[Fedora-directory-users] Problem accessing Configuration Directory after upgrade to 1.0.3
Dan Deighton
deighton at gmail.com
Thu Nov 2 19:40:36 UTC 2006
On Thu, 2006-11-02 at 12:56 -0500, Rob Crittenden wrote:
I don't think that the password thing is necessarily a problem depending
> on how mod_nss is configured. I'm more curious what is logged on the
> LDAP side. Is the admin server attempting to open a connection? If so,
> how is it failing?
>
> rob
>
The admin server is attempting to open a connection. From the access log:
---
[02/Nov/2006:14:20:02 -0500] conn=5 fd=64 slot=64 SSL connection from
192.168.55.1 to 192.168.55.1
[02/Nov/2006:14:20:02 -0500] conn=5 SSL 128-bit RC4
[02/Nov/2006:14:20:02 -0500] conn=5 op=0 BIND dn="cn=admin-serv-ldap,
cn=Fedora Administration Server, cn=Server Group, cn=ldap.example.net,
ou=example.net, o=NetscapeRoot" method=128 version=2
[02/Nov/2006:14:20:02 -0500] conn=5 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[02/Nov/2006:14:20:02 -0500] conn=5 op=1 SRCH base="cn=configuration,
cn=admin-serv-ldap, cn=Fedora Administration Server, cn=Server Group,
cn=ldap.example.net, ou=example.net, o=NetscapeRoot" scope=0
filter="(objectClass=nsDirectoryInfo)" attrs=ALL
[02/Nov/2006:14:20:02 -0500] conn=5 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[02/Nov/2006:14:20:02 -0500] conn=5 op=2 UNBIND
[02/Nov/2006:14:20:02 -0500] conn=5 op=2 fd=64 closed - U1
---
I ran the same query manually and this is successful:
---
[02/Nov/2006:14:22:55 -0500] conn=7 fd=64 slot=64 SSL connection from
192.168.55.1 to 192.168.55.1
[02/Nov/2006:14:22:55 -0500] conn=7 SSL 128-bit RC4
[02/Nov/2006:14:22:55 -0500] conn=7 op=0 BIND dn="cn=admin-serv-ldap,
cn=Fedora Administration Server, cn=Server Group, cn=ldap.example.net,
ou=example.net, o=NetscapeRoot" method=128 version=3
[02/Nov/2006:14:22:55 -0500] conn=7 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="cn=admin-serv-ldap,cn=fedora administration
server,cn=server
group,cn=ldap.example.net,ou=example.net,o=netscaperoot"
[02/Nov/2006:14:22:55 -0500] conn=7 op=1 SRCH base="cn=configuration,
cn=admin-serv-ldap, cn=Fedora Administration Server, cn=Server Group,
cn=ldap.example.net, ou=example.net, o=NetscapeRoot" scope=0
filter="(objectClass=nsDirectoryInfo)" attrs=ALL
[02/Nov/2006:14:22:55 -0500] conn=7 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[02/Nov/2006:14:22:55 -0500] conn=7 op=2 UNBIND
[02/Nov/2006:14:22:55 -0500] conn=7 op=2 fd=64 closed - U1
---
I notice 2 differences. The BIND is using version 2 when trying to
start the admin server. That shouldn't matter.
The problem seems to be with the BIND'ing. When trying to start the
admin server, the RESULT to the BIND contains an empty dn. When run
manually, the dn is correct.
It seems like it is not authenticating properly with FDS 1.0.3.
More information about the Fedora-directory-users
mailing list