[Fedora-directory-users] slapi search internal errors popping up in error log

Richard Megginson rmeggins at redhat.com
Mon Oct 8 22:47:33 UTC 2007 

Richard Hesse wrote:
> ps -ef | grep httpd
> root      2231     1  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
> root      2317  2231  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
> nobody    2320  2231  0 19:12 ?        00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf
> root      4830  2425  0 21:58 pts/0    00:00:00 grep httpd
>
> # ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config
> /opt/fedora-ds/admin-serv/config:
> total 84
> drwxr-xr-x 2 nobody nobody  4096 Oct  5 18:31 .
> drwxr-xr-x 6 root   root    4096 Sep 27 03:24 ..
> -rw-r--r-- 1 root   root       0 Oct  5 18:31 Admin
> -rw------- 1 nobody nobody   350 Sep 27 03:24 adm.conf
> -rw------- 1 nobody nobody    54 Sep 27 03:24 admpw
> -rw------- 1 root   root    4598 Sep 27 03:24 admserv.conf
> -rw------- 1 nobody nobody  3733 Sep 27 03:24 console.conf
> -rw------- 1 root   root   26784 Sep 27 03:24 httpd.conf
> -rw-r--r-- 1 root   root   16632 Oct  5 05:07 local.conf
> -rw------- 1 nobody nobody  4573 Sep 27 03:24 nss.conf
>
> /opt/fedora-ds/admin-serv/logs:
> total 1652
> drwxr-xr-x 2 root   root    4096 Oct  8 21:59 .
> drwxr-xr-x 6 root   root    4096 Sep 27 03:24 ..
> -rw-r--r-- 1 root   root  500844 Oct  5 04:59 access
> srwx------ 1 nobody root       0 Oct  8 19:12 cgisock.2231
> -rw-r--r-- 1 root   root 1164192 Oct  8 19:12 error
> -rw-r--r-- 1 root   root       5 Oct  8 19:12 pid
>
> cat /opt/fedora-ds/shared/config/dbswitch.conf
> directory default ldap://localhost:22000/o%3DNetscapeRoot
>
> cat /opt/fedora-ds/admin-serv/config/adm.conf
> ldapHost:   localhost
> ldapPort:   22000
> sie:   cn=admin-serv-$host, cn=Fedora Administration Server, cn=Server Group,$host,ou=$domain,o=NetscapeRoot
> userdn:   cn=directory manager
> isie:   cn=Fedora Administration Server, cn=Server Group,cn=$host,ou=$domain,o=NetscapeRoot
> port:   22628
>
> Upon later inspection of the admin-serv error logs, I noticed this:
>
> [Mon Oct 08 19:12:40 2007] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
>   
Looks like there are some permissions problems.  local.conf should be 
owned by nobody.  What is the setting for User in console.conf?  Have 
you changed any settings or admin user names or passwords?
> -richard
>
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson
> Sent: Monday, October 08, 2007 2:16 PM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log
>
> Richard Hesse wrote:
>   
>> Nothing really informative in the admin server logs. Just the 500's being recorded:
>>
>> 10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST
>> /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620
>>
>>     
> ps -ef|grep httpd
> ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config # do the following only after obscuring any sensitive data cat /opt/fedora-ds/shared/config/dbswitch.conf
> cat /opt/fedora-ds/admin-serv/config/adm.conf
>   
>> -richard
>>
>> -----Original Message-----
>> From: fedora-directory-users-bounces at redhat.com
>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
>> Richard Megginson
>> Sent: Monday, October 08, 2007 11:09 AM
>> To: General discussion list for the Fedora Directory server project.
>> Subject: Re: [Fedora-directory-users] slapi search internal errors
>> popping up in error log
>>
>> Richard Hesse wrote:
>>
>>     
>>> No, we're not using client certs but that doesn't preclude someone using their own certs.
>>>
>>> No certmap.conf in the instance directory and it looks like the shared one is stock:
>>> cat certmap.conf | grep -v "#"
>>> certmap default         default
>>>
>>> The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs.
>>>
>>>
>>>       
>> Check the admin server access and error log -
>> /opt/fedora-ds/admin-serv/logs
>>
>>     
>>> Alias directory:
>>> drwxr-xr-x  2 nobody nobody   4096 Oct  8 17:42 .
>>> drwxr-xr-x 15 root   root     4096 Oct  8 17:42 ..
>>> -rwxr-xr-x  1 root   nobody 347368 Oct  6 00:22 libnssckbi.so
>>> -rw-------  1 nobody nobody  16384 Oct  6 00:24 secmod.db
>>> -rw-------  1 nobody nobody  65536 Oct  6 00:22 slapd-fds-cert8.db
>>> -rw-------  1 nobody nobody  16384 Oct  6 00:22 slapd-fds-key3.db
>>> -r--------  1 nobody nobody     41 Oct  6 00:22 slapd-fds-pin.txt
>>>
>>>
>>> Thanks in advance.
>>>
>>> -richard
>>>
>>> -----Original Message-----
>>> From: fedora-directory-users-bounces at redhat.com
>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
>>> Richard Megginson
>>> Sent: Saturday, October 06, 2007 1:46 PM
>>> To: General discussion list for the Fedora Directory server project.
>>> Subject: Re: [Fedora-directory-users] slapi search internal errors
>>> popping up in error log
>>>
>>> Richard Hesse wrote:
>>>
>>>
>>>       
>>>> [06/Oct/2007:00:24:51 +0000] - slapi_search_internal
>>>> ("CN=fds1.sv.powerset.com, OU=Domain Control Validated,
>>>> O=fds1.sv.powerset.com", subtree, objectclass=*) err 32
>>>>
>>>>
>>>>
>>>> I'm guessing that this is cert related, but the TLS/SSL operations
>>>> are working fine.
>>>>
>>>>
>>>>
>>>>         
>>> Are you using client cert based authentication?
>>>
>>> cat /opt/fedora-ds/slapd-instance/config/certmap.conf
>>> /opt/fedora-ds/shared/config/certmap.conf
>>>
>>>
>>>       
>>>> However, I noticed that I can no longer view the encryption tab for
>>>> this server in the console.
>>>>
>>>>
>>>>
>>>>         
>>> What error do you get when you try to view the encryption tab?
>>>
>>> ls -al /opt/fedora-ds/alias
>>>
>>>
>>>       
>>>> Any ideas what this error means or how to fix it?
>>>>
>>>>
>>>>
>>>> Thanks.
>>>>
>>>>
>>>>
>>>> -richard
>>>>
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --
>>>>
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>>         
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>       
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>     
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20071008/53804fd2/attachment.bin>

More information about the Fedora-directory-users mailing list