[Fedora-directory-users] slapi search internal errors popping up in error log

Richard Hesse richard at powerset.com
Mon Oct 8 22:09:03 UTC 2007 

ps -ef | grep httpd
root      2231     1  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
root      2317  2231  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
nobody    2320  2231  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
root      4830  2425  0 21:58 pts/0    00:00:00 grep httpd

# ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config
/opt/fedora-ds/admin-serv/config:
total 84
drwxr-xr-x 2 nobody nobody  4096 Oct  5 18:31 .
drwxr-xr-x 6 root   root    4096 Sep 27 03:24 ..
-rw-r--r-- 1 root   root       0 Oct  5 18:31 Admin
-rw------- 1 nobody nobody   350 Sep 27 03:24 adm.conf
-rw------- 1 nobody nobody    54 Sep 27 03:24 admpw
-rw------- 1 root   root    4598 Sep 27 03:24 admserv.conf
-rw------- 1 nobody nobody  3733 Sep 27 03:24 console.conf
-rw------- 1 root   root   26784 Sep 27 03:24 httpd.conf
-rw-r--r-- 1 root   root   16632 Oct  5 05:07 local.conf
-rw------- 1 nobody nobody  4573 Sep 27 03:24 nss.conf

/opt/fedora-ds/admin-serv/logs:
total 1652
drwxr-xr-x 2 root   root    4096 Oct  8 21:59 .
drwxr-xr-x 6 root   root    4096 Sep 27 03:24 ..
-rw-r--r-- 1 root   root  500844 Oct  5 04:59 access
srwx------ 1 nobody root       0 Oct  8 19:12 cgisock.2231
-rw-r--r-- 1 root   root 1164192 Oct  8 19:12 error
-rw-r--r-- 1 root   root       5 Oct  8 19:12 pid

cat /opt/fedora-ds/shared/config/dbswitch.conf
directory default ldap://localhost:22000/o%3DNetscapeRoot

cat /opt/fedora-ds/admin-serv/config/adm.conf
ldapHost:   localhost
ldapPort:   22000
sie:   cn=admin-serv-$host, cn=Fedora Administration Server, cn=Server Group,$host,ou=$domain,o=NetscapeRoot
userdn:   cn=directory manager
isie:   cn=Fedora Administration Server, cn=Server Group,cn=$host,ou=$domain,o=NetscapeRoot
port:   22628

Upon later inspection of the admin-serv error logs, I noticed this:

[Mon Oct 08 19:12:40 2007] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.

-richard


-----Original Message-----
From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson
Sent: Monday, October 08, 2007 2:16 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log

Richard Hesse wrote:
> Nothing really informative in the admin server logs. Just the 500's being recorded:
>
> 10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST
> /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620
>
ps -ef|grep httpd
ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config # do the following only after obscuring any sensitive data cat /opt/fedora-ds/shared/config/dbswitch.conf
cat /opt/fedora-ds/admin-serv/config/adm.conf
> -richard
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
> Richard Megginson
> Sent: Monday, October 08, 2007 11:09 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] slapi search internal errors
> popping up in error log
>
> Richard Hesse wrote:
>
>> No, we're not using client certs but that doesn't preclude someone using their own certs.
>>
>> No certmap.conf in the instance directory and it looks like the shared one is stock:
>> cat certmap.conf | grep -v "#"
>> certmap default         default
>>
>> The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs.
>>
>>
> Check the admin server access and error log -
> /opt/fedora-ds/admin-serv/logs
>
>> Alias directory:
>> drwxr-xr-x  2 nobody nobody   4096 Oct  8 17:42 .
>> drwxr-xr-x 15 root   root     4096 Oct  8 17:42 ..
>> -rwxr-xr-x  1 root   nobody 347368 Oct  6 00:22 libnssckbi.so
>> -rw-------  1 nobody nobody  16384 Oct  6 00:24 secmod.db
>> -rw-------  1 nobody nobody  65536 Oct  6 00:22 slapd-fds-cert8.db
>> -rw-------  1 nobody nobody  16384 Oct  6 00:22 slapd-fds-key3.db
>> -r--------  1 nobody nobody     41 Oct  6 00:22 slapd-fds-pin.txt
>>
>>
>> Thanks in advance.
>>
>> -richard
>>
>> -----Original Message-----
>> From: fedora-directory-users-bounces at redhat.com
>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
>> Richard Megginson
>> Sent: Saturday, October 06, 2007 1:46 PM
>> To: General discussion list for the Fedora Directory server project.
>> Subject: Re: [Fedora-directory-users] slapi search internal errors
>> popping up in error log
>>
>> Richard Hesse wrote:
>>
>>
>>> [06/Oct/2007:00:24:51 +0000] - slapi_search_internal
>>> ("CN=fds1.sv.powerset.com, OU=Domain Control Validated,
>>> O=fds1.sv.powerset.com", subtree, objectclass=*) err 32
>>>
>>>
>>>
>>> I'm guessing that this is cert related, but the TLS/SSL operations
>>> are working fine.
>>>
>>>
>>>
>> Are you using client cert based authentication?
>>
>> cat /opt/fedora-ds/slapd-instance/config/certmap.conf
>> /opt/fedora-ds/shared/config/certmap.conf
>>
>>
>>> However, I noticed that I can no longer view the encryption tab for
>>> this server in the console.
>>>
>>>
>>>
>> What error do you get when you try to view the encryption tab?
>>
>> ls -al /opt/fedora-ds/alias
>>
>>
>>> Any ideas what this error means or how to fix it?
>>>
>>>
>>>
>>> Thanks.
>>>
>>>
>>>
>>> -richard
>>>
>>> --------------------------------------------------------------------
>>> -
>>> -
>>> --
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

More information about the Fedora-directory-users mailing list