Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in
error, please notify the sender immediately by telephone and destroy the copies you received.
------------------------------------------------------------------------
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in
error, please notify the sender immediately by telephone and destroy the copies you received.
------------------------------------------------------------------------
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Bliss, Aaron wrote:
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Yes. Please read http://directory.fedora.redhat.com/wiki/Release_Notes :
Finally, run setup as follows:
cd /opt/fedora-ds ; ./setup/setup
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in
error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Richard Megginson wrote:
Bliss, Aaron wrote:
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Yes. Please read http://directory.fedora.redhat.com/wiki/Release_Notes :
Finally, run setup as follows:
cd /opt/fedora-ds ; ./setup/setup
refering to the release notes there is no need to run setup again after upgrade. just restart the DS service and admin service. I already try this and the system runs well.
Well, unfortunately I'm still having the same problems, even after disabling all password policies in the directory; I'm still getting the constraint violation error as well as the ApacheDir directory error not found; can you tell me what the ApacheDir directory is suppose to be? I'll manually create it and try upgrading again; also, do I need to install fds 1.0.3 before installing fds 1.0.4? Thanks again.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of sigid@JINLab Sent: Tuesday, February 20, 2007 2:19 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Richard Megginson wrote:
Bliss, Aaron wrote:
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Yes. Please read
http://directory.fedora.redhat.com/wiki/Release_Notes :
Finally, run setup as follows:
cd /opt/fedora-ds ; ./setup/setup
refering to the release notes there is no need to run setup again after upgrade. just restart the DS service and admin service. I already try this and the system runs well.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
Bliss, Aaron wrote:
Well, unfortunately I'm still having the same problems, even after disabling all password policies in the directory; I'm still getting the constraint violation error
Weird. Can you find err=19 in your directory server access log?
as well as the ApacheDir directory error not found; can you tell me what the ApacheDir directory is suppose to be?
I think you can ignore this.
I'll manually create it and try upgrading again; also, do I need to install fds 1.0.3 before installing fds 1.0.4?
No. You should be able to go straight from 1.0.2 to 1.0.4.
Thanks again.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of sigid@JINLab Sent: Tuesday, February 20, 2007 2:19 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Richard Megginson wrote:
Bliss, Aaron wrote:
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Yes. Please read
http://directory.fedora.redhat.com/wiki/Release_Notes :
Finally, run setup as follows:
cd /opt/fedora-ds ; ./setup/setup
refering to the release notes there is no need to run setup again after upgrade. just restart the DS service and admin service. I already try this and the system runs well. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF2qDfa2bg8QmXta0RAifJAJ9to51/Ceqwx7+CFXMhLRfSceUX6ACgp4Ty ZMd8mpL6lzIx6+CGraMad38= =8yKr -----END PGP SIGNATURE-----
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Yep, err=19 was in the output log...
[21/Feb/2007:17:08:01 -0500] conn=0 fd=64 slot=64 connection from 172.16.1.126 to 172.16.1.126 [21/Feb/2007:17:08:01 -0500] conn=0 op=0 BIND dn="" method=128 version=3 [21/Feb/2007:17:08:01 -0500] conn=0 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [21/Feb/2007:17:08:01 -0500] conn=0 op=1 SRCH base="cn=monitor" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:01 -0500] conn=0 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:01 -0500] conn=0 op=2 BIND dn="" method=128 version=3 [21/Feb/2007:17:08:01 -0500] conn=0 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [21/Feb/2007:17:08:01 -0500] conn=0 op=3 SRCH base="o=NetscapeRoot" scope=2 filter="(uid=admin)" attrs=ALL [21/Feb/2007:17:08:01 -0500] conn=0 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:01 -0500] conn=0 op=4 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128 version=3 [21/Feb/2007:17:08:01 -0500] conn=0 op=4 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [21/Feb/2007:17:08:01 -0500] conn=0 op=5 SRCH base="cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org, o=NetscapeRoot" scope=2 filter="(&(objectClass=nsApplication)(nsNickName=slapd)(nsInstalledLocat ion=/opt/fedora-ds))" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=5 RESULT err=0 tag=101 nentries=1 etime=1 [21/Feb/2007:17:08:02 -0500] conn=0 op=6 SRCH base="cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=7 MOD dn="cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" [21/Feb/2007:17:08:02 -0500] conn=0 op=7 RESULT err=0 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=8 SRCH base="cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" scope=1 filter="(objectClass=nsDirectoryServer)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=9 SRCH base="cn=slapd-al-lnx-s11, cn=Fedora Directory Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org, o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=10 SRCH base="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [21/Feb/2007:17:08:02 -0500] conn=0 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t", invalid password syntax [21/Feb/2007:17:08:02 -0500] conn=0 op=12 UNBIND [21/Feb/2007:17:08:02 -0500] conn=0 op=12 fd=64 closed - U1
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Wednesday, February 21, 2007 3:54 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Well, unfortunately I'm still having the same problems, even after disabling all password policies in the directory; I'm still getting
the
constraint violation error
Weird. Can you find err=19 in your directory server access log?
Yes, I found the error, it reads conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 -I'm not sure what this means, but it may be meaningful to you
as well as the ApacheDir directory error not found; can you tell me what the ApacheDir directory is suppose to be?
I think you can ignore this.
I'll manually create it and try upgrading again; also, do I need to install fds 1.0.3 before installing fds 1.0.4?
No. You should be able to go straight from 1.0.2 to 1.0.4.
Thanks again.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of sigid@JINLab Sent: Tuesday, February 20, 2007 2:19 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Richard Megginson wrote:
Bliss, Aaron wrote:
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Yes. Please read
http://directory.fedora.redhat.com/wiki/Release_Notes :
Finally, run setup as follows:
cd /opt/fedora-ds ; ./setup/setup
refering to the release notes there is no need to run setup again
after
upgrade. just restart the DS service and admin service. I already try this and the system runs well. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF2qDfa2bg8QmXta0RAifJAJ9to51/Ceqwx7+CFXMhLRfSceUX6ACgp4Ty ZMd8mpL6lzIx6+CGraMad38= =8yKr -----END PGP SIGNATURE-----
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Confidentiality Notice: The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t", invalid password syntax
This means that there is still some password policy being applied. I'm not sure what's going on, but you need to make sure all password policy is disabled before running setup.
I thought that you might say that...I'm not really sure where else there would be a password policy getting applied, is there any kind of custom ldap query that I would use to figure what dn's the policy is defined at? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied. I'm not sure what's going on, but you need to make sure all password policy is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else there would be a password policy getting applied, is there any kind of custom ldap query that I would use to figure what dn's the policy is defined at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied. I'm not sure what's going on, but you need to make sure all password policy is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
I had both in place; a few users had individual password policies that I disabled, as well as a global password policy
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else
there
would be a password policy getting applied, is there any kind of
custom
ldap query that I would use to figure what dn's the policy is defined at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied.
I'm
not sure what's going on, but you need to make sure all password
policy
is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Bliss, Aaron wrote:
I had both in place; a few users had individual password policies that I disabled, as well as a global password policy
I just don't know. The DN in question is under o=NetscapeRoot - I doubt you would have applied any user or subtree password policy there, so it must be the global password policy. Are you using the console? Can you verify that global password policy is disabled?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else
there
would be a password policy getting applied, is there any kind of
custom
ldap query that I would use to figure what dn's the policy is defined at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied.
I'm
not sure what's going on, but you need to make sure all password
policy
is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
More progress; I've been able to find the lonely password policy that wasn't disabled; turns out the entire policy had to be disabled, not just the password syntax checking piece; so the setup piece finished without a hitch, Directory server shows version 1.0.4, however my userid is still unable to log into the console; this is so peculiar; I'm able to login as admin only; the directory console error log shows "user myuserid not found: /admin-serv/authenticate"; I've verified that myuserid is listed as follows; after logging into the console with the admin account, servername, server group, right click Administration Server, set access permissions; I did the same for the Directory Server. I'm just not sure what/where else to check...it's almost as if authenticating to the console is only searching the Netscape root, not the user directory database...Any other ideas? Thanks again.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:56 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
I had both in place; a few users had individual password policies that
I
disabled, as well as a global password policy
I just don't know. The DN in question is under o=NetscapeRoot - I doubt
you would have applied any user or subtree password policy there, so it must be the global password policy. Are you using the console? Can you
verify that global password policy is disabled?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else
there
would be a password policy getting applied, is there any kind of
custom
ldap query that I would use to figure what dn's the policy is defined at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied.
I'm
not sure what's going on, but you need to make sure all password
policy
is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this
information
is prohibited. If you have received this communication in error,
please
notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Bliss, Aaron wrote:
More progress; I've been able to find the lonely password policy that wasn't disabled; turns out the entire policy had to be disabled, not just the password syntax checking piece; so the setup piece finished without a hitch, Directory server shows version 1.0.4, however my userid is still unable to log into the console; this is so peculiar; I'm able to login as admin only; the directory console error log shows "user myuserid not found: /admin-serv/authenticate"; I've verified that myuserid is listed as follows; after logging into the console with the admin account, servername, server group, right click Administration Server, set access permissions; I did the same for the Directory Server. I'm just not sure what/where else to check...it's almost as if authenticating to the console is only searching the Netscape root, not the user directory database...Any other ideas? Thanks again.
So, before the upgrade, you were able to login to the console using a regular user account, and now you are not able to? Did you login with just your uid or did you have to specify your full DN?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 10:56 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
I had both in place; a few users had individual password policies that
I
disabled, as well as a global password policy
I just don't know. The DN in question is under o=NetscapeRoot - I doubt
you would have applied any user or subtree password policy there, so it must be the global password policy. Are you using the console? Can you
verify that global password policy is disabled?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else
there
would be a password policy getting applied, is there any kind of
custom
ldap query that I would use to figure what dn's the policy is defined at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied.
I'm
not sure what's going on, but you need to make sure all password
policy
is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this
information
is prohibited. If you have received this communication in error,
please
notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Yes, before the upgrade I was able to login with my userid, was not fully qualified; I just tried fully qualifying my userid and it works...not sure if this is a bug...
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 2:22 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
More progress; I've been able to find the lonely password policy that wasn't disabled; turns out the entire policy had to be disabled, not just the password syntax checking piece; so the setup piece finished without a hitch, Directory server shows version 1.0.4, however my
userid
is still unable to log into the console; this is so peculiar; I'm able to login as admin only; the directory console error log shows "user myuserid not found: /admin-serv/authenticate"; I've verified that myuserid is listed as follows; after logging into the console with the admin account, servername, server group, right click Administration Server, set access permissions; I did the same for the Directory
Server.
I'm just not sure what/where else to check...it's almost as if authenticating to the console is only searching the Netscape root, not the user directory database...Any other ideas? Thanks again.
So, before the upgrade, you were able to login to the console using a regular user account, and now you are not able to? Did you login with just your uid or did you have to specify your full DN?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:56 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I had both in place; a few users had individual password policies
that
I
disabled, as well as a global password policy
I just don't know. The DN in question is under o=NetscapeRoot - I
doubt
you would have applied any user or subtree password policy there, so
it
must be the global password policy. Are you using the console? Can
you
verify that global password policy is disabled?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else
there
would be a password policy getting applied, is there any kind of
custom
ldap query that I would use to figure what dn's the policy is
defined
at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied.
I'm
not sure what's going on, but you need to make sure all password
policy
is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of
this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this
information
is prohibited. If you have received this communication in error,
please
notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Bliss, Aaron wrote:
Yes, before the upgrade I was able to login with my userid, was not fully qualified; I just tried fully qualifying my userid and it works...not sure if this is a bug...
I'm really surprised that it ever worked. Did you have to do anything to make that work? I don't know how to make the console dialog box search somewhere other than o=NetscapeRoot.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 2:22 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
More progress; I've been able to find the lonely password policy that wasn't disabled; turns out the entire policy had to be disabled, not just the password syntax checking piece; so the setup piece finished without a hitch, Directory server shows version 1.0.4, however my
userid
is still unable to log into the console; this is so peculiar; I'm able to login as admin only; the directory console error log shows "user myuserid not found: /admin-serv/authenticate"; I've verified that myuserid is listed as follows; after logging into the console with the admin account, servername, server group, right click Administration Server, set access permissions; I did the same for the Directory
Server.
I'm just not sure what/where else to check...it's almost as if authenticating to the console is only searching the Netscape root, not the user directory database...Any other ideas? Thanks again.
So, before the upgrade, you were able to login to the console using a regular user account, and now you are not able to? Did you login with just your uid or did you have to specify your full DN?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:56 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I had both in place; a few users had individual password policies
that
I
disabled, as well as a global password policy
I just don't know. The DN in question is under o=NetscapeRoot - I
doubt
you would have applied any user or subtree password policy there, so
it
must be the global password policy. Are you using the console? Can
you
verify that global password policy is disabled?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else
there
would be a password policy getting applied, is there any kind of
custom
ldap query that I would use to figure what dn's the policy is
defined
at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied.
I'm
not sure what's going on, but you need to make sure all password
policy
is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of
this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this
information
is prohibited. If you have received this communication in error,
please
notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
No, never had to fully qualify my uid before...at any rate, thanks very much for working thru this with me...All seems okay.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Thursday, February 22, 2007 2:46 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Yes, before the upgrade I was able to login with my userid, was not fully qualified; I just tried fully qualifying my userid and it works...not sure if this is a bug...
I'm really surprised that it ever worked. Did you have to do anything to make that work? I don't know how to make the console dialog box search somewhere other than o=NetscapeRoot.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 2:22 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
More progress; I've been able to find the lonely password policy that wasn't disabled; turns out the entire policy had to be disabled, not just the password syntax checking piece; so the setup piece finished without a hitch, Directory server shows version 1.0.4, however my
userid
is still unable to log into the console; this is so peculiar; I'm
able
to login as admin only; the directory console error log shows "user myuserid not found: /admin-serv/authenticate"; I've verified that myuserid is listed as follows; after logging into the console with
the
admin account, servername, server group, right click Administration Server, set access permissions; I did the same for the Directory
Server.
I'm just not sure what/where else to check...it's almost as if authenticating to the console is only searching the Netscape root,
not
the user directory database...Any other ideas? Thanks again.
So, before the upgrade, you were able to login to the console using a regular user account, and now you are not able to? Did you login with
just your uid or did you have to specify your full DN?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:56 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I had both in place; a few users had individual password policies
that
I
disabled, as well as a global password policy
I just don't know. The DN in question is under o=NetscapeRoot - I
doubt
you would have applied any user or subtree password policy there, so
it
must be the global password policy. Are you using the console? Can
you
verify that global password policy is disabled?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
I thought that you might say that...I'm not really sure where else
there
would be a password policy getting applied, is there any kind of
custom
ldap query that I would use to figure what dn's the policy is
defined
at? Thanks.
Are you using global password policy or per-user/per-subtree?
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Thursday, February 22, 2007 10:02 AM To: General discussion list for the Fedora Directory server
project.
Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Yep, err=19 was in the output log...
<snip>
[21/Feb/2007:17:08:02 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 [21/Feb/2007:17:08:02 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t", invalid password syntax
This means that there is still some password policy being applied.
I'm
not sure what's going on, but you need to make sure all password
policy
is disabled before running setup.
Confidentiality Notice: The information contained in this electronic message is intended
for
the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of
this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this
information
is prohibited. If you have received this communication in error,
please
notify the sender immediately by telephone and destroy the copies
you
received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
After doing some more reading, I did run the setup script, however I'm still having the login issue with my userid; I also seem to have a few other problems; any help would be much appreciated.
[slapd-al-lnx-s11]: starting up server ... [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 (/opt/fedora-ds/slapd-al-lnx-s11) [slapd-al-lnx-s11]: [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - Fedora-Directory/1.0.4 B2006.312.435 starting up [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over SSL FAILED [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and requires administrator action [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests
NMC_Status: 0 NMC_Description: Success! The server has been started.
Start Slapd Starting Slapd server reconfiguration. Fatal Slapd ERROR: Could not update Directory Server Instance URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id admin DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t (19:Constraint violation) Configuring Administration Server... InstallInfo: Apache Directory "ApacheDir" is missing. /opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... Restarting Directory Server: /opt/fedora-ds/slapd-al-lnx-s11/start-slapd
You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/
INFO Finished with setup, logfile is setup/setup.log
-----Original Message----- From: Bliss, Aaron Sent: Monday, February 19, 2007 12:26 PM To: Bliss, Aaron; General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in
error, please notify the sender immediately by telephone and destroy the copies you received.
------------------------------------------------------------------------
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Bliss, Aaron wrote:
After doing some more reading, I did run the setup script, however I'm still having the login issue with my userid; I also seem to have a few other problems; any help would be much appreciated.
[slapd-al-lnx-s11]: starting up server ... [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 (/opt/fedora-ds/slapd-al-lnx-s11) [slapd-al-lnx-s11]: [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - Fedora-Directory/1.0.4 B2006.312.435 starting up [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over SSL FAILED [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin - agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and requires administrator action
I think these are ok - ssl is disabled during the upgrade and reenabled at the end - see below.
[slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests
NMC_Status: 0 NMC_Description: Success! The server has been started.
Start Slapd Starting Slapd server reconfiguration. Fatal Slapd ERROR: Could not update Directory Server Instance URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id admin DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo t (19:Constraint violation)
This means password policy was not disabled during the upgrade - as specified in the Release Notes - http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_Serve...
Configuring Administration Server... InstallInfo: Apache Directory "ApacheDir" is missing.
This may be a consequence of the constraint violation above.
/opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... Restarting Directory Server: /opt/fedora-ds/slapd-al-lnx-s11/start-slapd
You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/
INFO Finished with setup, logfile is setup/setup.log
-----Original Message----- From: Bliss, Aaron Sent: Monday, February 19, 2007 12:26 PM To: Bliss, Aaron; General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Well, I checked out the release notes, and disabled all syntax checking in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is still running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or the console has lost the configuration piece that allows my uid to login); I remember setting this thru the console way back when I originally setup fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in
error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Thanks for pointing these out; I decided to restore the old fds instance that I had and will work try this on a test box. More to follow.
Aaron
-----Original Message----- From: Richard Megginson [mailto:rmeggins@redhat.com] Sent: Monday, February 19, 2007 1:02 PM To: General discussion list for the Fedora Directory server project. Cc: Bliss, Aaron Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
After doing some more reading, I did run the setup script, however I'm still having the login issue with my userid; I also seem to have a few other problems; any help would be much appreciated.
[slapd-al-lnx-s11]: starting up server ... [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 (/opt/fedora-ds/slapd-al-lnx-s11) [slapd-al-lnx-s11]: [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - Fedora-Directory/1.0.4 B2006.312.435 starting up [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin
-
agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over SSL FAILED [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin
-
agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and
requires
administrator action
I think these are ok - ssl is disabled during the upgrade and reenabled at the end - see below.
[slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests
NMC_Status: 0 NMC_Description: Success! The server has been started.
Start Slapd Starting Slapd server reconfiguration. Fatal Slapd ERROR: Could not update Directory Server Instance URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id
admin
DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t (19:Constraint violation)
This means password policy was not disabled during the upgrade - as specified in the Release Notes - http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_S erver_1.0.4_-_11.2F09.2F2006
Configuring Administration Server... InstallInfo: Apache Directory "ApacheDir" is missing.
This may be a consequence of the constraint violation above.
/opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... Restarting Directory Server:
/opt/fedora-ds/slapd-al-lnx-s11/start-slapd
You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/
INFO Finished with setup, logfile is setup/setup.log
-----Original Message----- From: Bliss, Aaron Sent: Monday, February 19, 2007 12:26 PM To: Bliss, Aaron; General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Well, I checked out the release notes, and disabled all syntax
checking
in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is
still
running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or
the
console has lost the configuration piece that allows my uid to login);
I
remember setting this thru the console way back when I originally
setup
fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the
directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of
this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication
in
error, please notify the sender immediately by telephone and destroy the copies you received.
------------------------------------------------------------------------
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
I attempted to run the following with of course a good directory manager password: ldapmodify -x -D "cn=directory manager" -w password dn: cn=config changetype: modify replace: passwordCheckSyntax passwordCheckSyntax: off
And receive a response saying" modifying entry "cn=config" however it doesn't seem that the command ever completes, as control isn't returned back to the command line (I apologize for the newbie questions, however I'm not all that familiar with editing ldap entries from the command line). Thanks.
Aaron
-----Original Message----- From: Richard Megginson [mailto:rmeggins@redhat.com] Sent: Monday, February 19, 2007 1:02 PM To: General discussion list for the Fedora Directory server project. Cc: Bliss, Aaron Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
After doing some more reading, I did run the setup script, however I'm still having the login issue with my userid; I also seem to have a few other problems; any help would be much appreciated.
[slapd-al-lnx-s11]: starting up server ... [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 (/opt/fedora-ds/slapd-al-lnx-s11) [slapd-al-lnx-s11]: [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - Fedora-Directory/1.0.4 B2006.312.435 starting up [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin
-
agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over SSL FAILED [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin
-
agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and
requires
administrator action
I think these are ok - ssl is disabled during the upgrade and reenabled at the end - see below.
[slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests
NMC_Status: 0 NMC_Description: Success! The server has been started.
Start Slapd Starting Slapd server reconfiguration. Fatal Slapd ERROR: Could not update Directory Server Instance URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id
admin
DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t (19:Constraint violation)
This means password policy was not disabled during the upgrade - as specified in the Release Notes - http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_S erver_1.0.4_-_11.2F09.2F2006
Configuring Administration Server... InstallInfo: Apache Directory "ApacheDir" is missing.
This may be a consequence of the constraint violation above.
/opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... Restarting Directory Server:
/opt/fedora-ds/slapd-al-lnx-s11/start-slapd
You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/
INFO Finished with setup, logfile is setup/setup.log
-----Original Message----- From: Bliss, Aaron Sent: Monday, February 19, 2007 12:26 PM To: Bliss, Aaron; General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Well, I checked out the release notes, and disabled all syntax
checking
in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is
still
running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or
the
console has lost the configuration piece that allows my uid to login);
I
remember setting this thru the console way back when I originally
setup
fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the
directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of
this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication
in
error, please notify the sender immediately by telephone and destroy the copies you received.
------------------------------------------------------------------------
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Bliss, Aaron wrote:
I attempted to run the following with of course a good directory manager password: ldapmodify -x -D "cn=directory manager" -w password dn: cn=config changetype: modify replace: passwordCheckSyntax passwordCheckSyntax: off
And receive a response saying" modifying entry "cn=config" however it doesn't seem that the command ever completes, as control isn't returned back to the command line (I apologize for the newbie questions, however I'm not all that familiar with editing ldap entries from the command line). Thanks.
You have to type Ctrl-D (the EOF character) to tell ldapmodify you are done. Also, your modify command must be followed by a blank line, so after the last character input, type Enter, Enter, then Ctrl-D. After typing the second Enter, you should see some feedback about your operation from ldapmodify.
Aaron
-----Original Message----- From: Richard Megginson [mailto:rmeggins@redhat.com] Sent: Monday, February 19, 2007 1:02 PM To: General discussion list for the Fedora Directory server project. Cc: Bliss, Aaron Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds 1.0.4
Bliss, Aaron wrote:
After doing some more reading, I did run the setup script, however I'm still having the login issue with my userid; I also seem to have a few other problems; any help would be much appreciated.
[slapd-al-lnx-s11]: starting up server ... [slapd-al-lnx-s11]: Fedora-Directory/1.0.4 B2006.312.435 [slapd-al-lnx-s11]: al-lnx-s11.preferredcare.org:389 (/opt/fedora-ds/slapd-al-lnx-s11) [slapd-al-lnx-s11]: [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - Fedora-Directory/1.0.4 B2006.312.435 starting up [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin
agmt="cn=rep2" (ms-lnx-s12:636): SSL Not Initialized, Replication over SSL FAILED [slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] NSMMReplicationPlugin
agmt="cn=rep2" (ms-lnx-s12:636): Incremental update failed and
requires
administrator action
I think these are ok - ssl is disabled during the upgrade and reenabled at the end - see below.
[slapd-al-lnx-s11]: [19/Feb/2007:12:33:16 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests
NMC_Status: 0 NMC_Description: Success! The server has been started.
Start Slapd Starting Slapd server reconfiguration. Fatal Slapd ERROR: Could not update Directory Server Instance URL ldap://al-lnx-s11.preferredcare.org:389/o=NetscapeRoot user id
admin
DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server
Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoo
t (19:Constraint violation)
This means password policy was not disabled during the upgrade - as specified in the Release Notes - http://directory.fedora.redhat.com/wiki/Release_Notes#Fedora_Directory_S erver_1.0.4_-_11.2F09.2F2006
Configuring Administration Server... InstallInfo: Apache Directory "ApacheDir" is missing.
This may be a consequence of the constraint violation above.
/opt/fedora-ds/slapd-al-lnx-s11/config/dse.ldif: SSL on ... Restarting Directory Server:
/opt/fedora-ds/slapd-al-lnx-s11/start-slapd
You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds /startconsole -u admin -a http://al-lnx-s11.preferredcare.org:1505/
INFO Finished with setup, logfile is setup/setup.log
-----Original Message----- From: Bliss, Aaron Sent: Monday, February 19, 2007 12:26 PM To: Bliss, Aaron; General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
I should mention that I didn't run setup after upgrading the rpm; is this necessary? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Bliss, Aaron Sent: Monday, February 19, 2007 12:07 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Well, I checked out the release notes, and disabled all syntax
checking
in all password policies before upgrading; upgrade seems to have gone okay, however I'm not unable to log into the directory server console; directory server is running: ldap 32287 7.7 2.3 522820 24416 ? Sl 12:01 0:00 /ns-slapd -D /opt/fedora-ds/slapd-al-lnx-s11 -i /opt/fedora-ds/slapd-al-lnx-s11/logs/pid -w root 32374 1.0 0.3 35372 3256 ? Ssl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co root 32376 0.0 0.1 35356 1672 ? S 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co ldap 32379 4.0 0.4 704088 4928 ? Sl 12:02 0:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/co
I can however login with the built-in admin account; I'm also able to still log into the console on the slave directory server (which is
still
running fds 1.0.2); login error is error 401 Authorization required; next line displays status 401. Queries to the server seem to be okay; It seems almost as if the console either isn't searching the proper directory (like it's searching the Netscape directory name space or
the
console has lost the configuration piece that allows my uid to login);
I
remember setting this thru the console way back when I originally
setup
fds, however I can't find where that option is thru the gui; any ideas how to further troubleshoot? Thanks.
Aaron
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Richard
Megginson Sent: Monday, February 19, 2007 10:41 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Preparing to upgrade to fds
1.0.4
Bliss, Aaron wrote:
Hi everyone I'm currently running fds 1.0.2 on 2 redhat boxes (a master and a slave); are there any gotchas that I should look out for before upgrading to 1.0.4? Can I go directly to this release, or do I need to first upgrade to .3? Thanks for your help.
You can go directly from .2 to .4.
Be sure to read the release notes - http://directory.fedora.redhat.com/wiki/Release_Notes - and follow the
directions there.
Aaron
Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of
this
message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication
in
error, please notify the sender immediately by telephone and destroy the copies you received.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard Megginson wrote:
Bliss, Aaron wrote:
I attempted to run the following with of course a good directory manager password: ldapmodify -x -D "cn=directory manager" -w password dn: cn=config changetype: modify replace: passwordCheckSyntax passwordCheckSyntax: off
And receive a response saying" modifying entry "cn=config" however it doesn't seem that the command ever completes, as control isn't returned back to the command line (I apologize for the newbie questions, however I'm not all that familiar with editing ldap entries from the command line). Thanks.
You have to type Ctrl-D (the EOF character) to tell ldapmodify you are done. Also, your modify command must be followed by a blank line, so after the last character input, type Enter, Enter, then Ctrl-D. After typing the second Enter, you should see some feedback about your operation from ldapmodify.
Also, I find it much easier to create a file and use the -f option to point to it. Typos aren't such a big deal then and you don't have to remember it's ^D to complete the input :)
389-users@lists.fedoraproject.org
-
Bliss, Aaron -
Pete Rowley -
Rich Megginson -
sigid@JINLab