I would like to return to a problem that I have had since I first posted about it on Feb 29, 2012, and which was never resolved. I have been successfully running 2 FDS multi-masters since I installed them in ~2007, and which have been updated ever since with yum. My current package set is: 389-admin-1.1.38-1.fc21.x86_64 389-admin-console-1.1.8-7.fc21.noarch 389-admin-console-doc-1.1.8-7.fc21.noarch 389-adminutil-1.1.21-1.fc21.x86_64 389-console-1.1.7-7.fc21.noarch 389-ds-1.2.2-6.fc21.noarch 389-ds-base-1.3.3.8-1.fc21.x86_64 389-ds-base-devel-1.3.3.8-1.fc21.x86_64 389-ds-base-libs-1.3.3.8-1.fc21.x86_64 389-ds-console-1.2.7-4.fc21.noarch 389-ds-console-doc-1.2.7-4.fc21.noarch 389-dsgw-1.1.11-4.fc21.x86_64
The directory service is working fine. I use it only to authenticate user logins on ~dozen fedora clients. I can run 389-console on one of the masters, but not the other. I used to be able to run it before 2012. Now when I run 389-console and log in, I get: Cannot connect to the directory server: netscape.ldap.LDAPException: error result (32): No such object
I tried running setup-ds-admin.pl -u, but it yields: Configuration directory server URL [ldap://XXXX.org:389/o%3DNetscapeRoot]: Configuration directory server admin ID [uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot]: Configuration directory server admin password: Configuration directory server admin domain [org]: Could not authenticate as user 'uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot' to server 'ldap://XXXX.org:389/o%3DNetscapeRoot'. Error: No such object
I notice that when I start dirsrv-admin, I get the following message in /var/log/dirsrv/admin-serv/error: [:crit] [pid 18514:tid 140642010404992] populate_tasks_from_server(): Unable to search [cn=admin-serv-XXXX, cn=389 Administration Server, cn=Server Group, cn=XXXX.org, ou=org, o=NetscapeRoot] for LDAPConnection [XXXX.org:389]
Each server is its own configuration directory server. There is a replication agreement between the two servers, but only on userRoot, not NetscapeRoot.
I also note that ldapsearch -x -b "o=NetscapeRoot" on the problem server yields: # extended LDIF # # LDAPv3 # base <o=NetscapeRoot> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# NetscapeRoot dn: o=NetscapeRoot objectClass: top objectClass: organization o: NetscapeRoot
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
The same command on the working server produces a response with 46 entries and lots of good things in it. Did my NetscapeRoot somehow get emptied? How do I get it back?
I thought a "restoreconfig" command would help me, but I never did a "saveconfig" and don't have any /var/lib/dirsrv/slapd-XXXX/bak/*.ldif files. I do have a /var/lib/dirsrv/slapd-XXXX/ldif/XXXX-NetscapeRoot-2010_09_16_090402.ldif file, but it's quite old and from the documentation that I read, it says it is an "example" file. I do have backups in /var/lib/dirsrv/slapd-XXXX/bak/. Among others, I have ones from 2011_07_20_10_54_37/ and 2012_02_20_13_29_00/. I believe everything was working correctly in 2011, but not by 2012. Could this help in any way?
Alternatively, I just now did a saveconfig, and it produced an .ldif file with 146 entries! If I now restore from that file, might that fix things up? Can it hurt to try?
389-users@lists.fedoraproject.org