Hi, It all worked well. Thanks for the information. I configured DS server for SSL support and restarted it succesfully. Now got another issue. I changed the DS URL in adm.conf file from usual ldap to ldaps and port 636. now when i restart my admin server this is the error i get. /usr/sbin/start-ds-admin: line 66: 3158 Segmentation fault $SELINUX_CMD $HTTPD $OMIT_DEFLATE -k start -f /etc/dirsrv/admin-serv/httpd.conf "$@" What could be the issue? Also I would like to know for windows sync is is enough to enable ssl for DS server or do i need to enable SSL on admin server as well? Can i connet to the SSL enabled DS with normal Admin server from remote console? Thanks you. ---------------------------------------- > Date: Mon, 7 Jan 2008 15:37:00 -0700 > From: rmeggins at redhat.com > To: fedora-directory-users at redhat.com > Subject: Re: DS Failed to start > > kiran madala wrote: >> Thanks for the information I still have the same problem. I have this document for fedora 1.0.4 server http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-26072006.html to run on SSL is there any similar doc for 1.1 version?.. >> > I just updated this page with the information for Fedora DS 1.1 - > http://directory.fedoraproject.org/wiki/Howto:SSL > See also the RHDS 8.0 beta docs - > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL.html >> Also I have generated the certificates using windows 2003 CA service which produced .cert files. DO i need to convert them into different format using pk12utility? If yes then how would i do it. >> > I don't know what format Windows .cert is. But if it is a standard > key/cert file format, pk12util or certutil should be able to use them. > Are they binary or ascii? >> Thanks again. >> ---------------------------------------- >> >>> Date: Mon, 7 Jan 2008 14:33:21 -0700 >>> From: rmeggins at redhat.com >>> To: fedora-directory-users at redhat.com >>> Subject: Re: DS Failed to start >>> >>> kiran madala wrote: >>> >>>> I am not sure why this has to be made so difficult. I was able to restore to previous state because I am using VMWare. However when I enabled SSL and tried to restart manually. This is the error I got >>>> >>>> Enter PIN for Internal (Software) Token: >>>> [07/Jan/2008:14:43:00 -0500] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.) >>>> [07/Jan/2008:14:43:00 -0500] - SSL failure: None of the cipher are valid >>>> >>>> then I went to the configuration directory on /etc/dirsrv/slapd-248 and changed the names of cert8.db and key3.db to slapd-248-cert8.db and slapd-248- key3.db (slapd-248 is the instance name) and tried to change to .pfx file by executing the command >>>> >>>> pk12util -d , -P slapd-248- -o servercert.pfx -n Server-Cert >>>> >>>> Then this is the error I get >>>> >>>> pk12util: function failed: security library: bad database. >>>> >>>> I generated the certificate using windows 2003 CA service and installed it using the remote DS console. Again I am using fedora 1.1 ds on fedora 6 on x86 machine. >>>> >>>> Any Idea how do i proceed? >>>> >>>> >>> What directions/instructions are you attempting to follow to set up >>> SSL? Note that since you are using Fedora DS 1.1, the -P prefix >>> argument is no longer used - since the key/cert db are in their own >>> instance specific directory, they should just be called cert8.db and >>> key3.db. >>> >>> The error suggests a problem with the CA cert. Try this >>> cd /etc/dirsrv/slapd-248 >>> certutil -L -d . >>> >>> Finally, I'm not sure what enabling SSL would have to do with making the >>> database unrecoverable - were you previously running Fedora DS 1.0.4 on >>> this system and did an in-place upgrade? >>> >>>> Thank you. >>>> ---------------------------------------- >>>> >>>> >>>>> From: kirankmadala at hotmail.com >>>>> To: fedora-directory-users at redhat.com >>>>> Subject: RE: DS Failed to start >>>>> Date: Mon, 7 Jan 2008 15:23:20 -0400 >>>>> >>>>> >>>>> Its fedora ds 1.1 on fedora 6 on x86 machine. >>>>> ---------------------------------------- >>>>> >>>>> >>>>>> Date: Mon, 7 Jan 2008 11:58:36 -0700 >>>>>> From: rmeggins at redhat.com >>>>>> To: fedora-directory-users at redhat.com >>>>>> Subject: Re: DS Failed to start >>>>>> >>>>>> kiran madala wrote: >>>>>> >>>>>> >>>>>>> Hello, >>>>>>> I was experimenting with fedora ds sync with active directory. In the process I installed a certificate on the DS. Then I restarted usign the remote admin console with out enabling ssl but the DS failed to restart. I have the error log below. It seems like the DS database got corrucpted how do i recover it? >>>>>>> >>>>>>> >>>>>>> >>>>>> What platform? >>>>>> >>>>>> >>>>>>> [07/Jan/2008:13:44:37 -0500] - slapd shutting down - signaling operation threads >>>>>>> [07/Jan/2008:13:44:41 -0500] - slapd shutting down - waiting for 30 threads to terminate >>>>>>> [07/Jan/2008:13:44:41 -0500] - slapd shutting down - closing down internal subsystems and plugins >>>>>>> [07/Jan/2008:13:44:42 -0500] - Waiting for 4 database threads to stop >>>>>>> [07/Jan/2008:13:44:42 -0500] - All database threads now stopped >>>>>>> [07/Jan/2008:13:47:43 -0500] - Fedora-Directory/1.1.0 B2007.354.1236 starting up >>>>>>> [07/Jan/2008:13:47:43 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. >>>>>>> [07/Jan/2008:13:47:45 -0500] - libdb: Improper file close at 1/1042383 >>>>>>> [07/Jan/2008:13:47:54 -0500] - libdb: Recovery function for LSN 1 1042383 failed on forward pass >>>>>>> [07/Jan/2008:13:47:55 -0500] - libdb: PANIC: Invalid argument >>>>>>> [07/Jan/2008:13:47:55 -0500] - libdb: PANIC: fatal region error detected; run recovery >>>>>>> [07/Jan/2008:13:47:55 -0500] - Database Recovery Process FAILED. The database is not recoverable. err=-30977: DB_RUNRECOVERY: Fatal error, run database recovery >>>>>>> [07/Jan/2008:13:47:55 -0500] - Please make sure there is enough disk space for dbcache (10000000 bytes) and db region files >>>>>>> [07/Jan/2008:13:47:55 -0500] - start: Failed to init database, err=-30977 DB_RUNRECOVERY: Fatal error, run database recovery >>>>>>> [07/Jan/2008:13:47:55 -0500] - Failed to start database plugin ldbm database >>>>>>> [07/Jan/2008:13:47:55 -0500] - WARNING: ldbm instance userRoot already exists >>>>>>> [07/Jan/2008:13:47:55 -0500] - WARNING: ldbm instance NetscapeRoot already exists >>>>>>> [07/Jan/2008:13:47:55 -0500] binder-based resource limits - nsLookThroughLimit: parameter error (slapi_reslimit_register() already registered) >>>>>>> [07/Jan/2008:13:47:55 -0500] - start: Resource limit registration failed >>>>>>> [07/Jan/2008:13:47:55 -0500] - Failed to start database plugin ldbm database >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: Failed to resolve plugin dependencies >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: preoperation plugin 7-bit check is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: accesscontrol plugin ACL Plugin is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: preoperation plugin ACL preoperation is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: object plugin Class of Service is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: preoperation plugin HTTP Client is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: database plugin ldbm database is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: object plugin Legacy Replication Plugin is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: object plugin Multimaster Replication Plugin is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: object plugin Roles Plugin is not started >>>>>>> [07/Jan/2008:13:47:55 -0500] - Error: object plugin Views is not started >>>>>>> [07/Jan/2008:13:48:14 -0500] - Fedora-Directory/1.1.0 B2007.354.1236 starting up >>>>>>> [07/Jan/2008:13:48:14 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. >>>>>>> [07/Jan/2008:13:48:14 -0500] - libdb: Improper file close at 1/1042383 >>>>>>> [07/Jan/2008:13:48:16 -0500] - libdb: Recovery function for LSN 1 1042383 failed on forward pass >>>>>>> [07/Jan/2008:13:48:16 -0500] - libdb: PANIC: Invalid argument >>>>>>> [07/Jan/2008:13:48:16 -0500] - libdb: PANIC: fatal region error detected; run recovery >>>>>>> [07/Jan/2008:13:48:16 -0500] - Database Recovery Process FAILED. The database is not recoverable. err=-30977: DB_RUNRECOVERY: Fatal error, run database recovery >>>>>>> [07/Jan/2008:13:48:16 -0500] - Please make sure there is enough disk space for dbcache (10000000 bytes) and db region files >>>>>>> [07/Jan/2008:13:48:16 -0500] - start: Failed to init database, err=-30977 DB_RUNRECOVERY: Fatal error, run database recovery >>>>>>> [07/Jan/2008:13:48:16 -0500] - Failed to start database plugin ldbm database >>>>>>> [07/Jan/2008:13:48:16 -0500] - WARNING: ldbm instance userRoot already exists >>>>>>> [07/Jan/2008:13:48:16 -0500] - WARNING: ldbm instance NetscapeRoot already exists >>>>>>> [07/Jan/2008:13:48:16 -0500] binder-based resource limits - nsLookThroughLimit: parameter error (slapi_reslimit_register() already registered) >>>>>>> [07/Jan/2008:13:48:16 -0500] - start: Resource limit registration failed >>>>>>> [07/Jan/2008:13:48:16 -0500] - Failed to start database plugin ldbm database >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: Failed to resolve plugin dependencies >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: preoperation plugin 7-bit check is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: accesscontrol plugin ACL Plugin is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: preoperation plugin ACL preoperation is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: object plugin Class of Service is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: preoperation plugin HTTP Client is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: database plugin ldbm database is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: object plugin Legacy Replication Plugin is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: object plugin Multimaster Replication Plugin is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: object plugin Roles Plugin is not started >>>>>>> [07/Jan/2008:13:48:16 -0500] - Error: object plugin Views is not started >>>>>>> >>>>>>> >>>>>>> >>>>>>> _________________________________________________________________ >>>>>>> Discover new ways to stay in touch with Windows Live! Visit the City @ Live today! >>>>>>> http://getyourliveid.ca/?icid=LIVEIDENCA006 >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>> _________________________________________________________________ >>>>> Discover new ways to stay in touch with Windows Live! Visit the City @ Live today! >>>>> http://getyourliveid.ca/?icid=LIVEIDENCA006 >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> _________________________________________________________________ >>>> Introducing the City @ Live! Take a tour! >>>> http://getyourliveid.ca/?icid=LIVEIDENCA006 >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >> >> _________________________________________________________________ >> Introducing the City @ Live! Take a tour! >> http://getyourliveid.ca/?icid=LIVEIDENCA006 >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > _________________________________________________________________ Use fowl language with Chicktionary. Click here to start playing! http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig
