So i removed my entire setup and tried to re-setup. Now when I try
to
enable SSL for my directory server I get the following error:
[15/Sep/2010:10:25:45 -0500] - SSL alert: Security Initialization:
Unable to authenticate (Netscape Portable Runtime error -8192 - An
I/O error occurred during security authorization.)
[15/Sep/2010:10:25:45 -0500] - ERROR: SSL Initialization Failed.
I tried using my previously working .db files for this instance as
well and did a full re-import for my server cert and the CA cert. I
am working on a fedora 13 machine that is fully up-to-date.
grep nsslapd-localuser
/etc/dirsrv/slapd-instance/dse.ldif
ls -al /etc/dirsrv/slapd-instance
try /usr/lib64/dirsrv/slapd-instance/start-slapd -d 1
On Tue, Sep 14, 2010 at 11:43 AM, Aaron Hagopian <airhead1(a)gmail.com
<mailto:airhead1@gmail.com>> wrote:
Think I figured it out, a while back when I had to do the manual
steps from something like RC5->RC6, my netscapeRoot didn't load
back properly leaving with an empty o=netscapeRoot
On Tue, Sep 14, 2010 at 10:20 AM, Rich Megginson
<rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>> wrote:
Aaron Hagopian wrote:
> After upgrading, although it's possible it broke on one of
the RCs
> since I do not usually run the admin server on my development
> environment, when I try to connect using the 389-console I
get an
> error 32, cannot connect to the directory server....
>
> When I look through the admin-serv logs i see:
>
> [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: ap_get_remote_host could not
resolve 127.0.0.1
> [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: host [localhost.localdomain] did
not match
> pattern [*.barf.hra.local] -will scan aliases
> [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> admserv_host_ip_check: host alias [localhost] did not match
> pattern [*.barf.hra.local]
> [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to
> initialize TLS connection to LDAP host
barfolomew.hra.local port
> 389: 4
> [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1]
> admserv_check_authz(): passing
[/admin-serv/authenticate] to the
> userauth handler
> [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to
> initialize TLS connection to LDAP host
barfolomew.hra.local port
> 389: 4
>
> Now I see what the problem is about the cert name but I
never told the
> admin server to use TLS to connect to the LDAP server and
when I was
> running 1.2.5 I never had this problem. I do run my server
on SSL as
> well on port 636. Is it trying start TLS because it can?
No. Not sure what changed. Take a look at the directory
server access
log from around this time. Let's see what the admin server is
looking
for. Also check /etc/dirsrv/admin-serv/adm.conf and
local.conf for any
tls/ssl/ldaps settings.
> Anyway to disable that since I do not feel like generating a
new cert
> to match my administrative domain I put in when I setup the DS.
http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information
or
http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Inform...
>
>
>
> [root@barfolomew admin-serv]# rpm -qi 389-ds-base
> Name : 389-ds-base Relocations: (not
relocatable)
> Version : 1.2.6 Vendor:
Fedora Project
> Release : 1.fc13 Build Date: Thu
26 Aug
> 2010 04:34:30 PM CDT
> Install Date: Mon 13 Sep 2010 09:19:02 AM CDT Build Host:
>
x86-20.phx2.fedoraproject.org
<
http://x86-20.phx2.fedoraproject.org>
<
http://x86-20.phx2.fedoraproject.org>
> Group : System Environment/Daemons Source RPM:
> 389-ds-base-1.2.6-1.fc13.src.rpm
> Size : 6043179 License:
GPLv2 with
> exceptions
> Signature : RSA/SHA256, Thu 26 Aug 2010 08:43:14 PM CDT,
Key ID
> 7edc6ad6e8e40fde
> Packager : Fedora Project
> URL :
http://port389.org/
> Summary : 389 Directory Server (base)
> Description :
> 389 Directory Server is an LDAPv3 compliant server. The
base package
> includes
> the LDAP server and command line utilities for server
administration.
>
> [root@barfolomew admin-serv]# rpm -qi 389-admin
> Name : 389-admin Relocations: (not
relocatable)
> Version : 1.1.11 Vendor:
Fedora Project
> Release : 1.fc13 Build Date: Thu
26 Aug
> 2010 04:53:40 PM CDT
> Install Date: Mon 13 Sep 2010 09:19:35 AM CDT Build Host:
>
x86-20.phx2.fedoraproject.org
<
http://x86-20.phx2.fedoraproject.org>
<
http://x86-20.phx2.fedoraproject.org>
> Group : System Environment/Daemons Source RPM:
> 389-admin-1.1.11-1.fc13.src.rpm
> Size : 1510119 License:
GPLv2 and ASL 2.0
> Signature : RSA/SHA256, Thu 26 Aug 2010 08:49:10 PM CDT,
Key ID
> 7edc6ad6e8e40fde
> Packager : Fedora Project
> URL :
http://port389.org/
> Summary : 389 Administration Server (admin)
> Description :
> 389 Administration Server is an HTTP agent that provides
management
> features
> for 389 Directory Server. It provides some management web
apps that can
> be used through a web browser. It provides the
authentication, access
> control,
> and CGI utilities used by the console.
>
>
>
>
> On Mon, Sep 13, 2010 at 2:03 PM, Rich Megginson
<rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>
> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>
wrote:
>
> The 389 team is pleased to announce the availability of
version 1.2.6.
> This release is essentially the same as 1.2.6 RC7.
>
> * Release Notes -
http://port389.org/wiki/Release_Notes
> * Install_Guide -
http://port389.org/wiki/Install_Guide
> * Download -
http://port389.org/wiki/Download
>
> === New features ===
> * Upgrade_to_New_DN_Format
>
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
> ** in order to make sure DN valued attributes can be
searched
> correctly,
> an upgrade will automatically fix these values in the
database
>
> * Replication_Session_Hooks
>
http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
> ** API for plugins to intercept replication session at
various points
>
> * Managed Entries -
>
http://directory.fedoraproject.org/wiki/Managed_Entry_Design
> ** Used, for example, to automatically create the user's
group entry
> when adding a user entry
>
> * Subtree Rename and Entry Move (modifyDN with newSuperior)
> **
https://bugzilla.redhat.com/show_bug.cgi?id=429005
> ** ability to rename a node that has children
> ** ability to move a node, with or without children, to
another
> parent node
>
> * Security Enhancements
> ** SELinux Policy
>
http://directory.fedoraproject.org/wiki/SELinux_Policy
> ***
https://bugzilla.redhat.com/show_bug.cgi?id=442228
>
> * Matching rules
> ** support for all RFC 4517 matching rules (except the
> FirstComponent ones)
>
> === Bugs Fixed ===
> This release contains many, many bug fixes. The
complete list of bugs
> fixed is found at the link below. Note that bugs marked
as MODIFIED
> have been fixed but are still in testing.
> * Tracking bug for 1.2.6 release -
>
https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_res...
<
https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_res...
>
<
https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_res...
<
https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_res...
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
> <mailto:389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>>
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
------------------------------------------------------------------------
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users