[Fedora-directory-users] fedora-idm-console problem

Steve Fletcher Steve.Fletcher at noaa.gov
Wed Dec 17 23:02:26 UTC 2008 

OK.  That removed the expiration. Which allowed me to run the 
setup-ds-admin.pl -u  which fixed the
origional problem with fedora-idm-console.   Thanks much for all your 
help and patience!!
Steve

Rich Megginson wrote:
> Steve Fletcher wrote:
>> That gives me:
>> [root at rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h 
>> rome.protect.nssl -D "uid=admin, ou=Administrators, 
>> ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" 
>> "objectclass=*"
>> ldapsearch: Password will expire in 0 seconds
>> ldapsearch: Password has been reset by an administrator; you must 
>> change it.
>> ldap_search: DSA is unwilling to perform
>>
>> That is likely because I reset the password to get past the invalid 
>> credentials problem when trying to run setup-ds-admin.pl -u
>> For the ldapsearch below and to reset the adm password I used -D 
>> "cn=Directory Manager". So for the next question: How do I change it or
>> unset the password expiration stuff which I never intended to be 
>> applied to the admin server by command line.
> Change the passwordExpirationTime in that entry:
> ldapmodify -x -h rome.protect.nssl -D "cn=directory manager" -w 
> thepassword
> dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
> changetype: modify
> replace: passwordExpirationTime
> passwordExpirationTime: 20380101000000Z
>
> Will change the password so that it expires in 2038
>>
>> Rich Megginson wrote:
>>> Steve Fletcher wrote:
>>>> Yes I can query these using ldapsearch.
>>>> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, 
>>>> ou=Global Pre
>>>> ferences, ou=protect.nssl, o=NetscapeRoot ...
>>>>
>>>> Using fedora-idm-console -D ldap     I get:
>>>> Ldap Connection rome.protect.nssl:389
>>>> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389
>>>> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, 
>>>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, 
>>>> authentication=********}
>>>> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} 
>>>> {PasswordExpiredCtrl: isCritical=false msg=0} 
>>>> {PasswordExpiringCtrl: isCritical=false msg=0}
>>>> Ldap Connection (null):389    ...
>>>>
>>>> and adm.conf has:
>>>> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot
>>>>
>>>> On several following entries I saw:
>>>> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, 
>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, 
>>>> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, 
>>>> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null}
>>>> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} 
>>>> {PasswordExpiredCtrl: isCritical=false msg=0}
>>>> Is this telling me a password has expired?
>>> Yes, I believe so.  What happens if you do
>>> /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, 
>>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w 
>>> yourpassword -s base -b "" "objectclass=*"
>>> ?
>>>>
>>>>
>>>> Rich Megginson wrote:
>>>>>>  
>>>>>> Console: cannot connect to the user database
>>>>>> Console: Cannot open: cn=user, 
>>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>>> Console: Cannot open cn=group, 
>>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>>> Console: Cannot open cn=OU, 
>>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>> Why can't it find these entries?  Is it connecting to the wrong 
>>>>> LDAP server?  Can you query these entries using ldapsearch?
>>>>>
>>>>> Use fedora-idm-console -D ldap to see what LDAP connections it is 
>>>>> making.
>>>>>
>>>>> It should be trying to use the server from ldapurl in 
>>>>> /etc/dirsrv/admin-serv/adm.conf
>>>>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, 
>>>>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>>>
>>>>>
>>>>
>>>
>>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

More information about the Fedora-directory-users mailing list