Same problem here. Once one switches to using the Linux 389-console it works fine. Once you get past this problem will be interested how you fare with setting up replication over SSL. Thanks, Phil
----- On 4 Feb, 2016, at 20:54, Richard Tearle richard.tearle@xxxxxxxxxxxxxxxx wrote:
> Hello
>
> We've successfully deployed a test instance of 389 on Centos 7 within
> Docker. We can connect with our usual LDAP tools, our code, the
> administrator web application and by using the 389 Windows
> application. All OK.
>
> When we applied SSL/TLS, by using the setupssl2.sh script we can no
> longer connect using the 389 Windows application, although all other
> functions are running OK. The error messages we receive after entering
> the user information are:
>
> The certificate this server present is either untrusted or unknown -
> that's fine it's a self signed certificate, so I accept this
> certificate.
>
> Cannot connect to the Admin Server "https://<host>:9830". The Url is
> not correct or the server is not running.
>
> Looking in the error log file for the admin server I have the following entries:
>
> [Thu Feb 04 11:34:28.884037 2016] [:info] [pid 662:tid
> 140597238659136] Configuring server for SSL protocol
> [Thu Feb 04 11:34:28.884248 2016] [:debug] [pid 662:tid
> 140597238659136] nss_engine_init.c(702): NSSProtocol: Enabling
> TLSv1.1
> [Thu Feb 04 11:34:28.884331 2016] [:debug] [pid 662:tid
> 140597238659136] nss_engine_init.c(761): NSSProtocol: [TLS 1.1]
> (minimum)
> [Thu Feb 04 11:34:28.884420 2016] [:debug] [pid 662:tid
> 140597238659136] nss_engine_init.c(778): NSSProtocol: [TLS 1.1]
> (maximum)
> [Thu Feb 04 11:34:28.884642 2016] [:debug] [pid 662:tid
> 140597238659136] nss_engine_init.c(983): NSSCipherSuite: Configuring
> permitted SSL ciphers
> [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
> [Thu Feb 04 11:34:28.884792 2016] [:info] [pid 662:tid
> 140597238659136] Using nickname server-cert.
> [Thu Feb 04 11:34:28.918651 2016] [:debug] [pid 662:tid
> 140597238659136] mod_admserv/mod_admserv.c(2369): Entering
> do_admserv_post_config - pid is [662]
> [Thu Feb 04 11:34:28.918813 2016] [:debug] [pid 662:tid
> 140597238659136] mod_admserv/mod_admserv.c(2377): Entering
> do_admserv_post_config - init count is [2]
> [Thu Feb 04 11:34:28.918899 2016] [:debug] [pid 662:tid
> 140597238659136] mod_admserv/mod_admserv.c(2401): [662] Cache
> expiration set to 600 seconds
> [Thu Feb 04 11:34:28.956732 2016] [:debug] [pid 662:tid
> 140597238659136] mod_admserv/mod_admserv.c(2505): Added StartConfigDs
> task entry
> [cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-ldap-server,cn=389
> administration server,cn=server
> group,cn=ldap-server.docker,ou=docker,o=netscaperoot:start_config_ds:]
> for user [LocalSuper]
> [Thu Feb 04 11:34:28.961067 2016] [:info] [pid 662:tid
> 140597238659136] host_ip_init(): problem creating secure AdmldapInfo
> (error code = 4)
> [Thu Feb 04 11:34:28.963356 2016] [:notice] [pid 662:tid
> 140597238659136] Access Host filter is: *.docker
> [Thu Feb 04 11:34:28.963422 2016] [:notice] [pid 662:tid
> 140597238659136] Access Address filter is: *
>
> When I try to connect to the admin server, there is no corresponding
> entry in the access logs for the directory server. Running strace
> shows the following logs around the point the software logs the
> "host_ip_init(): problem creating secure AdmldapInfo" message:
>
> 659 11:34:28 stat("/etc/dirsrv/admin-serv/adm.conf",
> {st_mode=S_IFREG|0600, st_size=508, ...}) = 0
> 659 11:34:28 open("/etc/dirsrv/admin-serv/adm.conf", O_RDONLY) = 12
> 659 11:34:28 fstat(12, {st_mode=S_IFREG|0600, st_size=508, ...}) = 0
> 659 11:34:28 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdf58776000
> 659 11:34:28 read(12, "AdminDomain: docker\nsysuser: nobody\nisie:
> cn=389 Administration Server,cn=Server
> Group,cn=ldap-server.docker,ou=docker,o=Netscap"..., 4096) = 508
> 659 11:34:28 read(12, "", 4096) = 0
> 659 11:34:28 close(12) = 0
> 659 11:34:28 munmap(0x7fdf58776000, 4096) = 0
> 659 11:34:28 stat("/etc/dirsrv/admin-serv/admpw",
> {st_mode=S_IFREG|0600, st_size=40, ...}) = 0
> 659 11:34:28 open("/etc/dirsrv/admin-serv/admpw", O_RDONLY) = 12
> 659 11:34:28 fstat(12, {st_mode=S_IFREG|0600, st_size=40, ...}) = 0
> 659 11:34:28 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdf58776000
> 659 11:34:28 read(12, "admin:{SHA}L9P5p6bDeyroxEtjCalDW6iFyIc=\n", 4096) = 40
> 659 11:34:28 close(12) = 0
> 659 11:34:28 munmap(0x7fdf58776000, 4096) = 0
> 659 11:34:28 write(2, "[Thu Feb 04 11:34:28.659125 2016] [:info]
> [pid 659:tid 140597238659136] host_ip_init(): problem creating secure
> AdmldapInfo (err"..., 141) = 141
> 659 11:34:28 geteuid() = 0
> 659 11:34:28 setresuid(-1, 99, -1) = 0
>
> These are the 389 packages that have been installed:
>
> 389-admin-1.1.42-1.el7.x86_64.rpm
> 389-admin-console-1.1.10-1.el7.noarch.rpm
> 389-adminutil-1.1.22-1.el7.x86_64.rpm
> 389-console-1.1.9-1.el7.noarch.rpm
> 389-ds-base-1.3.3.1-20.el7_1.x86_64.rpm
> 389-ds-base-libs-1.3.3.1-20.el7_1.x86_64.rpm
> 389-ds-console-1.2.12-1.el7.noarch.rpm
>
> And this is the output from uname -all:
>
> Linux d83459731f6d 3.10.0-229.11.1.el7.x86_64 #1 SMP Thu Aug 6
> 01:06:18 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
> and finally this is the hosts file:
>
> 172.17.0.3 ldap-server.docker d83459731f6d ldap-server.bridge ldap-server
> 127.0.0.1 localhost
> ::1 localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> We're at a bit of a loss where to turn.
>
> --
> This email is sent on behalf of Northgate Public Services (UK) Limited and
> its associated companies including Rave Technologies (India) Pvt Limited
> (together "Northgate Public Services") and is strictly confidential and
> intended solely for the addressee(s).
> If you are not the intended recipient of this email you must: (i) not
> disclose, copy or distribute its contents to any other person nor use its
> contents in any way or you may be acting unlawfully; (ii) contact
> Northgate Public Services immediately on +44(0)1908 264500 quoting the name
> of the sender and the addressee then delete it from your system.
> Northgate Public Services has taken reasonable precautions to ensure that
> no viruses are contained in this email, but does not accept any
> responsibility once this email has been transmitted. You should scan
> attachments (if any) for viruses.
>
> Northgate Public Services (UK) Limited, registered in England and Wales
> under number 00968498 with a registered address of Peoplebuilding 2,
> Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2
> 4NN. Rave Technologies (India) Pvt Limited, registered in India under
> number 117068 with a registered address of 2nd Floor, Ballard House, Adi
> Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001.
> --
> 389 users mailing list
> 389-users@%(host_name)s
> http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
