[Fedora-directory-users] admserv_host_ip_check

Nathan Kinder nkinder at redhat.com
Fri Dec 16 18:54:56 UTC 2005 

Michael Montgomery wrote:

>On Fri, 2005-12-16 at 11:22 -0700, Craig White wrote:
>  
>
>>On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery wrote:
>>    
>>
>>>Ok, this is just great.  I've locked myself out of the admin server now,
>>>and no ips can connect.  So... I'll try the admconfig tool mentioned in
>>>the console.pdf file... oh great, that doesn't work either:
>>>
>>>[root at corporate-ds admin]# ./admconfig --h
>>>./admconfig: line 55: /opt/fedora-ds/bin/base/jre/bin/java: No such file or directory
>>>./admconfig: line 55: exec: /opt/fedora-ds/bin/base/jre/bin/java: cannot execute: No such file or directory
>>>
>>>[root at corporate-ds admin]# ls -l /opt/fedora-ds/bin/
>>>admin/ slapd/ user/
>>>
>>>Can I manually edit some config files somewhere to allow this to work?
>>>
>>>Also, I come in today to find the replication server's admin console doing this:
>>>
>>>[Fri Dec 16 11:30:22 2005] [notice] [client 10.5.1.202] unable to bind to server [ldap02.inside.*****.com:389] as [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.******.com, ou=inside.*******.com, o=NetscapeRoot]
>>>[Fri Dec 16 11:30:22 2005] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-ldap02, cn=Fedora Administration Server, cn=Server Group, cn=ldap02.inside.*****.com, ou=inside.***************.com, o=NetscapeRoot] for LDAPConnection [ldap02.inside.*********.com:389]
>>>[Fri Dec 16 11:30:22 2005] [crit] [client 10.5.1.202] admserv_check_authz(): Task [cn=statusping, cn=operation, cn=tasks, cn=admin-serv-ldap02, cn=fedora administration server, cn=server group, cn=ldap02.inside.*************.com, ou=inside.*********************.com, o=netscaperoot] not found for user [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot] - either the task was not registered or the user was not authorized
>>>
>>>And the admin console server won't start with this error:
>>>
>>>[Fri Dec 16 11:39:31 2005] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN
>>>
>>>Anybody got any clues what is going on?  I seem to be having some pretty bad luck here.
>>>
>>>Thanks again.
>>>
>>>On Fri, 2005-12-16 at 11:29 -0600, Michael Montgomery wrote:
>>>      
>>>
>>>>>You need to set hostnames to allow to NULL or empty - if there is anything there, it will assume you want to do access based on host/domain name, which must have the correct DNS /etc/nsswitch.conf or /etc/hosts configuration.
>>>>>          
>>>>>
>>>>Thank you, 
>>>>Thank you.  
>>>>
>>>>When it mentions that you can use wildcards, it simply causes confusion.
>>>>        
>>>>
>>----
>>ls -l /opt/fedora-ds/admin-serv/config
>>
>>Craig
>>    
>>
>
>Thank you
>
>Strangely, any changes made in the local.conf file, specifically the
>below field, seem to get overwritten when the admin server starts again,
>so this also will not allow me to connect.
>
>local.conf:configuration.nsAdminAccessAddresses: *
>  
>
That file is simply a bootstrap config file.  The real configuration 
lives in the Directory Server.  The admin server config entry is 
"cn=configuration, cn=admin-serv-<hostname>, cn=Fedora Administration 
Server, cn=Server Group, cn=<hostname>, ou=<domainname>, 
o=NetscapeRoot".  You can modify the config with ldapmodify.

-NGK

>  
>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>    
>>
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

More information about the Fedora-directory-users mailing list