[Freeipa-devel] Re: SUCCESS [PATCH] ignore empty values in multi-valued UI attribute

Rob Crittenden rcritten at redhat.com
Tue Jun 3 20:39:47 UTC 2008 

Andreas Mischinski wrote:
> Here are my commando outputs : 
> 
> [root at ipa ~]# ps aux | grep slapd
> dirsrv    1825  0.0  0.9 453092 14216 ?        Sl   19:28   0:01
> /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-MISCHINS-WORLD -i
> /var/run/dirsrv/slapd-MISCHINS-WORLD.pid -w
> /var/run/dirsrv/slapd-MISCHINS-WORLD.startpid
> root      2698  0.0  0.0   4148   764 pts/0    S+   22:25   0:00 grep slapd
> 
> [root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
> password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v
> ldappasswd: started Tue Jun  3 22:25:58 2008
> 
> ldap_init( localhost, 389 )
> ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
> ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
> ldaptool_getmodpath -- (null)
> ldaptool_getdonglefilename -- (null)
> ldap_start_tls_s failed: (Can't connect to the LDAP server)
> 
> 
> [root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
> password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -vv
> ldappasswd: started Tue Jun  3 22:26:42 2008
> 
> LDAP Library Information -
>     Highest supported protocol version: 3
>     LDAP API revision:                  2005
>     API vendor name:                    mozilla.org
>     Vendor-specific version:            6.04
>     LDAP API Extensions:
>         SERVER_SIDE_SORT (revision 1)
>         VIRTUAL_LIST_VIEW (revision 1)
>         PERSISTENT_SEARCH (revision 1)
>         PROXY_AUTHORIZATION (revision 1)
>         X_LDERRNO (revision 1)
>         X_MEMCACHE (revision 1)
>         X_IO_FUNCTIONS (revision 1)
>         X_EXTIO_FUNCTIONS (revision 1)
>         X_DNS_FUNCTIONS (revision 1)
>         X_MEMALLOC_FUNCTIONS (revision 1)
>         X_THREAD_FUNCTIONS (revision 1)
>         X_EXTHREAD_FUNCTIONS (revision 1)
>         X_GETLANGVALUES (revision 1)
>         X_CLIENT_SIDE_SORT (revision 1)
>         X_URL_FUNCTIONS (revision 1)
>         X_FILTER_FUNCTIONS (revision 1)
> 
> ldap_init( localhost, 389 )
> ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
> ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
> ldaptool_getmodpath -- (null)
> ldaptool_getdonglefilename -- (null)
> ldap_start_tls_s failed: (Can't connect to the LDAP server)
> 
> [root at ipa ~]# /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w
> password1 -P /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world -v -h 141.83.20.101
> ldappasswd: started Tue Jun  3 22:27:46 2008
> 
> ldap_init( 141.83.20.101, 389 )
> ldaptool_getcertpath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
> ldaptool_getkeypath -- /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db
> ldaptool_getmodpath -- (null)
> ldaptool_getdonglefilename -- (null)
> ldappasswd: password successfully changed
> 
> Success ! 
> 
> [root at ipa ~]# kinit admin
> Password for admin at MISCHINS.WORLD: 
> kinit(v5): Password incorrect while getting initial credentials
> [root at ipa ~]# kinit admin
> Password for admin at MISCHINS.WORLD: 
> [root at ipa ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at MISCHINS.WORLD
> 
> Valid starting     Expires            Service principal
> 06/03/08 22:29:24  06/04/08 22:29:09  krbtgt/MISCHINS.WORLD at MISCHINS.WORLD
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> 
> 
> argh.. But good. I can start now exploring the other features.
> 
> Great help. 
> 
> Andreas

Ok, that's a good start but we need to figure out why it can't connect 
to localhost. Do you have an entry for localhost in /etc/hosts? Fedora 
should create one by default and look something like:

127.0.0.1               localhost.localdomain localhost

Is the loopback interface up? (/sbin/ifconfig lo)

I'm wondering if this is a problem with NetworkManager.

rob

> 
> -----Ursprüngliche Nachricht-----
> Von: Rob Crittenden [mailto:rcritten at redhat.com] 
> Gesendet: Dienstag, 3. Juni 2008 22:23
> An: Andreas Mischinski
> Cc: 'freeipa-devel'
> Betreff: Re: AW: AW: [Freeipa-devel] [PATCH] ignore empty values in
> multi-valued UI attribute
> 
> Andreas Mischinski wrote:
>> Hey, this is the result. 
>>
>> /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1 -P
>> /etc/dirsrv/slapd-MISCHINS-WORLD//cert8.db -ZZZ -s password2
>> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world
>> ldap_start_tls_s failed: (Can't connect to the LDAP server)
>>
>> I `ve installed fedora core 9 (fresh install) and then selected the
>> ipaserver package over the package manager.
>> From the commandline I started ipa-server-install and received the only
>> error with setting the admin password.
>>
>> MISCHINS.WORLD is a test domain in our environment. We want to migrate
> from
>> pure OpenLdap to something like fedora directory server in combination
> with
>> Active Director, since many applications are designed for Active
> Directory.
>> It seems for me, that he had the same problem ? 
>>
>> Maybe  I should downgrade my fedora core installation, but that would not
> be
>> my first choice.
>> If I can provide you with more info, commands, let me know.
> 
> No, Fedora 9 should be fine.
> 
> Can you try the command again, this time also with the -v option 
> (verbose output). That should show us what host it is trying to connect 
> to. I wonder if that is simply failing.
> 
> You can also try specifically using -h YOURSERVER where YOURSERVER is 
> the hostname of the machine you installed IPA on.
> 
> rob
> 
>> Andreas  
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Rob Crittenden [mailto:rcritten at redhat.com] 
>> Gesendet: Dienstag, 3. Juni 2008 21:56
>> An: Andreas Mischinski
>> Cc: 'freeipa-devel'
>> Betreff: Re: AW: [Freeipa-devel] [PATCH] ignore empty values in
> multi-valued
>> UI attribute
>>
>> Andreas Mischinski wrote:
>>> I`m a noob with this ipaserver. Tell me what`s wrong with my installation
>> ? 
>>> Should I apply your patch and reinstall the ipaserver ? 
>>>
>>> Thanks for help so far.
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: freeipa-devel-bounces at redhat.com
>>> [mailto:freeipa-devel-bounces at redhat.com] Im Auftrag von Rob Crittenden
>>> Gesendet: Dienstag, 3. Juni 2008 20:59
>>> An: freeipa-devel
>>> Betreff: [Freeipa-devel] [PATCH] ignore empty values in multi-valued UI
>>> attribute
>>>
>>> When converting from a multi-valued UI attribute back to a list drop any
>>> blank values. This will avoid errors in the UniqueList() validator.
>>>
>>> rob
>>>
>> No, this patch too is unrelated to your problem. We post all patches for 
>> peer review here in a post starting with PATCH so they are easy to find.
>>
>> Can you try this command (basically putting quotes around cn=)
>>
>> /usr/lib/mozldap/ldappasswd -D "cn=Directory Manager" -w password1
>> -P /etc/dirsrv/slapd-MISCHINS-WORLD/cert8.db -ZZZ -s password1
>> uid=admin,cn=sysaccounts,cn=etc,dc=mischins,dc=world
>>
>> There was one other report of this problem, 
>> https://bugzilla.redhat.com/show_bug.cgi?id=442802
>>
>> I was never able to get confirmation on what he did to fix it though.
>>
>> rob
>>
>>
> 
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080603/3c8b76e9/attachment.bin>

More information about the Freeipa-devel mailing list