<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Courier New \;";}
@font-face
{font-family:"Times New Roman \, serif \;";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.Preacute2
{mso-style-name:"Pré2\,formaté2\,HTML Car2";
mso-style-priority:99;
mso-style-link:"Pré\,formaté\,HTML";
font-family:Consolas;
color:black;}
p.Preacute, li.Preacute, div.Preacute
{mso-style-name:"Pré\,formaté\,HTML";
mso-style-priority:99;
mso-style-link:"Pré1\,formaté1\,HTML Car1";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
span.Preacute1
{mso-style-name:"Pré1\,formaté1\,HTML Car1";
mso-style-priority:99;
mso-style-link:"Pré\,formaté\,HTML";
font-family:Consolas;
color:black;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle29
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle30
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle31
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle32
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle35
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Ok thanks,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> I eventually found that the remote instance would start fine if the master (configuration directory) was stopped.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> All very bizarre...<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> I’ve given up trying to get it to work reliably and have opted to create two standalone directories instead.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Brett<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Rich Megginson [mailto:rmeggins@redhat.com] <br><b>Sent:</b> 22 February 2012 23:04<br><b>To:</b> MATON Brett<br><b>Cc:</b> General discussion list for the 389 Directory server project.<br><b>Subject:</b> Re: [389-users] dirsrv-admin with existing (remote) configuration server using SSL<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>On 02/21/2012 07:15 AM, MATON Brett wrote: <o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'>Hi Rich,</span><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'> I’m still banging my head with this one.</span><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'> I did notice though that the slave server doesn’t ask for the CertificateDB password.</span><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'> Is there any way to check where it’s actually looking for the key databases?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Not without trying to use gdb to run the CGI programs through the debugger.<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'>Brett</span><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-color:-moz-use-text-color -moz-use-text-color'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> <a href="mailto:389-users-bounces@lists.fedoraproject.org">389-users-bounces@lists.fedoraproject.org</a> [<a href="mailto:389-users-bounces@lists.fedoraproject.org">mailto:389-users-bounces@lists.fedoraproject.org</a>] <b>On Behalf Of </b>MATON Brett<br><b>Sent:</b> 10 February 2012 07:24<br><b>To:</b> General discussion list for the 389 Directory server project.; Rich Megginson<br><b>Subject:</b> Re: [389-users] dirsrv-admin with existing (remote) configuration server using SSL</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>On 02/08/2012 01:31 PM, MATON Brett wrote: <o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='color:#1F497D'>Platform is RHEL6.2 x64</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>$ rpm -qa|grep 389</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-admin-console-doc-1.1.8-1.el6.noarch</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-admin-console-1.1.8-1.el6.noarch</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-adminutil-1.1.14-2.el6.x86_64</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-ds-console-1.2.6-1.el6.noarch</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-ds-1.2.2-1.el6.noarch</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-ds-base-1.2.9.14-1.el6_2.2.x86_64</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-ds-console-doc-1.2.6-1.el6.noarch</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-console-1.1.7-1.el6.noarch</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-admin-1.1.25-1.el6.x86_64</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>389-dsgw-1.1.7-2.el6.x86_64</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>$ rpm -qi openldap</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Name : openldap Relocations: (not relocatable)</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Version : 2.4.23 Vendor: Red Hat, Inc.</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Release : 20.el6 Build Date: Tue 04 Oct 2011 01:48:15 PM CEST</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Install Date: Wed 08 Feb 2012 09:20:30 AM CET Build Host: x86-010.build.bos.redhat.com</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Group : System Environment/Daemons Source RPM: openldap-2.4.23-20.el6.src.rpm</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Size : 779076 License: OpenLDAP</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Signature : RSA/8, Mon 07 Nov 2011 08:37:10 AM CET, Key ID 199e2f91fd431d51</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Packager : Red Hat, Inc. <a href="http://bugzilla.redhat.com/bugzilla"><http://bugzilla.redhat.com/bugzilla></a></span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>URL : <a href="http://www.openldap.org/">http://www.openldap.org/</a></span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Summary : LDAP support libraries</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Description : <snipped></span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>rpm -qi nss</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Name : nss Relocations: (not relocatable)</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Version : 3.12.10 Vendor: Red Hat, Inc.</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Release : 17.el6_2 Build Date: Sat 10 Dec 2011 12:32:24 AM CET</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Install Date: Wed 08 Feb 2012 09:20:30 AM CET Build Host: x86-003.build.bos.redhat.com</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Group : System Environment/Libraries Source RPM: nss-3.12.10-17.el6_2.src.rpm</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Size : 2602368 License: MPLv1.1 or GPLv2+ or LGPLv2+</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Signature : RSA/8, Wed 14 Dec 2011 01:37:20 PM CET, Key ID 199e2f91fd431d51</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Packager : Red Hat, Inc. <a href="http://bugzilla.redhat.com/bugzilla"><http://bugzilla.redhat.com/bugzilla></a></span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>URL : <a href="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</a></span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Summary : Network Security Services</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Description : <snipped></span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman","serif"'>grep -i admconfigdir /etc/dirsrv/admin-serv/*</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># grep -i admconfigdir /etc/dirsrv/admin-serv/*</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>/etc/dirsrv/admin-serv/admserv.conf:ADMConfigDir "/etc/dirsrv/admin-serv"</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br>grep -i NSSEngine /etc/dirsrv/admin-serv/* </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># grep -i NSSEngine /etc/dirsrv/admin-serv/*</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>/etc/dirsrv/admin-serv/console.conf:NSSEngine off</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman , serif ;","serif"'><br>service dirsrv stop<br>/usr/sbin/start-ds-admin -e debug</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># service dirsrv stop</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Shutting down dirsrv:</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'> </span><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'><host>... [ OK ]</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># /usr/sbin/start-ds-admin -e debug</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module authz_host_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module auth_basic_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module authn_file_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module log_config_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module env_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module mime_magic_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module unique_id_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module setenvif_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module mime_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module negotiation_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module dir_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module alias_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module rewrite_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module cgi_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module restartd_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module nss_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_so.c(246): loaded module admserv_module</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2509): [25197] create_server_config [0xbogus %p for (null)</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2497): [25197] create_config [0xbogus %p for (null)</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2570): [25197] Set [0xbogus %p [ADMCacheLifeTime] to 600</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2588): [25197] Set [0xbogus %p [ADMServerVersionString] to 389-Administrator/1.1.25</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2497): [25197] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/*</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2522): [25197] adminsdk [0xbogus %p flag 1</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2497): [25197] create_config [0xbogus %p for /*/[tT]asks/[Cc]onfiguration/*</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2522): [25197] adminsdk [0xbogus %p flag 1</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2497): [25197] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove)$</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:03:59 2012] [debug] mod_admserv/mod_admserv.c(2522): [25197] adminsdk [0xbogus %p flag 0</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Server failed to start !!! Please check errors log for problems</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># tail /var/log/dirsrv/admin-serv/error</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:04:05 2012] [debug] mod_admserv/mod_admserv.c(1456): populate_tasks_from_server(): getting tasks for server [admin-serv] siedn [cn=admin-serv-<host>,cn=389 Administration Server,cn=Server Group,cn=<host FQDN>,ou=admins.unix,o=NetscapeRoot]</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>[Wed Feb 08 22:04:05 2012] [crit] sslinit: NSS is required to use LDAPS, but security initialization failed [-12285:Unable to find the certificate or key necessary for authentication.]. Cannot start server</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman , serif ;","serif"'>Ok. Well, it's just not working and I don't know why. Please file a ticket and we'll get around to it.</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Sure, I’ll do that tomorrow and add the ticket reference here.</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Trac: <a href="https://fedorahosted.org/389/ticket/287">https://fedorahosted.org/389/ticket/287</a></span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Thanks,</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Brett</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-color:-moz-use-text-color'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>De :</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Rich Megginson [</span><span lang=FR style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'><a href="mailto:rmeggins@redhat.com"><span lang=EN-US>mailto:rmeggins@redhat.com</span></a></span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>] <br><b>Envoyé :</b> mercredi 8 février 2012 21:16<br><b>À :</b> MATON Brett<br><b>Cc :</b> General discussion list for the 389 Directory server project.<br></span><b><span lang=FR style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>Objet :</span></b><span lang=FR style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Re: [389-users] dirsrv-admin with existing (remote) configuration server using SSL</span><o:p></o:p></p></div></div><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>On 02/08/2012 12:18 PM, MATON Brett wrote: </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Thanks for your help Rich,</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>LDAPTLS_CACERTDIR=/etc/dirsrv/admin-serv</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>ldapsearch -x -H <a href="ldaps://">ldaps://</a><config server FQDN> -D "cn=Directory Manager" –W –s base –b “”</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># extended LDIF</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>#</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># LDAPv3</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># base <> with scope baseObject</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># filter: (objectclass=*)</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'># requesting: ALL</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>#</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>#</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>dn:</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>objectClass: top</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>namingContexts: dc=admins,dc=unix</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>…</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>No complaints from those commands, the plot thickens ;)</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman , serif ;","serif"'>What platform is this?<br>rpm -qa|grep 389<br>rpm -qi openldap<br>rpm -qi nss<br><br><br><br></span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Brett</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-color:-moz-use-text-color'><p class=MsoNormal><b><span lang=FR style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>De :</span></b><span lang=FR style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Rich Megginson [<a href="mailto:rmeggins@redhat.com">mailto:rmeggins@redhat.com</a>] <br><b>Envoyé :</b> mercredi 8 février 2012 16:43<br><b>À :</b> General discussion list for the 389 Directory server project.<br><b>Cc :</b> MATON Brett<br><b>Objet :</b> Re: [389-users] dirsrv-admin with existing (remote) configuration server using SSL</span><o:p></o:p></p></div></div><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>On 02/08/2012 07:20 AM, MATON Brett wrote: </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>Installation appears to go fine until it tries to start the admin server:</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>Configuration directory server URL [<a href="ldap://">ldap://</a><local FQDN>:389/o=NetscapeRoot]: <a href="ldaps://">ldaps://</a><Config Server FQDN>:636/o=NetscapeRoot</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>...</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>CA certificate filename: /etc/openldap/cacerts/<base64 cert file></span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>...</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>output: Server failed to start !!! Please check errors log for problems</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>output: [FAILED]</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>/var/log/dirsrv/admin-serv/error:</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>[Wed Feb 08 13:35:26 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>[Wed Feb 08 13:35:32 2012] [crit] sslinit: NSS is required to use LDAPS, but security initialization failed [-12285:Unable to find the certificate or key necessary for authentication.]. Cannot start server</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>The server, has however successfully registered itself with the remote Configuration Directory Server.</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>(shows up in the server group in 389-Console and Directory Server is available).</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>I wasn’t asked to provide a keystore password when adding the certificate to the store, as you would be with 389-Console GUI when first opening the certificate store.</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>Is that intentional or not?</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>I’m now a bit stumped (again), I had a look at the certdb with certutil:</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>[root@<host> admin-serv]# certutil -d . -L</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>Certificate Nickname Trust Attributes</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'> SSL,S/MIME,JAR/XPI</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>CA certificate CT,,</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>Which leads me to believe that it should be able to at least find the certificate...</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>I also checked file/directory ownership and permissions which match those on the working ‘master’ server.</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>Installer issue:</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> If you make a mistake and get asked to try again (I typed the ldaps port as 633 instead if 636), you get stuck at the CA Certificate filename stage with the following:</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>CA certificate filename [/etc/openldap/cacerts/CAServer.crt]:</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>The certificate database in '/etc/dirsrv/admin-serv' already contains a CA certificate. Please remove it first, or use the certutil program to add the CA certificate with a different name.</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>Please try again, in case you mis-typed something.</span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE>Simple enough solution as for me this is a fresh install, is to delete cert8.db and keys3.db in </span><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New"'>/etc/dirserv/admin-serv/</span><span lang=FR-BE> from another session.</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman , serif ;","serif"'>You can use ldapsearch to test if the cert db is correct:<br><br>LDAPTLS_CACERTDIR=/etc/dirsrv/admin-serv ldapsearch -x -H <a href="ldaps://">ldaps://</a></span><span lang=FR-BE style='font-size:10.0pt;font-family:"Courier New \;"'><Config Server FQDN> -D "cn=directory manager" -W -s base -b ""<br>if that doesn't work, use ldapsearch -d 1 -x .... to get more debugging information.<br><br>The error is strange though. It seems to imply that the admin server is looking for a cert or key. If the admin server is acting only as an SSL client, it should not need to look up a cert or key, it should only need the CA cert.<br><br><br><br><br></span><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE> </span><o:p></o:p></p><p><span lang=FR-BE style='font-size:7.0pt;font-family:"Verdana","sans-serif";color:gray'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><pre><span lang=FR-BE> </span><o:p></o:p></pre><pre><span lang=FR-BE> </span><o:p></o:p></pre><pre><span lang=FR-BE>--</span><o:p></o:p></pre><pre><span lang=FR-BE>389 users mailing list</span><o:p></o:p></pre><pre><span lang=FR-BE><a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a></span><o:p></o:p></pre><pre><span lang=FR-BE><a href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></span><o:p></o:p></pre><p class=MsoNormal><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman","serif"'> </span><o:p></o:p></p><p><span lang=FR-BE style='font-size:7.0pt;font-family:"Verdana","sans-serif"'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman","serif"'> </span><o:p></o:p></p><p><span lang=FR-BE style='font-size:7.0pt;font-family:"Verdana","sans-serif"'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman","serif"'> </span><o:p></o:p></p><p><span lang=FR-BE style='font-size:7.0pt;font-family:"Verdana","sans-serif"'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman","serif"'> </span><o:p></o:p></p><p><span lang=FR-BE style='font-size:7.0pt;font-family:"Verdana","sans-serif"'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><p class=MsoNormal><span lang=FR-BE style='font-size:12.0pt;font-family:"Times New Roman","serif"'> </span><o:p></o:p></p><p><span lang=FR-BE style='font-size:7.0pt;font-family:"Verdana","sans-serif";color:gray'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><p><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";color:gray'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><p><span style='font-size:7.0pt;font-family:"Verdana","sans-serif"'>-------------------------------------------------------------------</span><o:p></o:p></p><p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>GreeNRB</span></strong><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'><br></span></b><em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'>NRB considers its environmental responsibility and goes for green IT.</span></em><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#669933'> <br><i>May we ask you to consider yours before printing this e-mail? </i><b> </b></span> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>NRB, daring to commit <br></span></b><i><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#000066'>This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.</span></i><o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p></div></body></html>