Hide Forgot
Description of problem: After change the non-ssl communication port on the other port is not allowed to log in to console. Version-Release number of selected component (if applicable): 389-ds-console-1.2.13-1.el7dsrv.noarch redhat-idm-console-10.1.0-1.el7dsrv.x86_64 389-admin-console-1.1.12-1.el7dsrv.noarch 389-ds-base-1.3.5.10-11.el7.x86_64 How reproducible: Steps to Reproduce: 1. Change the non-ssl communication default port (389) to 2200 2. Change the LDAP port in admin server configuration DS to 2200 3. # semanage port -a -t ldap_port_t -p tcp 2200 4. restart the admin server 5. restart the Directory Server error log update <snip> [27/Sep/2016:12:33:52.610130248 +051800] The change of nsslapd-port will not take effect until the server is restarted [27/Sep/2016:12:36:48.012558531 +051800] slapd shutting down - signaling operation threads - op stack size 3 max work q size 2 max work q stack size 2 [27/Sep/2016:12:36:48.050393323 +051800] slapd shutting down - closing down internal subsystems and plugins [27/Sep/2016:12:36:48.134764330 +051800] Waiting for 4 database threads to stop [27/Sep/2016:12:36:48.983980928 +051800] All database threads now stopped [27/Sep/2016:12:36:49.028817015 +051800] slapd shutting down - freed 2 work q stack objects - freed 3 op stack objects [27/Sep/2016:12:36:49.056164450 +051800] slapd stopped. [27/Sep/2016:12:36:49.710354680 +051800] 389-Directory/1.3.5.10 B2016.257.1817 starting up [27/Sep/2016:12:36:49.947030726 +051800] slapd started. Listening on All Interfaces port 2200 for LDAP requests 6. restart the console it give an error "Initialization Failure" 7. [root@test ~]# ldapsearch -D "cn=Directory Manager" -h test.example.com -p 2200 -w test1234 -s base -b "cn=config" nsslapd-port -LLL dn: cn=config nsslapd-port: 2200 Expected results: Able to login. Additional info:
Created attachment 1205224 [details] Screen-shot
Created attachment 1205225 [details] error log
while reproducing this bug got some new finding. I am able able to login to the to the Console. But not able to log in the Directory Server. In Console status of Directory Server shows "stop" but #status-dirsrv show the server is running. [root@test ~]# ldapsearch -D "cn=Directory Manager" -h test.example.com -w test1234 -s base -b "cn=config" nsslapd-port -LLL dn: cn=config nsslapd-port: 5500 [root@test ~]# status-dirsrv ● dirsrv.target - 389 Directory Server Loaded: loaded (/usr/lib/systemd/system/dirsrv.target; enabled; vendor preset: disabled) Active: active since Tue 2016-09-27 10:10:16 IST; 9h ago Sep 27 10:10:16 test systemd[1]: Reached target 389 Directory Server. Sep 27 10:10:16 test systemd[1]: Starting 389 Directory Server. Status of instance "test" ● dirsrv - 389 Directory Server test. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2016-09-27 19:18:42 IST; 6min ago Process: 26882 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS) Main PID: 26888 (ns-slapd) Status: "slapd started: Ready to process requests" CGroup: /system.slice/system-dirsrv.slice/dirsrv └─26888 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-test -i /var/run/dirsrv/slapd-test.pid <snip> In error log nothing is update related with this issue please find error log and screenshot in attachment in comment 1 and comment 2
(In reply to Kamlesh from comment #3) > while reproducing this bug got some new finding. > > I am able able to login to the to the Console. What does this mean? Your original bug report in #c0 is no longer valid? Could you provide the following results? # ldapsearch -LLLx -h localhost -p 2200 (or 5500?) -D 'cn=directory manager' -w Secret123 -b "o=netscaperoot" | egrep "389|2200|5500" # egrep "389|2200|5500" /etc/dirsrv/admin-serv/* | egrep -v "Administration|-admin" I think this is not a regression in RHDS10.1.
(In reply to Noriko Hosoi from comment #4) > (In reply to Kamlesh from comment #3) > What does this mean? Your original bug report in #c0 is no longer valid? > > I ran this setup on clean environment. This time it gave same error as in comment 0 i.e. "initialization failure " so this issue is still valid. Before changing the port [root@vm-idm-015 ~]# netstat -ntlp | grep ns-slapd tcp6 0 0 :::389 :::* LISTEN 3577/ns-slapd change the port from the console as mention in https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_LDAP_Parameters-Changing_DS_Port_Numbers.html [root@vm-idm-015 ~]# semanage port -a -t ldap_port_t -p tcp 5500 [root@vm-idm-015 ~]# restart-dirsrv Restarting instance "test" [root@vm-idm-015 ~]# restart-ds-admin [root@vm-idm-015 ~]# ldapsearch -LLLx -h localhost -p 5500 -D 'cn=directory manager' -w test1234 -b "o=netscaperoot" | egrep "389|5500" nsDirectoryURL: ldap://vm-idm-015.lab.eng.pnq.redhat.com:389/dc=lab,dc=eng,dc= nsServerPort: 5500 [root@vm-idm-015 ~]# egrep "389|5500" /etc/dirsrv/admin-serv/* | egrep -v "Administration|-admin" grep: /etc/dirsrv/admin-serv/bakup: Is a directory /etc/dirsrv/admin-serv/adm.conf:ldapurl: ldap://vm-idm-015.lab.eng.pnq.redhat.com:389/o=NetscapeRoot /etc/dirsrv/admin-serv/admserv.conf:ADMServerVersionString "389-Administrator/1.1.44" [root@vm-idm-015 ~]# netstat -ntlp | grep ns-slapd tcp6 0 0 :::5500 :::* LISTEN 4198/ns-slapd [root@vm-idm-015 ~]# # /usr/bin/redhat-idm-console -D 9 <snip> http://vm-idm-015.lab.eng.pnq.redhat.com:9830/[1:0] recv> 327 bytes read Console.replyHandler: adminVersion = 1.1.44 Console:authenticate_user():Cannot connect to the Directory Server "ldap://vm-idm-015.lab.eng.pnq.redhat.com:389", LDAP error: failed to connect to server ldap://vm-idm-015.lab.eng.pnq.redhat.com:389. http://vm-idm-015.lab.eng.pnq.redhat.com:9830/[1:0] close> Closed
Try on new Machine Work Properly