Wednesday, June 7, 2017

[389-users] Re: Need to re-register 389ds servers

On 06/07/2017 10:38 AM, wrote:
> Here is a look at the logs as it happens
> ~ # tail -f /var/log/dirsrv/admin-serv/error
> [Wed Jun 07 09:19:27 2017] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
> [Wed Jun 07 09:19:27 2017] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
> [Wed Jun 07 09:19:27 2017] [notice] Access Host filter is: (*|*
> [Wed Jun 07 09:19:27 2017] [notice] Access Address filter is: *
This is the Admin Server's error log, I need to see the Directory
Server's access log:

> The /etc/dirsrv/admin-serv/adm.conf shows that the ldapurl is still pointing at the old non-existent server.
> cat /etc/dirsrv/admin-serv/adm.conf
> AdminDomain:
> sysuser: ldapuser
> isie: cn=389 Administration Server,cn=Server Group,,,o=NetscapeRoot
> SuiteSpotGroup: ldapuser
> sysgroup: ldapuser
> userdn: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
> ldapurl: ldap://
> SuiteSpotUserID: ldapuser
> sie: cn=admin-serv-new-server-01,cn=389 Administration Server,cn=Server Group,,,o=NetscapeRoot does not modify this file. To be honest I really
confused as to what you have and don't have now.
> As a side not, the "" is not changing but the "sub-domain" is changing. ( vs.

This tool will "not" help you with domain name changes. In fact if your
hostname changed it's going to cause all kinds of problems with the console.
> I also thinking that there is no o=netscaperoot on this machine since it was originally registered to another (now non-existent) server.
But you "appear" to have an admin server, so you should have
o=netscaperoot as a backend.
> If I am not able to re-register is to a new server, can I at least get its own admin server running?
The wiki page describes what you need to do here. Every host needs an
admin server. Whether the DS is registered or not. Once this is done,
then you can register any instance with any other admin server/config
DS. I'm sorry I just don't understand what you have installed and
don't. I keep seeing conflicting information for you, which makes
helping you very difficult.

I think we should go back and see why the tool was failing before, and
that requires examining the Directory Server's access log. So, tail the
DS access log (the one that you are trying to register to), rerun the
tool, wait 30 seconds for log buffering to flush, and send me the access
log output from that time.

> I would like to have console access to these machines again.
> _______________________________________________
> 389-users mailing list --
> To unsubscribe send an email to
389-users mailing list --
To unsubscribe send an email to

No comments:

Post a Comment