[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: Re: [389-users] upgraded to latest 389,
From: Rich Megginson <rmeggins () redhat ! com>
Date: 2011-12-08 23:31:16
Message-ID: 4EE148C4.6020901 () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 12/08/2011 04:17 PM, Brian High wrote:
> Thanks, Rich. I was able to reproduce, even after removing the
> nsNumGroups.
>
> Here is how I did it. The server is running an updated RHEL5 64 bit
> server with the latest 389 Directory Server from "epel". (398-ds-base
> 1.2.9.9)
>
>> From a Fedora 16 Live CD session (as my desktop client), I loaded
>> mgmt console through ssh tunnel:
>
> $ ssh -X root@192.168.1.16 "389-console -D 9 -f /tmp/console.log"
Ah ha - this may explain the crashes - ssh -X + java apps == trouble
>
> Logged into Management Console and went to Server Group -> Directory
> Server -> Directory [tab]
>
> The selected the entry for the dn which holds my site's info. Then
> right clicked and chose "Set access permissions", clicked "Enable
> anonymous access", pressed "Edit" button, clicked "Targets" tab.
>
> The first time I did this, the application crashed immediately and I
> was returned to my local shell prompt, showing this:
>
> [...]
> Corrupted MAC on input.
> Disconnecting: Packet corrupt
This looks like a message from ssh, not the console. In fact the
console doesn't show any exceptions or errors.
>
> Where the [...] is also contained in the console.log.
>
> The second time I tried this, I was able to get the "Targets" to show
> okay, but after a couple seconds of scrolling the list, the
> application crashed again. Only if I click "Edit manually" can I work
> with the Targets items.
>
> Here is the log output (sanitized). [Sorry for the long log (1869
> lines).]
>
> java.util.prefs.userRoot=/root/.389-console
<snip>
> TableSorter.checkModel: table size was changed - need to reallocate
> indexes
> TableSorter.reallocateIndexes: getRowCount=404
No console errors - only ssh errors.
If you can reproduce this problem without using ssh -X let us know.
>
>
> On Wed, 7 Dec 2011, Rich Megginson wrote:
>
>> On 12/07/2011 06:07 PM, Brian High wrote:
>> I think I found something...
>>
>> I was looking at:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Mana
>>
>> ging_Access_Control-Access_Control_Usage_Examples.html
>>
>> And went to check on the ACI permissions for my main search
>> base. I see an "All
>> Users" entry under Users and the correct three boxes are
>> checked on the rights
>> tab. But when clicking on the "Targets" tab, I get a popup
>> error message saying
>> "The targetattr list contains unknown attributes or unsupported
>> syntax." Then
>> when I click OK and try to scroll the list, the console crashes.
>>
>> Please run 389-console -D 9 -f console.log and reproduce the crash.
>> Then remove any sensitive
>> information from console.log and send it to the list.
>>
>> I see some Bugzilla entries related to ACI lists, such as this
>> one:
>> https://bugzilla.redhat.com/show_bug.cgi?id=733103
>>
>> So, I will look those over and see if I might find one that
>> matches my situation.
>>
>> --Brian
>>
>> On Wed, 7 Dec 2011, Brian High wrote:
>>
>> Jeremy,
>>
>> Thanks for the suggestion.
>>
>> I have found that setting this to "off" or "on" (and
>> restarting
>> dirsrv) makes no difference.
>>
>> Any other ideas?
>>
>> --Brian
>>
>> On Thu, 8 Dec 2011, Jeremy A. Mates wrote:
>>
>> El día 7 de diciembre de 2011 22:35, Brian High
>> <high@uw.edu> escribió:
>> Hi 389-users,
>>
>> Perhaps you can help solve a mystery for me.
>>
>>
>> nsslapd-allow-unauthenticated-binds: on perhaps?
>>
>> Jeremy
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>
>
>
> --
> Brian High
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 12/08/2011 04:17 PM, Brian High wrote:
<blockquote
cite="mid:alpine.LRH.2.01.1112081517230.470@hymn14.u.washington.edu"
type="cite">Thanks, Rich. I was able to reproduce, even after
removing the nsNumGroups.
<br>
<br>
Here is how I did it. The server is running an updated RHEL5 64
bit server with the latest 389 Directory Server from "epel".
(398-ds-base 1.2.9.9)
<br>
<br>
<blockquote type="cite">From a Fedora 16 Live CD session (as my
desktop client), I loaded mgmt console through ssh tunnel:
<br>
</blockquote>
<br>
$ ssh -X <a class="moz-txt-link-abbreviated" \
href="mailto:root@192.168.1.16">root@192.168.1.16</a> "389-console -D 9 -f \
/tmp/console.log" <br>
</blockquote>
Ah ha - this may explain the crashes - ssh -X + java apps == trouble<br>
<blockquote
cite="mid:alpine.LRH.2.01.1112081517230.470@hymn14.u.washington.edu"
type="cite">
<br>
Logged into Management Console and went to Server Group ->
Directory Server -> Directory [tab]
<br>
<br>
The selected the entry for the dn which holds my site's info.
Then right clicked and chose "Set access permissions", clicked
"Enable anonymous access", pressed "Edit" button, clicked
"Targets" tab.
<br>
<br>
The first time I did this, the application crashed immediately and
I was returned to my local shell prompt, showing this:
<br>
<br>
[...]
<br>
Corrupted MAC on input.
<br>
Disconnecting: Packet corrupt
<br>
</blockquote>
This looks like a message from ssh, not the console. In fact the
console doesn't show any exceptions or errors.<br>
<blockquote
cite="mid:alpine.LRH.2.01.1112081517230.470@hymn14.u.washington.edu"
type="cite">
<br>
Where the [...] is also contained in the console.log.
<br>
<br>
The second time I tried this, I was able to get the "Targets" to
show okay, but after a couple seconds of scrolling the list, the
application crashed again. Only if I click "Edit manually" can I
work with the Targets items.
<br>
<br>
Here is the log output (sanitized). [Sorry for the long log (1869
lines).]
<br>
<br>
java.util.prefs.userRoot=/root/.389-console</blockquote>
<snip><br>
<blockquote
cite="mid:alpine.LRH.2.01.1112081517230.470@hymn14.u.washington.edu"
type="cite">TableSorter.checkModel: table size was changed - need
to reallocate indexes
<br>
TableSorter.reallocateIndexes: getRowCount=404
<br>
</blockquote>
No console errors - only ssh errors.<br>
<br>
If you can reproduce this problem without using ssh -X let us know.<br>
<blockquote
cite="mid:alpine.LRH.2.01.1112081517230.470@hymn14.u.washington.edu"
type="cite">
<br>
<br>
On Wed, 7 Dec 2011, Rich Megginson wrote:
<br>
<br>
<blockquote type="cite">On 12/07/2011 06:07 PM, Brian High wrote:
<br>
I think I found something...
<br>
<br>
I was looking at:
<br>
<a class="moz-txt-link-freetext" \
href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administrati \
on_Guide/Mana">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Mana</a>
<br>
ging_Access_Control-Access_Control_Usage_Examples.html
<br>
<br>
And went to check on the ACI permissions for my main
search base. I see an "All
<br>
Users" entry under Users and the correct three boxes are
checked on the rights
<br>
tab. But when clicking on the "Targets" tab, I get a
popup error message saying
<br>
"The targetattr list contains unknown attributes or
unsupported syntax." Then
<br>
when I click OK and try to scroll the list, the console
crashes.
<br>
<br>
Please run 389-console -D 9 -f console.log and reproduce the
crash. Then remove any sensitive
<br>
information from console.log and send it to the list.
<br>
<br>
I see some Bugzilla entries related to ACI lists, such as
this one:
<br>
<a class="moz-txt-link-freetext" \
href="https://bugzilla.redhat.com/show_bug.cgi?id=733103">https://bugzilla.redhat.com/show_bug.cgi?id=733103</a>
<br>
<br>
So, I will look those over and see if I might find one
that matches my situation.
<br>
<br>
--Brian
<br>
<br>
On Wed, 7 Dec 2011, Brian High wrote:
<br>
<br>
Jeremy,
<br>
<br>
Thanks for the suggestion.
<br>
<br>
I have found that setting this to "off" or "on" (and
restarting
<br>
dirsrv) makes no difference.
<br>
<br>
Any other ideas?
<br>
<br>
--Brian
<br>
<br>
On Thu, 8 Dec 2011, Jeremy A. Mates wrote:
<br>
<br>
El día 7 de diciembre de 2011 22:35, Brian
High
<br>
<a class="moz-txt-link-rfc2396E" \
href="mailto:high@uw.edu"><high@uw.edu></a> escribió: <br>
Hi 389-users,
<br>
<br>
Perhaps you can help solve a mystery for
me.
<br>
<br>
<br>
nsslapd-allow-unauthenticated-binds: on
perhaps?
<br>
<br>
Jeremy
<br>
--
<br>
389 users mailing list
<br>
<a class="moz-txt-link-abbreviated" \
href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a> \
<br>
<a class="moz-txt-link-freetext" \
href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a>
<br>
<br>
--
<br>
389 users mailing list
<br>
<a class="moz-txt-link-abbreviated" \
href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a> \
<br>
<a class="moz-txt-link-freetext" \
href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a>
<br>
<br>
<br>
<br>
<br>
--
<br>
389 users mailing list
<br>
<a class="moz-txt-link-abbreviated" \
href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a> \
<br> <a class="moz-txt-link-freetext" \
href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a>
<br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
<br>
<br>
--
<br>
Brian High
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
389 users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a> \
<a class="moz-txt-link-freetext" \
href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>
[Attachment #6 (text/plain)]
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic