[Freeipa-devel] SUCCESS [PATCH] ignore empty values in multi-valued UI attribute
Andreas Mischinski
mischins at imi.uni-luebeck.de
Tue Jun 3 20:35:45 UTC 2008
Here are my commando outputs :
[root at ipa ~]# ps aux | grep slapd
dirsrv 1825 0.0 0.9 453092 14216 ? Sl 19:28 0:01
/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-MISCHINS-WORLD -i
/var/run/dirsrv/slapd-MISCHINS-WORLD.pid -w
/var/run/dirsrv/slapd-MISCHINS-WORLD.startpid
root 2698 0.0 0.0 4148 764 pts/0 S+ 22:25 0:00 grep slapd
[root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v
ldappasswd: started Tue Jun 3 22:25:58 2008
ldap_init( localhost, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_start_tls_s failed: (Can't connect to the LDAP server)
[root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -vv
ldappasswd: started Tue Jun 3 22:26:42 2008
LDAP Library Information -
Highest supported protocol version: 3
LDAP API revision: 2005
API vendor name: mozilla.org
Vendor-specific version: 6.04
LDAP API Extensions:
SERVER_SIDE_SORT (revision 1)
VIRTUAL_LIST_VIEW (revision 1)
PERSISTENT_SEARCH (revision 1)
PROXY_AUTHORIZATION (revision 1)
X_LDERRNO (revision 1)
X_MEMCACHE (revision 1)
X_IO_FUNCTIONS (revision 1)
X_EXTIO_FUNCTIONS (revision 1)
X_DNS_FUNCTIONS (revision 1)
X_MEMALLOC_FUNCTIONS (revision 1)
X_THREAD_FUNCTIONS (revision 1)
X_EXTHREAD_FUNCTIONS (revision 1)
X_GETLANGVALUES (revision 1)
X_CLIENT_SIDE_SORT (revision 1)
X_URL_FUNCTIONS (revision 1)
X_FILTER_FUNCTIONS (revision 1)
ldap_init( localhost, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_start_tls_s failed: (Can't connect to the LDAP server)
[root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v -h 141.83.20.101
ldappasswd: started Tue Jun 3 22:27:46 2008
ldap_init( 141.83.20.101, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldappasswd: password successfully changed
Success !
[root at ipa ~]# kinit admin
Password for admin at MISCHINS.WORLD:
kinit(v5): Password incorrect while getting initial credentials
[root at ipa ~]# kinit admin
Password for admin at MISCHINS.WORLD:
[root at ipa ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at MISCHINS.WORLD
Valid starting Expires Service principal
06/03/08 22:29:24 06/04/08 22:29:09 krbtgt/MISCHINS.WORLD at MISCHINS.WORLD
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
argh.. But good. I can start now exploring the other features.
Great help.
Andreas
-----Ursprüngliche Nachricht-----
Von: Rob Crittenden [mailto:rcritten at redhat.com]
Gesendet: Dienstag, 3. Juni 2008 22:23
An: Andreas Mischinski
Cc: 'freeipa-devel'
Betreff: Re: AW: AW: [Freeipa-devel] [PATCH] ignore empty values in
multi-valued UI attribute
Andreas Mischinski wrote:
> Hey, this is the result.
>
> /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1 -P
> /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world
> ldap_start_tls_s failed: (Can't connect to the LDAP server)
>
> I `ve installed fedora core 9 (fresh install) and then selected the
> ipaserver package over the package manager.
> From the commandline I started ipa-server-install and received the only
> error with setting the admin password.
>
> MISCHINS.WORLD is a test domain in our environment. We want to migrate
from
> pure OpenLdap to something like fedora directory server in combination
with
> Active Director, since many applications are designed for Active
Directory.
>
> It seems for me, that he had the same problem ?
>
> Maybe I should downgrade my fedora core installation, but that would not
be
> my first choice.
> If I can provide you with more info, commands, let me know.
No, Fedora 9 should be fine.
Can you try the command again, this time also with the -v option
(verbose output). That should show us what host it is trying to connect
to. I wonder if that is simply failing.
You can also try specifically using -h YOURSERVER where YOURSERVER is
the hostname of the machine you installed IPA on.
rob
>
> Andreas
>
> -----Ursprüngliche Nachricht-----
> Von: Rob Crittenden [mailto:rcritten at redhat.com]
> Gesendet: Dienstag, 3. Juni 2008 21:56
> An: Andreas Mischinski
> Cc: 'freeipa-devel'
> Betreff: Re: AW: [Freeipa-devel] [PATCH] ignore empty values in
multi-valued
> UI attribute
>
> Andreas Mischinski wrote:
>> I`m a noob with this ipaserver. Tell me what`s wrong with my installation
> ?
>> Should I apply your patch and reinstall the ipaserver ?
>>
>> Thanks for help so far.
>>
>> -----Ursprüngliche Nachricht-----
>> Von: freeipa-devel-bounces at redhat.com
>> [mailto:freeipa-devel-bounces at redhat.com] Im Auftrag von Rob Crittenden
>> Gesendet: Dienstag, 3. Juni 2008 20:59
>> An: freeipa-devel
>> Betreff: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI
>> attribute
>>
>> When converting from a multi-valued UI attribute back to a list drop any
>> blank values. This will avoid errors in the UniqueList() validator.
>>
>> rob
>>
>
> No, this patch too is unrelated to your problem. We post all patches for
> peer review here in a post starting with PATCH so they are easy to find.
>
> Can you try this command (basically putting quotes around cn=)
>
> /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1
> -P /etc/dirsrv/slapd-MISCHINS-WORLD/cert8.db -ZZZ -s password1
> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world
>
> There was one other report of this problem,
> https://bugzilla.redhat.com/show_bug.cgi?id=442802
>
> I was never able to get confirmation on what he did to fix it though.
>
> rob
>
>
More information about the Freeipa-devel
mailing list