Wednesday, April 20, 2016

[389-users] Re: Admin-server connection

Touch!

I check the error logs i mentioned before and they go back to October 4th, but they don't indicate to me the change created the problem. My inclination is that some change occurred that change a key. So how do I track that back?

I tested this on my 389 DS server.

ldapsearch [-x] -D "cn=directory manager" -W -b "cn=admin-serv-zigzag,cn=389 Administration Server,cn=Server Group,cn=zigzag.ccbox.com,ou=ccbox.com,o=NetscapeRoot"

The result was:

# search result
search: 2
result: 0 Success

# numResponses: 31
# numEntries: 30

Then I tested this:

ldapsearch -H ldaps://zigzag.ccbox.com [-x] -D "cn=directory manager" -W "cn=admin-serv-zigzag,cn=389 Administration Server,cn=Server Group,cn=zigzag.ccbox.com,ou=ccbox.com,o=NetscapeRoot"


The result was:

# search result
search: 2
result: 0 Success

# numResponses: 222
# numEntries: 221

Why do I get the populate error? Does the two tests above provide any indication? I also ran these tests from another linux system and received the same results. The error I am seeing at restarting the Admin server doesn't seem to make sense if I am searching correctly. I think it should have the records it needs to repopulate the server.

Also, I think I found an old admin server backup that was taken before any of these problems surfaced. Anyone have a link that would walk me through the restore process? Is this a good idea?

slapd-zigzag_2015-05-28:
total 10308
drwx------   4 root root     4096 Jun 11  2015 .
drwxr-x--- 347 root root    20480 Apr 20 00:13 ..
-rw-------   1 root root       49 Jun 11  2015 DBVERSION
-rw-------   1 root root    20577 Jun 11  2015 dse_index.ldif
-rw-------   1 root root      893 Jun 11  2015 dse_instance.ldif
-rw-------   1 root root 10485760 Jun 11  2015 log.0000000001
drwx------   2 root root     4096 Jun 11  2015 NetscapeRoot
drwx------   2 root root     4096 Jun 11  2015 userRoot


My assumption is the NetscapeRoot folder contains fix I need to take me back to before whatever change occurred to the admin server. Is this correct?

[root: NetscapeRoot]# ls -la
total 380
drwx------ 2 root root  4096 Jun 11  2015 .
drwx------ 4 root root  4096 Jun 11  2015 ..
-rw------- 1 root root 16384 Jun 11  2015 aci.db4
-rw------- 1 root root 32768 Jun 11  2015 ancestorid.db4
-rw------- 1 root root 49152 Jun 11  2015 cn.db4
-rw------- 1 root root    49 Jun 11  2015 DBVERSION
-rw------- 1 root root 49152 Jun 11  2015 entryrdn.db4
-rw------- 1 root root 16384 Jun 11  2015 givenName.db4
-rw------- 1 root root 98304 Jun 11  2015 id2entry.db4
-rw------- 1 root root 16384 Jun 11  2015 nsuniqueid.db4
-rw------- 1 root root 16384 Jun 11  2015 numsubordinates.db4
-rw------- 1 root root 16384 Jun 11  2015 objectclass.db4
-rw------- 1 root root 16384 Jun 11  2015 parentid.db4
-rw------- 1 root root 16384 Jun 11  2015 sn.db4
-rw------- 1 root root 16384 Jun 11  2015 uid.db4
-rw------- 1 root root 16384 Jun 11  2015 uniquemember.db4


Thanks,
Job Cacka


From: Job Cacka <cacka2it@yahoo.com>
To: "389-users@lists.fedoraproject.org" <389-users@lists.fedoraproject.org>
Sent: Tuesday, April 19, 2016 11:24 AM
Subject: Re: Admin-server connection


I scheduled a reboot of the system during downtime last night. At startup I again got these messages in the error log.

[Tue Apr 19 04:05:37 2016] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-zigzag,cn=389 Administration Server,cn=Server Group,cn=zigzag.ccbox.com,ou=ccbox.com,o=NetscapeRoot] for LDAPConnection [zigzag.ccbox.com:636]

We made some changes back in October 2015, but I don't remember what they were for. TLS maybe?
In:
/etc/dirsrv/admin-serv/
we changed:
cert8.db
console.conf
key3.db
local.conf

I am going to check now to see if the errors are related to those changes, if my log files go back far enough.

Any help is appreciated.

Thanks,
Job Cacka



From: Job Cacka <cacka2it@yahoo.com>
To: "389-users@lists.fedoraproject.org" <389-users@lists.fedoraproject.org>
Sent: Monday, April 18, 2016 4:34 PM
Subject: Admin-server connection

Recently, I was researching samba connections, and noticed that the Linux 'Domain Users' group was displaying as the Unix GID number instead of the name. I went to login to the admin-server express from 'https://zigzag.ccbox.com:9830/dist/download' and that page loads but when I click on the link I get.

"

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.

Apache/2.2 Server at zigzag.ccbox.com Port 9830
"

So I went over to the 389 Management Console on my Windows box and I enter cn=Directory Manager the password and https://zigzag.ccbox.com:9830 and I get a message saying the URL is not correct or the server is not running. For kicks and giggles I tried it with http instead of https and it gives an error that says,
"Cannot logon because of an incorrect User ID, Incorrect password, or Directory problem. java.io.InterruptedIOExceptio: HTTP response timeout"
Which indicates to me that the correct protocol should be https:

To further verify this I ran the following command at the Linux CLI on the server and a server that communicates with it.
ldapsearch -H ldaps://zigzag.ccbox.com [-x] -b o=netscaperoot -D "cn=directory manager" -W "objectclass=nsAdminConfig"
This returns 129 responses, but I don't know if they are valid or make sense. They look like they are unique to my system.

Here is a pastbin of some error logs I noticed after I restarted the admin server with stop-ds-admin and start-ds-admin.


 
Job Cacka




No comments:

Post a Comment