[Freeipa-devel] SUCCESS [PATCH] ignore empty values in multi-valued UI attribute

Andreas Mischinski mischins at imi.uni-luebeck.de
Tue Jun 3 20:35:45 UTC 2008 

Here are my commando outputs : 

[root at ipa ~]# ps aux | grep slapd
dirsrv    1825  0.0  0.9 453092 14216 ?        Sl   19:28   0:01
/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-MISCHINS-WORLD -i
/var/run/dirsrv/slapd-MISCHINS-WORLD.pid -w
/var/run/dirsrv/slapd-MISCHINS-WORLD.startpid
root      2698  0.0  0.0   4148   764 pts/0    S+   22:25   0:00 grep slapd

[root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v
ldappasswd: started Tue Jun  3 22:25:58 2008

ldap_init( localhost, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_start_tls_s failed: (Can't connect to the LDAP server)


[root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -vv
ldappasswd: started Tue Jun  3 22:26:42 2008

LDAP Library Information -
    Highest supported protocol version: 3
    LDAP API revision:                  2005
    API vendor name:                    mozilla.org
    Vendor-specific version:            6.04
    LDAP API Extensions:
        SERVER_SIDE_SORT (revision 1)
        VIRTUAL_LIST_VIEW (revision 1)
        PERSISTENT_SEARCH (revision 1)
        PROXY_AUTHORIZATION (revision 1)
        X_LDERRNO (revision 1)
        X_MEMCACHE (revision 1)
        X_IO_FUNCTIONS (revision 1)
        X_EXTIO_FUNCTIONS (revision 1)
        X_DNS_FUNCTIONS (revision 1)
        X_MEMALLOC_FUNCTIONS (revision 1)
        X_THREAD_FUNCTIONS (revision 1)
        X_EXTHREAD_FUNCTIONS (revision 1)
        X_GETLANGVALUES (revision 1)
        X_CLIENT_SIDE_SORT (revision 1)
        X_URL_FUNCTIONS (revision 1)
        X_FILTER_FUNCTIONS (revision 1)

ldap_init( localhost, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_start_tls_s failed: (Can't connect to the LDAP server)

[root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v -h 141.83.20.101
ldappasswd: started Tue Jun  3 22:27:46 2008

ldap_init( 141.83.20.101, 389 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldappasswd: password successfully changed

Success ! 

[root at ipa ~]# kinit admin
Password for admin at MISCHINS.WORLD: 
kinit(v5): Password incorrect while getting initial credentials
[root at ipa ~]# kinit admin
Password for admin at MISCHINS.WORLD: 
[root at ipa ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at MISCHINS.WORLD

Valid starting     Expires            Service principal
06/03/08 22:29:24  06/04/08 22:29:09  krbtgt/MISCHINS.WORLD at MISCHINS.WORLD


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


argh.. But good. I can start now exploring the other features.

Great help. 

Andreas

-----Ursprüngliche Nachricht-----
Von: Rob Crittenden [mailto:rcritten at redhat.com] 
Gesendet: Dienstag, 3. Juni 2008 22:23
An: Andreas Mischinski
Cc: 'freeipa-devel'
Betreff: Re: AW: AW: [Freeipa-devel] [PATCH] ignore empty values in
multi-valued UI attribute

Andreas Mischinski wrote:
> Hey, this is the result. 
> 
> /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1 -P
> /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world
> ldap_start_tls_s failed: (Can't connect to the LDAP server)
> 
> I `ve installed fedora core 9 (fresh install) and then selected the
> ipaserver package over the package manager.
> From the commandline I started ipa-server-install and received the only
> error with setting the admin password.
> 
> MISCHINS.WORLD is a test domain in our environment. We want to migrate
from
> pure OpenLdap to something like fedora directory server in combination
with
> Active Director, since many applications are designed for Active
Directory.
> 
> It seems for me, that he had the same problem ? 
> 
> Maybe  I should downgrade my fedora core installation, but that would not
be
> my first choice.
> If I can provide you with more info, commands, let me know.

No, Fedora 9 should be fine.

Can you try the command again, this time also with the -v option 
(verbose output). That should show us what host it is trying to connect 
to. I wonder if that is simply failing.

You can also try specifically using -h YOURSERVER where YOURSERVER is 
the hostname of the machine you installed IPA on.

rob

> 
> Andreas  
> 
> -----Ursprüngliche Nachricht-----
> Von: Rob Crittenden [mailto:rcritten at redhat.com] 
> Gesendet: Dienstag, 3. Juni 2008 21:56
> An: Andreas Mischinski
> Cc: 'freeipa-devel'
> Betreff: Re: AW: [Freeipa-devel] [PATCH] ignore empty values in
multi-valued
> UI attribute
> 
> Andreas Mischinski wrote:
>> I`m a noob with this ipaserver. Tell me what`s wrong with my installation
> ? 
>> Should I apply your patch and reinstall the ipaserver ? 
>>
>> Thanks for help so far.
>>
>> -----Ursprüngliche Nachricht-----
>> Von: freeipa-devel-bounces at redhat.com
>> [mailto:freeipa-devel-bounces at redhat.com] Im Auftrag von Rob Crittenden
>> Gesendet: Dienstag, 3. Juni 2008 20:59
>> An: freeipa-devel
>> Betreff: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI
>> attribute
>>
>> When converting from a multi-valued UI attribute back to a list drop any
>> blank values. This will avoid errors in the UniqueList() validator.
>>
>> rob
>>
> 
> No, this patch too is unrelated to your problem. We post all patches for 
> peer review here in a post starting with PATCH so they are easy to find.
> 
> Can you try this command (basically putting quotes around cn=)
> 
> /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1
> -P /etc/dirsrv/slapd-MISCHINS-WORLD/cert8.db -ZZZ -s password1
> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world
> 
> There was one other report of this problem, 
> https://bugzilla.redhat.com/show_bug.cgi?id=442802
> 
> I was never able to get confirmation on what he did to fix it though.
> 
> rob
> 
>

More information about the Freeipa-devel mailing list