Re: Fedora DS 1.0.4 build on Solaris 10?

[Rob Crittenden <rcritten@xxxxxxxxxx>]

Dave Augustus wrote:
> On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote:
> > /home/dings/fds/alias does exist. I am starting FDS by using start-slapd
> > as root user. /home/dings/fds/alias is writable by the server. It looks
> > like start-slapd is looking for some certificate under
> > /home/dings/fds/alias. I checked the content under /home/dings/alias. It
> > contains only one file: libnssckbi.so.
> >
> >
> >
> > -----Original Message-----
> > From: fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx>
> > [mailto:fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx>] On Behalf Of Richard
> > Megginson
> > Sent: Tuesday, September 11, 2007 5:56 PM
> > To: General discussion list for the Fedora Directory server project.
> > Subject: Re:  Fedora DS 1.0.4 build on Solaris
> > 10?
> >
> > Scott Ding wrote:
> > > I got the FDS installed on Solaris 10 by calling ds_newinst.pl with a 
> > > inf file. However, when I tried to start the FDS, I got the following 
> > > error. It looks like I did not set up SSL correctly. Can anyone help?
> > >
> > > [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: NSS
> >
> > > initialization failed (Netscape Portable Runtime error -8174 - 
> > > security
> > > library: bad database.): path: /home/dings/fds/alias/, certdb prefix:
> > > slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-.
> > >   
> > Does the directory /home/dings/fds/alias exist?  Is it owned by the
> > server user?  Is it writable by the server user?
> > > [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed.
> > >
> > > -----Original Message-----
> > > From: Scott Ding
> > > Sent: Tuesday, September 11, 2007 2:50 PM
> > > To: General discussion list for the Fedora Directory server project.
> > > Subject: RE:  Fedora DS 1.0.4 build on Solaris
> >
> > > 10?
> > >
> > > Rob,
> > >
> > > We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The 
> > > compiled result contains the following files:
> > >
> > > LICENSE.txt
> > > README.txt
> > > disktune
> > > slapd.tar.gz
> > >
> > >
> > > After I untar slapd.tar.gz, I got the following:
> > >
> > > alias
> > > manual
> > > shared
> > > bin
> > >   - slapd
> > >        - admin
> > >        - server
> > >        - install
> > >        - property
> > >        -lib
> > > lib
> > > plugins
> > >
> > > I checked the Installation Guide. The instructions are based on
> > RedHat.
> > > Are there any installation instructions based on Solaris?
> > >
> > > Regards,
> > > Scott
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx>
> > > [mailto:fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx>] On Behalf Of Rob 
> > > Crittenden
> > > Sent: Tuesday, September 11, 2007 7:25 AM
> > > To: General discussion list for the Fedora Directory server project.
> > > Subject: Re:  Fedora DS 1.0.4 build on Solaris
> >
> > > 10?
> > >
> > > Scott Ding wrote:
> > >   
> > >> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)?
> > >>
> > >>     
> > >
> > > In theory this should work ok.
> > >
> > > I spent a little time many months ago to try to build it on Solaris 10
> > > x86 and nearly got there before running out of time and I never got 
> > > back to it because I needed to reclaim the disk space :-(
> > >
> > > I would recommend the manual build process defined at 
> > > http://directory.fedoraproject.org/wiki/Building . I would avoid the 
> > > "one-step build" because I suspect this is going to be very iterative 
> > > and while the auto-fetching is nice developing in that environment 
> > > just adds another layer of pain.
> > >
> > > It is possible to build on Solaris with gcc, the trick is figuring out
> >
> > > the magic to tell the various components to use it. I think things 
> > > like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set 
> > > that to 1 and give it a go. There may be other tweaks required.
> > >
> > > And note that the manual instructions just cover the server itself. 
> > > For console, the plugins, etc there is more to do.
> > >
> > > rob
> > >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx>
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >   
> >
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx>
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> My guess is that you just need to create the cert files. Look for the 
> certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on 
> Solaris). Do certutil-bin -h . The cert db files will need to be named 
> appropriately and located in alias. Something like:
> slapd-lsctsol06-key3.db
> slapd-lsctsol06-cert8.db
> Also, I think that secmod.db is needed but I don't know what it contains.

Solaris should already have certutil. You need to run something like:

# certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06-

Note that there is a trailing dash. This is important.

You'll be prompted to set a security password. Enter one or just press 
ENTER twice to not set one.

That should do the trick.

rob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users