So i removed my entire setup and tried to re-setup. Now when I try to enable SSL for my directory server I get the following error: [15/Sep/2010:10:25:45 -0500] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.) [15/Sep/2010:10:25:45 -0500] - ERROR: SSL Initialization Failed. I tried using my previously working .db files for this instance as well and did a full re-import for my server cert and the CA cert. I am working on a fedora 13 machine that is fully up-to-date. On Tue, Sep 14, 2010 at 11:43 AM, Aaron Hagopian <airhead1 at gmail.com> wrote: > Think I figured it out, a while back when I had to do the manual steps from > something like RC5->RC6, my netscapeRoot didn't load back properly leaving > with an empty o=netscapeRoot > > > On Tue, Sep 14, 2010 at 10:20 AM, Rich Megginson <rmeggins at redhat.com>wrote: > >> Aaron Hagopian wrote: >> > After upgrading, although it's possible it broke on one of the RCs >> > since I do not usually run the admin server on my development >> > environment, when I try to connect using the 389-console I get an >> > error 32, cannot connect to the directory server.... >> > >> > When I look through the admin-serv logs i see: >> > >> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] >> > admserv_host_ip_check: ap_get_remote_host could not resolve >> 127.0.0.1 >> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] >> > admserv_host_ip_check: host [localhost.localdomain] did not match >> > pattern [*.barf.hra.local] -will scan aliases >> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] >> > admserv_host_ip_check: host alias [localhost] did not match >> > pattern [*.barf.hra.local] >> > [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to >> > initialize TLS connection to LDAP host barfolomew.hra.local port >> > 389: 4 >> > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] >> > admserv_check_authz(): passing [/admin-serv/authenticate] to the >> > userauth handler >> > [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to >> > initialize TLS connection to LDAP host barfolomew.hra.local port >> > 389: 4 >> > >> > Now I see what the problem is about the cert name but I never told the >> > admin server to use TLS to connect to the LDAP server and when I was >> > running 1.2.5 I never had this problem. I do run my server on SSL as >> > well on port 636. Is it trying start TLS because it can? >> No. Not sure what changed. Take a look at the directory server access >> log from around this time. Let's see what the admin server is looking >> for. Also check /etc/dirsrv/admin-serv/adm.conf and local.conf for any >> tls/ssl/ldaps settings. >> > Anyway to disable that since I do not feel like generating a new cert >> > to match my administrative domain I put in when I setup the DS. >> http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information >> or >> >> http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information >> > >> > >> > >> > [root at barfolomew admin-serv]# rpm -qi 389-ds-base >> > Name : 389-ds-base Relocations: (not >> relocatable) >> > Version : 1.2.6 Vendor: Fedora Project >> > Release : 1.fc13 Build Date: Thu 26 Aug >> > 2010 04:34:30 PM CDT >> > Install Date: Mon 13 Sep 2010 09:19:02 AM CDT Build Host: >> > x86-20.phx2.fedoraproject.org <http://x86-20.phx2.fedoraproject.org> >> > Group : System Environment/Daemons Source RPM: >> > 389-ds-base-1.2.6-1.fc13.src.rpm >> > Size : 6043179 License: GPLv2 with >> > exceptions >> > Signature : RSA/SHA256, Thu 26 Aug 2010 08:43:14 PM CDT, Key ID >> > 7edc6ad6e8e40fde >> > Packager : Fedora Project >> > URL : http://port389.org/ >> > Summary : 389 Directory Server (base) >> > Description : >> > 389 Directory Server is an LDAPv3 compliant server. The base package >> > includes >> > the LDAP server and command line utilities for server administration. >> > >> > [root at barfolomew admin-serv]# rpm -qi 389-admin >> > Name : 389-admin Relocations: (not >> relocatable) >> > Version : 1.1.11 Vendor: Fedora Project >> > Release : 1.fc13 Build Date: Thu 26 Aug >> > 2010 04:53:40 PM CDT >> > Install Date: Mon 13 Sep 2010 09:19:35 AM CDT Build Host: >> > x86-20.phx2.fedoraproject.org <http://x86-20.phx2.fedoraproject.org> >> > Group : System Environment/Daemons Source RPM: >> > 389-admin-1.1.11-1.fc13.src.rpm >> > Size : 1510119 License: GPLv2 and ASL >> 2.0 >> > Signature : RSA/SHA256, Thu 26 Aug 2010 08:49:10 PM CDT, Key ID >> > 7edc6ad6e8e40fde >> > Packager : Fedora Project >> > URL : http://port389.org/ >> > Summary : 389 Administration Server (admin) >> > Description : >> > 389 Administration Server is an HTTP agent that provides management >> > features >> > for 389 Directory Server. It provides some management web apps that can >> > be used through a web browser. It provides the authentication, access >> > control, >> > and CGI utilities used by the console. >> > >> > >> > >> > >> > On Mon, Sep 13, 2010 at 2:03 PM, Rich Megginson <rmeggins at redhat.com >> > <mailto:rmeggins at redhat.com>> wrote: >> > >> > The 389 team is pleased to announce the availability of version >> 1.2.6. >> > This release is essentially the same as 1.2.6 RC7. >> > >> > * Release Notes - http://port389.org/wiki/Release_Notes >> > * Install_Guide - http://port389.org/wiki/Install_Guide >> > * Download - http://port389.org/wiki/Download >> > >> > === New features === >> > * Upgrade_to_New_DN_Format >> > http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format >> > ** in order to make sure DN valued attributes can be searched >> > correctly, >> > an upgrade will automatically fix these values in the database >> > >> > * Replication_Session_Hooks >> > http://directory.fedoraproject.org/wiki/Replication_Session_Hooks >> > ** API for plugins to intercept replication session at various >> points >> > >> > * Managed Entries - >> > http://directory.fedoraproject.org/wiki/Managed_Entry_Design >> > ** Used, for example, to automatically create the user's group entry >> > when adding a user entry >> > >> > * Subtree Rename and Entry Move (modifyDN with newSuperior) >> > ** https://bugzilla.redhat.com/show_bug.cgi?id=429005 >> > ** ability to rename a node that has children >> > ** ability to move a node, with or without children, to another >> > parent node >> > >> > * Security Enhancements >> > ** SELinux Policy >> > http://directory.fedoraproject.org/wiki/SELinux_Policy >> > *** https://bugzilla.redhat.com/show_bug.cgi?id=442228 >> > >> > * Matching rules >> > ** support for all RFC 4517 matching rules (except the >> > FirstComponent ones) >> > >> > === Bugs Fixed === >> > This release contains many, many bug fixes. The complete list of >> bugs >> > fixed is found at the link below. Note that bugs marked as MODIFIED >> > have been fixed but are still in testing. >> > * Tracking bug for 1.2.6 release - >> > >> https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0 >> > < >> https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0 >> > >> > >> > >> > -- >> > 389 users mailing list >> > 389-users at lists.fedoraproject.org >> > <mailto:389-users at lists.fedoraproject.org> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> > >> > >> > ------------------------------------------------------------------------ >> > >> > -- >> > 389 users mailing list >> > 389-users at lists.fedoraproject.org >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> -- >> 389 users mailing list >> 389-users at lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100915/074a2606/attachment-0001.html
