On 02/09/2012 10:33 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 09 February 2012 18:19
> *To:* MATON Brett
> *Cc:* General discussion list for the 389 Directory server project.
> *Subject:* Re: [389-users] Admin Server - Encryption Tab
>
> On 02/09/2012 10:13 AM, MATON Brett wrote:
>
> Platform RHEL6.2 x86_64 (EPEL repository enabled)
>
> $ rpm -qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> 389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> 389-admin-1.1.25-1.el6.x86_64
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> I can only access the Encryption Tab of 389 Admin Server from the
> local host.
>
> When I try to access it from a remote desktop, it hangs for want of a
> better description at "Loading" the progress bar in the bottom right
> corner fills up and then starts over.
>
> Nothing to note in the logs other than:
>
> Blah admserv_host_ip_check: ap_get_remote_host could not resolve blah
>
> Which is another thread...
>
> This happens whether I'm using LDAPS to plain vanilla LDAP.
>
> Any thoughts ?
>
> you do seem to have the magic bug finger . . . (I have my Moments J)
>
> try 389-console -D 9 -f console.log
> to see if there is anything interesting in the console.log
>
> hmm - try
> rm -rf ~/.389-console
> to clear out the jar file cache
> then run the console again
>
> New output, attached complete log (Googlizing the NMC errors didn't
> return much...):
>
> Not sure why you are getting NoSuchMethodError
> That seems like a mismatch between jar files
>
> Try updating to the latest packages from epel-testing on both the
> client and the server
>
> server - yum update --enablerepo=epel-testing idm-console-framework
> 389-console 389-admin-console 389-ds-console 389-admin
> client - yum update --enablerepo=epel-testing idm-console-framework
> 389-console
> unless the client is also a server, in which case use the packages for
> server
>
>
>
> I'll Update the server now and try it again, the client is running
> on Windows 7 x64
> (http://port389.org/download/389-Console-1.1.6-x86_64.msi)
>
> Ah, ok. The cache dir is different on Windows. Not sure where it is
> - I guess you could look for a .389-console folder somewhere under
> \users\yourusername
> Yeah, sits my users "home" as .389-console.
>
> (canned it as requested, before last log).
>
> I only got a few new packages after enabling epel-testing:
>
> # yum list | grep 389
>
> 389-admin.x86_64 1.1.27-1.el6
> @epel-testing
>
> 389-admin-console.noarch 1.1.8-1.el6 @epel
>
> 389-admin-console-doc.noarch 1.1.8-1.el6 @epel
>
> 389-adminutil.x86_64 1.1.14-2.el6 @epel
>
> 389-console.noarch 1.1.7-1.el6 @epel
>
> 389-ds.noarch 1.2.2-1.el6 @epel
>
> 389-ds-base.x86_64 1.2.9.14-1.el6_2.2 @Updates
>
> 389-ds-base-libs.x86_64 1.2.9.14-1.el6_2.2 @Updates
>
> 389-ds-console.noarch 1.2.6-1.el6 @epel
>
> 389-ds-console-doc.noarch 1.2.6-1.el6 @epel
>
> 389-dsgw.x86_64 1.1.7-2.el6 @epel
>
> 389-admin.i686 1.1.27-1.el6
> epel-testing
>
> 389-adminutil.i686 1.1.15-1.el6
> epel-testing
>
> 389-adminutil.x86_64 1.1.15-1.el6
> epel-testing
>
> 389-adminutil-devel.i686 1.1.15-1.el6
> epel-testing
>
> 389-adminutil-devel.x86_64 1.1.15-1.el6
> epel-testing
>
> 389-ds-base-libs.i686 1.2.9.14-1.el6_2.2
> rhel6-base-x86_64
>
> 389-dsgw.x86_64 1.1.9-1.el6
> epel-testing
>
> You don't want to update the 389-ds-base* or 389-ds packages
>
> Not sure why you are getting .i686 and .x86_64 packages
> Any suggestions on how to replace the pair of updates packages?
>
> I'll drop the 686 packs and see if it breaks anything.
>
> My bad the previous list was from yum"list"
>
> # rpm qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-admin-1.1.27-1.el6.x86_64
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> *389-ds-base-1.2.9.14-1.el6_2.2.x86_64*
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> Still leaves the 389-base issue though, for what it's worth this was a
> fresh install with epel enabled (yum install 389-ds)
>
> *389-ds-base-1.2.9.14-1.el6_2.2.x86_64
> this is the latest available RHEL 6.2.Z 389-ds-base package - it is
> not in EPEL
>
> *
>
> Sure, I didn't disable the RHEL repos when I installed 389-ds. Left
> it to do its thing...
>
> Which version of 389-ds-base should I be using ?
>
*389-ds-base-1.2.9.14-1.el6_2.2.x86_64 is fine
*
>
> Attached compressed log (previous attempt bounced).ß Left over from a
> previous post.
>
> Looks like it is still bouncingß
>
>
> are you still getting the NoSuchMethodError error?
> What version of Java are you using on Windows?
>
> C:\Program Files\389 Management Console>java -version
>
> java version "1.7.0_01"
>
> Java(TM) SE Runtime Environment (build 1.7.0_01-b08)
>
> Java HotSpot(TM) 64-Bit Server VM (build 21.1-b02, mixed mode)
>
Hmm - have not tried with 1.7 - could be that we need to port/build
console with 1.7?
>
> Brett
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
On 02/09/2012 10:13 AM, MATON Brett wrote:
>
> Platform RHEL6.2 x86_64 (EPEL repository enabled)
>
> $ rpm -qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> 389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> 389-admin-1.1.25-1.el6.x86_64
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> I can only access the Encryption Tab of 389 Admin Server from the
> local host.
>
> When I try to access it from a remote desktop, it hangs for want of a
> better description at "Loading" the progress bar in the bottom right
> corner fills up and then starts over.
>
> Nothing to note in the logs other than:
>
> Blah admserv_host_ip_check: ap_get_remote_host could not resolve blah
>
> Which is another thread...
>
> This happens whether I'm using LDAPS to plain vanilla LDAP.
>
> Any thoughts ?
>
> you do seem to have the magic bug finger . . . (I have my Moments J)
>
> try 389-console -D 9 -f console.log
> to see if there is anything interesting in the console.log
>
> hmm - try
> rm -rf ~/.389-console
> to clear out the jar file cache
> then run the console again
>
> New output, attached complete log (Googlizing the NMC errors didn't
> return much...):
>
> Not sure why you are getting NoSuchMethodError
> That seems like a mismatch between jar files
>
> Try updating to the latest packages from epel-testing on both the
> client and the server
>
> server - yum update --enablerepo=epel-testing idm-console-framework
> 389-console 389-admin-console 389-ds-console 389-admin
> client - yum update --enablerepo=epel-testing idm-console-framework
> 389-console
> unless the client is also a server, in which case use the packages for
> server
>
>
> I'll Update the server now and try it again, the client is running
> on Windows 7 x64
> (http://port389.org/download/389-Console-1.1.6-x86_64.msi)
>
> Ah, ok. The cache dir is different on Windows. Not sure where it is
> - I guess you could look for a .389-console folder somewhere under
> \users\yourusername
> Yeah, sits my users "home" as .389-console.
>
> (canned it as requested, before last log).
>
> I only got a few new packages after enabling epel-testing:
>
> # yum list | grep 389
>
> 389-admin.x86_64 1.1.27-1.el6
> @epel-testing
>
> 389-admin-console.noarch 1.1.8-1.el6 @epel
>
> 389-admin-console-doc.noarch 1.1.8-1.el6 @epel
>
> 389-adminutil.x86_64 1.1.14-2.el6 @epel
>
> 389-console.noarch 1.1.7-1.el6 @epel
>
> 389-ds.noarch 1.2.2-1.el6 @epel
>
> 389-ds-base.x86_64 1.2.9.14-1.el6_2.2 @Updates
>
> 389-ds-base-libs.x86_64 1.2.9.14-1.el6_2.2 @Updates
>
> 389-ds-console.noarch 1.2.6-1.el6 @epel
>
> 389-ds-console-doc.noarch 1.2.6-1.el6 @epel
>
> 389-dsgw.x86_64 1.1.7-2.el6 @epel
>
> 389-admin.i686 1.1.27-1.el6
> epel-testing
>
> 389-adminutil.i686 1.1.15-1.el6
> epel-testing
>
> 389-adminutil.x86_64 1.1.15-1.el6
> epel-testing
>
> 389-adminutil-devel.i686 1.1.15-1.el6
> epel-testing
>
> 389-adminutil-devel.x86_64 1.1.15-1.el6
> epel-testing
>
> 389-ds-base-libs.i686 1.2.9.14-1.el6_2.2
> rhel6-base-x86_64
>
> 389-dsgw.x86_64 1.1.9-1.el6
> epel-testing
>
> You don't want to update the 389-ds-base* or 389-ds packages
>
> Not sure why you are getting .i686 and .x86_64 packages
> Any suggestions on how to replace the pair of updates packages?
>
> I'll drop the 686 packs and see if it breaks anything.
>
> My bad the previous list was from yum"list"
>
> # rpm qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-admin-1.1.27-1.el6.x86_64
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> *389-ds-base-1.2.9.14-1.el6_2.2.x86_64*
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> Still leaves the389-base issue though, for what it's worth this was a
> fresh install with epel enabled (yum install 389-ds)
>
*389-ds-base-1.2.9.14-1.el6_2.2.x86_64
this is the latest available RHEL 6.2.Z 389-ds-base package - it is not
in EPEL
*
>
> Attached compressed log (previous attempt bounced).
>
Looks like it is still bouncing
are you still getting the NoSuchMethodError error?
What version of Java are you using on Windows?
>
> Brett
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
On 02/09/2012 10:01 AM, MATON Brett wrote:
>
> On 02/09/2012 08:45 AM, MATON Brett wrote:
>
> Platform RHEL6.2 x86_64 (EPEL repository enabled)
>
> $ rpm -qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> 389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> 389-admin-1.1.25-1.el6.x86_64
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> I can only access the Encryption Tab of 389 Admin Server from the
> local host.
>
> When I try to access it from a remote desktop, it hangs for want of a
> better description at "Loading" the progress bar in the bottom right
> corner fills up and then starts over.
>
> Nothing to note in the logs other than:
>
> Blah admserv_host_ip_check: ap_get_remote_host could not resolve blah
>
> Which is another thread...
>
> This happens whether I'm using LDAPS to plain vanilla LDAP.
>
> Any thoughts ?
>
> you do seem to have the magic bug finger . . . (I have my Moments J)
>
> try 389-console -D 9 -f console.log
> to see if there is anything interesting in the console.log
>
> hmm - try
> rm -rf ~/.389-console
> to clear out the jar file cache
> then run the console again
>
> New output, attached complete log (Googlizing the NMC errors didn't
> return much...):
>
> Not sure why you are getting NoSuchMethodError
> That seems like a mismatch between jar files
>
> Try updating to the latest packages from epel-testing on both the
> client and the server
>
> server - yum update --enablerepo=epel-testing idm-console-framework
> 389-console 389-admin-console 389-ds-console 389-admin
> client - yum update --enablerepo=epel-testing idm-console-framework
> 389-console
> unless the client is also a server, in which case use the packages for
> server
>
>
> I'll Update the server now and try it again, the client is running
> on Windows 7 x64
> (http://port389.org/download/389-Console-1.1.6-x86_64.msi)
>
> Ah, ok. The cache dir is different on Windows. Not sure where it is
> - I guess you could look for a .389-console folder somewhere under
> \users\yourusername
> Yeah, sits my users "home" as .389-console.
>
> (canned it as requested, before last log).
>
> I only got a few new packages after enabling epel-testing:
>
> # yum list | grep 389
>
> 389-admin.x86_64 1.1.27-1.el6
> @epel-testing
>
> 389-admin-console.noarch 1.1.8-1.el6 @epel
>
> 389-admin-console-doc.noarch 1.1.8-1.el6 @epel
>
> 389-adminutil.x86_64 1.1.14-2.el6 @epel
>
> 389-console.noarch 1.1.7-1.el6 @epel
>
> 389-ds.noarch 1.2.2-1.el6 @epel
>
> 389-ds-base.x86_64 1.2.9.14-1.el6_2.2 @Updates
>
> 389-ds-base-libs.x86_64 1.2.9.14-1.el6_2.2 @Updates
>
> 389-ds-console.noarch 1.2.6-1.el6 @epel
>
> 389-ds-console-doc.noarch 1.2.6-1.el6 @epel
>
> 389-dsgw.x86_64 1.1.7-2.el6 @epel
>
> 389-admin.i686 1.1.27-1.el6
> epel-testing
>
> 389-adminutil.i686 1.1.15-1.el6
> epel-testing
>
> 389-adminutil.x86_64 1.1.15-1.el6
> epel-testing
>
> 389-adminutil-devel.i686 1.1.15-1.el6
> epel-testing
>
> 389-adminutil-devel.x86_64 1.1.15-1.el6
> epel-testing
>
> 389-ds-base-libs.i686 1.2.9.14-1.el6_2.2
> rhel6-base-x86_64
>
> 389-dsgw.x86_64 1.1.9-1.el6
> epel-testing
>
You don't want to update the 389-ds-base* or 389-ds packages
Not sure why you are getting .i686 and .x86_64 packages
>
> Attached compressed log (previous attempt bounced).
>
> Brett
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
On 02/09/2012 09:44 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 09 February 2012 17:39
> *To:* MATON Brett
> *Cc:* General discussion list for the 389 Directory server project.
> *Subject:* Re: [389-users] Admin Server - Encryption Tab
>
> On 02/09/2012 09:37 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 09 February 2012 17:23
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* MATON Brett
> *Subject:* Re: [389-users] Admin Server - Encryption Tab
>
> On 02/09/2012 09:12 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 09 February 2012 16:51
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* MATON Brett
> *Subject:* Re: [389-users] Admin Server - Encryption Tab
>
> On 02/09/2012 08:45 AM, MATON Brett wrote:
>
> Platform RHEL6.2 x86_64 (EPEL repository enabled)
>
> $ rpm -qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> 389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> 389-admin-1.1.25-1.el6.x86_64
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> I can only access the Encryption Tab of 389 Admin Server from the
> local host.
>
> When I try to access it from a remote desktop, it hangs for want of a
> better description at "Loading" the progress bar in the bottom right
> corner fills up and then starts over.
>
> Nothing to note in the logs other than:
>
> Blah admserv_host_ip_check: ap_get_remote_host could not resolve blah
>
> Which is another thread...
>
> This happens whether I'm using LDAPS to plain vanilla LDAP.
>
> Any thoughts ?
>
> you do seem to have the magic bug finger . . . (I have my Moments J)
>
> try 389-console -D 9 -f console.log
> to see if there is anything interesting in the console.log
>
> hmm - try
> rm -rf ~/.389-console
> to clear out the jar file cache
> then run the console again
>
> New output, attached complete log (Googlizing the NMC errors didn't
> return much...):
>
> Not sure why you are getting NoSuchMethodError
> That seems like a mismatch between jar files
>
> Try updating to the latest packages from epel-testing on both the
> client and the server
>
> server - yum update --enablerepo=epel-testing idm-console-framework
> 389-console 389-admin-console 389-ds-console 389-admin
> client - yum update --enablerepo=epel-testing idm-console-framework
> 389-console
> unless the client is also a server, in which case use the packages for
> server
>
> I'll Update the server now and try it again, the client is running
> on Windows 7 x64
> (http://port389.org/download/389-Console-1.1.6-x86_64.msi)
>
Ah, ok. The cache dir is different on Windows. Not sure where it is -
I guess you could look for a .389-console folder somewhere under
\users\yourusername
>
> http://<DS FQDN>:9830/[7:0] close> Closed
>
> ClassLoader: :loadClass():name:java.lang.StringBuffer
>
> security=off
>
> familyList=RSA
>
> RSA-activated=on
>
> RSA-token=internal (software)
>
> RSA-cert=<DS FQDN>
>
> familyList=NULL
>
> ssl2-activated=on
>
> ssl2=-des,-rc2export,-rc4export,-desede3,-rc4,-rc2
>
> ssl3-activated=on
>
> ssl3=+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,-rsa_null_sha,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5,+rsa_aes_128_sha,+rsa_aes_256_sha,+rsa_des_56_sha,+rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,+rsa_des_56_sha,+rsa_rc4_56_sha
>
> clientauth=off
>
> Framework.setCursor(): Discarding change of cursor
>
> TurnOnSSL:getPanel()
>
> ResourceSet: NOT found in cache
> loader558648009:com.netscape.management.client.security.securityResource
>
> CommManager> New CommRecord (http://<DS
> FQDN>:9830/admin-serv/tasks/configuration/SecurityOp)
>
> http://<DS FQDN>:9830/[8:0] open> Ready
>
> http://<DS FQDN>:9830/[8:0] accept> http://<DS
> FQDN>:9830/admin-serv/tasks/configuration/SecurityOp
>
> http://<DS FQDN>:9830/[8:0] send> POST \
>
> http://<DS FQDN>:9830/[8:0] send>
> /admin-serv/tasks/configuration/SecurityOp \
>
> http://<DS FQDN>:9830/[8:0] send> HTTP/1.0
>
> http://<DS FQDN>:9830/[8:0] send> Host: <DS FQDN>:9830
>
> http://<DS FQDN>:9830/[8:0] send> Connection: Keep-Alive
>
> http://<DS FQDN>:9830/[8:0] send> User-Agent: 389-Management-Console/1.1.5
>
> http://<DS FQDN>:9830/[8:0] send> Accept-Language: en
>
> http://<DS FQDN>:9830/[8:0] send> Authorization: Basic \
>
> http://<DS FQDN>:9830/[8:0] send>
> Y249RGlyZWN0b3J5IE1hbmFnZXI6NzFwd2RucmI= \
>
> http://<DS FQDN>:9830/[8:0] send>
>
> http://<DS FQDN>:9830/[8:0] send> Content-Length:43
>
> http://<DS FQDN>:9830/[8:0] send> Content-Type:
> application/x-www-form-urlencoded
>
> http://<DS FQDN>:9830/[8:0] send> Content-Transfer-Encoding: 7bit
>
> http://<DS FQDN>:9830/[8:0] send>
>
> http://<DS FQDN>:9830/[8:0] send> Writing 43 bytes...
>
> http://<DS FQDN>:9830/[8:0] send> 43 bytes written
>
> http://<DS FQDN>:9830/[8:0] recv> HTTP/1.1 200 OK
>
> http://<DS FQDN>:9830/[8:0] recv> Date: Thu, 09 Feb 2012 16:31:20 GMT
>
> http://<DS FQDN>:9830/[8:0] recv> Server: Apache/2.2
>
> HttpChannel.invoke: admin version = 2.2
>
> http://<DS FQDN>:9830/[8:0] recv> Admin-Server: 389-Administrator/1.1.25
>
> HttpChannel.invoke: admin version = 1.1.25
>
> http://<DS FQDN>:9830/[8:0] recv> Connection: close
>
> http://<DS FQDN>:9830/[8:0] recv> Content-Type: text/html
>
> http://<DS FQDN>:9830/[8:0] recv>
>
> http://<DS FQDN>:9830/[8:0] recv> Reading unknown length bytes...
>
> http://<DS FQDN>:9830/[8:0] recv> 314 bytes read
>
> http://<DS FQDN>:9830/[8:0] close> Closed
>
> <TOKENLIST>
>
> <SECURITY>domestic</SECURITY>
>
> <RSA_TOKEN>
>
> <internal (software)>
>
> <CERT0><DS FQDN></CERT0>
>
> </internal (software)>
>
> </RSA_TOKEN>
>
> </TOKENLIST>
>
> Content-type: text/html
>
> NMC_Status: 2
>
> NMC_ErrType:
>
> NMC_ErrInfo: NSS shutdown failed: error -8053:unknown
>
> Content-type: text/html
>
> NMC_Status: 0
>
> Exception in thread "LongAction" java.lang.NoSuchMethodError:
> com.netscape.management.client.security.CipherPreferenceDialog.<init>(Ljava/awt/Frame;ZZZZZZ)V
>
> at
> com.netscape.management.admserv.panel.TurnOnSSL.setSecurityIsDomestic(Unknown
> Source)
>
> at
> com.netscape.management.client.security.EncryptionPanel.<init>(Unknown
> Source)
>
> at
> com.netscape.management.client.security.EncryptionPanel.<init>(Unknown
> Source)
>
> at
> com.netscape.management.admserv.panel.TurnOnSSL.getPanel(Unknown Source)
>
> at
> com.netscape.management.admserv.config.TabbedConfigPanel$CreateTabAction.run(Unknown
> Source)
>
> at
> com.netscape.management.admserv.config.BaseConfigPanel$4.run(Unknown
> Source)
>
> ResourceSet: found in cache
> loader558648009:com.netscape.management.client.util.default
>
> ResourceSet: found in cache
> loader558648009:com.netscape.management.client.util.default
>
> ResourceSet: found in cache
> loader558648009:com.netscape.management.client.util.default
>
> Brett
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
On 02/09/2012 09:37 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 09 February 2012 17:23
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* MATON Brett
> *Subject:* Re: [389-users] Admin Server - Encryption Tab
>
> On 02/09/2012 09:12 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 09 February 2012 16:51
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* MATON Brett
> *Subject:* Re: [389-users] Admin Server - Encryption Tab
>
> On 02/09/2012 08:45 AM, MATON Brett wrote:
>
> Platform RHEL6.2 x86_64 (EPEL repository enabled)
>
> $ rpm -qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> 389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> 389-admin-1.1.25-1.el6.x86_64
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> I can only access the Encryption Tab of 389 Admin Server from the
> local host.
>
> When I try to access it from a remote desktop, it hangs for want of a
> better description at "Loading" the progress bar in the bottom right
> corner fills up and then starts over.
>
> Nothing to note in the logs other than:
>
> Blah admserv_host_ip_check: ap_get_remote_host could not resolve blah
>
> Which is another thread...
>
> This happens whether I'm using LDAPS to plain vanilla LDAP.
>
> Any thoughts ?
>
> you do seem to have the magic bug finger . . . (I have my Moments J)
>
> try 389-console -D 9 -f console.log
> to see if there is anything interesting in the console.log
>
> hmm - try
> rm -rf ~/.389-console
> to clear out the jar file cache
> then run the console again
>
> New output, attached complete log (Googlizing the NMC errors didn't
> return much...):
>
Not sure why you are getting NoSuchMethodError
That seems like a mismatch between jar files
Try updating to the latest packages from epel-testing on both the client
and the server
server - yum update --enablerepo=epel-testing idm-console-framework
389-console 389-admin-console 389-ds-console 389-admin
client - yum update --enablerepo=epel-testing idm-console-framework
389-console
unless the client is also a server, in which case use the packages for
server
>
> http://<DS FQDN>:9830/[7:0] close> Closed
>
> ClassLoader: :loadClass():name:java.lang.StringBuffer
>
> security=off
>
> familyList=RSA
>
> RSA-activated=on
>
> RSA-token=internal (software)
>
> RSA-cert=<DS FQDN>
>
> familyList=NULL
>
> ssl2-activated=on
>
> ssl2=-des,-rc2export,-rc4export,-desede3,-rc4,-rc2
>
> ssl3-activated=on
>
> ssl3=+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,-rsa_null_sha,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5,+rsa_aes_128_sha,+rsa_aes_256_sha,+rsa_des_56_sha,+rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,+rsa_des_56_sha,+rsa_rc4_56_sha
>
> clientauth=off
>
> Framework.setCursor(): Discarding change of cursor
>
> TurnOnSSL:getPanel()
>
> ResourceSet: NOT found in cache
> loader558648009:com.netscape.management.client.security.securityResource
>
> CommManager> New CommRecord (http://<DS
> FQDN>:9830/admin-serv/tasks/configuration/SecurityOp)
>
> http://<DS FQDN>:9830/[8:0] open> Ready
>
> http://<DS FQDN>:9830/[8:0] accept> http://<DS
> FQDN>:9830/admin-serv/tasks/configuration/SecurityOp
>
> http://<DS FQDN>:9830/[8:0] send> POST \
>
> http://<DS FQDN>:9830/[8:0] send>
> /admin-serv/tasks/configuration/SecurityOp \
>
> http://<DS FQDN>:9830/[8:0] send> HTTP/1.0
>
> http://<DS FQDN>:9830/[8:0] send> Host: <DS FQDN>:9830
>
> http://<DS FQDN>:9830/[8:0] send> Connection: Keep-Alive
>
> http://<DS FQDN>:9830/[8:0] send> User-Agent: 389-Management-Console/1.1.5
>
> http://<DS FQDN>:9830/[8:0] send> Accept-Language: en
>
> http://<DS FQDN>:9830/[8:0] send> Authorization: Basic \
>
> http://<DS FQDN>:9830/[8:0] send>
> Y249RGlyZWN0b3J5IE1hbmFnZXI6NzFwd2RucmI= \
>
> http://<DS FQDN>:9830/[8:0] send>
>
> http://<DS FQDN>:9830/[8:0] send> Content-Length:43
>
> http://<DS FQDN>:9830/[8:0] send> Content-Type:
> application/x-www-form-urlencoded
>
> http://<DS FQDN>:9830/[8:0] send> Content-Transfer-Encoding: 7bit
>
> http://<DS FQDN>:9830/[8:0] send>
>
> http://<DS FQDN>:9830/[8:0] send> Writing 43 bytes...
>
> http://<DS FQDN>:9830/[8:0] send> 43 bytes written
>
> http://<DS FQDN>:9830/[8:0] recv> HTTP/1.1 200 OK
>
> http://<DS FQDN>:9830/[8:0] recv> Date: Thu, 09 Feb 2012 16:31:20 GMT
>
> http://<DS FQDN>:9830/[8:0] recv> Server: Apache/2.2
>
> HttpChannel.invoke: admin version = 2.2
>
> http://<DS FQDN>:9830/[8:0] recv> Admin-Server: 389-Administrator/1.1.25
>
> HttpChannel.invoke: admin version = 1.1.25
>
> http://<DS FQDN>:9830/[8:0] recv> Connection: close
>
> http://<DS FQDN>:9830/[8:0] recv> Content-Type: text/html
>
> http://<DS FQDN>:9830/[8:0] recv>
>
> http://<DS FQDN>:9830/[8:0] recv> Reading unknown length bytes...
>
> http://<DS FQDN>:9830/[8:0] recv> 314 bytes read
>
> http://<DS FQDN>:9830/[8:0] close> Closed
>
> <TOKENLIST>
>
> <SECURITY>domestic</SECURITY>
>
> <RSA_TOKEN>
>
> <internal (software)>
>
> <CERT0><DS FQDN></CERT0>
>
> </internal (software)>
>
> </RSA_TOKEN>
>
> </TOKENLIST>
>
> Content-type: text/html
>
> NMC_Status: 2
>
> NMC_ErrType:
>
> NMC_ErrInfo: NSS shutdown failed: error -8053:unknown
>
> Content-type: text/html
>
> NMC_Status: 0
>
> Exception in thread "LongAction" java.lang.NoSuchMethodError:
> com.netscape.management.client.security.CipherPreferenceDialog.<init>(Ljava/awt/Frame;ZZZZZZ)V
>
> at
> com.netscape.management.admserv.panel.TurnOnSSL.setSecurityIsDomestic(Unknown
> Source)
>
> at
> com.netscape.management.client.security.EncryptionPanel.<init>(Unknown
> Source)
>
> at
> com.netscape.management.client.security.EncryptionPanel.<init>(Unknown
> Source)
>
> at
> com.netscape.management.admserv.panel.TurnOnSSL.getPanel(Unknown Source)
>
> at
> com.netscape.management.admserv.config.TabbedConfigPanel$CreateTabAction.run(Unknown
> Source)
>
> at
> com.netscape.management.admserv.config.BaseConfigPanel$4.run(Unknown
> Source)
>
> ResourceSet: found in cache
> loader558648009:com.netscape.management.client.util.default
>
> ResourceSet: found in cache
> loader558648009:com.netscape.management.client.util.default
>
> ResourceSet: found in cache
> loader558648009:com.netscape.management.client.util.default
>
> Brett
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
On 02/09/2012 08:45 AM, MATON Brett wrote:
>
> Platform RHEL6.2 x86_64 (EPEL repository enabled)
>
> $ rpm -qa | grep 389
>
> 389-admin-console-doc-1.1.8-1.el6.noarch
>
> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>
> 389-admin-console-1.1.8-1.el6.noarch
>
> 389-adminutil-1.1.14-2.el6.x86_64
>
> 389-ds-console-1.2.6-1.el6.noarch
>
> 389-ds-1.2.2-1.el6.noarch
>
> 389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>
> 389-ds-console-doc-1.2.6-1.el6.noarch
>
> 389-console-1.1.7-1.el6.noarch
>
> 389-admin-1.1.25-1.el6.x86_64
>
> gpg-pubkey-b3892132-4c63febc
>
> 389-dsgw-1.1.7-2.el6.x86_64
>
> I can only access the Encryption Tab of 389 Admin Server from the
> local host.
>
> When I try to access it from a remote desktop, it hangs for want of a
> better description at "Loading" the progress bar in the bottom right
> corner fills up and then starts over.
>
> Nothing to note in the logs other than:
>
> Blah admserv_host_ip_check: ap_get_remote_host could not resolve blah
>
> Which is another thread...
>
> This happens whether I'm using LDAPS to plain vanilla LDAP.
>
> Any thoughts ?
>
you do seem to have the magic bug finger . . .
try 389-console -D 9 -f console.log
to see if there is anything interesting in the console.log
>
> Brett
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
hi,
Has anyone setup 389-ds on a OpenVZ VPS yet? I'm attempting to setup IPA 2.x on my VPS and it's giving odd errors when starting the 389 Directory Server.
Spec;
Centos 6.2 (x86-64)
model name : Intel(R) Xeon(R) CPU E5645 @ 2.40GHz
Linux mx1.example.com 2.6.18-274.7.1.el5.028stab095.1 #1 SMP Mon Oct 24 20:49:24 MSD 2011 x86_64 x86_64 x86_64 GNU/Linux
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
389-ds-base-1.2.9.14-1.el6_2.2.x86_64
Errors:
------------------------------------------------------------------------------
2012-02-09 04:59:18,815 DEBUG calling setup-ds.pl
2012-02-09 05:09:24,460 DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpkU_Ram
2012-02-09 05:09:24,461 DEBUG stdout=Server failed to start !!! Please check errors log for problems
[12/02/09:05:09:24] - [Setup] Info Could not start the directory server using command '/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'. The last line from the error log was '[09/Feb/2012:04:59:24 +0300] - Failed to create semaphore for stats file (/var/run/dirsrv/slapd-PKI-IPA.stats). Error 13.(Permission denied)
'. Error: Unknown error 256
Could not start the directory server using command '/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'. The last line from the error log was '[09/Feb/2012:04:59:24 +0300] - Failed to create semaphore for stats file (/var/run/dirsrv/slapd-PKI-IPA.stats). Error 13.(Permission denied)
'. Error: Unknown error 256
[12/02/09:05:09:24] - [Setup] Fatal Error: Could not create directory server instance 'PKI-IPA'.
Error: Could not create directory server instance 'PKI-IPA'.
[12/02/09:05:09:24] - [Setup] Fatal Exiting . . .
Log file is '-'
----------------------------------
cya
Craig
On 02/09/2012 07:35 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 09 February 2012 15:27
> *To:* MATON Brett
> *Cc:* General discussion list for the 389 Directory server project.
> *Subject:* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/09/2012 01:38 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 08 February 2012 21:41
> *To:* MATON Brett
> *Cc:* General discussion list for the 389 Directory server project.
> *Subject:* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/08/2012 01:27 PM, MATON Brett wrote:
>
> Hi Rich,
>
> I've got no nsAdminAccessHost lines in that config file, only a
> configuration.nsAdminAccessAddresses entry.
>
> Ok. Looks like it will refuse to leave nsAdminAccessHost - if
> missing, it defaults to your local hostname.
>
> The error message is coming because this is returning NULL:
> const char *maxdns = ap_get_remote_host(r->connection,
> r->per_dir_config,
> REMOTE_HOST, NULL);
>
> Here is the documentation for
> http://www.rcbowen.com/httpd_api_docs/group__get__remote__host.html
> that explains how/why this function returns NULL.
>
>
> Ok, so dirsrv is failing to resolve the host through that call, what I
> don't understand is why.
>
> If I use nslookup/host on the ip address it can't resolve it works fine?
>
> I don't know.
>
> Ticket time ?
>
Sure - but be aware that this may be some sort of odd network
configuration corner case - would like to know if anyone else on this
list is experiencing this issue (as well as your admin server TLS/SSL
issue).
>
> (Addresses anonymised)
>
> [Thu Feb 09 09:29:43 2012] [notice] [client 192.168.1.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.1.1
>
> # nslookup 192.168.1.1
>
> Server: 192.168.1.2
>
> Address: 192.168.1.2#53
>
> 1.1.168.192.in-addr.arpa name = desktop.my.net.
>
> # nslookup desktop.my.net
>
> Server: 192.168.1.2
>
> Address: 192.168.1.2#53
>
> Name: desktop.my.net
>
> Address: 192.168.1.1
>
> $ host desktop.my.net
>
> Desktop.my.net has address 192.168.1.1
>
> $ host 192.168.1.1
>
> 1.1.168.192.in-addr.arpa domain name pointer desktop.my.net.
>
> *De :*Rich Megginson [mailto:rmeggins@redhat.com]
> *Envoyé :* mercredi 8 février 2012 21:15
> *À :* MATON Brett
> *Cc :* General discussion list for the 389 Directory server project.
> *Objet :* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/08/2012 12:09 PM, MATON Brett wrote:
>
> Hi Rick,
>
> I restarted both dirsrv and dirsrv-admin, problem persists though.
>
> ok - try this
> service dirsrv-admin stop
> edit /etc/dirsrv/admin-serv/local.conf - remove any nsAdminAccessHost
> lines
> service dirsrv-admin start
>
>
>
> *De :*Rich Megginson [mailto:rmeggins@redhat.com]
> *Envoyé :* mercredi 8 février 2012 16:39
> *À :* General discussion list for the 389 Directory server project.
> *Cc :* MATON Brett
> *Objet :* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/08/2012 08:19 AM, MATON Brett wrote:
>
> Thanks the update to the wiki solved the "wrong attribute type" error
> on nsAdminAccessHosts.
>
> Configuration as it stands, with no nsAdminAccessHosts attribure:
>
> # configuration, admin-serv-<host>, 389 Administration Server, Server Gro
>
> up, <fqdn>, admins.unix, NetscapeRoot
>
> dn: cn=configuration,cn=admin-serv-<host>,cn=389 Administration
> Server,cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> nsServerPort: 9830
>
> objectClass: nsConfig
>
> objectClass: nsAdminConfig
>
> objectClass: nsAdminObject
>
> objectClass: nsDirectoryInfo
>
> objectClass: top
>
> nsClassname:
> com.netscape.management.admserv.AdminServer@389-admin-1.1.jar@cn=admin-serv-<host>,cn=389
> <mailto:com.netscape.management.admserv.AdminServer@389-admin-1.1.jar@cn=admin-serv-%3chost%3e,cn=389>
> Administration Server,cn=Server
> Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> cn: Configuration
>
> nsDirectoryInfoRef: cn=Server
> Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> nsAdminAccessAddresses: *
>
> nsSuiteSpotUser: nobody
>
> nsAdminEnableDSGW: on
>
> nsAdminCacheLifetime: 600
>
> nsDefaultAcceptLanguage: en
>
> nsServerAddress: 0.0.0.0
>
> nsAdminOneACLDir: adminacl
>
> nsErrorLog: /var/log/dirsrv/admin-serv/error
>
> nsAdminUsers: /etc/dirsrv/admin-serv/admpw
>
> nsPidLog: admin-serv.pid
>
> nsAccessLog: /var/log/dirsrv/admin-serv/access
>
> nsAdminEnableEnduser: on
>
> nsServerSecurity: on
>
> admin-serv/error log after restarting admin-serv (also tried
> restarting dirsrv / dirsrv-admin):
>
> [Wed Feb 08 07:02:35 2012] [notice] caught SIGTERM, shutting down
>
> [Wed Feb 08 07:02:36 2012] [notice] SELinux policy enabled; httpd
> running as context unconfined_u:system_r:httpd_t:s0
>
> [Wed Feb 08 07:02:37 2012] [notice] Access Host filter is: *
>
> [Wed Feb 08 07:02:37 2012] [notice] Access Address filter is: *
>
> [Wed Feb 08 07:02:38 2012] [notice] Apache/2.2.15 (Unix)
> mod_nss/2.2.15 NSS/3.12.9.0 configured -- resuming normal operations
>
> [Wed Feb 08 07:02:38 2012] [notice] Access Host filter is: *
>
> [Wed Feb 08 07:02:38 2012] [notice] Access Address filter is: *
>
> [Wed Feb 08 07:03:07 2012] [notice] [client <client ip>]
> admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>
>
> [Wed Feb 08 07:03:07 2012] [notice] [client <client ip>]
> admserv_check_authz(): passing [/admin-serv/authenticate] to the
> userauth handler
>
> [Wed Feb 08 07:17:10 2012] [notice] [client <client ip>]
> admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>
>
> [Wed Feb 08 07:17:10 2012] [notice] [client <client ip>]
> admserv_check_authz(): passing [/admin-serv/authenticate] to the
> userauth handler
>
> [Wed Feb 08 07:17:17 2012] [notice] [client <client ip>]
> admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>
>
> I'm still getting the could not resolve notices, and noticed that the
> Access Host filter is still '*', picking up a default somewhere?
>
> (I don't know why it can't resolve either, nslookup / host can both
> resolve ip's to hostnames and vice versa).
>
> Did you restart the admin server after making this change?
>
>
>
>
> Brett
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 08 February 2012 00:57
> *To:* MATON Brett
> *Cc:* General discussion list for the 389 Directory server project.
> *Subject:* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/07/2012 03:23 PM, MATON Brett wrote:
>
> Hi Rich,
>
> I tried this and got the following error :
>
> Enter LDAP Password:
>
> dn: cn=configuration,cn=admin-serv-<host>,cn=389 Administration Server,cn=
>
> Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> changetype: modify
>
> replace: nsAdminAccessAddresses nsAdminAccessHosts
>
> nsAdminAccessAddresses: *
>
> nsAdminAccessHosts:
>
> ldapmodify: wrong attributeType at line 4, entry
> "cn=configuration,cn=admin-serv-<host>,cn=389 Administration
> Server,cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot"
>
> Does this mean anything to you?
>
> Yes, a typo on the wiki page. I've updated the page.
>
>
>
>
>
> Thanks,
>
> Brett
>
> *De :*Rich Megginson [mailto:rmeggins@redhat.com]
> *Envoyé :* mardi 7 février 2012 15:18
> *À :* General discussion list for the 389 Directory server project.
> *Cc :* MATON Brett
> *Objet :* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/07/2012 01:05 AM, MATON Brett wrote:
>
> How can I stop admin server from logging theses messages?
>
> I realize from the console.conf file that the messages are created
> because HostnameLookups is Off.
>
> My /etc/dirsrv.admin-serv/httpd.conf file has LogLevel set to warn, so
> why is it logging notice messages?
>
> I'm probably overlooking some other configuration file somewhere.
>
> Any help appreciated
>
> As a side note, why is it whining about name resolution when the
> configuration specifically says Don't do name lookups?
>
> http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt
>
>
>
>
>
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
On 02/09/2012 01:38 AM, MATON Brett wrote:
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 08 February 2012 21:41
> *To:* MATON Brett
> *Cc:* General discussion list for the 389 Directory server project.
> *Subject:* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/08/2012 01:27 PM, MATON Brett wrote:
>
> Hi Rich,
>
> I've got no nsAdminAccessHost lines in that config file, only a
> configuration.nsAdminAccessAddresses entry.
>
> Ok. Looks like it will refuse to leave nsAdminAccessHost - if
> missing, it defaults to your local hostname.
>
> The error message is coming because this is returning NULL:
> const char *maxdns = ap_get_remote_host(r->connection,
> r->per_dir_config,
> REMOTE_HOST, NULL);
>
> Here is the documentation for
> http://www.rcbowen.com/httpd_api_docs/group__get__remote__host.html
> that explains how/why this function returns NULL.
>
> Ok, so dirsrv is failing to resolve the host through that call, what I
> don't understand is why.
>
> If I use nslookup/host on the ip address it can't resolve it works fine?
>
I don't know.
>
> (Addresses anonymised)
>
> [Thu Feb 09 09:29:43 2012] [notice] [client 192.168.1.1]
> admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.1.1
>
> # nslookup 192.168.1.1
>
> Server: 192.168.1.2
>
> Address: 192.168.1.2#53
>
> 1.1.168.192.in-addr.arpa name = desktop.my.net.
>
> # nslookup desktop.my.net
>
> Server: 192.168.1.2
>
> Address: 192.168.1.2#53
>
> Name: desktop.my.net
>
> Address: 192.168.1.1
>
> $ host desktop.my.net
>
> Desktop.my.net has address 192.168.1.1
>
> $ host 192.168.1.1
>
> 1.1.168.192.in-addr.arpa domain name pointer desktop.my.net.
>
> *De :*Rich Megginson [mailto:rmeggins@redhat.com]
> *Envoyé :* mercredi 8 février 2012 21:15
> *À :* MATON Brett
> *Cc :* General discussion list for the 389 Directory server project.
> *Objet :* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/08/2012 12:09 PM, MATON Brett wrote:
>
> Hi Rick,
>
> I restarted both dirsrv and dirsrv-admin, problem persists though.
>
> ok - try this
> service dirsrv-admin stop
> edit /etc/dirsrv/admin-serv/local.conf - remove any nsAdminAccessHost
> lines
> service dirsrv-admin start
>
>
> *De :*Rich Megginson [mailto:rmeggins@redhat.com]
> *Envoyé :* mercredi 8 février 2012 16:39
> *À :* General discussion list for the 389 Directory server project.
> *Cc :* MATON Brett
> *Objet :* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/08/2012 08:19 AM, MATON Brett wrote:
>
> Thanks the update to the wiki solved the "wrong attribute type" error
> on nsAdminAccessHosts.
>
> Configuration as it stands, with no nsAdminAccessHosts attribure:
>
> # configuration, admin-serv-<host>, 389 Administration Server, Server Gro
>
> up, <fqdn>, admins.unix, NetscapeRoot
>
> dn: cn=configuration,cn=admin-serv-<host>,cn=389 Administration
> Server,cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> nsServerPort: 9830
>
> objectClass: nsConfig
>
> objectClass: nsAdminConfig
>
> objectClass: nsAdminObject
>
> objectClass: nsDirectoryInfo
>
> objectClass: top
>
> nsClassname:
> com.netscape.management.admserv.AdminServer@389-admin-1.1.jar@cn=admin-serv-<host>,cn=389
> <mailto:com.netscape.management.admserv.AdminServer@389-admin-1.1.jar@cn=admin-serv-%3chost%3e,cn=389>
> Administration Server,cn=Server
> Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> cn: Configuration
>
> nsDirectoryInfoRef: cn=Server
> Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> nsAdminAccessAddresses: *
>
> nsSuiteSpotUser: nobody
>
> nsAdminEnableDSGW: on
>
> nsAdminCacheLifetime: 600
>
> nsDefaultAcceptLanguage: en
>
> nsServerAddress: 0.0.0.0
>
> nsAdminOneACLDir: adminacl
>
> nsErrorLog: /var/log/dirsrv/admin-serv/error
>
> nsAdminUsers: /etc/dirsrv/admin-serv/admpw
>
> nsPidLog: admin-serv.pid
>
> nsAccessLog: /var/log/dirsrv/admin-serv/access
>
> nsAdminEnableEnduser: on
>
> nsServerSecurity: on
>
> admin-serv/error log after restarting admin-serv (also tried
> restarting dirsrv / dirsrv-admin):
>
> [Wed Feb 08 07:02:35 2012] [notice] caught SIGTERM, shutting down
>
> [Wed Feb 08 07:02:36 2012] [notice] SELinux policy enabled; httpd
> running as context unconfined_u:system_r:httpd_t:s0
>
> [Wed Feb 08 07:02:37 2012] [notice] Access Host filter is: *
>
> [Wed Feb 08 07:02:37 2012] [notice] Access Address filter is: *
>
> [Wed Feb 08 07:02:38 2012] [notice] Apache/2.2.15 (Unix)
> mod_nss/2.2.15 NSS/3.12.9.0 configured -- resuming normal operations
>
> [Wed Feb 08 07:02:38 2012] [notice] Access Host filter is: *
>
> [Wed Feb 08 07:02:38 2012] [notice] Access Address filter is: *
>
> [Wed Feb 08 07:03:07 2012] [notice] [client <client ip>]
> admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>
>
> [Wed Feb 08 07:03:07 2012] [notice] [client <client ip>]
> admserv_check_authz(): passing [/admin-serv/authenticate] to the
> userauth handler
>
> [Wed Feb 08 07:17:10 2012] [notice] [client <client ip>]
> admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>
>
> [Wed Feb 08 07:17:10 2012] [notice] [client <client ip>]
> admserv_check_authz(): passing [/admin-serv/authenticate] to the
> userauth handler
>
> [Wed Feb 08 07:17:17 2012] [notice] [client <client ip>]
> admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>
>
> I'm still getting the could not resolve notices, and noticed that the
> Access Host filter is still '*', picking up a default somewhere?
>
> (I don't know why it can't resolve either, nslookup / host can both
> resolve ip's to hostnames and vice versa).
>
> Did you restart the admin server after making this change?
>
>
>
> Brett
>
> *From:*Rich Megginson [mailto:rmeggins@redhat.com]
> *Sent:* 08 February 2012 00:57
> *To:* MATON Brett
> *Cc:* General discussion list for the 389 Directory server project.
> *Subject:* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/07/2012 03:23 PM, MATON Brett wrote:
>
> Hi Rich,
>
> I tried this and got the following error :
>
> Enter LDAP Password:
>
> dn: cn=configuration,cn=admin-serv-<host>,cn=389 Administration Server,cn=
>
> Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot
>
> changetype: modify
>
> replace: nsAdminAccessAddresses nsAdminAccessHosts
>
> nsAdminAccessAddresses: *
>
> nsAdminAccessHosts:
>
> ldapmodify: wrong attributeType at line 4, entry
> "cn=configuration,cn=admin-serv-<host>,cn=389 Administration
> Server,cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot"
>
> Does this mean anything to you?
>
> Yes, a typo on the wiki page. I've updated the page.
>
>
>
>
> Thanks,
>
> Brett
>
> *De :*Rich Megginson [mailto:rmeggins@redhat.com]
> *Envoyé :* mardi 7 février 2012 15:18
> *À :* General discussion list for the 389 Directory server project.
> *Cc :* MATON Brett
> *Objet :* Re: [389-users] admserv_host_ip_check: ap_get_remote_host
> could not resolve
>
> On 02/07/2012 01:05 AM, MATON Brett wrote:
>
> How can I stop admin server from logging theses messages?
>
> I realize from the console.conf file that the messages are created
> because HostnameLookups is Off.
>
> My /etc/dirsrv.admin-serv/httpd.conf file has LogLevel set to warn, so
> why is it logging notice messages?
>
> I'm probably overlooking some other configuration file somewhere.
>
> Any help appreciated
>
> As a side note, why is it whining about name resolution when the
> configuration specifically says Don't do name lookups?
>
> http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt
>
>
>
>
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB**
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>
> -------------------------------------------------------------------
>
> *GreeNRB
> */NRB considers its environmental responsibility and goes for green IT./
> /May we ask you to consider yours before printing this e-mail? /**
>
> *NRB, daring to commit
> */This e-mail and any attachments, which may contain information that
> is confidential and/or protected by intellectual property rights, are
> intended for the exclusive use of the above-mentioned addressee(s).
> Any use (including reproduction, disclosure and whole or partial
> distribution in any form whatsoever) of their content is prohibited
> without prior authorization of NRB. If you have received this message
> by error, please contact the sender promptly by resending this e-mail
> back to him (her), or by calling the above number. Thank you for
> subsequently deleting this e-mail and any files attached thereto./
>