[389-users] Re: Unable to login to admin console after upgrade

Mark Reynolds Thu, 18 Jul 2019 09:05:49 -0700


On 7/18/19 11:35 AM, Leonard wrote:

After upgrading to the following versions, I cannot login to the console. I am presented 
with the error "error result (49): invalid credentials".


389-admin-1.1.38-1.3.amzn1.x86_64
389-ds-base-libs-1.3.8.4-18.60.amzn1.x86_64
389-adminutil-1.1.21-1.1.amzn1.x86_64
389-ds-base-1.3.8.4-18.60.amzn1.x86_64

I don't remember exactly what the versions were prior.

In the slapd access log, I see the following error associated with the login attempt 
"conn=160830 op=0 RESULT err=49 tag=97 nentries=0 etime=0.0026096322 - No suffix for 
bind dn found"

Can you provide the complete access log clip showing the BIND and theRESULT lines?

What this errors means is that the bind DN provided does not exist. Sowe need to see the full log output to see what BIND DN was actually used.


I am using the username "admin" when logging in. I am however able to bind successfully 
as "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" when using 
ldapsearch, etc on the same host as running the console.

SSLv2/3 are disabled and only TLS 1.2 is enabled on the server.

adm.conf has:

sslVersionMax: TLS1.2
sslVersionMin: TLS1.2

ssl bits from console.conf:

NSSNickname Admin-Console
NSSCipherSuite 
+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol TLSv1.2
NSSVerifyClient none
NSSPassPhraseDialog file:/etc/dirsrv/admin-serv/pin.txt

certutil:
Certificate Nickname                                         Trust Attributes
                                                              SSL,S/MIME,JAR/XPI

Server-Cert                                                  u,u,u
CA Certificate                                               CTu,u,u
Admin-Console                                                u,u,u



So far I've tried running setup-ds-admin.pl -u, deleting my .389 directory, and changing 
the password of "uid=admin, ou=Administrators, ou=TopologyManagement, 
o=NetscapeRoot"
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org


--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: Unable to login to admin console after upgrade

Reply via email to