Re: [Fedora-directory-users] still working instructions through...

Craig White wrote:

>>> >>You will get this error if you try to use startTLS but the server is not >>configured for security, which brings us back to your earlier problem . . . >>What are the first few lines of slapd-srv1/logs/errors? >> >> >---- >you are right on the money but I don't know why. > >nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif > >then 'service fds restart' will absolutely hang and never start up. > >if it equals 'off' then obviously slapd will start up. > >recent efforts which include the 'hang' effect show nothing >in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I >restarted the server from the console, it did show this... > >[08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization: >Unable to authenticate (Netscape Portable Runtime error -8177 - The >security password entered is incorrect.) >[08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed. > > Darn it. That's right. With SSL enabled, you must start the server from the console, in order to provide the pin for the key/cert db. If you want to do unattended server restarts, you have to purchase a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in the proper format with the cleartext password in it.