OpenDJ Administration Port (4444) not able to authenticate Default User(Directory Manager) /any user

huangapple go评论142阅读模式
英文:

OpenDJ Administration Port (4444) not able to authenticate Default User(Directory Manager) /any user

问题

亲爱的,

您能就以下情况给我一些建议吗?在将JVM更改为OpenJDK后,我在OpenDJ DS中遇到了问题,似乎Java中的trusted store中已删除了admin-certs。请您指导我们如何在OpenDJ中重新创建admin连接器/证书,而无需重新安装。

config.ldif

  1. dn: cn=Administration Connector,cn=config
  2. objectClass: top
  3. objectClass: ds-cfg-administration-connector
  4. ds-cfg-trust-manager-provider: cn=Administration,cn=Trust Manager Providers,cn=config
  5. cn: Administration Connector
  6. ds-cfg-key-manager-provider: cn=Administration,cn=Key Manager Providers,cn=config
  7. ds-cfg-listen-address: 0.0.0.0
  8. ds-cfg-listen-port: 4444
  9. ds-cfg-ssl-cert-nickname: admin-cert

即使我输入了正确的密码也出现了错误:

  1. ./dsconfig -v
  2. >>>> 指定 OpenDJ LDAP 连接参数
  3. 目录服务器主机名或 IP 地址 [XXXX.XXX.XX]:
  4. 目录服务器管理端口号 [4444]:
  5. 管理员用户绑定 DN [cn=Directory Manager]:
  6. 用户 'cn=Directory Manager' 的密码:
  7. 无法连接到 XXXX.XXX.XX 上的端口 4444 的服务器。
  8. 请检查此端口是否为管理端口。

端口状态:

  1. lsof -nPi :4444
  2. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  3. java 14530 ldap 87u IPv6 4618018 0t0 TCP *:4444 (LISTEN)
英文:

Dears,

Could you advise me on below situation, am having an issue with OpenDJ DS after change JVM to OpenJDK
seems like the admin-certs has been removed from trusted store in Java
could you advise how we can recreate admin connector/certs in OpenDJ without re installing

config.ldif

  1. dn: cn=Administration Connector,cn=config
  2. objectClass: top
  3. objectClass: ds-cfg-administration-connector
  4. ds-cfg-trust-manager-provider: cn=Administration,cn=Trust Manager Providers,cn=config
  5. cn: Administration Connector
  6. ds-cfg-key-manager-provider: cn=Administration,cn=Key Manager Providers,cn=config
  7. ds-cfg-listen-address: 0.0.0.0
  8. ds-cfg-listen-port: 4444
  9. ds-cfg-ssl-cert-nickname: admin-cert

Error even i put correct password

  1. ./dsconfig -v
  2. >>>> Specify OpenDJ LDAP connection parameters
  3. Directory server hostname or IP address [XXXX.XXX.XX]:
  4. Directory server administration port number [4444]:
  5. Administrator user bind DN [cn=Directory Manager]:
  6. Password for user 'cn=Directory Manager':
  7. Unable to connect to the server at XXXX.XXX.XX on port 4444.
  8. Check this port is an administration port

Port status

  1. lsof -nPi :4444
  2. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  3. java 14530 ldap 87u IPv6 4618018 0t0 TCP *:4444 (LISTEN)

答案1

得分: 1

  1. 禁用 IPv6(不确定是否是原因)
  2. 在 Java(conf/java.security)中注释掉 jdk.tls.disabledAlgorithms
英文:

I was having the same issue:

2 things to resolve:

  1. disable ipv6( not sure was this the reason)
  2. on java (conf/java.security) comment out the jdk.tls.disabledAlgorithms

答案2

得分: 0

A change in JavaVM shouldn't affect the admin truststore which is located under the opends folder.
我建议您尝试使用Java SSL调试标志,以获得更具体的错误消息,这将帮助您了解问题出在哪里(详细信息请参见 https://ludopoitou.com/2011/06/29/opendj-troubleshooting-ldap-ssl-connections/)。

英文:

A change in JavaVM shouldn't affect the admin truststore which is located under the opends folder.
I would suggest that you try to use the Java SSL debugging flag to obtain a more specific error message that will help you understand where the issue lies (for details see https://ludopoitou.com/2011/06/29/opendj-troubleshooting-ldap-ssl-connections/).

huangapple
  • 本文由 发表于 2023年8月10日 18:38:45
  • 转载请务必保留本文链接:https://go.coder-hub.com/76874945.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定