210180 – (fds103adminserver) Fix FDS103 Admin Server build issues

Bug 210180 (fds103adminserver) - Fix FDS103 Admin Server build issues

Summary: Fix FDS103 Admin Server build issues

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	fds103adminserver
Product:	389
Classification:	Retired
Component:	Admin
Sub Component:
Version:	1.0.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	fds103trackingbug
TreeView+	depends on / blocked

Reported:	2006-10-10 16:41 UTC by Rich Megginson
Modified:	2015-12-07 16:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-07 16:58:58 UTC
Embargoed:

Attachments	(Terms of Use)
files affected (209 bytes, text/plain) 2006-10-10 16:41 UTC, Rich Megginson	no flags	Details
diffs for fix (6.70 KB, application/octet-stream) 2006-10-10 16:41 UTC, Rich Megginson	no flags	Details
diffs for fix (6.70 KB, patch) 2006-10-10 16:42 UTC, Rich Megginson	no flags	Details \| Diff
cvs commit log (1.54 KB, text/plain) 2006-10-10 20:01 UTC, Rich Megginson	no flags	Details
Show Obsolete (1) View All

Description Rich Megginson 2006-10-10 16:41:03 UTC

Some of the 1.1 fixes are going to have to be "back ported" to 103.

Comment 1 Rich Megginson 2006-10-10 16:41:05 UTC

Created attachment 138159 [details]
files affected

Comment 2 Rich Megginson 2006-10-10 16:41:56 UTC

Created attachment 138160 [details]
diffs for fix

Comment 3 Rich Megginson 2006-10-10 16:42:10 UTC

Created attachment 138161 [details]
diffs for fix

Comment 4 Noriko Hosoi 2006-10-10 16:58:56 UTC

Looks good to me.  (I also think it's a good idea to port sha1_pw_enc to admpw.c.)

Comment 5 Nathan Kinder 2006-10-10 17:16:00 UTC

Looks good.

Comment 6 Rich Megginson 2006-10-10 20:01:51 UTC

Created attachment 138185 [details]
cvs commit log

Reviewed by: nkinder, nhosoi (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138159
Branch: HEAD
Fix Description: Some of these are related to moving to mozldap6.  The others
are related to code that was checked in for 1.1, to remove unused files.
Platforms tested: RHEL3
Flag Day: no

Comment 7 Jenny Severance 2011-06-06 18:53:18 UTC

Please add steps to reproduce and verify thanks

Comment 8 Rich Megginson 2011-06-06 20:00:56 UTC

use the admin server console to change the admin server user password - verify that the new password works

Comment 9 Amita Sharma 2011-06-17 14:23:38 UTC

Yeah, I tested it well during https://bugzilla.redhat.com/show_bug.cgi?id=481195
:). Hence marking it as VERIFIED.

There are two things I got from 
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings

1. Admin Server Administrator is different from configuration Administrator.
2. If we change the password from console, It will be Admin Server Administrator,

Query -
1.  I changed the password of Admin Server Administrator, I did it by following the guide but then I am not sure how to test the new password because my old password for Directory Manager is working fine while I am using it with ldapsearch and also to login to the ds - console.


2. And is it fine that it shows the password in logs in clear text?
Check for Secret123 and Secret1234 in below logs:

10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302
10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar HTTP/1.0" 200 180987
10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar HTTP/1.0" 200 35013
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 -
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 -
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
"/var/log/dirsrv/admin-serv/access" 172L, 21990C                                                                                           4,1 


Please guide.

Comment 10 Rich Megginson 2011-06-17 14:51:59 UTC

(In reply to comment #9)
> Yeah, I tested it well during
> https://bugzilla.redhat.com/show_bug.cgi?id=481195
> :). Hence marking it as VERIFIED.
> 
> There are two things I got from 
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings
> 
> 1. Admin Server Administrator is different from configuration Administrator.
> 2. If we change the password from console, It will be Admin Server
> Administrator,
> 
> Query -
> 1.  I changed the password of Admin Server Administrator, I did it by following
> the guide but then I am not sure how to test the new password because my old
> password for Directory Manager is working fine while I am using it with
> ldapsearch and also to login to the ds - console.

Try to login to the admin server web interface (open a browser and go to http://hostname:9830 - go to Admin Express) using the admin user name ("admin") and the new password.

> 
> 
> 2. And is it fine that it shows the password in logs in clear text?

Yes.  It is expected that users will be aware of this and configure the servers to use TLS/SSL.  This is the same too with LDAP clients that support password changing.

> Check for Secret123 and Secret1234 in below logs:
> 
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET
> /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar
> HTTP/1.0" 200 180987
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar
> HTTP/1.0" 200 35013
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET
> /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 -
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET
> /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 -
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET
> /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST
> /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST
> /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST
> /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> "/var/log/dirsrv/admin-serv/access" 172L, 21990C                               
>                                                            4,1 
> 
> 
> Please guide.

Comment 11 Amita Sharma 2011-06-21 12:33:11 UTC

Ok, I am doing this:

 1.  I changed the password of Admin Server Administrator from Admin Java Console following the guide (http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings)

2. Try to login to the admin server web interface (open a browser and go to
http://hostname:9830 - go to Admin Express) using the admin user name ("admin")
and the new password.

I am getting :
================
Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.2 Server at 10.65.201.218 Port 9830

There are following issues I have faced :
========================================
1. I have to clear the Browser cache after each unsuccessful/Successful login attempt to make sure that the Web UI of 389 should prompt me for the credentials.

2. It is not taking any password now even after restarting the Admin Server.

Comment 12 Rich Megginson 2011-06-21 14:14:48 UTC

(In reply to comment #11)
> There are following issues I have faced :
> ========================================
> 1. I have to clear the Browser cache after each unsuccessful/Successful login
> attempt to make sure that the Web UI of 389 should prompt me for the
> credentials.

Yes, this is a browser issue/feature.
 
> 2. It is not taking any password now even after restarting the Admin Server.

Try stopping the directory server.  The admin password is only used in case the directory server cannot be reached, otherwise it uses the admin password in LDAP.

Comment 14 Rich Megginson 2011-06-22 14:56:55 UTC

Ok - the originally reported bug is fixed - mark as verified upstream

Please open a new bug - change password of Admin Server Administrator from Admin Java Console does not work

Comment 15 Amita Sharma 2011-06-23 06:51:07 UTC

Ok, I have opened new bug - https://bugzilla.redhat.com/show_bug.cgi?id=715507
and marking this as VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.