Andreas Kekkou wrote:
I'm not sure. If you are not using attribute encryption, and do not have any encrypted attribute values, you can simply remove the offending attributes:Both names are exactly the same. Richard Megginson wrote:Andreas Kekkou wrote:Hi Richard,Nothing has changed. Executing the command you have suggested on both servers I get the same output:[root@serverA alias]# ../shared/bin/certutil -L -P slapd-serverA- -d . serverA-cert u,u,u Computer Science Department CA CT,, [root@serverB alias]# ../shared/bin/certutil -L -P slapd-serverB- -d . serverB-cert u,u,u Computer Science Department CA CT,, Is there anything else I have to check?grep -i personality /opt/fedora-ds/slapd-instancename/config/dse.ldifThe personality name should match with the server cert name in your certdb.Cheers. Andreas Richard Megginson wrote:Andreas Kekkou wrote:Has your SSL/TLS configuration changed at all? Have you acquired a new cert or renewed an existing cert?Hi all,I'm running FDS in multi-master mode with two servers. Both servers are configured with TLS support. One of the servers logs the following error:[25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to unwrap key for cipher AES [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher AES in attrcrypt_cipher_init [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in attrcrypt_init [25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to unwrap key for cipher AES [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher AES in attrcrypt_cipher_init [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in attrcrypt_init [25/Oct/2007:08:50:57 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [25/Oct/2007:08:50:57 +0300] - Listening on All Interfaces port 636 for LDAPS requestsBoth servers seems to work just fine. Any ideas how this can be resolved?cd /opt/fedora-ds/alias ../shared/bin/certutil -L -P slapd-instance- -d .
shutdown the serveredit dse.ldif - remove the entry cn=AES, cn=encrypted attribute keys, cn=userRoot, cn=ldbm database, cn=plugins, cn=config and cn=AES, cn=encrypted attribute keys, cn=NetscapeRoot, n=ldbm database, cn=plugins, cn=config
then restart the server
Thanks, Andreas -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-------------------------------------------------------------------------- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
