Bug 210180 (fds103adminserver)

Summary: Fix FDS103 Admin Server build issues
Product: [Retired] 389 Reporter: Rich Megginson <rmeggins>
Component: AdminAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0.2CC: amsharma, jgalipea
Target Milestone: ---Keywords: VerifiedUpstream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:58:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 208654    
Attachments:
Description Flags
files affected
none
diffs for fix
none
diffs for fix
none
cvs commit log none

Description Rich Megginson 2006-10-10 16:41:03 UTC 
Some of the 1.1 fixes are going to have to be "back ported" to 103.
Comment 1 Rich Megginson 2006-10-10 16:41:05 UTC 
Created attachment 138159 [details]
files affected
Comment 2 Rich Megginson 2006-10-10 16:41:56 UTC 
Created attachment 138160 [details]
diffs for fix
Comment 3 Rich Megginson 2006-10-10 16:42:10 UTC 
Created attachment 138161 [details]
diffs for fix
Comment 4 Noriko Hosoi 2006-10-10 16:58:56 UTC 
Looks good to me.  (I also think it's a good idea to port sha1_pw_enc to admpw.c.)
Comment 5 Nathan Kinder 2006-10-10 17:16:00 UTC 
Looks good.
Comment 6 Rich Megginson 2006-10-10 20:01:51 UTC 
Created attachment 138185 [details]
cvs commit log

Reviewed by: nkinder, nhosoi (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138159
Branch: HEAD
Fix Description: Some of these are related to moving to mozldap6.  The others
are related to code that was checked in for 1.1, to remove unused files.
Platforms tested: RHEL3
Flag Day: no
Comment 7 Jenny Severance 2011-06-06 18:53:18 UTC 
Please add steps to reproduce and verify thanks
Comment 8 Rich Megginson 2011-06-06 20:00:56 UTC 
use the admin server console to change the admin server user password - verify that the new password works
Comment 9 Amita Sharma 2011-06-17 14:23:38 UTC 
Yeah, I tested it well during https://bugzilla.redhat.com/show_bug.cgi?id=481195
:). Hence marking it as VERIFIED.

There are two things I got from 
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings

1. Admin Server Administrator is different from configuration Administrator.
2. If we change the password from console, It will be Admin Server Administrator,

Query -
1.  I changed the password of Admin Server Administrator, I did it by following the guide but then I am not sure how to test the new password because my old password for Directory Manager is working fine while I am using it with ldapsearch and also to login to the ds - console.


2. And is it fine that it shows the password in logs in clear text?
Check for Secret123 and Secret1234 in below logs:

10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302
10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar HTTP/1.0" 200 180987
10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar HTTP/1.0" 200 35013
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 -
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 -
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
"/var/log/dirsrv/admin-serv/access" 172L, 21990C                                                                                           4,1 


Please guide.
Comment 10 Rich Megginson 2011-06-17 14:51:59 UTC 
(In reply to comment #9)
> Yeah, I tested it well during
> https://bugzilla.redhat.com/show_bug.cgi?id=481195
> :). Hence marking it as VERIFIED.
> 
> There are two things I got from 
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings
> 
> 1. Admin Server Administrator is different from configuration Administrator.
> 2. If we change the password from console, It will be Admin Server
> Administrator,
> 
> Query -
> 1.  I changed the password of Admin Server Administrator, I did it by following
> the guide but then I am not sure how to test the new password because my old
> password for Directory Manager is working fine while I am using it with
> ldapsearch and also to login to the ds - console.

Try to login to the admin server web interface (open a browser and go to http://hostname:9830 - go to Admin Express) using the admin user name ("admin") and the new password.

> 
> 
> 2. And is it fine that it shows the password in logs in clear text?

Yes.  It is expected that users will be aware of this and configure the servers to use TLS/SSL.  This is the same too with LDAP clients that support password changing.

> Check for Secret123 and Secret1234 in below logs:
> 
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET
> /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar
> HTTP/1.0" 200 180987
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar
> HTTP/1.0" 200 35013
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET
> /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 -
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET
> /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 -
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET
> /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST
> /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST
> /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST
> /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> "/var/log/dirsrv/admin-serv/access" 172L, 21990C                               
>                                                            4,1 
> 
> 
> Please guide.
Comment 11 Amita Sharma 2011-06-21 12:33:11 UTC 
Ok, I am doing this:

 1.  I changed the password of Admin Server Administrator from Admin Java Console following the guide (http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings)

2. Try to login to the admin server web interface (open a browser and go to
http://hostname:9830 - go to Admin Express) using the admin user name ("admin")
and the new password.

I am getting :
================
Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.2 Server at 10.65.201.218 Port 9830

There are following issues I have faced :
========================================
1. I have to clear the Browser cache after each unsuccessful/Successful login attempt to make sure that the Web UI of 389 should prompt me for the credentials.

2. It is not taking any password now even after restarting the Admin Server.
Comment 12 Rich Megginson 2011-06-21 14:14:48 UTC 
(In reply to comment #11)
> There are following issues I have faced :
> ========================================
> 1. I have to clear the Browser cache after each unsuccessful/Successful login
> attempt to make sure that the Web UI of 389 should prompt me for the
> credentials.

Yes, this is a browser issue/feature.
 
> 2. It is not taking any password now even after restarting the Admin Server.

Try stopping the directory server.  The admin password is only used in case the directory server cannot be reached, otherwise it uses the admin password in LDAP.
Comment 14 Rich Megginson 2011-06-22 14:56:55 UTC 
Ok - the originally reported bug is fixed - mark as verified upstream

Please open a new bug - change password of Admin Server Administrator from Admin Java Console does not work
Comment 15 Amita Sharma 2011-06-23 06:51:07 UTC 
Ok, I have opened new bug - https://bugzilla.redhat.com/show_bug.cgi?id=715507
and marking this as VERIFIED.