'[389-users] 389-console'

[prev in list] [next in list] [prev in thread] [next in thread] 

List: fedora-directory-users
Subject: [389-users] 389-console
From: Ldap Tester <ldap.tester () gmail ! com>
Date: 2015-05-22 15:30:01
Message-ID: CAKM02HNfNnykK=8w9gSN9x595zLCZHR8Hf+eNQa+QwVXRdoKVg () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

I would like to return to a problem that I have had since I first posted
about it on Feb 29, 2012, and which was never resolved.  I have been
successfully running 2 FDS multi-masters since I installed them in ~2007,
and which have been updated ever since with yum.  My current package set is:
389-admin-1.1.38-1.fc21.x86_64
389-admin-console-1.1.8-7.fc21.noarch
389-admin-console-doc-1.1.8-7.fc21.noarch
389-adminutil-1.1.21-1.fc21.x86_64
389-console-1.1.7-7.fc21.noarch
389-ds-1.2.2-6.fc21.noarch
389-ds-base-1.3.3.8-1.fc21.x86_64
389-ds-base-devel-1.3.3.8-1.fc21.x86_64
389-ds-base-libs-1.3.3.8-1.fc21.x86_64
389-ds-console-1.2.7-4.fc21.noarch
389-ds-console-doc-1.2.7-4.fc21.noarch
389-dsgw-1.1.11-4.fc21.x86_64

The directory service is working fine.  I use it only to authenticate user
logins on ~dozen fedora clients.  I can run 389-console on one of the
masters, but not the other.  I used to be able to run it before 2012. Now
when I run 389-console and log in, I get:
Cannot connect to the directory server:
netscape.ldap.LDAPException: error result (32): No such object

I tried running setup-ds-admin.pl -u, but it yields:
Configuration directory server URL [ldap://XXXX.org:389/o%3DNetscapeRoot]:
Configuration directory server admin ID [uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot]:
Configuration directory server admin password:
Configuration directory server admin domain [org]:
Could not authenticate as user 'uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot' to server
'ldap://XXXX.org:389/o%3DNetscapeRoot'.  Error: No such object

I notice that when I start dirsrv-admin, I get the following message in
/var/log/dirsrv/admin-serv/error:
[:crit] [pid 18514:tid 140642010404992] populate_tasks_from_server():
Unable to search [cn=admin-serv-XXXX, cn=389 Administration Server,
cn=Server Group, cn=XXXX.org, ou=org, o=NetscapeRoot] for LDAPConnection
[XXXX.org:389]

Each server is its own configuration directory server.  There is a
replication agreement between the two servers, but only on userRoot, not
NetscapeRoot.

I also note that ldapsearch -x -b "o=NetscapeRoot" on the problem server
yields:
# extended LDIF
#
# LDAPv3
# base <o=NetscapeRoot> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# NetscapeRoot
dn: o=NetscapeRoot
objectClass: top
objectClass: organization
o: NetscapeRoot

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

The same command on the working server produces a response with 46 entries
and lots of good things in it.  Did my NetscapeRoot somehow get emptied?
How do I get it back?

I thought a "restoreconfig" command would help me, but I never did a
"saveconfig" and don't have any /var/lib/dirsrv/slapd-XXXX/bak/*.ldif
files.  I do have a
/var/lib/dirsrv/slapd-XXXX/ldif/XXXX-NetscapeRoot-2010_09_16_090402.ldif
file, but it's quite old and from the documentation that I read, it says it
is an "example" file.  I do have backups in
/var/lib/dirsrv/slapd-XXXX/bak/.  Among others, I have ones from
2011_07_20_10_54_37/ and 2012_02_20_13_29_00/.  I believe everything was
working correctly in 2011, but not by 2012.  Could this help in any way?

Alternatively, I just now did a saveconfig, and it produced an .ldif file
with 146 entries!  If I now restore from that file, might that fix things
up?  Can it hurt to try?

[Attachment #5 (text/html)]

<div dir="ltr">I would like to return to a problem that I have had since I first \
posted about it on Feb 29, 2012, and which was never resolved. I have been \
successfully running 2 FDS multi-masters since I installed them in ~2007, and which \
have been updated ever since with yum. My current package set \
is: 389-admin-1.1.38-1.fc21.x86_64 389-admin-console-1.1.8-7.fc21.noarch 389- \
admin-console-doc-1.1.8-7.fc21.noarch 389-adminutil-1.1.21-1.fc21.x86_64 389-con \
sole-1.1.7-7.fc21.noarch 389-ds-1.2.2-6.fc21.noarch 389-ds-base-1.3.3.8-1.fc21.x \
86_64 389-ds-base-devel-1.3.3.8-1.fc21.x86_64 389-ds-base-libs-1.3.3.8-1.fc21.x8 \
6_64 389-ds-console-1.2.7-4.fc21.noarch 389-ds-console-doc-1.2.7-4.fc21.noarch 389-dsgw-1.1.11-4.fc21.x86_64 The \
directory service is working fine. I use it only to authenticate user logins on \
~dozen fedora clients. I can run 389-console on one of the masters, but not the \
other. I used to be able to run it before 2012. Now when I run 389-console and log \
in, I get: Cannot connect to the directory server: netscape.ldap.LDAPException: \
error result (32): No such object I tried running <a \
href="http://setup-ds-admin.pl">setup-ds-admin.pl</a> -u, but it \
yields: Configuration directory server URL [ldap://XXXX.org:389/o%3DNetscapeRoot]: \
 Configuration directory server admin ID [uid=admin, ou=Administrators, \
ou=TopologyManagement, o=NetscapeRoot]: Configuration directory server admin \
password: Configuration directory server admin domain [org]: Could not \
authenticate as user &#39;uid=admin, ou=Administrators, ou=TopologyManagement, \
o=NetscapeRoot&#39; to server &#39;ldap://XXXX.org:389/o%3DNetscapeRoot&#39;. \
Error: No such object I notice that when I start dirsrv-admin, I get the \
following message in /var/log/dirsrv/admin-serv/error: [:crit] [pid 18514:tid \
140642010404992] populate_tasks_from_server(): Unable to search [cn=admin-serv-XXXX, \
cn=389 Administration Server, cn=Server Group, cn=XXXX.org, ou=org, o=NetscapeRoot] \
for LDAPConnection [XXXX.org:389] Each server is its own configuration \
directory server. There is a replication agreement between the two servers, but \
only on userRoot, not NetscapeRoot. I also note that ldapsearch -x -b \
&quot;o=NetscapeRoot&quot; on the problem server yields: # extended LDIF # # \
LDAPv3 # base &lt;o=NetscapeRoot&gt; with scope subtree # filter: \
(objectclass=*) # requesting: ALL # # NetscapeRoot dn: \
o=NetscapeRoot objectClass: top objectClass: organization o: \
NetscapeRoot # search result search: 2 result: 0 Success # \
numResponses: 2 # numEntries: 1 The same command on the working server \
produces a response with 46 entries and lots of good things in it. Did my \
NetscapeRoot somehow get emptied? How do I get it back? I thought a \
&quot;restoreconfig&quot; command would help me, but I never did a \
&quot;saveconfig&quot; and don&#39;t have any /var/lib/dirsrv/slapd-XXXX/bak/*.ldif \
files. I do have a \
/var/lib/dirsrv/slapd-XXXX/ldif/XXXX-NetscapeRoot-2010_09_16_090402.ldif file, but \
it&#39;s quite old and from the documentation that I read, it says it is an \
&quot;example&quot; file. I do have backups in /var/lib/dirsrv/slapd-XXXX/bak/. \
Among others, I have ones from 2011_07_20_10_54_37/ and 2012_02_20_13_29_00/. I \
believe everything was working correctly in 2011, but not by 2012. Could this help \
in any way? Alternatively, I just now did a saveconfig, and it produced an \
.ldif file with 146 entries! If I now restore from that file, might that fix things \
up? Can it hurt to try? </div>

[Attachment #6 (text/plain)]

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

[prev in list] [next in list] [prev in thread] [next in thread] 