On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote:
Craig White wrote:
>>>
>>You will get this error if you try to use startTLS but the server is not
>>configured for security, which brings us back to your earlier problem . . .
>>What are the first few lines of slapd-srv1/logs/errors?
>>
>>
>----
>you are right on the money but I don't know why.
>
>nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif
>
>then 'service fds restart' will absolutely hang and never start up.
>
>if it equals 'off' then obviously slapd will start up.
>
>recent efforts which include the 'hang' effect show nothing
>in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I
>restarted the server from the console, it did show this...
>
>[08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization:
>Unable to authenticate (Netscape Portable Runtime error -8177 - The
>security password entered is incorrect.)
>[08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed.
>
>
Darn it. That's right. With SSL enabled, you must start the server
from the console, in order to provide the pin for the key/cert db.
If you want to do unattended server restarts, you have to purchase a
PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in
the proper format with the cleartext password in it.
----
OK - important detail
slapd-srv1-pin.txt
does that go in
/opt/fedora-ds/alias ?
/opt/fedora-ds/slapd-srv1 ?
Thanks
Craig