I got it working. The logs directory needs executable permission. Thank you all for helping me out! -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Rob Crittenden Sent: Wednesday, September 12, 2007 11:06 AM To: General discussion list for the Fedora Directory server project. Subject: Re: Fedora DS 1.0.4 build on Solaris 10? Scott Ding wrote: > Using the certutil-bin instructions given by Rob, I was able to generate slapd-lsctsol06-key3.db,slapd-lsctsol06-cert8.db, and secmod.db successfully under /home/dings/fds/alias. However, when I call start-slapd as root, I still get the same errors. Attached is the errors log file under logs. > Are the files readable by the user the server run as? You can find out what that is configured by by looking for nsslapd-localuser in config/dse.ldif. I'm a glutton for punishment so I might run truss on the start script and look for where the NSS database is being opened and see if any errors are thrown (EPERM, etc). You'll need a flag to follow forks, I think it is -f. rob > -----Original Message----- > From: fedora-directory-users-bounces@xxxxxxxxxx > [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Rob > Crittenden > Sent: Wednesday, September 12, 2007 6:09 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: Fedora DS 1.0.4 build on Solaris 10? > > Dave Augustus wrote: >> >> On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote: >>> /home/dings/fds/alias does exist. I am starting FDS by using >>> start-slapd as root user. /home/dings/fds/alias is writable by the >>> server. It looks like start-slapd is looking for some certificate >>> under /home/dings/fds/alias. I checked the content under >>> /home/dings/alias. It contains only one file: libnssckbi.so. >>> >>> >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces@xxxxxxxxxx >>> <mailto:fedora-directory-users-bounces@xxxxxxxxxx> >>> [mailto:fedora-directory-users-bounces@xxxxxxxxxx >>> <mailto:fedora-directory-users-bounces@xxxxxxxxxx>] On Behalf Of >>> Richard Megginson >>> Sent: Tuesday, September 11, 2007 5:56 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: Fedora DS 1.0.4 build on >>> Solaris 10? >>> >>> Scott Ding wrote: >>>> I got the FDS installed on Solaris 10 by calling ds_newinst.pl with >>>> a inf file. However, when I tried to start the FDS, I got the >>>> following error. It looks like I did not set up SSL correctly. Can anyone help? >>>> >>>> [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: >>>> NSS >>>> initialization failed (Netscape Portable Runtime error -8174 - >>>> security >>>> library: bad database.): path: /home/dings/fds/alias/, certdb prefix: >>>> slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >>>> >>> Does the directory /home/dings/fds/alias exist? Is it owned by the >>> server user? Is it writable by the server user? >>>> [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. >>>> >>>> -----Original Message----- >>>> From: Scott Ding >>>> Sent: Tuesday, September 11, 2007 2:50 PM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: RE: Fedora DS 1.0.4 build on >>>> Solaris 10? >>>> >>>> Rob, >>>> >>>> We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The >>>> compiled result contains the following files: >>>> >>>> LICENSE.txt >>>> README.txt >>>> disktune >>>> slapd.tar.gz >>>> >>>> >>>> After I untar slapd.tar.gz, I got the following: >>>> >>>> alias >>>> manual >>>> shared >>>> bin >>>> - slapd >>>> - admin >>>> - server >>>> - install >>>> - property >>>> -lib >>>> lib >>>> plugins >>>> >>>> I checked the Installation Guide. The instructions are based on >>> RedHat. >>>> Are there any installation instructions based on Solaris? >>>> >>>> Regards, >>>> Scott >>>> >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces@xxxxxxxxxx >>>> <mailto:fedora-directory-users-bounces@xxxxxxxxxx> >>>> [mailto:fedora-directory-users-bounces@xxxxxxxxxx >>>> <mailto:fedora-directory-users-bounces@xxxxxxxxxx>] On Behalf Of >>>> Rob Crittenden >>>> Sent: Tuesday, September 11, 2007 7:25 AM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: Re: Fedora DS 1.0.4 build on >>>> Solaris 10? >>>> >>>> Scott Ding wrote: >>>> >>>>> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >>>>> >>>>> >>>> In theory this should work ok. >>>> >>>> I spent a little time many months ago to try to build it on Solaris >>>> 10 >>>> x86 and nearly got there before running out of time and I never got >>>> back to it because I needed to reclaim the disk space :-( >>>> >>>> I would recommend the manual build process defined at >>>> http://directory.fedoraproject.org/wiki/Building . I would avoid >>>> the "one-step build" because I suspect this is going to be very >>>> iterative and while the auto-fetching is nice developing in that >>>> environment just adds another layer of pain. >>>> >>>> It is possible to build on Solaris with gcc, the trick is figuring >>>> out the magic to tell the various components to use it. I think >>>> things like NSS, NSPR and FDS itself use the env variable >>>> NS_USE_GCC. Set that to 1 and give it a go. There may be other >>>> tweaks required. >>>> >>>> And note that the manual instructions just cover the server itself. >>>> For console, the plugins, etc there is more to do. >>>> >>>> rob >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@xxxxxxxxxx >>>> <mailto:Fedora-directory-users@xxxxxxxxxx> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@xxxxxxxxxx >>> <mailto:Fedora-directory-users@xxxxxxxxxx> >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> My guess is that you just need to create the cert files. Look for the >> certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on >> Solaris). Do certutil-bin -h . The cert db files will need to be >> named appropriately and located in alias. Something like: >> slapd-lsctsol06-key3.db >> slapd-lsctsol06-cert8.db >> Also, I think that secmod.db is needed but I don't know what it contains. > > Solaris should already have certutil. You need to run something like: > > # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06- > > Note that there is a trailing dash. This is important. > > You'll be prompted to set a security password. Enter one or just press ENTER twice to not set one. > > That should do the trick. > > rob > > > > ---------------------------------------------------------------------- > -- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
