The 'they' I am referring to are the two accounts: 1- "admin", and 2- "cn=Directory Manager" .
As for the error message, this is what I see in the little dialog box that pops up after a failed attempted:
[ Error ]
Cannot logon because of an incorrect User ID, Incorrect password or Directory problem.
HttpException:
Response: HTTP/1.1 401 Authorization Required
Status: 401
URL: http://localhost:9830/admin-serv/authenticate
[OK]
/////////////
As for which field(s) I updated the single one-liner in the /etc/dirsrv/admin-serv/admpq file, and yes - I definitely included the {SHA}<gibberish> hash into the file, overwriting the original. P.S. I did make a backup copy of the original -admpw.orig.
I also updated the hash for "cn=Directory Manager" inside the /etc/dirsrv/slapd-E2WAN/dse.ldif file updating the nsslapd-rootpw: to have an {SSHA}<gibberish> hash.
///////////
As you suggested, I looked into the /var/log/dirsrv/slapd-E2WAN/errors file, I decided to purposely restart the whole server and at the very bottom, I found the following:
[05/Apr/2016:15:43:01 -0400] - Information: Non-Secure Port Disabled
[05/Apr/2016:15:43:01 -0400] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert wsf-LabLDAP.crt of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 - Peer's Certificate has expired.)
[05/Apr/2016:15:43:01 -0400] - 389-Directory/1.2.11.15 B2014.314.1342 starting up
[05/Apr/2016:15:43:02 -0400] - slapd started. Listening on All Interfaces port 636 for LDAPS requests
What draws my attention is the second line of output, SSL alert: CERT_VerifyCertificateNow etc... etc... etc... I would like to update the certificate, because I did generate a new CA-signed certificate with the same name wsf-LabLDAP.crt; and I did copy it into the same folder that the original 'expired' certificate was stored in.
I also looked into the /var/log/dirsrv/slapd-E2WAN/access file, after the same reboot, and found the following:
[05/Apr/2016:15:43:03 -0400] conn=1 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:43:03 -0400] conn=1 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
[05/Apr/2016:15:43:03 -0400] conn=2 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:43:03 -0400] conn=2 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
[05/Apr/2016:15:43:04 -0400] conn=3 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:43:04 -0400] conn=3 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
[05/Apr/2016:15:43:04 -0400] conn=4 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:43:04 -0400] conn=4 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
[05/Apr/2016:15:43:09 -0400] conn=5 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:43:09 -0400] conn=5 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
[05/Apr/2016:15:43:10 -0400] conn=6 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:43:10 -0400] conn=6 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
[05/Apr/2016:15:44:34 -0400] conn=7 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:44:34 -0400] conn=7 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
[05/Apr/2016:15:46:52 -0400] conn=8 fd=64 slot=64 SSL connection from 192.168.2.243 to 192.168.2.243
[05/Apr/2016:15:46:52 -0400] conn=8 op=-1 fd=64 closed - SSL peer cannot verify your certificate.
I don't know how to fix this problem.
I hope I provided proper and full details for your questions. I don't mind sharing clear text passwords, the real system is not reachable from the internet, and I am having this problem also in my virtual lab (where the data from above is copy/pasted).
Thank you.
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
No comments:
Post a Comment