[Fedora-directory-users] fedora-idm-console problem

Steve Fletcher Steve.Fletcher at noaa.gov
Wed Dec 17 22:30:18 UTC 2008 

That gives me:
[root at rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h rome.protect.nssl 
-D "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" 
-w "Mypassword" -s base -b "" "objectclass=*"
ldapsearch: Password will expire in 0 seconds
ldapsearch: Password has been reset by an administrator; you must change it.
ldap_search: DSA is unwilling to perform

That is likely because I reset the password to get past the invalid 
credentials problem when trying to run setup-ds-admin.pl -u
For the ldapsearch below and to reset the adm password I used -D 
"cn=Directory Manager". So for the next question: How do I change it or
unset the password expiration stuff which I never intended to be applied 
to the admin server by command line.

Rich Megginson wrote:
> Steve Fletcher wrote:
>> Yes I can query these using ldapsearch.
>> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, 
>> ou=Global Pre
>> ferences, ou=protect.nssl, o=NetscapeRoot ...
>>
>> Using fedora-idm-console -D ldap     I get:
>> Ldap Connection rome.protect.nssl:389
>> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389
>> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, 
>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, 
>> authentication=********}
>> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} 
>> {PasswordExpiredCtrl: isCritical=false msg=0} {PasswordExpiringCtrl: 
>> isCritical=false msg=0}
>> Ldap Connection (null):389    ...
>>
>> and adm.conf has:
>> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot
>>
>> On several following entries I saw:
>> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, 
>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, 
>> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, 
>> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null}
>> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} 
>> {PasswordExpiredCtrl: isCritical=false msg=0}
>> Is this telling me a password has expired?
> Yes, I believe so.  What happens if you do
> /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, 
> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w 
> yourpassword -s base -b "" "objectclass=*"
> ?
>>
>>
>> Rich Megginson wrote:
>>>>  
>>>> Console: cannot connect to the user database
>>>> Console: Cannot open: cn=user, 
>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>> Console: Cannot open cn=group, 
>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>> Console: Cannot open cn=OU, 
>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>> Why can't it find these entries?  Is it connecting to the wrong LDAP 
>>> server?  Can you query these entries using ldapsearch?
>>>
>>> Use fedora-idm-console -D ldap to see what LDAP connections it is 
>>> making.
>>>
>>> It should be trying to use the server from ldapurl in 
>>> /etc/dirsrv/admin-serv/adm.conf
>>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, 
>>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>
>>>
>>
>

More information about the Fedora-directory-users mailing list