[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] Re: SUCCESS [PATCH] ignore empty values in multi-valued UI attribute

From: Rob Crittenden <rcritten redhat com>
To: Andreas Mischinski <mischins imi uni-luebeck de>
Cc: 'freeipa-devel' <freeipa-devel redhat com>
Subject: [Freeipa-devel] Re: SUCCESS [PATCH] ignore empty values in multi-valued UI attribute
Date: Tue, 03 Jun 2008 16:39:47 -0400

Andreas Mischinski wrote:

Here are my commando outputs :

[root ipa ~]# ps aux | grep slapd
dirsrv    1825  0.0  0.9 453092 14216 ?        Sl   19:28   0:01
/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-MISCHINS-WORLD -i
/var/run/dirsrv/slapd-MISCHINS-WORLD.pid -w
/var/run/dirsrv/slapd-MISCHINS-WORLD.startpid
root      2698  0.0  0.0   4148   764 pts/0    S+   22:25   0:00 grep slapd

[root ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v
ldappasswd: started Tue Jun  3 22:25:58 2008

ldap_init( localhost, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_start_tls_s failed: (Can't connect to the LDAP server)


[root ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -vv
ldappasswd: started Tue Jun  3 22:26:42 2008

LDAP Library Information -
    Highest supported protocol version: 3
    LDAP API revision:                  2005
    API vendor name:                    mozilla.org
    Vendor-specific version:            6.04
    LDAP API Extensions:
        SERVER_SIDE_SORT (revision 1)
        VIRTUAL_LIST_VIEW (revision 1)
        PERSISTENT_SEARCH (revision 1)
        PROXY_AUTHORIZATION (revision 1)
        X_LDERRNO (revision 1)
        X_MEMCACHE (revision 1)
        X_IO_FUNCTIONS (revision 1)
        X_EXTIO_FUNCTIONS (revision 1)
        X_DNS_FUNCTIONS (revision 1)
        X_MEMALLOC_FUNCTIONS (revision 1)
        X_THREAD_FUNCTIONS (revision 1)
        X_EXTHREAD_FUNCTIONS (revision 1)
        X_GETLANGVALUES (revision 1)
        X_CLIENT_SIDE_SORT (revision 1)
        X_URL_FUNCTIONS (revision 1)
        X_FILTER_FUNCTIONS (revision 1)

ldap_init( localhost, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_start_tls_s failed: (Can't connect to the LDAP server)

[root ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v -h 141.83.20.101
ldappasswd: started Tue Jun  3 22:27:46 2008

ldap_init( 141.83.20.101, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldappasswd: password successfully changed

Success !

[root ipa ~]# kinit admin

Password for admin MISCHINS WORLD:kinit(v5): Password incorrect while getting initial credentials

[root ipa ~]# kinit admin

Password for admin MISCHINS WORLD:[root ipa ~]# klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin MISCHINS WORLD

Valid starting     Expires            Service principal
06/03/08 22:29:24  06/04/08 22:29:09  krbtgt/MISCHINS WORLD MISCHINS WORLD


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


argh.. But good. I can start now exploring the other features.

Great help.

Andreas

Ok, that's a good start but we need to figure out why it can't connectto localhost. Do you have an entry for localhost in /etc/hosts? Fedorashould create one by default and look something like:


127.0.0.1               localhost.localdomain localhost

Is the loopback interface up? (/sbin/ifconfig lo)

I'm wondering if this is a problem with NetworkManager.

rob


-----Ursprüngliche Nachricht-----

Von: Rob Crittenden [mailto:rcritten redhat com]Gesendet: Dienstag, 3. Juni 2008 22:23

An: Andreas Mischinski
Cc: 'freeipa-devel'
Betreff: Re: AW: AW: [Freeipa-devel] [PATCH] ignore empty values in
multi-valued UI attribute

Andreas Mischinski wrote:

Hey, this is the result.

/usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1 -P
/etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world
ldap_start_tls_s failed: (Can't connect to the LDAP server)

I `ve installed fedora core 9 (fresh install) and then selected the
ipaserver package over the package manager.
From the commandline I started ipa-server-install and received the only
error with setting the admin password.

MISCHINS.WORLD is a test domain in our environment. We want to migrate

from

pure OpenLdap to something like fedora directory server in combination

with

Active Director, since many applications are designed for Active

Directory.

It seems for me, that he had the same problem ?
Maybe  I should downgrade my fedora core installation, but that would not

be

my first choice.
If I can provide you with more info, commands, let me know.


No, Fedora 9 should be fine.

Can you try the command again, this time also with the -v option(verbose output). That should show us what host it is trying to connectto. I wonder if that is simply failing.

You can also try specifically using -h YOURSERVER where YOURSERVER isthe hostname of the machine you installed IPA on.

rob

Andreas
-----Ursprüngliche Nachricht-----
Von: Rob Crittenden [mailto:rcritten redhat com]Gesendet: Dienstag, 3. Juni 2008 21:56
An: Andreas Mischinski
Cc: 'freeipa-devel'
Betreff: Re: AW: [Freeipa-devel] [PATCH] ignore empty values in

multi-valued

UI attribute

Andreas Mischinski wrote:

I`m a noob with this ipaserver. Tell me what`s wrong with my installation

?

Should I apply your patch and reinstall the ipaserver ?

Thanks for help so far.

-----Ursprüngliche Nachricht-----
Von: freeipa-devel-bounces redhat com
[mailto:freeipa-devel-bounces redhat com] Im Auftrag von Rob Crittenden
Gesendet: Dienstag, 3. Juni 2008 20:59
An: freeipa-devel
Betreff: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI
attribute

When converting from a multi-valued UI attribute back to a list drop any
blank values. This will avoid errors in the UniqueList() validator.

rob

No, this patch too is unrelated to your problem. We post all patches forpeer review here in a post starting with PATCH so they are easy to find.


Can you try this command (basically putting quotes around cn=)

/usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1
-P /etc/dirsrv/slapd-MISCHINS-WORLD/cert8.db -ZZZ -s password1
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world

There was one other report of this problem,https://bugzilla.redhat.com/show_bug.cgi?id=442802


I was never able to get confirmation on what he did to fix it though.

rob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI attribute
  - From: Rob Crittenden
- AW: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI attribute
  - From: Andreas Mischinski
- Re: AW: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI attribute
  - From: Rob Crittenden
- AW: AW: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI attribute
  - From: Andreas Mischinski
- Re: AW: AW: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI attribute
  - From: Rob Crittenden
- [Freeipa-devel] SUCCESS [PATCH] ignore empty values in multi-valued UI attribute
  - From: Andreas Mischinski

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]