[Fedora-directory-users] fedora-idm-console problem

Wed Dec 17 22:36:53 UTC 2008

Steve Fletcher wrote:
> That gives me:
> [root at rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h 
> rome.protect.nssl -D "uid=admin, ou=Administrators, 
> ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" 
> "objectclass=*"
> ldapsearch: Password will expire in 0 seconds
> ldapsearch: Password has been reset by an administrator; you must 
> change it.
> ldap_search: DSA is unwilling to perform
>
> That is likely because I reset the password to get past the invalid 
> credentials problem when trying to run setup-ds-admin.pl -u
> For the ldapsearch below and to reset the adm password I used -D 
> "cn=Directory Manager". So for the next question: How do I change it or
> unset the password expiration stuff which I never intended to be 
> applied to the admin server by command line.
Change the passwordExpirationTime in that entry:
ldapmodify -x -h rome.protect.nssl -D "cn=directory manager" -w thepassword
dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
changetype: modify
replace: passwordExpirationTime
passwordExpirationTime: 20380101000000Z

Will change the password so that it expires in 2038
>
> Rich Megginson wrote:
>> Steve Fletcher wrote:
>>> Yes I can query these using ldapsearch.
>>> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, 
>>> ou=Global Pre
>>> ferences, ou=protect.nssl, o=NetscapeRoot ...
>>>
>>> Using fedora-idm-console -D ldap     I get:
>>> Ldap Connection rome.protect.nssl:389
>>> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389
>>> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, 
>>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, 
>>> authentication=********}
>>> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} 
>>> {PasswordExpiredCtrl: isCritical=false msg=0} {PasswordExpiringCtrl: 
>>> isCritical=false msg=0}
>>> Ldap Connection (null):389    ...
>>>
>>> and adm.conf has:
>>> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot
>>>
>>> On several following entries I saw:
>>> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, 
>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, 
>>> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, 
>>> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null}
>>> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} 
>>> {PasswordExpiredCtrl: isCritical=false msg=0}
>>> Is this telling me a password has expired?
>> Yes, I believe so.  What happens if you do
>> /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, 
>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w 
>> yourpassword -s base -b "" "objectclass=*"
>> ?
>>>
>>>
>>> Rich Megginson wrote:
>>>>>  
>>>>> Console: cannot connect to the user database
>>>>> Console: Cannot open: cn=user, 
>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>> Console: Cannot open cn=group, 
>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>> Console: Cannot open cn=OU, 
>>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global 
>>>>> Preferences, ou=protect.nssl, o=NetscapeRoot
>>>> Why can't it find these entries?  Is it connecting to the wrong 
>>>> LDAP server?  Can you query these entries using ldapsearch?
>>>>
>>>> Use fedora-idm-console -D ldap to see what LDAP connections it is 
>>>> making.
>>>>
>>>> It should be trying to use the server from ldapurl in 
>>>> /etc/dirsrv/admin-serv/adm.conf
>>>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, 
>>>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot
>>>>>
>>>>
>>>
>>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20081217/a9f5533f/attachment.bin>