Been using passwordless cert the whole time. This worked fine until I upgraded to 1.2.6 final.<br><br><div class="gmail_quote">On Thu, Sep 16, 2010 at 1:14 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">Aaron Hagopian wrote:<br>
><br>
><br>
> grep nsslapd-localuser /etc/dirsrv/slapd-instance/dse.ldif<br>
><br>
><br>
> nsslapd-localuser: nobody<br>
><br>
> ls -al /etc/dirsrv/slapd-instance<br>
><br>
><br>
> [root@barfolomew slapd-barfolomew]# ls -al /etc/dirsrv/slapd-barfolomew<br>
> total 364<br>
> drwxrwx---. 3 nobody nobody 4096 Sep 16 07:46 .<br>
> drwxrwxr-x. 8 root nobody 4096 Sep 15 10:20 ..<br>
> -rw-rw----. 1 nobody nobody 65536 Sep 16 07:44 cert8.db<br>
> -r--r-----. 1 nobody nobody 3595 Sep 15 10:20 certmap.conf<br>
> -rw-------. 1 nobody nobody 70422 Sep 16 07:44 dse.ldif<br>
> -rw-------. 1 nobody nobody 70422 Sep 16 07:44 dse.ldif.bak<br>
> -rw-------. 1 nobody nobody 69463 Sep 15 17:32 dse.ldif.startOK<br>
> -r--r-----. 1 nobody nobody 31234 Sep 15 10:20 dse_original.ldif<br>
> -rw-rw----. 1 nobody nobody 16384 Sep 16 07:44 key3.db<br>
> drwxrwx---. 2 nobody nobody 4096 Sep 16 07:46 schema<br>
> -rw-rw----. 1 nobody nobody 16384 Sep 15 10:11 secmod.db<br>
> -r--r-----. 1 nobody nobody 5366 Sep 15 10:20 slapd-collations.conf<br>
</div>There is no pin.txt file in there, and the error message indicates a<br>
failure to authenticate, which is usually password/pin related.<br>
<a href="http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_SSL.html#Starting_the_Server_with_SSL_Enabled-Creating_a_Password_File" target="_blank">http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_SSL.html#Starting_the_Server_with_SSL_Enabled-Creating_a_Password_File</a><br>
<div><div></div><div class="h5">><br>
><br>
><br>
> try /usr/lib64/dirsrv/slapd-instance/start-slapd -d 1<br>
><br>
><br>
> Here's the ending of the errors log file, and attached is the whole thing:<br>
><br>
> [16/Sep/2010:07:49:51 -0500] - => send_ldap_search_entry<br>
> (cn=encryption,cn=config)<br>
><br>
> [16/Sep/2010:07:49:51 -0500] - <= send_ldap_search_entry<br>
><br>
> [16/Sep/2010:07:49:51 -0500] - => send_ldap_result 0::<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= send_ldap_result<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => slapi_reslimit_get_integer_limit()<br>
> conn=0x0, handle=-1<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= slapi_reslimit_get_integer_limit()<br>
> returning NO VALUE<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => slapi_reslimit_get_integer_limit()<br>
> conn=0x0, handle=-1<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= slapi_reslimit_get_integer_limit()<br>
> returning NO VALUE<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => compute_limits: sizelimit=-1,<br>
> timelimit=-1<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => send_ldap_search_entry<br>
> (cn=RSA,cn=encryption,cn=config)<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= send_ldap_search_entry<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => send_ldap_result 0::<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= send_ldap_result<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => slapi_reslimit_get_integer_limit()<br>
> conn=0x0, handle=-1<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= slapi_reslimit_get_integer_limit()<br>
> returning NO VALUE<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => slapi_reslimit_get_integer_limit()<br>
> conn=0x0, handle=-1<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= slapi_reslimit_get_integer_limit()<br>
> returning NO VALUE<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => compute_limits: sizelimit=-1,<br>
> timelimit=-1<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => send_ldap_search_entry<br>
> (cn=RSA,cn=encryption,cn=config)<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= send_ldap_search_entry<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - => send_ldap_result 0::<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - <= send_ldap_result<br>
><br>
> [16/Sep/2010:07:49:52 -0500] - SSL alert: Security Initialization:<br>
> Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O<br>
> error occurred during security authorization.)<br>
> [16/Sep/2010:07:49:53 -0500] - ERROR: SSL Initialization Failed.<br>
><br>
><br>
</div></div><div><div></div><div class="h5">> ------------------------------------------------------------------------<br>
><br>
> --<br>
> 389 users mailing list<br>
> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
<br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</div></div></blockquote></div><br>