527 > CommManager> New CommRecord > (http://localhost:9830/admin-serv/authenticate) > http://localhost:9830/[0:0] open> Ready > http://localhost:9830/[0:0] accept> > http://localhost:9830/admin-serv/authenticate > http://localhost:9830/[0:0] send> GET \ > http://localhost:9830/[0:0] send> /admin-serv/authenticate \ > http://localhost:9830/[0:0] send> HTTP/1.0 > http://localhost:9830/[0:0] send> Host: localhost:9830 > http://localhost:9830/[0:0] send> Connection: Keep-Alive > http://localhost:9830/[0:0] send> User-Agent: > Fedora-Management-Console/1.1.2 > http://localhost:9830/[0:0] send> Accept-Language: en > http://localhost:9830/[0:0] send> Authorization: Basic \ > http://localhost:9830/[0:0] send> YWRtaW46QjBndXNMZEBw \ > http://localhost:9830/[0:0] send> > http://localhost:9830/[0:0] send> > http://localhost:9830/[0:0] recv> HTTP/1.1 200 OK > http://localhost:9830/[0:0] recv> Date: Tue, 16 Dec 2008 19:38:34 GMT > http://localhost:9830/[0:0] recv> Server: Apache/2.2 > HttpChannel.invoke: admin version = 2.2 > http://localhost:9830/[0:0] recv> Admin-Server: > Fedora-Administrator/1.1.6 > HttpChannel.invoke: admin version = 1.1.6 > http://localhost:9830/[0:0] recv> Content-Length: 281 > http://localhost:9830/[0:0] recv> Connection: close > http://localhost:9830/[0:0] recv> Content-Type: text/html > http://localhost:9830/[0:0] recv> > http://localhost:9830/[0:0] recv> Reading 281 bytes... > http://localhost:9830/[0:0] recv> 281 bytes read > Console.replyHandler: adminVersion = 1.1.6 > http://localhost:9830/[0:0] close> Closed > > I hope this is enough information for some to help me. > Thanks for looking into it!!Try running setup-ds-admin.pl -u> > Steve > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Steve Fletcher
2008-Dec-17 18:13 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
I did this and it gave me an invalid credentials error. So I command line changed the admin password and it now says: Could not find the admin domain which shows up fine in ldapsearch as nsAdminDomainName: protect.nssl After changing the admin password the fedora-idm-console comes up, but with no directory servers in it. Any suggestions? Thanks! Steve Rich Megginson wrote> Try running setup-ds-admin.pl -u >> >> Steve >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Rich Megginson
2008-Dec-17 18:21 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
Steve Fletcher wrote:> I did this and it gave me an invalid credentials error. So I command > line changed > the admin password and it now says: > Could not find the admin domain which shows up fine in > ldapsearch as > nsAdminDomainName: protect.nsslWhat is the admin domain in /etc/dirsrv/admin-serv/adm.conf?> After changing the admin password the fedora-idm-console comes up, > but with no directory servers in it. > Any suggestions? > Thanks! Steve > Rich Megginson wrote >> Try running setup-ds-admin.pl -u >>> >>> Steve >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >
Steve Fletcher
2008-Dec-17 19:57 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
It''s the same AdminDomain: protect.nssl Rich Megginson wrote:> Steve Fletcher wrote: >> I did this and it gave me an invalid credentials error. So I command >> line changed >> the admin password and it now says: >> Could not find the admin domain which shows up fine in >> ldapsearch as >> nsAdminDomainName: protect.nssl > What is the admin domain in /etc/dirsrv/admin-serv/adm.conf? >> After changing the admin password the fedora-idm-console comes up, >> but with no directory servers in it. >> Any suggestions? >> Thanks! Steve >> Rich Megginson wrote >>> Try running setup-ds-admin.pl -u >>>> >>>> Steve >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >
Rich Megginson
2008-Dec-17 20:17 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
Steve Fletcher wrote:> It''s the same > AdminDomain: protect.nsslWhat is the output of fedora-idm-console -D 9 -f console.log?> > > Rich Megginson wrote: >> Steve Fletcher wrote: >>> I did this and it gave me an invalid credentials error. So I >>> command line changed >>> the admin password and it now says: >>> Could not find the admin domain which shows up fine in >>> ldapsearch as >>> nsAdminDomainName: protect.nssl >> What is the admin domain in /etc/dirsrv/admin-serv/adm.conf? >>> After changing the admin password the fedora-idm-console comes up, >>> but with no directory servers in it. >>> Any suggestions? >>> Thanks! Steve >>> Rich Megginson wrote >>>> Try running setup-ds-admin.pl -u >>>>> >>>>> Steve >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >> >
Steve Fletcher
2008-Dec-17 22:30 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
That gives me: [root@rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" "objectclass=*" ldapsearch: Password will expire in 0 seconds ldapsearch: Password has been reset by an administrator; you must change it. ldap_search: DSA is unwilling to perform That is likely because I reset the password to get past the invalid credentials problem when trying to run setup-ds-admin.pl -u For the ldapsearch below and to reset the adm password I used -D "cn=Directory Manager". So for the next question: How do I change it or unset the password expiration stuff which I never intended to be applied to the admin server by command line. Rich Megginson wrote:> Steve Fletcher wrote: >> Yes I can query these using ldapsearch. >> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, >> ou=Global Pre >> ferences, ou=protect.nssl, o=NetscapeRoot ... >> >> Using fedora-idm-console -D ldap I get: >> Ldap Connection rome.protect.nssl:389 >> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389 >> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, >> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, >> authentication=********} >> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} >> {PasswordExpiredCtrl: isCritical=false msg=0} {PasswordExpiringCtrl: >> isCritical=false msg=0} >> Ldap Connection (null):389 ... >> >> and adm.conf has: >> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot >> >> On several following entries I saw: >> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, >> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, >> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, >> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null} >> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} >> {PasswordExpiredCtrl: isCritical=false msg=0} >> Is this telling me a password has expired? > Yes, I believe so. What happens if you do > /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w > yourpassword -s base -b "" "objectclass=*" > ? >> >> >> Rich Megginson wrote: >>>> >>>> Console: cannot connect to the user database >>>> Console: Cannot open: cn=user, >>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>> Console: Cannot open cn=group, >>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>> Console: Cannot open cn=OU, >>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>> Why can''t it find these entries? Is it connecting to the wrong LDAP >>> server? Can you query these entries using ldapsearch? >>> >>> Use fedora-idm-console -D ldap to see what LDAP connections it is >>> making. >>> >>> It should be trying to use the server from ldapurl in >>> /etc/dirsrv/admin-serv/adm.conf >>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, >>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot >>>> >>> >> >
Rich Megginson
2008-Dec-17 22:36 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
Steve Fletcher wrote:> That gives me: > [root@rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h > rome.protect.nssl -D "uid=admin, ou=Administrators, > ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" > "objectclass=*" > ldapsearch: Password will expire in 0 seconds > ldapsearch: Password has been reset by an administrator; you must > change it. > ldap_search: DSA is unwilling to perform > > That is likely because I reset the password to get past the invalid > credentials problem when trying to run setup-ds-admin.pl -u > For the ldapsearch below and to reset the adm password I used -D > "cn=Directory Manager". So for the next question: How do I change it or > unset the password expiration stuff which I never intended to be > applied to the admin server by command line.Change the passwordExpirationTime in that entry: ldapmodify -x -h rome.protect.nssl -D "cn=directory manager" -w thepassword dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot changetype: modify replace: passwordExpirationTime passwordExpirationTime: 20380101000000Z Will change the password so that it expires in 2038> > Rich Megginson wrote: >> Steve Fletcher wrote: >>> Yes I can query these using ldapsearch. >>> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, >>> ou=Global Pre >>> ferences, ou=protect.nssl, o=NetscapeRoot ... >>> >>> Using fedora-idm-console -D ldap I get: >>> Ldap Connection rome.protect.nssl:389 >>> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389 >>> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, >>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, >>> authentication=********} >>> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} >>> {PasswordExpiredCtrl: isCritical=false msg=0} {PasswordExpiringCtrl: >>> isCritical=false msg=0} >>> Ldap Connection (null):389 ... >>> >>> and adm.conf has: >>> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot >>> >>> On several following entries I saw: >>> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, >>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, >>> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, >>> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null} >>> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} >>> {PasswordExpiredCtrl: isCritical=false msg=0} >>> Is this telling me a password has expired? >> Yes, I believe so. What happens if you do >> /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, >> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w >> yourpassword -s base -b "" "objectclass=*" >> ? >>> >>> >>> Rich Megginson wrote: >>>>> >>>>> Console: cannot connect to the user database >>>>> Console: Cannot open: cn=user, >>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>>> Console: Cannot open cn=group, >>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>>> Console: Cannot open cn=OU, >>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>> Why can''t it find these entries? Is it connecting to the wrong >>>> LDAP server? Can you query these entries using ldapsearch? >>>> >>>> Use fedora-idm-console -D ldap to see what LDAP connections it is >>>> making. >>>> >>>> It should be trying to use the server from ldapurl in >>>> /etc/dirsrv/admin-serv/adm.conf >>>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, >>>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot >>>>> >>>> >>> >> >
Steve Fletcher
2008-Dec-17 23:02 UTC
Re: [Fedora-directory-users] fedora-idm-console problem
OK. That removed the expiration. Which allowed me to run the setup-ds-admin.pl -u which fixed the origional problem with fedora-idm-console. Thanks much for all your help and patience!! Steve Rich Megginson wrote:> Steve Fletcher wrote: >> That gives me: >> [root@rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h >> rome.protect.nssl -D "uid=admin, ou=Administrators, >> ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" >> "objectclass=*" >> ldapsearch: Password will expire in 0 seconds >> ldapsearch: Password has been reset by an administrator; you must >> change it. >> ldap_search: DSA is unwilling to perform >> >> That is likely because I reset the password to get past the invalid >> credentials problem when trying to run setup-ds-admin.pl -u >> For the ldapsearch below and to reset the adm password I used -D >> "cn=Directory Manager". So for the next question: How do I change it or >> unset the password expiration stuff which I never intended to be >> applied to the admin server by command line. > Change the passwordExpirationTime in that entry: > ldapmodify -x -h rome.protect.nssl -D "cn=directory manager" -w > thepassword > dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot > changetype: modify > replace: passwordExpirationTime > passwordExpirationTime: 20380101000000Z > > Will change the password so that it expires in 2038 >> >> Rich Megginson wrote: >>> Steve Fletcher wrote: >>>> Yes I can query these using ldapsearch. >>>> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, >>>> ou=Global Pre >>>> ferences, ou=protect.nssl, o=NetscapeRoot ... >>>> >>>> Using fedora-idm-console -D ldap I get: >>>> Ldap Connection rome.protect.nssl:389 >>>> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389 >>>> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, >>>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, >>>> authentication=********} >>>> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} >>>> {PasswordExpiredCtrl: isCritical=false msg=0} >>>> {PasswordExpiringCtrl: isCritical=false msg=0} >>>> Ldap Connection (null):389 ... >>>> >>>> and adm.conf has: >>>> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot >>>> >>>> On several following entries I saw: >>>> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, >>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, >>>> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, >>>> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null} >>>> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} >>>> {PasswordExpiredCtrl: isCritical=false msg=0} >>>> Is this telling me a password has expired? >>> Yes, I believe so. What happens if you do >>> /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, >>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w >>> yourpassword -s base -b "" "objectclass=*" >>> ? >>>> >>>> >>>> Rich Megginson wrote: >>>>>> >>>>>> Console: cannot connect to the user database >>>>>> Console: Cannot open: cn=user, >>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>>>> Console: Cannot open cn=group, >>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>>>> Console: Cannot open cn=OU, >>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>>> Why can''t it find these entries? Is it connecting to the wrong >>>>> LDAP server? Can you query these entries using ldapsearch? >>>>> >>>>> Use fedora-idm-console -D ldap to see what LDAP connections it is >>>>> making. >>>>> >>>>> It should be trying to use the server from ldapurl in >>>>> /etc/dirsrv/admin-serv/adm.conf >>>>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, >>>>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot >>>>>> >>>>> >>>> >>> >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >