On Jan 5, 2016, at 10:57, Noriko Hosoi <nhosoi(a)redhat.com>
wrote:
Could you also tell us the version of the 389-admin and adminutil?
rpm -q 389-admin 389-adminutil
Installed Packages
389-admin.x86_64 1.1.38-1.el7 @epel
389-adminutil.x86_64 1.1.21-2.el7 @epel
389-ds-base.x86_64 1.3.4.0-21.el7_2 @updates
389-ds-base-libs.x86_64 1.3.4.0-21.el7_2 @updates
On Jan 5, 2016, at 07:30, Rich Megginson <rmeggins(a)redhat.com>
wrote:
OK. So it is possible that the problem is that we don't clearly document how to blow
everything away and start over from scratch. The setup-ds-admin.pl --force is supposed to
do that, but perhaps it has a bug.
Honestly, I hadn’t looked. I just figured if I were going to blow away an installation I
mostly didn’t care about anyway, I may as well do a thorough job of it... ;-)
Does it work if you enable anonymous access and/or disable secure
binds?
```
root# ldapmodify blah blah blah <<EOMODIFY
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: on
EOMODIFY
root# systemctl restart dirsrv@${instance}
```
Click the “StartConfigDS” button on the web page and get the same error. I get nothing out
of slapd-${instance}/errors log file, and this out of the slapd-${instance}/access log:
```
[05/Jan/2016:19:31:07 -0800] conn=1 fd=64 slot=64 SSL connection from ${correct_ip} to
${correct_ip}
[05/Jan/2016:19:31:08 -0800] conn=1 TLS1.2 256-bit AES
[05/Jan/2016:19:31:08 -0800] conn=1 op=0 BIND dn="cn=admin-serv-$(hostname -s),cn=389
Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname
-d),o=NetscapeRoot" method=128 version=3
[05/Jan/2016:19:31:08 -0800] conn=1 op=0 RESULT err=53 tag=97 nentries=0 etime=1
[05/Jan/2016:19:31:08 -0800] conn=1 op=1 SRCH
base="cn=configuration,cn=admin-serv-$(hostname -s),cn=389 Administration
Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" scope=0
filter="(objectClass=nsDirectoryInfo)" attrs=ALL
[05/Jan/2016:19:31:08 -0800] conn=1 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[05/Jan/2016:19:31:08 -0800] conn=1 op=2 UNBIND
[05/Jan/2016:19:31:08 -0800] conn=1 op=2 fd=64 closed - U1
[05/Jan/2016:19:31:08 -0800] conn=2 fd=65 slot=65 SSL connection from ${correct_ip} to
${correct_ip}
[05/Jan/2016:19:31:08 -0800] conn=2 TLS1.2 256-bit AES
[05/Jan/2016:19:31:08 -0800] conn=2 op=0 BIND dn="cn=admin-serv-$(hostname -s),cn=389
Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname
-d),o=NetscapeRoot" method=128 version=3
[05/Jan/2016:19:31:08 -0800] conn=2 op=0 RESULT err=53 tag=97 nentries=0 etime=0
[05/Jan/2016:19:31:08 -0800] conn=2 op=1 SRCH
base="cn=configuration,cn=admin-serv-$(hostname -s),cn=389 Administration
Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" scope=0
filter="(objectClass=nsDirectoryInfo)" attrs=ALL
[05/Jan/2016:19:31:08 -0800] conn=2 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[05/Jan/2016:19:31:08 -0800] conn=2 op=2 UNBIND
[05/Jan/2016:19:31:08 -0800] conn=2 op=2 fd=65 closed - U1
```
RESULT err=53 is LDAP_UNWILLING_TO_PERFORM on the BIND[1]? But it still accepts and runs
(err=0) the SRCH, returning an empty result (nentries=0)? The secure connection portion
seems fine to me, but I can try un-setting that if someone thinks it will advance the
troubleshooting.
Thanks!
David
[1]:
http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes
--
David - Offbeat
dafydd - Online
http://pgp.mit.edu/
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Pavlov walks into a bar. The phone rings and he says,
"Damn! I forgot to feed the dog!"