Scott Ding wrote:
Using the certutil-bin instructions given by Rob, I was able to generate slapd-lsctsol06-key3.db,slapd-lsctsol06-cert8.db, and secmod.db successfully under /home/dings/fds/alias. However, when I call start-slapd as root, I still get the same errors. Attached is the errors log file under logs.
Are the files readable by the user the server run as? You can find out what that is configured by by looking for nsslapd-localuser in config/dse.ldif.
I'm a glutton for punishment so I might run truss on the start script and look for where the NSS database is being opened and see if any errors are thrown (EPERM, etc). You'll need a flag to follow forks, I think it is -f.
rob
-----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Rob Crittenden Sent: Wednesday, September 12, 2007 6:09 AM To: General discussion list for the Fedora Directory server project. Subject: Re: Fedora DS 1.0.4 build on Solaris 10? Dave Augustus wrote:On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote:/home/dings/fds/alias does exist. I am starting FDS by using start-slapd as root user. /home/dings/fds/alias is writable by the server. It looks like start-slapd is looking for some certificate under /home/dings/fds/alias. I checked the content under /home/dings/alias. It contains only one file: libnssckbi.so.My guess is that you just need to create the cert files. Look for the certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on Solaris). Do certutil-bin -h . The cert db files will need to be named appropriately and located in alias. Something like:-----Original Message-----From: fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx> [mailto:fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx>] On Behalf Of Richard MegginsonSent: Tuesday, September 11, 2007 5:56 PM To: General discussion list for the Fedora Directory server project.Subject: Re: Fedora DS 1.0.4 build on Solaris 10?Scott Ding wrote:I got the FDS installed on Solaris 10 by calling ds_newinst.pl with a inf file. However, when I tried to start the FDS, I got the following error. It looks like I did not set up SSL correctly. Can anyone help?Does the directory /home/dings/fds/alias exist? Is it owned by the server user? Is it writable by the server user?[11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8174 - securitylibrary: bad database.): path: /home/dings/fds/alias/, certdb prefix: slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-.[11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. -----Original Message----- From: Scott Ding Sent: Tuesday, September 11, 2007 2:50 PM To: General discussion list for the Fedora Directory server project.Subject: RE: Fedora DS 1.0.4 build on Solaris10? Rob,We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The compiled result contains the following files:LICENSE.txt README.txt disktune slapd.tar.gz After I untar slapd.tar.gz, I got the following: alias manual shared bin - slapd - admin - server - install - property -lib lib plugins I checked the Installation Guide. The instructions are based onRedHat.Are there any installation instructions based on Solaris? Regards, Scott -----Original Message-----From: fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx> [mailto:fedora-directory-users-bounces@xxxxxxxxxx <mailto:fedora-directory-users-bounces@xxxxxxxxxx>] On Behalf Of Rob CrittendenSent: Tuesday, September 11, 2007 7:25 AM To: General discussion list for the Fedora Directory server project.Subject: Re: Fedora DS 1.0.4 build on Solaris10? Scott Ding wrote:Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)?In theory this should work ok.I spent a little time many months ago to try to build it on Solaris 10 x86 and nearly got there before running out of time and I never got back to it because I needed to reclaim the disk space :-(I would recommend the manual build process defined at http://directory.fedoraproject.org/wiki/Building . I would avoid the "one-step build" because I suspect this is going to be very iterative and while the auto-fetching is nice developing in that environment just adds another layer of pain.It is possible to build on Solaris with gcc, the trick is figuring out the magic to tell the various components to use it. I think things like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set that to 1 and give it a go. There may be other tweaks required.And note that the manual instructions just cover the server itself. For console, the plugins, etc there is more to do.rob --Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx>https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing listFedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx>https://www.redhat.com/mailman/listinfo/fedora-directory-usersslapd-lsctsol06-key3.db slapd-lsctsol06-cert8.db Also, I think that secmod.db is needed but I don't know what it contains.Solaris should already have certutil. You need to run something like: # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06- Note that there is a trailing dash. This is important. You'll be prompted to set a security password. Enter one or just press ENTER twice to not set one. That should do the trick. rob ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
