You wrote: === Later, when you start the server on the command line, this second password is required. === I suspect something was not done properly, I may not wrong. If the slapd-`hostname`-pin.txt has been setup correctly, ./start-slapd will NOT prompt you for any SSL Security DB private key password. Pls double check these two points (I am saying this based on my experience with SUN ONE DS5.2 which is similar to FDS7.1) 1) When you create the PIN text file. # echo "Internal (Software) Token:secret" >$FDS_ROOT/alias/slapd-`hostname`-pin.txt IMPORTANT NOTE: DO NOT LEAVE ANY SPACES after the "Token:" and at the end of the line or else the password will not be recognized by "start-slapd". 2) You need to protect this PIN text file with mode 400 or else "start-slapd" will not be happy to let you go auto. # chmod 400 $FDS_ROOT/alias/slapd-`hostname`-pin.txt Rgds Gary -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Vsevolod (Simon) Ilyushchenko Sent: Thursday, July 14, 2005 3:32 AM To: General discussion list for the Fedora Directory server project. Subject: Re: Database recreation,automount and performance Rich, Thanks for the quick answer! Perhaps this information should go into the FAQ - what do you think? Rich Megginson wrote on 07/13/2005 12:47 PM: > The IETF LDAP community has decided to deprecated them in favor of the > new netgroups stuff. OK, I'll reconfigure my entries. Does Fedora automounter understand the netgroups structure? > We don't yet have a way to set an ACI to allow users other than the > Directory Manager (i.e. cn=Directory Manager, not the admin console > user) to create the entry for a root suffix. In the console, you can > Log In As New User, and specify cn=directory manager (or whatever you > used for your directory manager user when you performed the initial > installation). This is very non-trivial. :) Creating the root suffix now works, but I tried creating top-level entries one by one, as well as creating a new server in the administration console, and it all failed. I had to delete the RPM and reinstall it. By the way, I found out that if I install the RPM a second time, the admin console tries to connect to port 15918, but the admin server is running on port 25394. I don't remember what port was used the first time. :( This time I successfully created an SSL-enabled directory and was able to authenticate to it. I followed the steps here: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 to create a self-signed certificate. For archives - the docs don't tell you that after running pk12util in step 9 you first have to enter the password 'secretpwd' that you've saved in the file pwdfile.txt, and then you have to create a different startup password. Later, when you start the server on the command line, this second password is required. Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com Terrorism is a tactic and so to declare war on terrorism is equivalent to Roosevelt's declaring war on blitzkrieg. Zbigniew Brzezinski, U.S. national security advisor, 1977-81 -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
