Ticket was cloned from Red Hat Bugzilla (product Red Hat Directory Server): Bug 1238786
Description of problem: I'm running into a problem when trying to setup additional DS instances with setup-ds-admin.pl so they can be managed via the console. The master DS node with o=NetscapeRoot has anon. binds disabled. When I attempt to install another node, I receive: The server at URL 'ldaps://xxxxx:636/o=NetscapeRoot' is not reachable. Error: unknown error I've already gone through the config for TLS and the replica install/registration works fine if I set nsslapd-allow-anonymous-access = on. Looking at the logs on the primary, setup-ds-admin.pl appears to perform an anon. bind: [22/Jun/2015:14:23:45 -0400] conn=8 fd=66 slot=66 SSL connection from xx.xx.xx.xx to yy.yy.yy.yy [22/Jun/2015:14:23:45 -0400] conn=8 op=0 BIND dn="" method=128 version=3 [22/Jun/2015:14:23:45 -0400] conn=8 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [22/Jun/2015:14:23:45 -0400] conn=8 op=1 UNBIND [22/Jun/2015:14:23:45 -0400] conn=8 op=1 fd=66 closed - U1 I've tried updating my install file to use the full admin DN (uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot) instead of just 'admin', but no luck. Here is the silent install file for the replicant: ************************************ [General] FullMachineName= xxxxxxxxxx SuiteSpotUserID= ldap SuiteSpotGroup= ldap AdminDomain= XXXXXXXXXXX ConfigDirectoryAdminID= uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot ConfigDirectoryAdminPwd= secret ConfigDirectoryLdapURL= ldaps://xxxxxxxxxxxxxxxxxx:636/o=NetscapeRoot UserDirectoryAdminID= cn=Directory Manager UserDirectoryAdminPwd= secret UserDirectoryLdapURL= ldap://xxxxxxxxxxxxxxxxx:389/o=Netscape Root [slapd] SlapdConfigForMC= No SecurityOn= No UseExistingMC= Yes UseExistingUG= No ServerPort= 389 ServerIdentifier= xxxxxx Suffix= dc=xxxx,dc=xxxxx,dc=xxx RootDN= cn=Directory Manager AddSampleEntries= No InstallLdifFile= none AddOrgEntries= No DisableSchemaChecking= No RootDNPwd= secret [admin] SysUser= ldap Port= 9830 ServerAdminID= uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot ServerAdminPwd= password ************************** Version-Release number of selected component (if applicable): 389-admin-console-1.1.10-1 389-admin-console-doc-1.1.10-1 389-admin-1.1.42-1 389-ds-console-1.2.12-1 389-console-1.1.8-1 389-ds-base-libs-1.3.3.1-16 389-adminutil-1.1.22-1 389-ds-base-1.3.3.1-16 389-ds-console-doc-1.2.12-1 How reproducible: Always Steps to Reproduce: 1. disable anon. binds on the master 2. attempt to install a new replica using the existing admin domain Actual results: setup-ds-admin errors out
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1241650
attachment 0001-Ticket-48213-Admin-server-registration-requires-anon.patch
af9de30..cd9fd5d master -> master commit cd9fd5dc5efd417a093d3e2e22aedac1f7433efa Author: Mark Reynolds mreynolds@redhat.com Date: Wed Jun 29 14:44:55 2016 -0400
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 389-admin,console 1.1.44
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1544
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.