Hi German,
Many Thanks for reply.
Many Thanks for reply.
Yes, that SSL was checked by mistake and after that it did not came up.
I am now able to start Admin server but seeing below error in logs and it simply do not connect to LDAP Sever.
[Wed Sep 24 01:26:10 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:11 2014] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
[Wed Sep 24 01:26:11 2014] [notice] Access Host filter is: *.initd.in
[Wed Sep 24 01:26:11 2014] [notice] Access Address filter is: *
[Wed Sep 24 01:26:12 2014] [notice] Apache/2.2.15 (Unix) configured -- resuming normal operations
[Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:12 2014] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
[Wed Sep 24 01:26:12 2014] [notice] Access Host filter is: *.initd.in
[Wed Sep 24 01:26:12 2014] [notice] Access Address filter is: *
[root@vm-ser-master-01 admin-serv]# cat /etc/dirsrv/admin-serv/local.conf | grep nsAdminAccessHosts
configuration.nsAdminAccessHosts: *.initd.in
[root@vm-ser-master-01 admin-serv]#
[root@vm-ser-repo-01 ~]# ldapsearch -x -D "cn=ldap" -W
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[Wed Sep 24 01:26:10 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:11 2014] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
[Wed Sep 24 01:26:11 2014] [notice] Access Host filter is: *.initd.in
[Wed Sep 24 01:26:11 2014] [notice] Access Address filter is: *
[Wed Sep 24 01:26:12 2014] [notice] Apache/2.2.15 (Unix) configured -- resuming normal operations
[Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server
[Wed Sep 24 01:26:12 2014] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache.
[Wed Sep 24 01:26:12 2014] [notice] Access Host filter is: *.initd.in
[Wed Sep 24 01:26:12 2014] [notice] Access Address filter is: *
[root@vm-ser-master-01 admin-serv]# cat /etc/dirsrv/admin-serv/local.conf | grep nsAdminAccessHosts
configuration.nsAdminAccessHosts: *.initd.in
[root@vm-ser-master-01 admin-serv]#
[root@vm-ser-repo-01 ~]# ldapsearch -x -D "cn=ldap" -W
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
adm.conf:
userdn: uid=ldap,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
sysuser: ldap
sysgroup: ldap
SuiteSpotUserID: ldap
SuiteSpotGroup: ldap
sie: cn=admin-serv-vm-ser-master-01,cn=389 Administration Server,cn=Server Group,cn=vm-ser-master-01.initd.in,ou=initd.in,o=NetscapeRoot
securitydir: /etc/dirsrv/admin-serv
ldapurl: ldap://ldap.initd.in:389/o=NetscapeRoot
ldapStart: /usr/lib64/dirsrv/slapd-vm-ser-master-01/start-slapd
isie: cn=389 Administration Server,cn=Server Group,cn=vm-ser-master-01.initd.in,ou=initd.in,o=NetscapeRoot
AdminDomain: initd.in
[root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv-admin status
dirsrv-admin (pid 5364) is running...
[root@vm-ser-master-01 admin-serv]# ps -ef | grep 5364
root 5364 1 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
root 5367 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
ldap 5368 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
root 5720 3618 0 01:34 pts/0 00:00:00 grep 5364
[root@vm-ser-master-01 admin-serv]# lsof -i:9830
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd.wor 5364 root 3u IPv4 38803 0t0 TCP *:9830 (LISTEN)
httpd.wor 5368 ldap 3u IPv4 38803 0t0 TCP *:9830 (LISTEN)
[root@vm-ser-master-01 admin-serv]#
userdn: uid=ldap,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
sysuser: ldap
sysgroup: ldap
SuiteSpotUserID: ldap
SuiteSpotGroup: ldap
sie: cn=admin-serv-vm-ser-master-01,cn=389 Administration Server,cn=Server Group,cn=vm-ser-master-01.initd.in,ou=initd.in,o=NetscapeRoot
securitydir: /etc/dirsrv/admin-serv
ldapurl: ldap://ldap.initd.in:389/o=NetscapeRoot
ldapStart: /usr/lib64/dirsrv/slapd-vm-ser-master-01/start-slapd
isie: cn=389 Administration Server,cn=Server Group,cn=vm-ser-master-01.initd.in,ou=initd.in,o=NetscapeRoot
AdminDomain: initd.in
[root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv-admin status
dirsrv-admin (pid 5364) is running...
[root@vm-ser-master-01 admin-serv]# ps -ef | grep 5364
root 5364 1 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
root 5367 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
ldap 5368 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
root 5720 3618 0 01:34 pts/0 00:00:00 grep 5364
[root@vm-ser-master-01 admin-serv]# lsof -i:9830
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd.wor 5364 root 3u IPv4 38803 0t0 TCP *:9830 (LISTEN)
httpd.wor 5368 ldap 3u IPv4 38803 0t0 TCP *:9830 (LISTEN)
[root@vm-ser-master-01 admin-serv]#
access logs:
192.168.0.111 - cn=ldap [23/Sep/2014:04:03:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.111 - cn=ldap [23/Sep/2014:04:03:55 +0530] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 308
192.168.0.111 - cn=ldap [23/Sep/2014:04:04:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.112 - cn=ldap [23/Sep/2014:04:04:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.111 - cn=ldap [23/Sep/2014:04:04:10 +0530] "POST /admin-serv/tasks/Operation/Restart HTTP/1.0" 200 240
192.168.0.112 - cn=ldap [23/Sep/2014:04:04:35 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.111 - cn=ldap [24/Sep/2014:01:13:27 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - cn=ldap [24/Sep/2014:01:13:48 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - - [24/Sep/2014:01:14:08 +0530] "\x16\x03\x01" 302 309
192.168.0.111 - cn=ldap [24/Sep/2014:01:14:20 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - cn=ldap [24/Sep/2014:01:14:38 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - cn=config [24/Sep/2014:01:17:36 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - cn=ldap [23/Sep/2014:04:03:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.111 - cn=ldap [23/Sep/2014:04:03:55 +0530] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 308
192.168.0.111 - cn=ldap [23/Sep/2014:04:04:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.112 - cn=ldap [23/Sep/2014:04:04:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.111 - cn=ldap [23/Sep/2014:04:04:10 +0530] "POST /admin-serv/tasks/Operation/Restart HTTP/1.0" 200 240
192.168.0.112 - cn=ldap [23/Sep/2014:04:04:35 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19
192.168.0.111 - cn=ldap [24/Sep/2014:01:13:27 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - cn=ldap [24/Sep/2014:01:13:48 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - - [24/Sep/2014:01:14:08 +0530] "\x16\x03\x01" 302 309
192.168.0.111 - cn=ldap [24/Sep/2014:01:14:20 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - cn=ldap [24/Sep/2014:01:14:38 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
192.168.0.111 - cn=config [24/Sep/2014:01:17:36 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470
While trying to start DS.
[root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv start
Starting dirsrv:
vm-ser-master-01... [FAILED]
*** Warning: 1 instance(s) failed to start
[root@vm-ser-master-01 admin-serv]#
[root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv start
Starting dirsrv:
vm-ser-master-01... [FAILED]
*** Warning: 1 instance(s) failed to start
[root@vm-ser-master-01 admin-serv]#
No log trace in slapd logs.
[root@vm-ser-master-01 admin-serv]# lsof -i:389
[root@vm-ser-master-01 admin-serv]# lsof -i:636
Please suggest.
Best Regards,
__________________________________________
RHCE, VCE-CIA, RackSpace Cloud U
On Tue, Sep 23, 2014 at 5:42 PM, German Parente <gparente@xxxxxxxxxx> wrote:
Hi Yogesh,
seems there's no certificate in admin server. I don't see how you could enable ssl in admin and not have any certificate in admin certificate db.
To disable ssl, you could follow this article:
https://access.redhat.com/solutions/762573
Thanks and regards,
German.
> --
----- Original Message -----
> From: "Yogesh Sharma" <yks0000@xxxxxxxxx>
> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Tuesday, September 23, 2014 1:54:12 AM
> Subject: Issue Starting Admin Server after Enabling SSL in Admin Server.
>
> Hi,
>
>
> My 389-ds is using SSL in Directory Server. Once I checked the checkbox in
> Admin Server to use SSL and try to restart it (admin) it is failing. The
> logs says as below:
>
> [Tue Sep 23 05:20:35 2014] [notice] SELinux policy enabled; httpd running as
> context unconfined_u:system_r:httpd_t:s0
> [Tue Sep 23 05:20:36 2014] [crit] sslinit: NSS is required to use LDAPS, but
> security initialization failed [-12285:Unable to find the certificate or key
> necessary for authentication.]. Cannot start server
>
>
> [root@vm-ser-master-01 admin-serv]# certutil -d /etc/dirsrv/admin-serv -L
>
> Certificate Nickname Trust Attributes
> SSL,S/MIME,JAR/XPI
>
> [root@vm-ser-master-01 admin-serv]#
>
>
>
> [root@vm-ser-master-01 admin-serv]# certutil -d
> /etc/dirsrv/slapd-vm-ser-master-01/ -L
>
> Certificate Nickname Trust Attributes
> SSL,S/MIME,JAR/XPI
>
> ca.initd.in CT,,
> server-cert u,u,u
> [root@vm-ser-master-01 admin-serv]#
>
>
> I also tried disbaling SSL to revert back but it is failing and No messages
> in Log. Please suggest further to fix or revert this.
>
>
> Best Regards,
> __________________________________________
> Yogesh Sharma
>
>
>
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
