[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: [389-users] 389-console
From: Ldap Tester <ldap.tester () gmail ! com>
Date: 2015-05-22 15:30:01
Message-ID: CAKM02HNfNnykK=8w9gSN9x595zLCZHR8Hf+eNQa+QwVXRdoKVg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I would like to return to a problem that I have had since I first posted
about it on Feb 29, 2012, and which was never resolved. I have been
successfully running 2 FDS multi-masters since I installed them in ~2007,
and which have been updated ever since with yum. My current package set is:
389-admin-1.1.38-1.fc21.x86_64
389-admin-console-1.1.8-7.fc21.noarch
389-admin-console-doc-1.1.8-7.fc21.noarch
389-adminutil-1.1.21-1.fc21.x86_64
389-console-1.1.7-7.fc21.noarch
389-ds-1.2.2-6.fc21.noarch
389-ds-base-1.3.3.8-1.fc21.x86_64
389-ds-base-devel-1.3.3.8-1.fc21.x86_64
389-ds-base-libs-1.3.3.8-1.fc21.x86_64
389-ds-console-1.2.7-4.fc21.noarch
389-ds-console-doc-1.2.7-4.fc21.noarch
389-dsgw-1.1.11-4.fc21.x86_64
The directory service is working fine. I use it only to authenticate user
logins on ~dozen fedora clients. I can run 389-console on one of the
masters, but not the other. I used to be able to run it before 2012. Now
when I run 389-console and log in, I get:
Cannot connect to the directory server:
netscape.ldap.LDAPException: error result (32): No such object
I tried running setup-ds-admin.pl -u, but it yields:
Configuration directory server URL [ldap://XXXX.org:389/o%3DNetscapeRoot]:
Configuration directory server admin ID [uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot]:
Configuration directory server admin password:
Configuration directory server admin domain [org]:
Could not authenticate as user 'uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot' to server
'ldap://XXXX.org:389/o%3DNetscapeRoot'. Error: No such object
I notice that when I start dirsrv-admin, I get the following message in
/var/log/dirsrv/admin-serv/error:
[:crit] [pid 18514:tid 140642010404992] populate_tasks_from_server():
Unable to search [cn=admin-serv-XXXX, cn=389 Administration Server,
cn=Server Group, cn=XXXX.org, ou=org, o=NetscapeRoot] for LDAPConnection
[XXXX.org:389]
Each server is its own configuration directory server. There is a
replication agreement between the two servers, but only on userRoot, not
NetscapeRoot.
I also note that ldapsearch -x -b "o=NetscapeRoot" on the problem server
yields:
# extended LDIF
#
# LDAPv3
# base <o=NetscapeRoot> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# NetscapeRoot
dn: o=NetscapeRoot
objectClass: top
objectClass: organization
o: NetscapeRoot
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
The same command on the working server produces a response with 46 entries
and lots of good things in it. Did my NetscapeRoot somehow get emptied?
How do I get it back?
I thought a "restoreconfig" command would help me, but I never did a
"saveconfig" and don't have any /var/lib/dirsrv/slapd-XXXX/bak/*.ldif
files. I do have a
/var/lib/dirsrv/slapd-XXXX/ldif/XXXX-NetscapeRoot-2010_09_16_090402.ldif
file, but it's quite old and from the documentation that I read, it says it
is an "example" file. I do have backups in
/var/lib/dirsrv/slapd-XXXX/bak/. Among others, I have ones from
2011_07_20_10_54_37/ and 2012_02_20_13_29_00/. I believe everything was
working correctly in 2011, but not by 2012. Could this help in any way?
Alternatively, I just now did a saveconfig, and it produced an .ldif file
with 146 entries! If I now restore from that file, might that fix things
up? Can it hurt to try?
[Attachment #5 (text/html)]
<div dir="ltr">I would like to return to a problem that I have had since I first \
posted about it on Feb 29, 2012, and which was never resolved. I have been \
successfully running 2 FDS multi-masters since I installed them in ~2007, and which \
have been updated ever since with yum. My current package set \
is:<br>389-admin-1.1.38-1.fc21.x86_64<br>389-admin-console-1.1.8-7.fc21.noarch<br>389- \
admin-console-doc-1.1.8-7.fc21.noarch<br>389-adminutil-1.1.21-1.fc21.x86_64<br>389-con \
sole-1.1.7-7.fc21.noarch<br>389-ds-1.2.2-6.fc21.noarch<br>389-ds-base-1.3.3.8-1.fc21.x \
86_64<br>389-ds-base-devel-1.3.3.8-1.fc21.x86_64<br>389-ds-base-libs-1.3.3.8-1.fc21.x8 \
6_64<br>389-ds-console-1.2.7-4.fc21.noarch<br>389-ds-console-doc-1.2.7-4.fc21.noarch<br>389-dsgw-1.1.11-4.fc21.x86_64<br><br>The \
directory service is working fine. I use it only to authenticate user logins on \
~dozen fedora clients. I can run 389-console on one of the masters, but not the \
other. I used to be able to run it before 2012. Now when I run 389-console and log \
in, I get:<br>Cannot connect to the directory server:<br>netscape.ldap.LDAPException: \
error result (32): No such object<br><br>I tried running <a \
href="http://setup-ds-admin.pl">setup-ds-admin.pl</a> -u, but it \
yields:<br>Configuration directory server URL [ldap://XXXX.org:389/o%3DNetscapeRoot]: \
<br>Configuration directory server admin ID [uid=admin, ou=Administrators, \
ou=TopologyManagement, o=NetscapeRoot]: <br>Configuration directory server admin \
password: <br>Configuration directory server admin domain [org]: <br>Could not \
authenticate as user 'uid=admin, ou=Administrators, ou=TopologyManagement, \
o=NetscapeRoot' to server 'ldap://XXXX.org:389/o%3DNetscapeRoot'. \
Error: No such object<br><br>I notice that when I start dirsrv-admin, I get the \
following message in /var/log/dirsrv/admin-serv/error:<br>[:crit] [pid 18514:tid \
140642010404992] populate_tasks_from_server(): Unable to search [cn=admin-serv-XXXX, \
cn=389 Administration Server, cn=Server Group, cn=XXXX.org, ou=org, o=NetscapeRoot] \
for LDAPConnection [XXXX.org:389]<br><br>Each server is its own configuration \
directory server. There is a replication agreement between the two servers, but \
only on userRoot, not NetscapeRoot.<br><br>I also note that ldapsearch -x -b \
"o=NetscapeRoot" on the problem server yields:<br># extended LDIF<br>#<br># \
LDAPv3<br># base <o=NetscapeRoot> with scope subtree<br># filter: \
(objectclass=*)<br># requesting: ALL<br>#<br><br># NetscapeRoot<br>dn: \
o=NetscapeRoot<br>objectClass: top<br>objectClass: organization<br>o: \
NetscapeRoot<br><br># search result<br>search: 2<br>result: 0 Success<br><br># \
numResponses: 2<br># numEntries: 1<br><br>The same command on the working server \
produces a response with 46 entries and lots of good things in it. Did my \
NetscapeRoot somehow get emptied? How do I get it back?<br><br><br>I thought a \
"restoreconfig" command would help me, but I never did a \
"saveconfig" and don't have any /var/lib/dirsrv/slapd-XXXX/bak/*.ldif \
files. I do have a \
/var/lib/dirsrv/slapd-XXXX/ldif/XXXX-NetscapeRoot-2010_09_16_090402.ldif file, but \
it's quite old and from the documentation that I read, it says it is an \
"example" file. I do have backups in /var/lib/dirsrv/slapd-XXXX/bak/. \
Among others, I have ones from 2011_07_20_10_54_37/ and 2012_02_20_13_29_00/. I \
believe everything was working correctly in 2011, but not by 2012. Could this help \
in any way?<br><br>Alternatively, I just now did a saveconfig, and it produced an \
.ldif file with 146 entries! If I now restore from that file, might that fix things \
up? Can it hurt to try?<br> <br><br></div>
[Attachment #6 (text/plain)]
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic