[389-users] Announcing 389 Directory Server 1.2.6
Rich Megginson
rmeggins at redhat.com
Wed Sep 15 22:29:44 UTC 2010
Aaron Hagopian wrote:
> So i removed my entire setup and tried to re-setup. Now when I try to
> enable SSL for my directory server I get the following error:
>
> [15/Sep/2010:10:25:45 -0500] - SSL alert: Security Initialization:
> Unable to authenticate (Netscape Portable Runtime error -8192 - An
> I/O error occurred during security authorization.)
> [15/Sep/2010:10:25:45 -0500] - ERROR: SSL Initialization Failed.
>
>
> I tried using my previously working .db files for this instance as
> well and did a full re-import for my server cert and the CA cert. I
> am working on a fedora 13 machine that is fully up-to-date.
grep nsslapd-localuser /etc/dirsrv/slapd-instance/dse.ldif
ls -al /etc/dirsrv/slapd-instance
try /usr/lib64/dirsrv/slapd-instance/start-slapd -d 1
>
>
>
>
>
> On Tue, Sep 14, 2010 at 11:43 AM, Aaron Hagopian <airhead1 at gmail.com
> <mailto:airhead1 at gmail.com>> wrote:
>
> Think I figured it out, a while back when I had to do the manual
> steps from something like RC5->RC6, my netscapeRoot didn't load
> back properly leaving with an empty o=netscapeRoot
>
>
> On Tue, Sep 14, 2010 at 10:20 AM, Rich Megginson
> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>
> Aaron Hagopian wrote:
> > After upgrading, although it's possible it broke on one of
> the RCs
> > since I do not usually run the admin server on my development
> > environment, when I try to connect using the 389-console I
> get an
> > error 32, cannot connect to the directory server....
> >
> > When I look through the admin-serv logs i see:
> >
> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> > admserv_host_ip_check: ap_get_remote_host could not
> resolve 127.0.0.1
> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> > admserv_host_ip_check: host [localhost.localdomain] did
> not match
> > pattern [*.barf.hra.local] -will scan aliases
> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> > admserv_host_ip_check: host alias [localhost] did not match
> > pattern [*.barf.hra.local]
> > [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to
> > initialize TLS connection to LDAP host
> barfolomew.hra.local port
> > 389: 4
> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> > admserv_check_authz(): passing
> [/admin-serv/authenticate] to the
> > userauth handler
> > [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to
> > initialize TLS connection to LDAP host
> barfolomew.hra.local port
> > 389: 4
> >
> > Now I see what the problem is about the cert name but I
> never told the
> > admin server to use TLS to connect to the LDAP server and
> when I was
> > running 1.2.5 I never had this problem. I do run my server
> on SSL as
> > well on port 636. Is it trying start TLS because it can?
> No. Not sure what changed. Take a look at the directory
> server access
> log from around this time. Let's see what the admin server is
> looking
> for. Also check /etc/dirsrv/admin-serv/adm.conf and
> local.conf for any
> tls/ssl/ldaps settings.
> > Anyway to disable that since I do not feel like generating a
> new cert
> > to match my administrative domain I put in when I setup the DS.
> http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information
> or
> http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information
> >
> >
> >
> > [root at barfolomew admin-serv]# rpm -qi 389-ds-base
> > Name : 389-ds-base Relocations: (not
> relocatable)
> > Version : 1.2.6 Vendor:
> Fedora Project
> > Release : 1.fc13 Build Date: Thu
> 26 Aug
> > 2010 04:34:30 PM CDT
> > Install Date: Mon 13 Sep 2010 09:19:02 AM CDT Build Host:
> > x86-20.phx2.fedoraproject.org
> <http://x86-20.phx2.fedoraproject.org>
> <http://x86-20.phx2.fedoraproject.org>
> > Group : System Environment/Daemons Source RPM:
> > 389-ds-base-1.2.6-1.fc13.src.rpm
> > Size : 6043179 License:
> GPLv2 with
> > exceptions
> > Signature : RSA/SHA256, Thu 26 Aug 2010 08:43:14 PM CDT,
> Key ID
> > 7edc6ad6e8e40fde
> > Packager : Fedora Project
> > URL : http://port389.org/
> > Summary : 389 Directory Server (base)
> > Description :
> > 389 Directory Server is an LDAPv3 compliant server. The
> base package
> > includes
> > the LDAP server and command line utilities for server
> administration.
> >
> > [root at barfolomew admin-serv]# rpm -qi 389-admin
> > Name : 389-admin Relocations: (not
> relocatable)
> > Version : 1.1.11 Vendor:
> Fedora Project
> > Release : 1.fc13 Build Date: Thu
> 26 Aug
> > 2010 04:53:40 PM CDT
> > Install Date: Mon 13 Sep 2010 09:19:35 AM CDT Build Host:
> > x86-20.phx2.fedoraproject.org
> <http://x86-20.phx2.fedoraproject.org>
> <http://x86-20.phx2.fedoraproject.org>
> > Group : System Environment/Daemons Source RPM:
> > 389-admin-1.1.11-1.fc13.src.rpm
> > Size : 1510119 License:
> GPLv2 and ASL 2.0
> > Signature : RSA/SHA256, Thu 26 Aug 2010 08:49:10 PM CDT,
> Key ID
> > 7edc6ad6e8e40fde
> > Packager : Fedora Project
> > URL : http://port389.org/
> > Summary : 389 Administration Server (admin)
> > Description :
> > 389 Administration Server is an HTTP agent that provides
> management
> > features
> > for 389 Directory Server. It provides some management web
> apps that can
> > be used through a web browser. It provides the
> authentication, access
> > control,
> > and CGI utilities used by the console.
> >
> >
> >
> >
> > On Mon, Sep 13, 2010 at 2:03 PM, Rich Megginson
> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>
> > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>>
> wrote:
> >
> > The 389 team is pleased to announce the availability of
> version 1.2.6.
> > This release is essentially the same as 1.2.6 RC7.
> >
> > * Release Notes - http://port389.org/wiki/Release_Notes
> > * Install_Guide - http://port389.org/wiki/Install_Guide
> > * Download - http://port389.org/wiki/Download
> >
> > === New features ===
> > * Upgrade_to_New_DN_Format
> >
> http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
> > ** in order to make sure DN valued attributes can be
> searched
> > correctly,
> > an upgrade will automatically fix these values in the
> database
> >
> > * Replication_Session_Hooks
> >
> http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
> > ** API for plugins to intercept replication session at
> various points
> >
> > * Managed Entries -
> > http://directory.fedoraproject.org/wiki/Managed_Entry_Design
> > ** Used, for example, to automatically create the user's
> group entry
> > when adding a user entry
> >
> > * Subtree Rename and Entry Move (modifyDN with newSuperior)
> > ** https://bugzilla.redhat.com/show_bug.cgi?id=429005
> > ** ability to rename a node that has children
> > ** ability to move a node, with or without children, to
> another
> > parent node
> >
> > * Security Enhancements
> > ** SELinux Policy
> > http://directory.fedoraproject.org/wiki/SELinux_Policy
> > *** https://bugzilla.redhat.com/show_bug.cgi?id=442228
> >
> > * Matching rules
> > ** support for all RFC 4517 matching rules (except the
> > FirstComponent ones)
> >
> > === Bugs Fixed ===
> > This release contains many, many bug fixes. The
> complete list of bugs
> > fixed is found at the link below. Note that bugs marked
> as MODIFIED
> > have been fixed but are still in testing.
> > * Tracking bug for 1.2.6 release -
> >
> https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0
> <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0>
> >
> <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0
> <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0>>
> >
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> <mailto:389-users at lists.fedoraproject.org>
> > <mailto:389-users at lists.fedoraproject.org
> <mailto:389-users at lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> <mailto:389-users at lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list