Bug 210180 - (fds103adminserver) Fix FDS103 Admin Server build issues
Fix FDS103 Admin Server build issues
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Admin (Show other bugs)
1.0.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
: VerifiedUpstream
Depends On:
Blocks: fds103trackingbug
  Show dependency treegraph
 
Reported: 2006-10-10 12:41 EDT by Rich Megginson
Modified: 2015-12-07 11:58 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:58:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
files affected (209 bytes, text/plain)
2006-10-10 12:41 EDT, Rich Megginson
no flags Details
diffs for fix (6.70 KB, application/octet-stream)
2006-10-10 12:41 EDT, Rich Megginson
no flags Details
diffs for fix (6.70 KB, patch)
2006-10-10 12:42 EDT, Rich Megginson
no flags Details | Diff
cvs commit log (1.54 KB, text/plain)
2006-10-10 16:01 EDT, Rich Megginson
no flags Details

  None (edit)
Description Rich Megginson 2006-10-10 12:41:03 EDT
Some of the 1.1 fixes are going to have to be "back ported" to 103.
Comment 1 Rich Megginson 2006-10-10 12:41:05 EDT
Created attachment 138159 [details]
files affected
Comment 2 Rich Megginson 2006-10-10 12:41:56 EDT
Created attachment 138160 [details]
diffs for fix
Comment 3 Rich Megginson 2006-10-10 12:42:10 EDT
Created attachment 138161 [details]
diffs for fix
Comment 4 Noriko Hosoi 2006-10-10 12:58:56 EDT
Looks good to me.  (I also think it's a good idea to port sha1_pw_enc to admpw.c.)
Comment 5 Nathan Kinder 2006-10-10 13:16:00 EDT
Looks good.
Comment 6 Rich Megginson 2006-10-10 16:01:51 EDT
Created attachment 138185 [details]
cvs commit log

Reviewed by: nkinder, nhosoi (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138159
Branch: HEAD
Fix Description: Some of these are related to moving to mozldap6.  The others
are related to code that was checked in for 1.1, to remove unused files.
Platforms tested: RHEL3
Flag Day: no
Comment 7 Jenny Galipeau 2011-06-06 14:53:18 EDT
Please add steps to reproduce and verify thanks
Comment 8 Rich Megginson 2011-06-06 16:00:56 EDT
use the admin server console to change the admin server user password - verify that the new password works
Comment 9 Amita Sharma 2011-06-17 10:23:38 EDT
Yeah, I tested it well during https://bugzilla.redhat.com/show_bug.cgi?id=481195
:). Hence marking it as VERIFIED.

There are two things I got from 
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings

1. Admin Server Administrator is different from configuration Administrator.
2. If we change the password from console, It will be Admin Server Administrator,

Query -
1.  I changed the password of Admin Server Administrator, I did it by following the guide but then I am not sure how to test the new password because my old password for Directory Manager is working fine while I am using it with ldapsearch and also to login to the ds - console.


2. And is it fine that it shows the password in logs in clear text?
Check for Secret123 and Secret1234 in below logs:

10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302
10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar HTTP/1.0" 200 180987
10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar HTTP/1.0" 200 35013
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 -
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 -
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
"/var/log/dirsrv/admin-serv/access" 172L, 21990C                                                                                           4,1 


Please guide.
Comment 10 Rich Megginson 2011-06-17 10:51:59 EDT
(In reply to comment #9)
> Yeah, I tested it well during
> https://bugzilla.redhat.com/show_bug.cgi?id=481195
> :). Hence marking it as VERIFIED.
> 
> There are two things I got from 
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings
> 
> 1. Admin Server Administrator is different from configuration Administrator.
> 2. If we change the password from console, It will be Admin Server
> Administrator,
> 
> Query -
> 1.  I changed the password of Admin Server Administrator, I did it by following
> the guide but then I am not sure how to test the new password because my old
> password for Directory Manager is working fine while I am using it with
> ldapsearch and also to login to the ds - console.

Try to login to the admin server web interface (open a browser and go to http://hostname:9830 - go to Admin Express) using the admin user name ("admin") and the new password.

> 
> 
> 2. And is it fine that it shows the password in logs in clear text?

Yes.  It is expected that users will be aware of this and configure the servers to use TLS/SSL.  This is the same too with LDAP clients that support password changing.

> Check for Secret123 and Secret1234 in below logs:
> 
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET
> /java/jars/389-admin-1.1.jar HTTP/1.0" 404 302
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1.jar
> HTTP/1.0" 200 180987
> 10.65.201.213 - - [17/Jun/2011:19:14:03 +0530] "GET /java/389-admin-1.1_en.jar
> HTTP/1.0" 200 35013
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:20 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:22 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:28 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET
> /admin-serv/commands/change-sie-password?Secret123 HTTP/1.0" 200 -
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:52 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:14:53 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 14
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:05 +0530] "GET
> /admin-serv/commands/change-sie-password?Secret1234 HTTP/1.0" 200 -
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:15:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:43 +0530] "POST
> /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 251
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:47 +0530] "POST
> /admin-serv/tasks/Configuration/AccessSetup HTTP/1.0" 200 17
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "GET
> /admin-serv/tasks/configuration/SSLActivate HTTP/1.0" 200 85
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:55 +0530] "POST
> /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 171
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:56 +0530] "POST
> /admin-serv/tasks/Configuration/DirectorySetup HTTP/1.0" 200 119
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:16:58 +0530] "POST
> /admin-serv/tasks/Configuration/UGDirectorySetup HTTP/1.0" 200 326
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:04 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:19 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:34 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> 10.65.201.213 - cn=Directory Manager [17/Jun/2011:19:17:49 +0530] "GET
> /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
> "/var/log/dirsrv/admin-serv/access" 172L, 21990C                               
>                                                            4,1 
> 
> 
> Please guide.
Comment 11 Amita Sharma 2011-06-21 08:33:11 EDT
Ok, I am doing this:

 1.  I changed the password of Admin Server Administrator from Admin Java Console following the guide (http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html#Administration_Server_Configuration-Access_Settings)

2. Try to login to the admin server web interface (open a browser and go to
http://hostname:9830 - go to Admin Express) using the admin user name ("admin")
and the new password.

I am getting :
================
Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.2 Server at 10.65.201.218 Port 9830

There are following issues I have faced :
========================================
1. I have to clear the Browser cache after each unsuccessful/Successful login attempt to make sure that the Web UI of 389 should prompt me for the credentials.

2. It is not taking any password now even after restarting the Admin Server.
Comment 12 Rich Megginson 2011-06-21 10:14:48 EDT
(In reply to comment #11)
> There are following issues I have faced :
> ========================================
> 1. I have to clear the Browser cache after each unsuccessful/Successful login
> attempt to make sure that the Web UI of 389 should prompt me for the
> credentials.

Yes, this is a browser issue/feature.
 
> 2. It is not taking any password now even after restarting the Admin Server.

Try stopping the directory server.  The admin password is only used in case the directory server cannot be reached, otherwise it uses the admin password in LDAP.
Comment 14 Rich Megginson 2011-06-22 10:56:55 EDT
Ok - the originally reported bug is fixed - mark as verified upstream

Please open a new bug - change password of Admin Server Administrator from Admin Java Console does not work
Comment 15 Amita Sharma 2011-06-23 02:51:07 EDT
Ok, I have opened new bug - https://bugzilla.redhat.com/show_bug.cgi?id=715507
and marking this as VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.