[Fedora-directory-users] Problem with Admin Console failoverusingFedoraDS

Richard Megginson rmeggins at redhat.com
Fri Apr 27 14:17:43 UTC 2007 

Kyley Engle wrote:
>
> so here's where i'm at now.....
>
> primary-master and secondary-master running...everything is fine. i 
> shut down the primary-master and i can log into the admin console on 
> the secondary-master fine. however, if i try to restart the admin 
> server, it fails with:
>
> [Thu Apr 26 22:48:50 2007] [info] Init: Initializing NSS library
> [Thu Apr 26 22:48:50 2007] [info] Initializing SSL Session Cache of 
> size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
> [Thu Apr 26 22:48:50 2007] [info] Init: Initializing (virtual) servers 
> for SSL
> [Thu Apr 26 22:48:50 2007] [info] Server: Apache/2.0.52, Interface: 
> mod_nss/2.0.52, Library: NSS/3.11
> [Thu Apr 26 22:48:50 2007] [debug] mod_admserv.c(2154): [30854] Cache 
> expiration set to 600 seconds
> [Thu Apr 26 22:48:50 2007] [crit] mod_admserv_post_config(): unable to 
> build user/group LDAP server info: unable to set User/Group baseDN
> Configuration Failed
>
> I change the 2 files and 1 directory entry listed in the HowTo: and i 
> get the exact same behavior.
There are probably some other values under o=NetscapeRoot somewhere that 
reference the old directory server. Try this:
cd /opt/fedora-ds/shared/bin ; ./ldapsearch -T -h host -p port -D 
"cn=directory manager" -w password -s sub -b o=netscaperoot 
"objectclass=*" | grep "old ldap server host and/or port"
>
> I have no pass through authentication configured. I'm doing some 
> testing on 2 freshly installed instances that don't have anything 
> other than o=NetscapeRoot replication enabled and working.
>
> hope this is useful....
>
> -ke
>
>
>> From: Richard Megginson <rmeggins at redhat.com>
>> Reply-To: "General discussion list for the Fedora Directory server 
>> project." <fedora-directory-users at redhat.com>
>> To: "General discussion list for the Fedora Directory server 
>> project." <fedora-directory-users at redhat.com>
>> Subject: Re: [Fedora-directory-users] Problem with Admin Console 
>> failoverusingFedoraDS
>> Date: Thu, 26 Apr 2007 16:01:22 -0600
>>
>> Kyley Engle wrote:
>>>
>>>
>>> i have done that, as well as changing the directory in the 
>>> nsDirectoryURL entry and the file 
>>> /opt/fedora-ds/admin-serv/config/adm.conf
>>>
>>> is there maybe a way to increase the debug logging on the 
>>> admin-serv? i'm not finding very much documentation on it.
>> I think you'll also need to change or disable the pass through 
>> authentication plug-in in your backup configuration directory server.
>>
>> edit admin-serv/config/httpd.conf and set the LogLevel to debug
>>>
>>> ke
>>>
>>>> From: Richard Megginson <rmeggins at redhat.com>
>>>> Reply-To: "General discussion list for the Fedora Directory server 
>>>> project." <fedora-directory-users at redhat.com>
>>>> To: "General discussion list for the Fedora Directory server 
>>>> project." <fedora-directory-users at redhat.com>
>>>> Subject: Re: [Fedora-directory-users] Problem with Admin Console 
>>>> failoverusing FedoraDS
>>>> Date: Thu, 26 Apr 2007 15:17:43 -0600
>>>>
>>>> Kyley Engle wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I am having problems with the admin-serv when doing failure 
>>>>> testing in my multi-master environmnet.
>>>>>
>>>>> What I have:
>>>>>
>>>>> 2 masters replicating the userRoot and NetscapeRoot directories
>>>>> various hub and consumer/search servers
>>>>>
>>>>> When I installed the instances on each of these servers, i pointed 
>>>>> them at one of the masters, let's call it primary-master, for it's 
>>>>> configuration directory. when both masters are up and running, i 
>>>>> can connect my admin consoel to either directory and manage my 
>>>>> fleet of servers
>>>>>
>>>>> While doing failure mode testing, I discovered that if the 
>>>>> primary-master was turned off, that the secondary master 
>>>>> admin-serv would not start properly. it gives the following in 
>>>>> /opt/fedora-ds/admin-serv/logs/error:
>>>>>
>>>>> [Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): 
>>>>> unable to build user/group LDAP server info: unable to set 
>>>>> User/Group baseDN
>>>>> Configuration Failed
>>>>>
>>>>> I followed the instructions found here:
>>>>> http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server 
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> to change the admin server running on secondary-master to point to 
>>>>> itself instead of to the primary master. this did not resolve the 
>>>>> issue.
>>>>>
>>>>> Has anyone out there gotten the configuration directory 
>>>>> successfully working in a failover capacity in a multi-master 
>>>>> environment?
>>>> Try updating shared/config/dbswitch.conf to point to the backup 
>>>> configuration ds.
>>>>>
>>>>> ke
>>>>>
>>>>> _________________________________________________________________
>>>>> The average US Credit Score is 675. The cost to see yours: $0 by 
>>>>> Experian. 
>>>>> http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE 
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>> << smime.p7s >>
>>>
>>>
>>>
>>>
>>>> -- 
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>> _________________________________________________________________
>>> Download Messenger. Join the i’m Initiative. Help make a difference 
>>> today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>> << smime.p7s >>
>
>
>
>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> _________________________________________________________________
> Mortgage refinance is Hot. *Terms. Get a 5.375%* fix rate. Check 
> savings 
> https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2bbb&disc=y&vers=925&s=4056&p=5117 
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070427/fafd4657/attachment.bin>

More information about the Fedora-directory-users mailing list