Bug 474033 - admin server won't start on F10
admin server won't start on F10
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Admin (Show other bugs)
1.1.2
All Linux
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-01 14:59 EST by Lutz Lange
Modified: 2015-01-04 18:35 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-09 10:39:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lutz Lange 2008-12-01 14:59:49 EST
Description of problem:
I did a fresh f10 install, and updated to the last version.
Installed fedora-ds and called setup-ds-admin.pl ...

First problem : 
running unter the user ldap i had to change access to :
/var/run/dirsrv/ ldap user was not able to write here.

# service dirsrv restart 
and the directory server runs.

But the admin server will not start.
investigating this i get errors in /var/log/dirsrv/admin-serv/errors :
[Mon Dec 01 17:15:55 2008] [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = System (
OS/LDAP) related error)

Any hints? I could not find more information on this...
Comment 1 Jóhann B. Guðmundsson 2008-12-01 16:36:01 EST
Take a look at 

http://www.redhat.com/archives/fedora-directory-users/2007-June/msg00081.html

And see if that solves your problem.

If so comment back here so this can be closed as a notabug.
Comment 2 Rich Megginson 2008-12-01 16:44:56 EST
(In reply to comment #0)
> Description of problem:
> I did a fresh f10 install,

You created the ldap user and group first?

> and updated to the last version.
> Installed fedora-ds and called setup-ds-admin.pl ...

What user did you use?  The default nobody, or did you specify user ldap and group ldap?

> 
> First problem : 
> running unter the user ldap i had to change access to :
> /var/run/dirsrv/ ldap user was not able to write here.

Yes, that's another bug.

> 
> # service dirsrv restart 
> and the directory server runs.
> 
> But the admin server will not start.
> investigating this i get errors in /var/log/dirsrv/admin-serv/errors :
> [Mon Dec 01 17:15:55 2008] [crit] host_ip_init(): PSET failure: Failed to
> create PSET handle (pset error = System (
> OS/LDAP) related error)

grep User /etc/dirsrv/admin-serv/console.conf
ls -al /etc/dirsrv/admin-serv

> 
> Any hints? I could not find more information on this...
Comment 3 Lutz Lange 2008-12-02 00:37:44 EST
[root@station8 ~]# id ldap
uid=55(ldap) gid=55(ldap) groups=55(ldap)

[root@station8 ~]# grep User /etc/dirsrv/admin-serv/console.conf
# User/Group: The name (or #number) of the user/group to run httpd as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
User nobody
[root@station8 ~]# ls -al /etc/dirsrv/admin-serv
total 68
drwx------ 2 ldap root  4096 2008-12-01 16:00 .
drwxrwxr-x 7 root ldap  4096 2008-12-01 15:57 ..
-rw------- 1 ldap root   530 2008-12-01 16:00 adm.conf
-rw------- 1 ldap root    40 2008-12-01 16:00 admpw
-rw-r--r-- 1 root root  3972 2008-09-15 19:53 admserv.conf
-rw-r--r-- 1 root root  4033 2008-09-15 19:53 console.conf
-rw-r--r-- 1 root root 26948 2008-09-15 19:53 httpd.conf
-rw------- 1 ldap root  5923 2008-12-01 16:00 local.conf
-rw-r--r-- 1 root root  4548 2008-09-15 19:53 nss.conf

Should the admin server run as ldap as well?

Changing User and Group to LDAP fixes the problem, the admin server starts correctly.

I'm quite sure i set the user correctly to ldap with setup-ds-admin.pl.
Is the admin-serv/console.conf created by setup-ds-admin.pl ? Since it is in the rpm db i guess not. Could setup-ds-admin.pl have skipped changing the admin server user and group?

How could i check that?
Comment 4 Lutz Lange 2008-12-02 02:50:43 EST
Also the admin server is listening on the wrong port i specified 8008 in setup-ds-admin.pl ... this did not change the setting in admin-serv/console.conf.

Changing it manually fixed the problem.
Comment 5 Rich Megginson 2008-12-02 10:19:23 EST
(In reply to comment #3)
> [root@station8 ~]# id ldap
> uid=55(ldap) gid=55(ldap) groups=55(ldap)
> 
> [root@station8 ~]# grep User /etc/dirsrv/admin-serv/console.conf
> # User/Group: The name (or #number) of the user/group to run httpd as.
> #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
> User nobody
> [root@station8 ~]# ls -al /etc/dirsrv/admin-serv
> total 68
> drwx------ 2 ldap root  4096 2008-12-01 16:00 .
> drwxrwxr-x 7 root ldap  4096 2008-12-01 15:57 ..
> -rw------- 1 ldap root   530 2008-12-01 16:00 adm.conf
> -rw------- 1 ldap root    40 2008-12-01 16:00 admpw
> -rw-r--r-- 1 root root  3972 2008-09-15 19:53 admserv.conf
> -rw-r--r-- 1 root root  4033 2008-09-15 19:53 console.conf
> -rw-r--r-- 1 root root 26948 2008-09-15 19:53 httpd.conf
> -rw------- 1 ldap root  5923 2008-12-01 16:00 local.conf
> -rw-r--r-- 1 root root  4548 2008-09-15 19:53 nss.conf
> 
> Should the admin server run as ldap as well?

Yes, for simplicity.  The admin server must not run as root, and must have write access to all of the directory server files and directories as well as the admin-serv files and directories.  The complicated way to do it would be to create a dirsrv group, have a different user id for admin server and directory server, and have both of those users in the same group, and give the dirsrv group write permission to all of the directory server files and directories.

> 
> Changing User and Group to LDAP fixes the problem, the admin server starts
> correctly.
> 
> I'm quite sure i set the user correctly to ldap with setup-ds-admin.pl.

That appears to be another bug then.

> Is the admin-serv/console.conf created by setup-ds-admin.pl ?

It is not created by setup, but it is written by setup.

> Since it is in
> the rpm db i guess not.

It is marked as config(noreplace) in the rpm.

> Could setup-ds-admin.pl have skipped changing the admin
> server user and group?
> 
> How could i check that?

The fact that neither the port number nor the user/group were changed in console.conf suggests one of two things:
1) There is a bug in the setup-ds-admin.pl script
2) Because of the error starting the directory server the first time you ran setup-ds-admin.pl, the installation and configuration of the admin server did not complete, leaving console.conf with the incorrect default information.

I suspect 2) is the problem, and if you ran it again on a clean system, with no errors, you would get the desired configuration.
Comment 6 Rich Megginson 2009-04-09 10:39:51 EDT
We fixed a lot of problems in the area of ownerships/permissions in Fedora DS 1.2.0.  I suggest you try that.  IF you still have a problem, please reopen this bug.

Note You need to log in before you can comment on or make changes to this bug.