I am hoping for guidance in migrating this SSL enabled directory to 389-ds. From: fedora-ds 1.0.4 on fc6 i386 To: 389-ds 1.1 on fedora 12 i386. The fedora 12 is on a new box with the same IP address and hostname. SSL is enabled on the source directory and source admin server. I have read the SSL HowTo, so I understand that the certs are stored differently under 1.1. Is it possible to import the existing SSL certs and set up the configuration so that the migration will succeed? If not, how do I correctly remove SSL from the source configuration? I could set up SSL on the target after the migration. Thank you, Craig Swanson ----------Supporting information --------------------- So far I have done this 1.0.4 to 1.1 prep: I have modified the source schema to use the updated autofs and mozilla ldif files. I have run db2ldif to export the userRoot and NetscapeRoot databases. I have modified the source /opt/fedora-ds/admin-serv/config/adm.conf and local.conf to replace cn=Fedora with cn=389 Bad outcomes: I ran the cross platform migration in order to pull from the modified ldif files. migrate-ds-admin.pl -d --crossplatform --oldsroot=/opt/fedora-ds.104 --actualsroot=/opt/fedora-ds -f /opt/migratePunch.inf The migration failed because I had not dealt with the SSL. Debug output: +[27/Apr/2010:12:44:26 -0400] - 389-Directory/1.2.5 B2010.012.2035 starting up +[27/Apr/2010:12:44:26 -0400] - I'm resizing my cache now...cache was 208736256 and is now 8388608 +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap key for cipher AES +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher AES in attrcrypt_cipher_init +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher AES in attrcrypt_init +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap key for cipher 3DES +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher 3DES in attrcrypt_cipher_init +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher 3DES in attrcrypt_init +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap key for cipher AES +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher AES in attrcrypt_cipher_init +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher AES in attrcrypt_init +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap key for cipher 3DES +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher 3DES in attrcrypt_cipher_init +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher 3DES in attrcrypt_init Disabling SSL in the source: I have tried to disable SSL on the source directory and admin server via the console. Next, I had attempted a migration. The migration completed, but, the console failed authentication on the resulting 1.1 server. http://myserver:64000 I went back to the source server. launching the console http://myserver:64000 also failed authentication. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
