7.5 beta - unable to install local LDAP


(Dan) #1

Again, just did a clean install of 7.5beta on a test VM. Went to set up some users, and of course need to set an accounts provider to do that. I chose to install a local LDAP server. The installation fails with this on the screen:
image

[root@neth-automx log]# grep -C 20 S50nethserver-directory-createadmins messages 
May 24 16:48:18 neth-automx esmith::event[10401]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
May 24 16:48:18 neth-automx esmith::event[10401]: Failed to create group domadmins.
May 24 16:48:18 neth-automx esmith::event[10401]: [ERROR] failed to set members of group `domadmins`
May 24 16:48:18 neth-automx esmith::event[10401]: SASL/EXTERNAL authentication started
May 24 16:48:18 neth-automx esmith::event[10401]: SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
May 24 16:48:18 neth-automx esmith::event[10401]: SASL SSF: 0
May 24 16:48:18 neth-automx esmith::event[10401]: Rename Result: No such object (32)
May 24 16:48:18 neth-automx esmith::event[10401]: Matched DN: ou=Groups,dc=directory,dc=nh
May 24 16:48:18 neth-automx esmith::event[10401]: SASL/EXTERNAL authentication started
May 24 16:48:18 neth-automx esmith::event[10401]: SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
May 24 16:48:18 neth-automx esmith::event[10401]: SASL SSF: 0
May 24 16:48:18 neth-automx esmith::event[10401]: ldap_modify: No such object (32)
May 24 16:48:18 neth-automx esmith::event[10401]: #011matched DN: ou=Groups,dc=directory,dc=nh
May 24 16:48:18 neth-automx esmith::event[10401]: modifying entry "cn=domain admins,ou=Groups,dc=directory,dc=nh"
May 24 16:48:18 neth-automx esmith::event[10401]: 
May 24 16:48:18 neth-automx esmith::event[10401]: SASL/EXTERNAL authentication started
May 24 16:48:18 neth-automx esmith::event[10401]: SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
May 24 16:48:18 neth-automx esmith::event[10401]: SASL SSF: 0
May 24 16:48:18 neth-automx esmith::event[10401]: modifying entry "olcDatabase={2}hdb,cn=config"
May 24 16:48:18 neth-automx esmith::event[10401]: 
May 24 16:48:18 neth-automx esmith::event[10401]: Action: /etc/e-smith/events/nethserver-directory-update/S50nethserver-directory-createadmins FAILED: 4 [4.365564]
May 24 16:48:18 neth-automx esmith::event[10401]: Action: /etc/e-smith/events/nethserver-directory-update/S60nethserver-directory-password-policy SUCCESS [0.170742]
May 24 16:48:18 neth-automx systemd: Reloading.
May 24 16:48:18 neth-automx esmith::event[10401]: [INFO] service rsyslog restart
May 24 16:48:18 neth-automx systemd: Stopping System Logging Service...
May 24 16:48:18 neth-automx rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="4860" x-info="http://www.rsyslog.com"] exiting on signal 15.
May 24 16:48:18 neth-automx systemd: Starting System Logging Service...
May 24 16:48:18 neth-automx rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="10487" x-info="http://www.rsyslog.com"] start
May 24 16:48:18 neth-automx systemd: Started System Logging Service.
May 24 16:48:18 neth-automx esmith::event[10401]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.297279]
May 24 16:48:19 neth-automx systemd: Reloading.
May 24 16:48:19 neth-automx systemd: Reloading.
May 24 16:48:19 neth-automx systemd: Started privileged operations for unprivileged applications.
May 24 16:48:19 neth-automx systemd: Starting privileged operations for unprivileged applications...
May 24 16:48:19 neth-automx /sbin/e-smith/db[10549]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns||LdapURI||Provider|none|Realm||Workgroup||status|disabled
May 24 16:48:19 neth-automx /sbin/e-smith/db[10549]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns||LdapURI|ldap://127.0.0.1|Provider|none|Realm||Workgroup||status|disabled
May 24 16:48:19 neth-automx /sbin/e-smith/db[10549]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns||LdapURI|ldap://127.0.0.1|Provider|none|Realm||Workgroup||status|disabled
May 24 16:48:19 neth-automx /sbin/e-smith/db[10549]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns||LdapURI|ldap://127.0.0.1|Provider|ldap|Realm||Workgroup||status|disabled
May 24 16:48:19 neth-automx /sbin/e-smith/db[10549]: /var/lib/nethserver/db/configuration: OLD sssd=service|AdDns||LdapURI|ldap://127.0.0.1|Provider|ldap|Realm||Workgroup||status|disabled
May 24 16:48:19 neth-automx /sbin/e-smith/db[10549]: /var/lib/nethserver/db/configuration: NEW sssd=service|AdDns||LdapURI|ldap://127.0.0.1|Provider|ldap|Realm||Workgroup||status|enabled
May 24 16:48:19 neth-automx esmith::event[10491]: Event: nethserver-sssd-save
[root@neth-automx log]# 

Looks like it isn’t able to connect to the LDAP server to set up the admin user. But:

[root@neth-automx log]# systemctl status slapd
● slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-05-24 16:48:13 EDT; 9min ago
     Docs: man:slapd
           man:slapd-config
           man:slapd-hdb
           man:slapd-mdb
           file:///usr/share/doc/openldap-servers/guide.html
 Main PID: 10428 (slapd)
   CGroup: /system.slice/slapd.service
           └─10428 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:///

May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=2 ADD dn="cn=module,cn=config"
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=2 RESULT tag=105 err=0 text=
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=3 SRCH base="cn=config" scope=2 deref=2 filter="(&(cn...la))"
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=4 ADD dn="cn=module,cn=config"
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=4 RESULT tag=105 err=0 text=
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=5 SRCH base="cn=config" scope=0 deref=2 filter="(obje...s=*)"
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=6 MOD dn="cn=config"
May 24 16:48:13 neth-automx.familybrown.org slapd[10428]: conn=1000 op=6 MOD attr=olcPasswordCryptSaltFormat olcTLSCertifica...lient
Hint: Some lines were ellipsized, use -l to show in full.
[root@neth-automx log]# 

Edit: Well, that was unexpected. Apparently the ECC certificate did something to break LDAP as well. Reissued the cert as RSA, removed OpenLDAP through the server-manager, reinstalled it, and now it works. Strange.


(Davide Principi) #2

As this #bug is probably caused by the lack of ECC-compatible ciphers, I close it by now. Please refer to the other thread.


(Davide Principi) #3