Hi Yogesh, errors in admin log seem to be normal since directory server is stopped. I am not sure the reason why you cannot start directory server. Have you checked there's not a ns-slapd process hang'd ? Eventually you could try to start it by doing strace -o /tmp/strace.out -f /usr/lib64/dirsrv/slapd-vm-ser-master-01/start-slapd and send me the file /tmp/strace.out Thanks and regards, German. ----- Original Message ----- > From: "Yogesh Sharma" <yks0000@xxxxxxxxx> > To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Tuesday, September 23, 2014 10:15:42 PM > Subject: Re: Issue Starting Admin Server after Enabling SSL in Admin Server. > > Hi German, > > Many Thanks for reply. > > Yes, that SSL was checked by mistake and after that it did not came up. > > I am now able to start Admin server but seeing below error in logs and it > simply do not connect to LDAP Sever. > > [Wed Sep 24 01:26:10 2014] [notice] SELinux policy enabled; httpd running as > context unconfined_u:system_r:httpd_t:s0 > [Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't > contact LDAP server > [Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't > contact LDAP server > [Wed Sep 24 01:26:11 2014] [warn] Unable to bind as LocalAdmin to populate > LocalAdmin tasks into cache. > [Wed Sep 24 01:26:11 2014] [notice] Access Host filter is: *. initd.in > [Wed Sep 24 01:26:11 2014] [notice] Access Address filter is: * > [Wed Sep 24 01:26:12 2014] [notice] Apache/2.2.15 (Unix) configured -- > resuming normal operations > [Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't > contact LDAP server > [Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't > contact LDAP server > [Wed Sep 24 01:26:12 2014] [warn] Unable to bind as LocalAdmin to populate > LocalAdmin tasks into cache. > [Wed Sep 24 01:26:12 2014] [notice] Access Host filter is: *. initd.in > [Wed Sep 24 01:26:12 2014] [notice] Access Address filter is: * > > > > [root@vm-ser-master-01 admin-serv]# cat /etc/dirsrv/admin-serv/local.conf | > grep nsAdminAccessHosts > configuration.nsAdminAccessHosts: *. initd.in > [root@vm-ser-master-01 admin-serv]# > > [root@vm-ser-repo-01 ~]# ldapsearch -x -D "cn=ldap" -W > Enter LDAP Password: > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > > adm.conf: > > > userdn: uid=ldap,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot > sysuser: ldap > sysgroup: ldap > SuiteSpotUserID: ldap > SuiteSpotGroup: ldap > sie: cn=admin-serv-vm-ser-master-01,cn=389 Administration Server,cn=Server > Group,cn= vm-ser-master-01.initd.in ,ou= initd.in ,o=NetscapeRoot > securitydir: /etc/dirsrv/admin-serv > ldapurl: ldap:// ldap.initd.in:389/o=NetscapeRoot > ldapStart: /usr/lib64/dirsrv/slapd-vm-ser-master-01/start-slapd > isie: cn=389 Administration Server,cn=Server Group,cn= > vm-ser-master-01.initd.in ,ou= initd.in ,o=NetscapeRoot > AdminDomain: initd.in > > > > [root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv-admin status > dirsrv-admin (pid 5364) is running... > [root@vm-ser-master-01 admin-serv]# ps -ef | grep 5364 > root 5364 1 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f > /etc/dirsrv/admin-serv/httpd.conf > root 5367 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f > /etc/dirsrv/admin-serv/httpd.conf > ldap 5368 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f > /etc/dirsrv/admin-serv/httpd.conf > root 5720 3618 0 01:34 pts/0 00:00:00 grep 5364 > > [root@vm-ser-master-01 admin-serv]# lsof -i:9830 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > httpd.wor 5364 root 3u IPv4 38803 0t0 TCP *:9830 (LISTEN) > httpd.wor 5368 ldap 3u IPv4 38803 0t0 TCP *:9830 (LISTEN) > [root@vm-ser-master-01 admin-serv]# > > > access logs: > > 192.168.0.111 - cn=ldap [23/Sep/2014:04:03:49 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 192.168.0.111 - cn=ldap [23/Sep/2014:04:03:55 +0530] "POST > /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 308 > 192.168.0.111 - cn=ldap [23/Sep/2014:04:04:04 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 192.168.0.112 - cn=ldap [23/Sep/2014:04:04:19 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 192.168.0.111 - cn=ldap [23/Sep/2014:04:04:10 +0530] "POST > /admin-serv/tasks/Operation/Restart HTTP/1.0" 200 240 > 192.168.0.112 - cn=ldap [23/Sep/2014:04:04:35 +0530] "GET > /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 > 192.168.0.111 - cn=ldap [24/Sep/2014:01:13:27 +0530] "GET > /admin-serv/authenticate HTTP/1.0" 401 470 > 192.168.0.111 - cn=ldap [24/Sep/2014:01:13:48 +0530] "GET > /admin-serv/authenticate HTTP/1.0" 401 470 > 192.168.0.111 - - [24/Sep/2014:01:14:08 +0530] "\x16\x03\x01" 302 309 > 192.168.0.111 - cn=ldap [24/Sep/2014:01:14:20 +0530] "GET > /admin-serv/authenticate HTTP/1.0" 401 470 > 192.168.0.111 - cn=ldap [24/Sep/2014:01:14:38 +0530] "GET > /admin-serv/authenticate HTTP/1.0" 401 470 > 192.168.0.111 - cn=config [24/Sep/2014:01:17:36 +0530] "GET > /admin-serv/authenticate HTTP/1.0" 401 470 > > While trying to start DS. > > [root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv start > Starting dirsrv: > vm-ser-master-01... [FAILED] > *** Warning: 1 instance(s) failed to start > [root@vm-ser-master-01 admin-serv]# > > No log trace in slapd logs. > > [root@vm-ser-master-01 admin-serv]# lsof -i:389 > [root@vm-ser-master-01 admin-serv]# lsof -i:636 > > Please suggest. > > > Best Regards, > __________________________________________ > Yogesh Sharma > Email: yks0000@xxxxxxxxx | Web: www.initd.in > > RHCE, VCE-CIA, RackSpace Cloud U > > > > On Tue, Sep 23, 2014 at 5:42 PM, German Parente < gparente@xxxxxxxxxx > > wrote: > > > > Hi Yogesh, > > seems there's no certificate in admin server. I don't see how you could > enable ssl in admin and not have any certificate in admin certificate db. > > To disable ssl, you could follow this article: > > https://access.redhat.com/solutions/762573 > > Thanks and regards, > > German. > > ----- Original Message ----- > > From: "Yogesh Sharma" < yks0000@xxxxxxxxx > > > To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > Sent: Tuesday, September 23, 2014 1:54:12 AM > > Subject: Issue Starting Admin Server after Enabling SSL in > > Admin Server. > > > > Hi, > > > > > > My 389-ds is using SSL in Directory Server. Once I checked the checkbox in > > Admin Server to use SSL and try to restart it (admin) it is failing. The > > logs says as below: > > > > [Tue Sep 23 05:20:35 2014] [notice] SELinux policy enabled; httpd running > > as > > context unconfined_u:system_r:httpd_t:s0 > > [Tue Sep 23 05:20:36 2014] [crit] sslinit: NSS is required to use LDAPS, > > but > > security initialization failed [-12285:Unable to find the certificate or > > key > > necessary for authentication.]. Cannot start server > > > > > > [root@vm-ser-master-01 admin-serv]# certutil -d /etc/dirsrv/admin-serv -L > > > > Certificate Nickname Trust Attributes > > SSL,S/MIME,JAR/XPI > > > > [root@vm-ser-master-01 admin-serv]# > > > > > > > > [root@vm-ser-master-01 admin-serv]# certutil -d > > /etc/dirsrv/slapd-vm-ser-master-01/ -L > > > > Certificate Nickname Trust Attributes > > SSL,S/MIME,JAR/XPI > > > > ca.initd.in CT,, > > server-cert u,u,u > > [root@vm-ser-master-01 admin-serv]# > > > > > > I also tried disbaling SSL to revert back but it is failing and No messages > > in Log. Please suggest further to fix or revert this. > > > > > > Best Regards, > > __________________________________________ > > Yogesh Sharma > > > > > > > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
