[Fedora-directory-users] Problem with AdminConsole failoverusingFedoraDS

Kyley Engle kyley_engle at hotmail.com
Fri Apr 27 22:37:02 UTC 2007


bah, you were right earlier, and i missed something.

examining the dse.ldif file, i found that it was indeed the passthrough 
authentication plug-in. i manually turned it off for the secondary-master, 
shut down the primary-master, and was then able to restart the 
secondary-master admin-server

they entry is:
dn: cn=Pass Through Authentication,cn=plugins,cn=config
nsslapd-pluginEnabled

it might help to update the HowTo to reference that change

>From: Richard Megginson <rmeggins at redhat.com>
>Reply-To: "General discussion list for the Fedora Directory server 
>project." <fedora-directory-users at redhat.com>
>To: "General discussion list for the Fedora Directory server project." 
><fedora-directory-users at redhat.com>
>Subject: Re: [Fedora-directory-users] Problem with 
>AdminConsole	failoverusingFedoraDS
>Date: Fri, 27 Apr 2007 08:17:43 -0600
>
>Kyley Engle wrote:
>>
>>so here's where i'm at now.....
>>
>>primary-master and secondary-master running...everything is fine. i shut 
>>down the primary-master and i can log into the admin console on the 
>>secondary-master fine. however, if i try to restart the admin server, it 
>>fails with:
>>
>>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing NSS library
>>[Thu Apr 26 22:48:50 2007] [info] Initializing SSL Session Cache of size 
>>10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
>>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing (virtual) servers for 
>>SSL
>>[Thu Apr 26 22:48:50 2007] [info] Server: Apache/2.0.52, Interface: 
>>mod_nss/2.0.52, Library: NSS/3.11
>>[Thu Apr 26 22:48:50 2007] [debug] mod_admserv.c(2154): [30854] Cache 
>>expiration set to 600 seconds
>>[Thu Apr 26 22:48:50 2007] [crit] mod_admserv_post_config(): unable to 
>>build user/group LDAP server info: unable to set User/Group baseDN
>>Configuration Failed
>>
>>I change the 2 files and 1 directory entry listed in the HowTo: and i get 
>>the exact same behavior.
>There are probably some other values under o=NetscapeRoot somewhere that 
>reference the old directory server. Try this:
>cd /opt/fedora-ds/shared/bin ; ./ldapsearch -T -h host -p port -D 
>"cn=directory manager" -w password -s sub -b o=netscaperoot "objectclass=*" 
>| grep "old ldap server host and/or port"
>>
>>I have no pass through authentication configured. I'm doing some testing 
>>on 2 freshly installed instances that don't have anything other than 
>>o=NetscapeRoot replication enabled and working.
>>
>>hope this is useful....
>>
>>-ke
>>
>>
>>>From: Richard Megginson <rmeggins at redhat.com>
>>>Reply-To: "General discussion list for the Fedora Directory server 
>>>project." <fedora-directory-users at redhat.com>
>>>To: "General discussion list for the Fedora Directory server project." 
>>><fedora-directory-users at redhat.com>
>>>Subject: Re: [Fedora-directory-users] Problem with Admin Console 
>>>failoverusingFedoraDS
>>>Date: Thu, 26 Apr 2007 16:01:22 -0600
>>>
>>>Kyley Engle wrote:
>>>>
>>>>
>>>>i have done that, as well as changing the directory in the 
>>>>nsDirectoryURL entry and the file 
>>>>/opt/fedora-ds/admin-serv/config/adm.conf
>>>>
>>>>is there maybe a way to increase the debug logging on the admin-serv? 
>>>>i'm not finding very much documentation on it.
>>>I think you'll also need to change or disable the pass through 
>>>authentication plug-in in your backup configuration directory server.
>>>
>>>edit admin-serv/config/httpd.conf and set the LogLevel to debug
>>>>
>>>>ke
>>>>
>>>>>From: Richard Megginson <rmeggins at redhat.com>
>>>>>Reply-To: "General discussion list for the Fedora Directory server 
>>>>>project." <fedora-directory-users at redhat.com>
>>>>>To: "General discussion list for the Fedora Directory server project." 
>>>>><fedora-directory-users at redhat.com>
>>>>>Subject: Re: [Fedora-directory-users] Problem with Admin Console 
>>>>>failoverusing FedoraDS
>>>>>Date: Thu, 26 Apr 2007 15:17:43 -0600
>>>>>
>>>>>Kyley Engle wrote:
>>>>>>
>>>>>>Hello,
>>>>>>
>>>>>>I am having problems with the admin-serv when doing failure testing in 
>>>>>>my multi-master environmnet.
>>>>>>
>>>>>>What I have:
>>>>>>
>>>>>>2 masters replicating the userRoot and NetscapeRoot directories
>>>>>>various hub and consumer/search servers
>>>>>>
>>>>>>When I installed the instances on each of these servers, i pointed 
>>>>>>them at one of the masters, let's call it primary-master, for it's 
>>>>>>configuration directory. when both masters are up and running, i can 
>>>>>>connect my admin consoel to either directory and manage my fleet of 
>>>>>>servers
>>>>>>
>>>>>>While doing failure mode testing, I discovered that if the 
>>>>>>primary-master was turned off, that the secondary master admin-serv 
>>>>>>would not start properly. it gives the following in 
>>>>>>/opt/fedora-ds/admin-serv/logs/error:
>>>>>>
>>>>>>[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to 
>>>>>>build user/group LDAP server info: unable to set User/Group baseDN
>>>>>>Configuration Failed
>>>>>>
>>>>>>I followed the instructions found here:
>>>>>>http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>to change the admin server running on secondary-master to point to 
>>>>>>itself instead of to the primary master. this did not resolve the 
>>>>>>issue.
>>>>>>
>>>>>>Has anyone out there gotten the configuration directory successfully 
>>>>>>working in a failover capacity in a multi-master environment?
>>>>>Try updating shared/config/dbswitch.conf to point to the backup 
>>>>>configuration ds.
>>>>>>
>>>>>>ke
>>>>>>
>>>>>>_________________________________________________________________
>>>>>>The average US Credit Score is 675. The cost to see yours: $0 by 
>>>>>>Experian. 
>>>>>>http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>--
>>>>>>Fedora-directory-users mailing list
>>>>>>Fedora-directory-users at redhat.com
>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>><< smime.p7s >>
>>>>
>>>>
>>>>
>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list
>>>>>Fedora-directory-users at redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>_________________________________________________________________
>>>>Download Messenger. Join the i’m Initiative. Help make a difference 
>>>>today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07
>>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>><< smime.p7s >>
>>
>>
>>
>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>_________________________________________________________________
>>Mortgage refinance is Hot. *Terms. Get a 5.375%* fix rate. Check savings 
>>https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2bbb&disc=y&vers=925&s=4056&p=5117
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users


><< smime.p7s >>




>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users

_________________________________________________________________
Exercise your brain! Try Flexicon. 
http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapril07




More information about the Fedora-directory-users mailing list