Andreas Kekkou wrote: > Both names are exactly the same. > > Richard Megginson wrote: >> Andreas Kekkou wrote: >>> Hi Richard, >>> >>> Nothing has changed. Executing the command you have suggested on >>> both servers I get the same output: >>> >>> [root at serverA alias]# ../shared/bin/certutil -L -P slapd-serverA- -d . >>> serverA-cert u,u,u >>> Computer Science Department CA CT,, >>> >>> [root at serverB alias]# ../shared/bin/certutil -L -P slapd-serverB- -d . >>> serverB-cert u,u,u >>> Computer Science Department CA CT,, >>> >>> Is there anything else I have to check? >> grep -i personality /opt/fedora-ds/slapd-instancename/config/dse.ldif >> >> The personality name should match with the server cert name in your >> certdb. >>> >>> Cheers. >>> >>> Andreas >>> >>> Richard Megginson wrote: >>>> Andreas Kekkou wrote: >>>>> Hi all, >>>>> >>>>> I'm running FDS in multi-master mode with two servers. Both >>>>> servers are configured with TLS support. One of the servers logs >>>>> the following error: >>>>> >>>>> [25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to >>>>> unwrap key for cipher AES >>>>> [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher >>>>> AES in attrcrypt_cipher_init >>>>> [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in >>>>> attrcrypt_init >>>>> [25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to >>>>> unwrap key for cipher AES >>>>> [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher >>>>> AES in attrcrypt_cipher_init >>>>> [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in >>>>> attrcrypt_init >>>>> [25/Oct/2007:08:50:57 +0300] - slapd started. Listening on All >>>>> Interfaces port 389 for LDAP requests >>>>> [25/Oct/2007:08:50:57 +0300] - Listening on All Interfaces port >>>>> 636 for LDAPS requests >>>>> >>>>> Both servers seems to work just fine. Any ideas how this can be >>>>> resolved? >>>> Has your SSL/TLS configuration changed at all? Have you acquired a >>>> new cert or renewed an existing cert? >>>> cd /opt/fedora-ds/alias >>>> ../shared/bin/certutil -L -P slapd-instance- -d . I'm not sure. If you are not using attribute encryption, and do not have any encrypted attribute values, you can simply remove the offending attributes: shutdown the server edit dse.ldif - remove the entry cn=AES, cn=encrypted attribute keys, cn=userRoot, cn=ldbm database, cn=plugins, cn=config and cn=AES, cn=encrypted attribute keys, cn=NetscapeRoot, n=ldbm database, cn=plugins, cn=config then restart the server >>>>> >>>>> Thanks, >>>>> >>>>> Andreas >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071030/4013c0e8/attachment.bin
