[Fedora-directory-users] Getting ready to upgrade from fds 1.0.1 to 1.0.2
Bliss, Aaron
ABliss at preferredcare.org
Tue Mar 14 18:34:17 UTC 2006
I believe this is what your looking for, here is an example when I
intentionally attempt to break the password rules:
[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103
nentries=0 et
ime=0
[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 MOD
dn="uid=awbtest,ou=users,dc=pre
ferredcare,dc=org", invalid password syntax
Here is the error that occurred during the upgrade (I wouldn't worry too
much about the entries below that reference fds1 instead of al-lnx-s11,
I manually typed that after pasting the error log, as I wasn't
comfortable displaying the real server name, but it doesn't really
matter now, the real server name is al-lnx-s11)
[13/Mar/2006:21:15:56 -0500] conn=0 op=3 RESULT err=0 tag=101 nentries=1
etime=0
[13/Mar/2006:21:15:56 -0500] conn=0 op=4 BIND dn="uid=admin,
ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot" method=128 version=3
[13/Mar/2006:21:15:56 -0500] conn=0 op=5 SRCH
base="cn=al-lnx-s11.preferredcare.
org, ou=preferredcare.org, o=NetscapeRoot" scope=2
filter="(&(objectClass=nsAppl
ication)(nsNickName=slapd)(nsInstalledLocation=/opt/fedora-ds))"
attrs="* aci pa
sswordExpirationTime passwordExpWarned passwordRetryCount
retryCountResetTime ac
countUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId
nsLookThrough
Limit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN
nsAccountLock"
[13/Mar/2006:21:15:56 -0500] conn=0 op=4 RESULT err=0 tag=97 nentries=0
etime=0
dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
[13/Mar/2006:21:15:56 -0500] conn=0 op=5 RESULT err=0 tag=101 nentries=1
etime=0
[13/Mar/2006:21:15:56 -0500] conn=0 op=6 SRCH base="cn=Fedora Directory
Server,
cn=Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org,
o=Netsca
peRoot" scope=0 filter="(objectClass=*)" attrs="* aci
passwordExpirationTime pas
swordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime
password
History passwordAllowChangeTime nsUniqueId nsLookThroughLimit
nsSizeLimit nsTime
Limit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
[13/Mar/2006:21:15:56 -0500] conn=0 op=6 RESULT err=0 tag=101 nentries=1
etime=0
[13/Mar/2006:21:15:56 -0500] conn=0 op=7 MOD dn="cn=Fedora Directory
Server, cn=
Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org,
o=NetscapeR
oot"
[13/Mar/2006:21:15:56 -0500] conn=0 op=7 RESULT err=0 tag=103 nentries=0
etime=0
[13/Mar/2006:21:15:56 -0500] conn=0 op=8 SRCH base="cn=Fedora Directory
Server,
cn=Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org,
o=Netsca
peRoot" scope=1 filter="(objectClass=nsDirectoryServer)" attrs="* aci
passwordEx
pirationTime passwordExpWarned passwordRetryCount retryCountResetTime
accountUnl
ockTime passwordHistory passwordAllowChangeTime nsUniqueId
nsLookThroughLimit ns
SizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
[13/Mar/2006:21:15:56 -0500] conn=0 op=8 RESULT err=0 tag=101 nentries=1
etime=0
[13/Mar/2006:21:15:56 -0500] conn=0 op=9 SRCH base="cn=slapd-al-lnx-s11,
cn=Fedo
ra Directory Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org,
ou=prefer
redcare.org, o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="*
aci passw
ordExpirationTime passwordExpWarned passwordRetryCount
retryCountResetTime accou
ntUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId
nsLookThroughLim
it nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
[13/Mar/2006:21:15:56 -0500] conn=0 op=9 RESULT err=0 tag=101 nentries=1
etime=0
[13/Mar/2006:21:15:56 -0500] conn=0 op=10 SRCH
base="cn=slapd-al-lnx-s11,cn=Fedo
ra Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferred
care.org,o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="* aci
passwordE
xpirationTime passwordExpWarned passwordRetryCount retryCountResetTime
accountUn
lockTime passwordHistory passwordAllowChangeTime nsUniqueId
nsLookThroughLimit n
sSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
[13/Mar/2006:21:15:56 -0500] conn=0 op=10 RESULT err=0 tag=101
nentries=1 etime=
0
[13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103
nentries=0 etime
=0
[13/Mar/2006:21:15:56 -0500] conn=0 op=11 MOD
dn="cn=slapd-al-lnx-s11,cn=Fedora
Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcar
e.org,o=NetscapeRoot", invalid password syntax
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
Megginson
Sent: Tuesday, March 14, 2006 10:06 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Getting ready to upgrade from fds
1.0.1 to 1.0.2
Bliss, Aaron wrote:
>I've been able to reproduce; after setting the new password policy
>(require 1 digit, 1 special, etc) and then I attempt to use a password
>that isn't compliant, this error is logged and the users new password
>is not accepted.
>[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103
>nentries=0 etime=0
>
>
Can you find out what this operation is? It's either an ADD or MOD -
just search before that line for "conn=1073 op=10". I'd like to know
what the DN is.
>So, it looks like everything is working like it is suppose to....it's
>still interesting that I received that error during the upgrade....
>
>Aaron
>
>-----Original Message-----
>From: fedora-directory-users-bounces at redhat.com
>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss,
>Aaron
>Sent: Monday, March 13, 2006 10:04 PM
>To: General discussion list for the Fedora Directory server project.
>Subject: RE: [Fedora-directory-users] Getting ready to upgrade from fds
>1.0.1 to 1.0.2
>
>It only seems to be in the access log 1 time; looks like it only
>happened during the upgrade
>[13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103
>nentries=0 etime=0 Is there an easy way to verify that the new password
>schema is being used?
>
>Thanks.
>Aaron
>
>-----Original Message-----
>From: fedora-directory-users-bounces at redhat.com
>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
>Megginson
>Sent: Monday, March 13, 2006 9:54 PM
>To: General discussion list for the Fedora Directory server project.
>Cc: Bliss, Aaron
>Subject: Re: [Fedora-directory-users] Getting ready to upgrade from fds
>1.0.1 to 1.0.2
>
>Bliss, Aaron wrote:
>
>
>
>>Well, I upgraded the fds rpm; after a reboot all looks okay, however I
>>noticed this information in the setup logfile; is this indicative that
>>something failed to update properly? Perhaps the new schema files?
>>How can I verify that the new schema files are in use? Thanks very
>>much.
>>
>>Start Slapd Starting Slapd server reconfiguration.
>>Fatal Slapd ERROR: Could not update Directory Server Instance URL
>>ldap://fds1.preferredcare.org:389/o=NetscapeRoot user id admin DN
>>cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
>>Group,cn=fds1.preferredcare.org,ou=preferredcare.org,o=NetscapeRoot
>>(19:Constraint violation)
>>Configuring Administration Server...
>>InstallInfo: Apache Directory "ApacheDir" is missing.
>>
>>The proper fds version is disaplyed in the display console, and the
>>new
>>
>>
>
>
>
>>password enforcement options seem to be available.
>>
>>
>>
>>
>Check your directory server access log - look for err=19 - constraint
>violation - to see which operation it's complaining about.
>
>
>
>>Aaron
>>-----Original Message-----
>>From: Bliss, Aaron
>>Sent: Monday, March 13, 2006 2:08 PM
>>To: 'General discussion list for the Fedora Directory server project.'
>>Subject: RE: [Fedora-directory-users] Getting ready to upgrade from
>>fds
>>1.0.1 to 1.0.2
>>
>>Ah, thanks again.
>>
>>Aaron
>>
>>-----Original Message-----
>>From: fedora-directory-users-bounces at redhat.com
>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
>>Richard
>>
>>
>
>
>
>>Megginson
>>Sent: Monday, March 13, 2006 2:08 PM
>>To: General discussion list for the Fedora Directory server project.
>>Subject: Re: [Fedora-directory-users] Getting ready to upgrade from
>>fds
>>1.0.1 to 1.0.2
>>
>>Bliss, Aaron wrote:
>>
>>
>>
>>
>>
>>>Thanks; just so I understand, I have to run the setup script even
>>>though my databases have already been configured? I did not have to
>>>do
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>this on my test box in order to upgrade. Thanks.
>>>
>>>
>>>
>>>
>>>
>>>
>>Setup will copy in the new schema files required to use the new
>>password syntax checking, so if you skip that, you'll have to copy
>>them
>>
>>
>
>
>
>>in manually. Setup will also make sure the console reports the
>>correct
>>
>>
>
>
>
>>version of directory server.
>>
>>
>>
>>
>>
>>>Aaron
>>>
>>>-----Original Message-----
>>>From: fedora-directory-users-bounces at redhat.com
>>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
>>>Richard
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>Megginson
>>>Sent: Monday, March 13, 2006 1:59 PM
>>>To: General discussion list for the Fedora Directory server project.
>>>Subject: Re: [Fedora-directory-users] Getting ready to upgrade from
>>>fds
>>>1.0.1 to 1.0.2
>>>
>>>Bliss, Aaron wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>I'm planning on upgrading both my supplier and consumer fds servers
>>>>tonight; do I need to worry about their server certificates? I'll
>>>>just
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>>be running rpm -Uvh fedora....Thanks very much.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>Upgrade shouldn't touch any ssl information.
>>>
>>>After doing the rpm -U, do cd /opt/fedora-ds ; ./setup/setup and
>>>follow
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>the prompts.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>Aaron
>>>>
>>>>www.preferredcare.org
>>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J.
D.
>>>>
>>>>
>
>
>
>>>>Power and Associates
>>>>
>>>>Confidentiality Notice:
>>>>The information contained in this electronic message is intended for
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>the exclusive use of the individual or entity named above and may
>>>contain privileged or confidential information. If the reader of
>>>this
>>>
>>>
>
>
>
>>>message is not the intended recipient or the employee or agent
>>>responsible to deliver it to the intended recipient, you are hereby
>>>notified that dissemination, distribution or copying of this
>>>information is prohibited. If you have received this communication
>>>in
>>>
>>>
>
>
>
>>>error, please notify the sender immediately by telephone and destroy
>>>the copies you received.
>>>
>>>
>>>
>>>
>>>
>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>www.preferredcare.org
>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>>Power and Associates
>>>
>>>Confidentiality Notice:
>>>The information contained in this electronic message is intended for
>>>
>>>
>>>
>>>
>>the exclusive use of the individual or entity named above and may
>>contain privileged or confidential information. If the reader of this
>>message is not the intended recipient or the employee or agent
>>responsible to deliver it to the intended recipient, you are hereby
>>notified that dissemination, distribution or copying of this
>>information is prohibited. If you have received this communication in
>>error, please notify the sender immediately by telephone and destroy
>>the copies you received.
>>
>>
>>
>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>>
>>>
>>www.preferredcare.org
>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>Power and Associates
>>
>>Confidentiality Notice:
>>The information contained in this electronic message is intended for
>>
>>
>the exclusive use of the individual or entity named above and may
>contain privileged or confidential information. If the reader of this
>message is not the intended recipient or the employee or agent
>responsible to deliver it to the intended recipient, you are hereby
>notified that dissemination, distribution or copying of this
>information is prohibited. If you have received this communication in
>error, please notify the sender immediately by telephone and destroy
>the copies you received.
>
>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>>
>
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for
>the exclusive use of the individual or entity named above and may
>contain privileged or confidential information. If the reader of this
>message is not the intended recipient or the employee or agent
>responsible to deliver it to the intended recipient, you are hereby
>notified that dissemination, distribution or copying of this
>information is prohibited. If you have received this communication in
>error, please notify the sender immediately by telephone and destroy
>the copies you received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
More information about the Fedora-directory-users
mailing list