Bug 1241650 - Admin server registration requires anonymous binds
Summary: Admin server registration requires anonymous binds
Keywords:
Status: CLOSED DUPLICATE of bug 1238786
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Admin
Version: 10.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: DS10.1
: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-07-09 17:14 UTC by Noriko Hosoi
Modified: 2016-08-27 00:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-27 00:37:13 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Noriko Hosoi 2015-07-09 17:14:59 UTC
Description of problem:
I'm running into a problem when trying to setup additional DS
instances with setup-ds-admin.pl so they can be managed via the console. The
master DS node with o=NetscapeRoot has anon. binds disabled.

When I attempt to install another node, I receive:

The server at URL
'ldaps://xxxxx:636/o=NetscapeRoot' is not
reachable.  Error: unknown error

I've already gone through the config for TLS and the replica
install/registration works fine if I set nsslapd-allow-anonymous-access
= on. Looking at the logs on the primary, setup-ds-admin.pl appears to
perform an anon. bind:

[22/Jun/2015:14:23:45 -0400] conn=8 fd=66 slot=66 SSL connection from
xx.xx.xx.xx to yy.yy.yy.yy
[22/Jun/2015:14:23:45 -0400] conn=8 op=0 BIND dn="" method=128 version=3
[22/Jun/2015:14:23:45 -0400] conn=8 op=0 RESULT err=48 tag=97 nentries=0
etime=0
[22/Jun/2015:14:23:45 -0400] conn=8 op=1 UNBIND
[22/Jun/2015:14:23:45 -0400] conn=8 op=1 fd=66 closed - U1

I've tried updating my install file to use the full admin DN
(uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot)
instead of just 'admin', but no luck.


Here is the silent install file for the replicant:

************************************
[General]
FullMachineName= xxxxxxxxxx
SuiteSpotUserID= ldap
SuiteSpotGroup= ldap
AdminDomain= XXXXXXXXXXX
ConfigDirectoryAdminID=
uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
ConfigDirectoryAdminPwd= secret
ConfigDirectoryLdapURL=
ldaps://xxxxxxxxxxxxxxxxxx:636/o=NetscapeRoot
UserDirectoryAdminID= cn=Directory Manager
UserDirectoryAdminPwd= secret
UserDirectoryLdapURL= ldap://xxxxxxxxxxxxxxxxx:389/o=Netscape
Root

[slapd]
SlapdConfigForMC= No
SecurityOn= No
UseExistingMC= Yes
UseExistingUG= No
ServerPort= 389
ServerIdentifier= xxxxxx
Suffix= dc=xxxx,dc=xxxxx,dc=xxx
RootDN= cn=Directory Manager
AddSampleEntries= No
InstallLdifFile= none
AddOrgEntries= No
DisableSchemaChecking= No
RootDNPwd= secret

[admin]
SysUser= ldap
Port= 9830
ServerAdminID=
uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
ServerAdminPwd= password

**************************


Version-Release number of selected component (if applicable):
389-admin-console-1.1.10-1
389-admin-console-doc-1.1.10-1
389-admin-1.1.42-1
389-ds-console-1.2.12-1
389-console-1.1.8-1
389-ds-base-libs-1.3.3.1-16
389-adminutil-1.1.22-1
389-ds-base-1.3.3.1-16
389-ds-console-doc-1.2.12-1


How reproducible:
Always

Steps to Reproduce:
1. disable anon. binds on the master
2. attempt to install a new replica using the existing admin domain


Actual results:
setup-ds-admin errors out

Comment 1 mreynolds 2016-06-30 13:50:12 UTC
Fixed upstream

Comment 2 Noriko Hosoi 2016-08-27 00:37:13 UTC

*** This bug has been marked as a duplicate of bug 1238786 ***


Note You need to log in before you can comment on or make changes to this bug.