Some of the 1.1 fixes are going to have to be "back ported" to 103.
Created attachment 138159 [details] files affected
Created attachment 138160 [details] diffs for fix
Created attachment 138161 [details] diffs for fix
Looks good to me. (I also think it's a good idea to port sha1_pw_enc to admpw.c.)
Looks good.
Created attachment 138185 [details] cvs commit log Reviewed by: nkinder, nhosoi (Thanks!) Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138159 Branch: HEAD Fix Description: Some of these are related to moving to mozldap6. The others are related to code that was checked in for 1.1, to remove unused files. Platforms tested: RHEL3 Flag Day: no
Please add steps to reproduce and verify thanks
use the admin server console to change the admin server user password - verify that the new password works
Yeah, I tested it well during https://bugzilla.redhat.com/show_bug.cgi?id=481195 :). Hence marking it as VERIFIED. There are two things I got from http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings 1. Admin Server Administrator is different from configuration Administrator. 2. If we change the password from console, It will be Admin Server Administrator, Query - 1. I changed the password of Admin Server Administrator, I did it by following the guide but then I am not sure how to test the new password because my old password for Directory Manager is working fine while I am using it with ldapsearch and also to login to the ds - console. 2. And is it fine that it shows the password in logs in clear text? Check for Secret123 and Secret1234 in below logs: 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar HTTP/1.0" 200 180987 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar HTTP/1.0" 200 35013 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 - 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 - 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 "/var/log/dirsrv/admin-serv/access" 172L, 21990C 4,1 Please guide.
(In reply to comment #9) > Yeah, I tested it well during > https://bugzilla.redhat.com/show_bug.cgi?id=481195 > :). Hence marking it as VERIFIED. > > There are two things I got from > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings > > 1. Admin Server Administrator is different from configuration Administrator. > 2. If we change the password from console, It will be Admin Server > Administrator, > > Query - > 1. I changed the password of Admin Server Administrator, I did it by following > the guide but then I am not sure how to test the new password because my old > password for Directory Manager is working fine while I am using it with > ldapsearch and also to login to the ds - console. Try to login to the admin server web interface (open a browser and go to http://hostname:9830 - go to Admin Express) using the admin user name ("admin") and the new password. > > > 2. And is it fine that it shows the password in logs in clear text? Yes. It is expected that users will be aware of this and configure the servers to use TLS/SSL. This is the same too with LDAP clients that support password changing. > Check for Secret123 and Secret1234 in below logs: > > 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET > /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302 > 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar > HTTP/1.0" 200 180987 > 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar > HTTP/1.0" 200 35013 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST > /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST > /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST > /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET > /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 - > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST > /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST > /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST > /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET > /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 - > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST > /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST > /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET > /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST > /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST > /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST > /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > "/var/log/dirsrv/admin-serv/access" 172L, 21990C > 4,1 > > > Please guide.
Ok, I am doing this: 1. I changed the password of Admin Server Administrator from Admin Java Console following the guide (http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings) 2. Try to login to the admin server web interface (open a browser and go to http://hostname:9830 - go to Admin Express) using the admin user name ("admin") and the new password. I am getting : ================ Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Apache/2.2 Server at 10.65.201.218 Port 9830 There are following issues I have faced : ======================================== 1. I have to clear the Browser cache after each unsuccessful/Successful login attempt to make sure that the Web UI of 389 should prompt me for the credentials. 2. It is not taking any password now even after restarting the Admin Server.
(In reply to comment #11) > There are following issues I have faced : > ======================================== > 1. I have to clear the Browser cache after each unsuccessful/Successful login > attempt to make sure that the Web UI of 389 should prompt me for the > credentials. Yes, this is a browser issue/feature. > 2. It is not taking any password now even after restarting the Admin Server. Try stopping the directory server. The admin password is only used in case the directory server cannot be reached, otherwise it uses the admin password in LDAP.
Ok - the originally reported bug is fixed - mark as verified upstream Please open a new bug - change password of Admin Server Administrator from Admin Java Console does not work
Ok, I have opened new bug - https://bugzilla.redhat.com/show_bug.cgi?id=715507 and marking this as VERIFIED.