I have come across an issue when I restart the dirsrv-admin process or the actual 389 server where I am unable to login to the 389-console with my user ID and get the following message:
Cannot logon because of an incorrect User ID, Incorrect Password or Directory problem HttpException: Response: HTTP/1.1 401 Authorization Required Status: 401 URL: http://server:9830/admin-serv/authenticate
If I then login using the built-in admin account, close the console and then try to login using my user ID it now works. I have built 389 servers at multiple sites and they all have the same issue.
Here are some extracts from /var/log/dirsrv/admin-serv/error (it has been altered slightly to remove ip’s and domain names.)
[Thu Sep 17 11:16:08 2015] [notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx [Thu Sep 17 11:16:08 2015] [error] [client xxx.xxx.xxx.xxx] user test1 not found: /admin-serv/authenticate
[Thu Sep 17 11:33:50 2015] [notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx [Thu Sep 17 11:33:50 2015] [notice] [client xxx.xxx.xxx.xxx] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler
[Thu Sep 17 11:34:41 2015] [notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx [Thu Sep 17 11:34:41 2015] [notice] [client xxx.xxx.xxx.xxx] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler
When starting the server the below lines appear in the log [Thu Sep 17 11:09:32 2015] [notice] caught SIGTERM, shutting down [Thu Sep 17 11:10:05 2015] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Thu Sep 17 11:10:06 2015] [notice] Access Host filter is: .domain.com [Thu Sep 17 11:10:06 2015] [notice] Access Address filter is: [Thu Sep 17 11:10:07 2015] [notice] Apache/2.2.15 (Unix) configured -- resuming normal operations [Thu Sep 17 11:10:07 2015] [notice] Access Host filter is: *.domain.com [Thu Sep 17 11:10:07 2015] [notice] Access Address filter is: *
389 packages installed 389-ds-console-doc-1.2.6-1.el6.noarch 389-console-1.1.7-1.el6.noarch 389-adminutil-1.1.19-1.el6.x86_64 389-admin-1.1.35-1.el6.x86_64 389-admin-console-1.1.8-1.el6.noarch 389-dsgw-1.1.11-1.el6.x86_64 389-ds-console-1.2.6-1.el6.noarch 389-ds-base-libs-1.2.11.15-48.el6_6.x86_64 389-ds-base-1.2.11.15-48.el6_6.x86_64 389-admin-console-doc-1.1.8-1.el6.noarch 389-ds-1.2.2-1.el6.noarch
This should have been fixed in 389-admin-1.1.36, investigating the current version of admin server...
I restarted the server between each bind and I can not reproduce this problem logging in with:
"cn=directory manager", "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot", or "admin".
Closing ticket as "works for me". If there is still a problem on 1.1.36 or later, please reopen this ticket, and provide a testcase.
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 389-admin,console 1.1.44
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1612
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.