[389-users] Migrate fedora-ds 1.0.4 SSL Enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am hoping for guidance in migrating this SSL enabled directory to 389-ds.

From: fedora-ds 1.0.4 on fc6 i386
To:      389-ds 1.1 on fedora 12 i386.  The fedora 12 is on a new box 
with the same IP address and hostname.

SSL is enabled on the source directory and source admin server.

I have read the SSL HowTo, so I understand that the certs are stored 
differently under 1.1.
Is it possible to import the existing SSL certs and set up the 
configuration so that the migration will succeed?
If not, how do I correctly remove SSL from the source configuration?  I 
could set up SSL on the target after the migration.

Thank you,

Craig Swanson

----------Supporting information ---------------------

So far I have done this 1.0.4 to 1.1 prep:

I have modified the source schema to use the updated autofs and mozilla 
ldif files.
I have run db2ldif to export the userRoot and NetscapeRoot databases.
I have modified  the source /opt/fedora-ds/admin-serv/config/adm.conf 
and local.conf to replace cn=Fedora with cn=389

Bad outcomes:
I ran the cross platform migration in order to pull from the modified 
ldif files.
migrate-ds-admin.pl -d --crossplatform --oldsroot=/opt/fedora-ds.104 
--actualsroot=/opt/fedora-ds -f /opt/migratePunch.inf

The migration failed because I had not dealt with the SSL. Debug output:

+[27/Apr/2010:12:44:26 -0400] - 389-Directory/1.2.5 B2010.012.2035 
starting up
+[27/Apr/2010:12:44:26 -0400] - I'm resizing my cache now...cache was 
208736256 and is now 8388608
+[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap 
key for cipher AES
+[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher AES in 
attrcrypt_cipher_init
+[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher AES in 
attrcrypt_init
+[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap 
key for cipher 3DES
+[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher 3DES 
in attrcrypt_cipher_init
+[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher 3DES in 
attrcrypt_init
+[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap 
key for cipher AES
+[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher AES in 
attrcrypt_cipher_init
+[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher AES in 
attrcrypt_init
+[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap 
key for cipher 3DES
+[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher 3DES 
in attrcrypt_cipher_init
+[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher 3DES in 
attrcrypt_init


Disabling SSL in the source:
I have tried to disable SSL on the source directory and admin server via 
the console.
Next, I had attempted a migration. The migration completed, but, the 
console failed authentication on the resulting 1.1 server.
http://myserver:64000

I went back to the source server.  launching the console 
http://myserver:64000 also failed authentication.





--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux