Thanks for your pointers, I thought code 4 was a size error.
Thank you, waiting for this issue resolution now :) (its not blocking for
me and I’m far from being a security/system expert, just an humble Java
developper).
Best regards,
Charlie
Le 07/01/2015 21:27, « Rob Crittenden » <rcritten(a)redhat.com> a écrit :
Charlie Mordant wrote:
> However, Apache configuration test tells that syntax is ok
It's not an Apache configuration problem. It has to do with LDAP AFAICT.
I'd check your 389-ds access and error logs to see if there is a bind.
The error 4 is rather generic and used in a number of places. If I'm
reading the code right it can mean one of:
1. Invalid credentials
2. Invalid DN syntax
3. something else, a catch-all.
But you should probably see a connect and hopefully a bind request and
the LDAP error from that should tell you more about what is going on.
rob
>
> 2015-01-05 19:15 GMT+01:00 Charlie Mordant <cmordant1(a)gmail.com
> <mailto:cmordant1@gmail.com>>:
>
> Hi contact experts!
>
> I’m trying to make a future OSS contribution making an OPSCode Chef
> recipe to install a secure LDAP.
>
> I (barely) migrate and use
> the
https://github.com/richm/scripts/blob/master/setupssl2.sh#L238
>shell
> to secure a provisionned LDAP, but while executed, restarting
> dirsrv-admin led me to an error:
> [code]
> [Sat Jan 03 18:19:36.940462 2015] [:info] [pid 8266:tid
> 140486247127104] Server: Apache/2.4.6, Interface: mod_nss/2.4.6,
> Library: NSS/3.15.2 Basic ECC
> [Sat Jan 03 18:19:36.940490 2015] [:debug] [pid 8266:tid
> 140486247127104] mod_admserv/mod_admserv.c(2467): Entering
> mod_admserv_post_config - pid is [8266] init count is [0]
> [Sat Jan 03 18:19:36.940495 2015] [:debug] [pid 8266:tid
> 140486247127104] mod_admserv/mod_admserv.c(2295): Entering
> do_admserv_post_config - pid is [8266]
> [Sat Jan 03 18:19:36.940498 2015] [:debug] [pid 8266:tid
> 140486247127104] mod_admserv/mod_admserv.c(2303): Entering
> do_admserv_post_config - init count is [1]
> [Sat Jan 03 18:19:36.940506 2015] [:debug] [pid 8266:tid
> 140486247127104] mod_admserv/mod_admserv.c(2327): [8266] Cache
> expiration set to 600 seconds
> [Sat Jan 03 18:19:36.943993 2015] [:debug] [pid 8266:tid
> 140486247127104] mod_admserv/mod_admserv.c(2431): Added
> StartConfigDs task entry
>
>[cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-contacts,cn=389
>administration
> server,cn=server
group,cn=contacts.osgiliath.is-a-chef.net
> <
http://contacts.osgiliath.is-a-chef.net>,ou=osgiliath.is-a-chef.net
> <
http://osgiliath.is-a-chef.net>,o=netscaperoot:start_config_ds:]
> for user [LocalSuper]
> [Sat Jan 03 18:19:36.945579 2015] [:info] [pid 8266:tid
> 140486247127104] host_ip_init(): problem creating secure AdmldapInfo
> (error code = 4)
> [Sat Jan 03 18:19:36.945670 2015] [:crit] [pid 8266:tid
> 140486247127104] host_ip_init(): PSET failure: Failed to create PSET
> handle (pset error = )
> AH00016: Configuration Failed
> [Sat Jan 03 18:19:36.956655 2015] [:info] [pid 8266:tid
> 140486247127104] Shutting down SSL Session ID Cache
> [/code]
>
> Using certutil to list certificates looks good, restarting the
> (main) ldap is OK.
>
> Have you got any clue to debug/find the source of the error?
>
> Best regards,
>
> Charlie
> --
>
> Charlie Mordant
> Full OsgiEE like
> stack:
https://github.com/OsgiliathEnterprise/net.osgiliath.parent
>
>
>
>
> --
> Charlie Mordant
>
> Full OSGI/EE stack made with Karaf:
>
https://github.com/OsgiliathEnterprise/net.osgiliath.parent
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users