<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 02/21/2012 07:15 AM, MATON Brett wrote:
<blockquote cite="mid:201202211426.q1LEQMZS017076@mx1.redhat.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";
        color:black;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";
        color:black;}
span.Preacute1
        {mso-style-name:"Pré1\,formaté1\,HTML Car1";
        mso-style-priority:99;
        mso-style-link:"Pré\,formaté\,HTML";
        font-family:Consolas;
        color:black;}
p.Preacute, li.Preacute, div.Preacute
        {mso-style-name:"Pré\,formaté\,HTML";
        mso-style-priority:99;
        mso-style-link:"Pré2\,formaté2\,HTML Car2";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        color:black;}
span.PrformatHTMLCar
        {mso-style-name:"Préformaté HTML Car";
        mso-style-priority:99;
        mso-style-link:"Préformaté HTML";
        font-family:Consolas;
        color:black;}
p.PrformatHTML, li.PrformatHTML, div.PrformatHTML
        {mso-style-name:"Préformaté HTML";
        mso-style-priority:99;
        mso-style-link:"Préformaté HTML Car";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        color:black;}
span.Preacute2
        {mso-style-name:"Pré2\,formaté2\,HTML Car2";
        mso-style-priority:99;
        mso-style-link:"Pré\,formaté\,HTML";
        font-family:Consolas;
        color:black;}
span.EmailStyle27
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.EmailStyle28
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle29
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle30
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle31
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle32
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle33
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle36
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Hi
Rich,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">
I’m still banging my head with this one.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"> I
did notice though that the slave server doesn’t ask for the
CertificateDB password.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"> Is
there any way to check where it’s actually looking for the
key databases?</span></p>
</div>
</blockquote>
Not without trying to use gdb to run the CGI programs through the
debugger.<br>
<blockquote cite="mid:201202211426.q1LEQMZS017076@mx1.redhat.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Brett<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<div>
<div style="border-right: medium none; border-width: 1pt
medium medium; border-style: solid none none; border-color:
rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color;
padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span style="font-size: 10pt;
font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US">
<a class="moz-txt-link-abbreviated" href="mailto:389-users-bounces@lists.fedoraproject.org">389-users-bounces@lists.fedoraproject.org</a>
[<a class="moz-txt-link-freetext" href="mailto:389-users-bounces@lists.fedoraproject.org">mailto:389-users-bounces@lists.fedoraproject.org</a>] <b>On
Behalf Of </b>MATON Brett<br>
<b>Sent:</b> 10 February 2012 07:24<br>
<b>To:</b> General discussion list for the 389 Directory
server project.; Rich Megginson<br>
<b>Subject:</b> Re: [389-users] dirsrv-admin with
existing (remote) configuration server using SSL<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On 02/08/2012 01:31 PM, MATON Brett wrote:
<o:p></o:p></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="FR-BE">Platform is RHEL6.2 x64</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="FR-BE"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">$ rpm -qa|grep 389</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-admin-console-doc-1.1.8-1.el6.noarch</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-admin-console-1.1.8-1.el6.noarch</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-adminutil-1.1.14-2.el6.x86_64</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-ds-console-1.2.6-1.el6.noarch</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-ds-1.2.2-1.el6.noarch</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-ds-base-1.2.9.14-1.el6_2.2.x86_64</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-ds-console-doc-1.2.6-1.el6.noarch</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-console-1.1.7-1.el6.noarch</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-admin-1.1.25-1.el6.x86_64</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">389-dsgw-1.1.7-2.el6.x86_64</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="FR-BE"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">$ rpm -qi openldap</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Name : openldap
Relocations: (not relocatable)</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Version : 2.4.23
Vendor: Red Hat, Inc.</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Release : 20.el6
Build Date: Tue 04 Oct 2011 01:48:15 PM CEST</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Install Date: Wed 08 Feb 2012 09:20:30 AM
CET Build Host: x86-010.build.bos.redhat.com</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Group : System Environment/Daemons
Source RPM: openldap-2.4.23-20.el6.src.rpm</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Size : 779076
License: OpenLDAP</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Signature : RSA/8, Mon 07 Nov 2011 08:37:10
AM CET, Key ID 199e2f91fd431d51</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Packager : Red Hat, Inc. <a
moz-do-not-send="true"
href="http://bugzilla.redhat.com/bugzilla"><http://bugzilla.redhat.com/bugzilla></a></span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">URL : <a moz-do-not-send="true"
href="http://www.openldap.org/">http://www.openldap.org/</a></span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">Summary : LDAP support libraries</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">Description : <snipped></span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="FR-BE"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">rpm -qi nss</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Name : nss
Relocations: (not relocatable)</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Version : 3.12.10
Vendor: Red Hat, Inc.</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Release : 17.el6_2
Build Date: Sat 10 Dec 2011 12:32:24 AM CET</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Install Date: Wed 08 Feb 2012 09:20:30 AM
CET Build Host: x86-003.build.bos.redhat.com</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Group : System Environment/Libraries
Source RPM: nss-3.12.10-17.el6_2.src.rpm</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Size : 2602368
License: MPLv1.1 or GPLv2+ or LGPLv2+</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Signature : RSA/8, Wed 14 Dec 2011 01:37:20
PM CET, Key ID 199e2f91fd431d51</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Packager : Red Hat, Inc. <a
moz-do-not-send="true"
href="http://bugzilla.redhat.com/bugzilla"><http://bugzilla.redhat.com/bugzilla></a></span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">URL : <a moz-do-not-send="true"
href="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</a></span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Summary : Network Security Services</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">Description : <snipped></span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";" lang="FR-BE">grep
-i admconfigdir /etc/dirsrv/admin-serv/*</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="FR-BE"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE"># grep -i admconfigdir /etc/dirsrv/admin-serv/*</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">/etc/dirsrv/admin-serv/admserv.conf:ADMConfigDir
"/etc/dirsrv/admin-serv"</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";" lang="FR-BE"><br>
grep -i NSSEngine /etc/dirsrv/admin-serv/* </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="FR-BE"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE"># grep -i NSSEngine /etc/dirsrv/admin-serv/*</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">/etc/dirsrv/admin-serv/console.conf:NSSEngine
off</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span
style="font-size: 12pt; font-family: "Times New
Roman","serif";" lang="FR-BE"><br>
service dirsrv stop<br>
/usr/sbin/start-ds-admin -e debug</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># service dirsrv stop</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Shutting down dirsrv:</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span style="font-size: 10pt;
font-family: "Courier New";" lang="FR-BE"><host>...
[ OK ]</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="FR-BE"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># /usr/sbin/start-ds-admin -e debug</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module authz_host_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module auth_basic_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module authn_file_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module log_config_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module env_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module mime_magic_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module unique_id_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module setenvif_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module mime_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module negotiation_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module dir_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module alias_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module rewrite_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module cgi_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module restartd_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module nss_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_so.c(246): loaded module admserv_module</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2509): [25197]
create_server_config [0xbogus %p for (null)</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2497): [25197] create_config
[0xbogus %p for (null)</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2570): [25197] Set [0xbogus %p
[ADMCacheLifeTime] to 600</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2588): [25197] Set [0xbogus %p
[ADMServerVersionString] to 389-Administrator/1.1.25</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2497): [25197] create_config
[0xbogus %p for /*/[tT]asks/[Oo]peration/*</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2522): [25197] adminsdk [0xbogus
%p flag 1</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2497): [25197] create_config
[0xbogus %p for /*/[tT]asks/[Cc]onfiguration/*</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2522): [25197] adminsdk [0xbogus
%p flag 1</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2497): [25197] create_config
[0xbogus %p for
/*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove)$</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:03:59 2012] [debug]
mod_admserv/mod_admserv.c(2522): [25197] adminsdk [0xbogus
%p flag 0</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">Server failed to start !!! Please check errors
log for problems</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># tail /var/log/dirsrv/admin-serv/error</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:04:05 2012] [debug]
mod_admserv/mod_admserv.c(1456):
populate_tasks_from_server(): getting tasks for server
[admin-serv] siedn [cn=admin-serv-<host>,cn=389
Administration Server,cn=Server Group,cn=<host
FQDN>,ou=admins.unix,o=NetscapeRoot]</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">[Wed Feb 08 22:04:05 2012] [crit] sslinit: NSS
is required to use LDAPS, but security initialization failed
[-12285:Unable to find the certificate or key necessary for
authentication.]. Cannot start server</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span
style="font-size: 12pt; font-family: "Times New
Roman","serif";" lang="FR-BE">Ok. Well, it's
just not working and I don't know why. Please file a ticket
and we'll get around to it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US">Sure, I’ll do that tomorrow and add the ticket
reference here.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US">Trac: <a moz-do-not-send="true"
href="https://fedorahosted.org/389/ticket/287">https://fedorahosted.org/389/ticket/287</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US">Brett<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<div>
<div style="border-right: medium none; border-width: 1pt
medium medium; border-style: solid none none; padding: 3pt
0cm 0cm; border-color: -moz-use-text-color;">
<p class="MsoNormal"><b><span style="font-size: 10pt;
font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US">De :</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US"> Rich Megginson [</span><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="FR"><a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com"><span lang="EN-US">mailto:rmeggins@redhat.com</span></a></span><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US">] <br>
<b>Envoyé :</b> mercredi 8 février 2012 21:16<br>
<b>À :</b> MATON Brett<br>
<b>Cc :</b> General discussion list for the 389
Directory server project.<br>
</span><b><span style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="FR">Objet :</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="FR"> Re: [389-users] dirsrv-admin
with existing (remote) configuration server using SSL</span><span
lang="FR-BE"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">On 02/08/2012 12:18 PM,
MATON Brett wrote: <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US">Thanks for your help Rich,</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="FR-BE">LDAPTLS_CACERTDIR=/etc/dirsrv/admin-serv</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">ldapsearch -x -H <a moz-do-not-send="true"
href="ldaps://">ldaps://</a><config server FQDN> -D
"cn=Directory Manager" –W –s base –b “”</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># extended LDIF</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">#</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># LDAPv3</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># base <> with scope baseObject</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># filter: (objectclass=*)</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"># requesting: ALL</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">#</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">#</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">dn:</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">objectClass: top</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">namingContexts: dc=admins,dc=unix</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New"; color: rgb(31, 73, 125);"
lang="EN-US">…</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US">No complaints from those commands, the plot
thickens ;)</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span
style="font-size: 12pt; font-family: "Times New
Roman","serif";" lang="FR-BE">What platform
is this?<br>
rpm -qa|grep 389<br>
rpm -qi openldap<br>
rpm -qi nss<br>
<br>
<br>
</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US">Brett</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="FR-BE"><o:p></o:p></span></p>
<div>
<div style="border-right: medium none; border-width: 1pt
medium medium; border-style: solid none none; padding: 3pt
0cm 0cm; border-color: -moz-use-text-color;">
<p class="MsoNormal"><b><span style="font-size: 10pt;
font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="FR">De :</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="FR"> Rich Megginson [<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com">mailto:rmeggins@redhat.com</a>]
<br>
<b>Envoyé :</b> mercredi 8 février 2012 16:43<br>
<b>À :</b> General discussion list for the 389 Directory
server project.<br>
<b>Cc :</b> MATON Brett<br>
<b>Objet :</b> Re: [389-users] dirsrv-admin with
existing (remote) configuration server using SSL</span><span
lang="FR-BE"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">On 02/08/2012 07:20 AM,
MATON Brett wrote: <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">Installation appears to
go fine until it tries to start the admin server:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">Configuration
directory server URL [<a moz-do-not-send="true"
href="ldap://">ldap://</a><local
FQDN>:389/o=NetscapeRoot]: <a moz-do-not-send="true"
href="ldaps://">ldaps://</a><Config Server
FQDN>:636/o=NetscapeRoot</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">...</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">CA certificate
filename: /etc/openldap/cacerts/<base64 cert file></span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">...</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">output: Server failed
to start !!! Please check errors log for problems</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">output:
[FAILED]</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">/var/log/dirsrv/admin-serv/error:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">[Wed Feb 08 13:35:26
2012] [notice] SELinux policy enabled; httpd running as
context unconfined_u:system_r:httpd_t:s0</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">[Wed Feb 08 13:35:32
2012] [crit] sslinit: NSS is required to use LDAPS, but
security initialization failed [-12285:Unable to find the
certificate or key necessary for authentication.]. Cannot
start server</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">The server, has however
successfully registered itself with the remote Configuration
Directory Server.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">(shows up in the server
group in 389-Console and Directory Server is available).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">I wasn’t asked to
provide a keystore password when adding the certificate to
the store, as you would be with 389-Console GUI when first
opening the certificate store.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">Is that intentional or
not?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">I’m now a bit stumped
(again), I had a look at the certdb with certutil:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">[root@<host>
admin-serv]# certutil -d . -L</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE"> </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">Certificate
Nickname Trust
Attributes</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">
SSL,S/MIME,JAR/XPI</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE"> </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">CA
certificate
CT,,</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">Which leads me to
believe that it should be able to at least find the
certificate...<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">I also checked
file/directory ownership and permissions which match those
on the working ‘master’ server.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">Installer issue:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> If you make a mistake
and get asked to try again (I typed the ldaps port as 633
instead if 636), you get stuck at the CA Certificate
filename stage with the following:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">CA certificate
filename [/etc/openldap/cacerts/CAServer.crt]:</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">The certificate
database in '/etc/dirsrv/admin-serv' already contains a CA
certificate. Please remove it first, or use the certutil
program to add the CA certificate with a different name.</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE">Please try again, in
case you mis-typed something.</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family:
"Courier New";" lang="FR-BE"> </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE">Simple enough solution
as for me this is a fresh install, is to delete cert8.db and
keys3.db in </span><span style="font-size: 10pt;
font-family: "Courier New";" lang="FR-BE">/etc/dirserv/admin-serv/</span><span
lang="FR-BE"> from another session.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span
style="font-size: 12pt; font-family: "Times New
Roman","serif";" lang="FR-BE">You can use
ldapsearch to test if the cert db is correct:<br>
<br>
LDAPTLS_CACERTDIR=/etc/dirsrv/admin-serv ldapsearch -x -H <a
moz-do-not-send="true" href="ldaps://">ldaps://</a></span><span
style="font-size: 10pt; font-family: "Courier
New";" lang="FR-BE"><Config Server FQDN> -D
"cn=directory manager" -W -s base -b ""<br>
if that doesn't work, use ldapsearch -d 1 -x .... to get
more debugging information.<br>
<br>
The error is strange though. It seems to imply that the
admin server is looking for a cert or key. If the admin
server is acting only as an SSL client, it should not need
to look up a cert or key, it should only need the CA cert.<br>
<br>
<br>
<br>
</span><span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-BE"> <o:p></o:p></span></p>
<p><span style="font-size: 7pt; font-family:
"Verdana","sans-serif"; color: gray;"
lang="FR-BE">-------------------------------------------------------------------</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(102, 153, 51);">GreeNRB</span></strong><b><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";"><br>
</span></b><em><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">NRB considers
its environmental responsibility and goes for green IT.</span></em><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";"> <br>
<i>May we ask you to consider yours before printing this
e-mail? </i><b> </b></span> <span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(0, 0, 102);">NRB, daring to commit <br>
</span></b><i><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">This e-mail
and any attachments, which may contain information that is
confidential and/or protected by intellectual property
rights, are intended for the exclusive use of the
above-mentioned addressee(s). Any use (including
reproduction, disclosure and whole or partial distribution
in any form whatsoever) of their content is prohibited
without prior authorization of NRB. If you have received
this message by error, please contact the sender promptly
by resending this e-mail back to him (her), or by calling
the above number. Thank you for subsequently deleting this
e-mail and any files attached thereto.</span></i><span
lang="FR-BE"><o:p></o:p></span></p>
<pre><span lang="FR-BE"> <o:p></o:p></span></pre>
<pre><span lang="FR-BE"> <o:p></o:p></span></pre>
<pre><span lang="FR-BE">--<o:p></o:p></span></pre>
<pre><span lang="FR-BE">389 users mailing list<o:p></o:p></span></pre>
<pre><span lang="FR-BE"><a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><o:p></o:p></span></pre>
<pre><span lang="FR-BE"><a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><o:p></o:p></span></pre>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";" lang="FR-BE"> </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p><span style="font-size: 7pt; font-family:
"Verdana","sans-serif";" lang="FR-BE">-------------------------------------------------------------------</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(102, 153, 51);">GreeNRB</span></strong><b><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";"><br>
</span></b><em><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">NRB considers
its environmental responsibility and goes for green IT.</span></em><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";"> <br>
<i>May we ask you to consider yours before printing this
e-mail? </i><b> </b></span> <span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(0, 0, 102);">NRB, daring to commit <br>
</span></b><i><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">This e-mail
and any attachments, which may contain information that is
confidential and/or protected by intellectual property
rights, are intended for the exclusive use of the
above-mentioned addressee(s). Any use (including
reproduction, disclosure and whole or partial distribution
in any form whatsoever) of their content is prohibited
without prior authorization of NRB. If you have received
this message by error, please contact the sender promptly
by resending this e-mail back to him (her), or by calling
the above number. Thank you for subsequently deleting this
e-mail and any files attached thereto.</span></i><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";" lang="FR-BE"> </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p><span style="font-size: 7pt; font-family:
"Verdana","sans-serif";" lang="FR-BE">-------------------------------------------------------------------</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(102, 153, 51);">GreeNRB</span></strong><b><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";"><br>
</span></b><em><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">NRB considers
its environmental responsibility and goes for green IT.</span></em><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";"> <br>
<i>May we ask you to consider yours before printing this
e-mail? </i><b> </b></span> <span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(0, 0, 102);">NRB, daring to commit <br>
</span></b><i><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">This e-mail
and any attachments, which may contain information that is
confidential and/or protected by intellectual property
rights, are intended for the exclusive use of the
above-mentioned addressee(s). Any use (including
reproduction, disclosure and whole or partial distribution
in any form whatsoever) of their content is prohibited
without prior authorization of NRB. If you have received
this message by error, please contact the sender promptly
by resending this e-mail back to him (her), or by calling
the above number. Thank you for subsequently deleting this
e-mail and any files attached thereto.</span></i><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";" lang="FR-BE"> </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p><span style="font-size: 7pt; font-family:
"Verdana","sans-serif";" lang="FR-BE">-------------------------------------------------------------------</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(102, 153, 51);">GreeNRB</span></strong><b><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";"><br>
</span></b><em><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">NRB considers
its environmental responsibility and goes for green IT.</span></em><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);"> <br>
<i>May we ask you to consider yours before printing this
e-mail? </i><b> </b></span> <span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(0, 0, 102);">NRB, daring to commit <br>
</span></b><i><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif";">This e-mail
and any attachments, which may contain information that is
confidential and/or protected by intellectual property
rights, are intended for the exclusive use of the
above-mentioned addressee(s). Any use (including
reproduction, disclosure and whole or partial distribution
in any form whatsoever) of their content is prohibited
without prior authorization of NRB. If you have received
this message by error, please contact the sender promptly
by resending this e-mail back to him (her), or by calling
the above number. Thank you for subsequently deleting this
e-mail and any files attached thereto.</span></i><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";" lang="FR-BE"> </span><span
lang="FR-BE"><o:p></o:p></span></p>
<p><span style="font-size: 7pt; font-family:
"Verdana","sans-serif";" lang="FR-BE">-------------------------------------------------------------------</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(102, 153, 51);">GreeNRB</span></strong><b><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);"><br>
</span></b><em><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);">NRB considers its environmental responsibility
and goes for green IT.</span></em><span style="font-size:
7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);"> <br>
<i>May we ask you to consider yours before printing this
e-mail? </i><b> </b></span> <span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(0, 0, 102);">NRB, daring to commit <br>
</span></b><i><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(0,
0, 102);">This e-mail and any attachments, which may
contain information that is confidential and/or protected
by intellectual property rights, are intended for the
exclusive use of the above-mentioned addressee(s). Any use
(including reproduction, disclosure and whole or partial
distribution in any form whatsoever) of their content is
prohibited without prior authorization of NRB. If you have
received this message by error, please contact the sender
promptly by resending this e-mail back to him (her), or by
calling the above number. Thank you for subsequently
deleting this e-mail and any files attached thereto.</span></i><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";" lang="FR-BE"><o:p> </o:p></span></p>
<p><span style="font-size: 7pt; font-family:
"Verdana","sans-serif"; color: gray;"
lang="FR-BE">-------------------------------------------------------------------</span><span
lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(102, 153, 51);">GreeNRB</span></strong><b><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);"><br>
</span></b><em><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);">NRB considers its environmental responsibility
and goes for green IT.</span></em><span style="font-size:
7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);"> <br>
<i>May we ask you to consider yours before printing this
e-mail? </i><b> </b></span> <span lang="FR-BE"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(0, 0, 102);">NRB, daring to commit <br>
</span></b><i><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(0,
0, 102);">This e-mail and any attachments, which may
contain information that is confidential and/or protected
by intellectual property rights, are intended for the
exclusive use of the above-mentioned addressee(s). Any use
(including reproduction, disclosure and whole or partial
distribution in any form whatsoever) of their content is
prohibited without prior authorization of NRB. If you have
received this message by error, please contact the sender
promptly by resending this e-mail back to him (her), or by
calling the above number. Thank you for subsequently
deleting this e-mail and any files attached thereto.</span></i><span
lang="FR-BE"><o:p></o:p></span></p>
<p><span style="font-size: 7pt; font-family:
"Verdana","sans-serif"; color: gray;">-------------------------------------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><strong><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(102, 153, 51);">GreeNRB</span></strong><b><span
style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);"><br>
</span></b><em><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);">NRB considers its environmental responsibility
and goes for green IT.</span></em><span style="font-size:
7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(102,
153, 51);"> <br>
<i>May we ask you to consider yours before printing this
e-mail? </i><b> </b></span> <o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size: 7.5pt;
font-family: "Tahoma","sans-serif";
color: rgb(0, 0, 102);">NRB, daring to commit <br>
</span></b><i><span style="font-size: 7.5pt; font-family:
"Tahoma","sans-serif"; color: rgb(0,
0, 102);">This e-mail and any attachments, which may
contain information that is confidential and/or protected
by intellectual property rights, are intended for the
exclusive use of the above-mentioned addressee(s). Any use
(including reproduction, disclosure and whole or partial
distribution in any form whatsoever) of their content is
prohibited without prior authorization of NRB. If you have
received this message by error, please contact the sender
promptly by resending this e-mail back to him (her), or by
calling the above number. Thank you for subsequently
deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p>
</div>
<!--DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"-->
<meta name="GENERATOR" content="TX_HTML32 11.0.211.501">
<span style="font-family: 'Verdana'; color: rgb(128, 128, 128);
font-size: 7pt;">
<p><span style="font-family: 'Verdana'; color: rgb(128, 128,
128); font-size: 7pt;">-------------------------------------------------------------------</span></p>
<span style="font-family: 'Verdana'; color: rgb(128, 128, 128);
font-size: 6pt;">
<p style="margin: 0cm 0cm 0pt;" class="MsoNormal"><font
face="tahoma,arial,helvetica,sans-serif"><font size="1"><font
color="#669933"><span style="" lang="EN-GB"><strong>GreeNRB<br>
</strong><em>NRB considers its environmental
responsibility and goes for green IT.</em> <br>
</span><i><span style="" lang="EN-GB">May we ask you
to consider yours before printing this e-mail? </span></i><b><span
style="" lang="EN-GB"> </span></b></font></font></font>
</p>
<p style="margin: 0cm 0cm 0pt;" class="MsoNormal"><font
face="tahoma,arial,helvetica,sans-serif"><font size="1"><font
color="#000066"><b><span style="" lang="EN-GB">NRB,
daring to commit <br>
</span></b><i><span style="" lang="EN-GB">This
e-mail and any attachments, which may contain
information that is confidential and/or protected
by intellectual property rights, are intended for
the exclusive use of the above-mentioned
addressee(s). Any use (including reproduction,
disclosure and whole or partial distribution in
any form whatsoever) of their content is
prohibited without prior authorization of NRB. If
you have received this message by error, please
contact the sender promptly by resending this
e-mail back to him (her), or by calling the above
number. Thank you for subsequently deleting this
e-mail and any files attached thereto.</span></i></font></font></font></p>
</span></span>
</blockquote>
<br>
</body>
</html>