[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Debian-sf-users] Ldap issues with install
From: |
Roland Mas |
Subject: |
Re: [Debian-sf-users] Ldap issues with install |
Date: |
Wed, 24 Jul 2002 18:36:34 +0200 |
User-agent: |
Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) |
Blake Girardot (2002-07-24 10:17:49 -0400) :
[...]
> you are not alone, this is exactly the same problem that many people
> have lo-lan-do is working or is going to work on the problem. i dont
> know of how to fix it , but i sure want to :)
>
> if anyone else has figured out how to get past this issue on a
> new/clean install hopefully they will share. if not, then we will
> have to fix it ourselves and/or hope lo-lan-do can solve it.
We were on IRC this afternoon with Manik and his Debian guy, and I
believe we spotted one cause for error (maybe not the only one,
though). The idea is: the DN= for Sourceforge ant the DN= for slapd
were not the same. Therefore the ACLs did not match when the script
tries to create an account (or change it). Here's an excerpt of the
chat:
,----
| <Lo-lan-do> Ah, I have an idea.
| <Lo-lan-do> Ahaha, I think we may have a hint there.
| <Lo-lan-do> If you don't have anything valuable in your LDAP directory, I
suggest that you purge sourceforge and slapd.
| <jskipper> Ok...
| <Lo-lan-do> Then reinstall them, using the same DN field for slapd and
sourceforge.
| <Lo-lan-do> cf. Manik's email:
| <Lo-lan-do> Distinguished Name is dc=sourceforge,dc=pingu,dc=conchango,dc=com
| <Lo-lan-do> then
| <Lo-lan-do> LDAP Server OK : dn=dc=conchango,dc=com
| <Lo-lan-do> First one is the one you gave Sourceforge, I suppose, while
second one is the one you gave Slapd.
| <jskipper> yes
| * Lo-lan-do tries too
| <jskipper> Should the distinguished name be the maxhine name (pingu)? Or have
the sourceforge part too?
| <Lo-lan-do> Try giving it the sourceforge part too, please.
| <jskipper> Ok
| <Lo-lan-do> Yes! Yes! Yes!
| <Lo-lan-do> I can reproduce!
| <Lo-lan-do> Wooooo!
| <jskipper> :)
| <Lo-lan-do> Muwahahaha!
| <Lo-lan-do> Now fixing the bug should be fairly trivial ;-)
| <Lo-lan-do> Did it work for you?
| <jskipper> Bugger... I got the same error again...
| <Lo-lan-do> Ah, damn.
`----
[Time passes, then:]
,----
| <jskipper> Purged sf and slapd... Then went and used the magic tool rm on the
stuff that was left behind...
| <jskipper> And typed the same names when installing again...
| <Lo-lan-do> Cool. So now we really have a good indication that the problem
lies in the DNs.
| <jskipper> It works... :-D
| <jskipper> The main problem was (I guess) that the DN was different... And
then that the ssl key were in a different location than wnat sf expected...
| <jskipper> But the sf-http.conf states that changes should be done in
sourceforge.conf but nothing there is about the ssl stuff... We sorted this by
moving our keys to the expected directory...
| <Grantbow> jskipper: congratulations.
`----
I plan on spending tonight tracking down that bug and making sure
things work all right. I hope I'll be able to announce good news
tomorrow, otherwise you all might have to wait until the weekend :-)
Thanks to Manik and Jonas (?) for helping me finding the bug. If
anyone wants to try and confirm (or not) that this is indeed the
problem, feel free to, and report your results. Maybe in the -devel
list, though, we don't want to scare our users.
Roland.
--
Roland Mas
S'agirait pas d'atteindre la sublime transcendance du supramental sans
se bouger le fion un minimum... -- in Sri Raoul le petit yogi (Gaudelette)