Aaron Hagopian wrote: > So i removed my entire setup and tried to re-setup. Now when I try to > enable SSL for my directory server I get the following error: > > [15/Sep/2010:10:25:45 -0500] - SSL alert: Security Initialization: > Unable to authenticate (Netscape Portable Runtime error -8192 - An > I/O error occurred during security authorization.) > [15/Sep/2010:10:25:45 -0500] - ERROR: SSL Initialization Failed. > > > I tried using my previously working .db files for this instance as > well and did a full re-import for my server cert and the CA cert. I > am working on a fedora 13 machine that is fully up-to-date. grep nsslapd-localuser /etc/dirsrv/slapd-instance/dse.ldif ls -al /etc/dirsrv/slapd-instance try /usr/lib64/dirsrv/slapd-instance/start-slapd -d 1 > > > > > > On Tue, Sep 14, 2010 at 11:43 AM, Aaron Hagopian <airhead1@xxxxxxxxx > <mailto:airhead1@xxxxxxxxx>> wrote: > > Think I figured it out, a while back when I had to do the manual > steps from something like RC5->RC6, my netscapeRoot didn't load > back properly leaving with an empty o=netscapeRoot > > > On Tue, Sep 14, 2010 at 10:20 AM, Rich Megginson > <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>> wrote: > > Aaron Hagopian wrote: > > After upgrading, although it's possible it broke on one of > the RCs > > since I do not usually run the admin server on my development > > environment, when I try to connect using the 389-console I > get an > > error 32, cannot connect to the directory server.... > > > > When I look through the admin-serv logs i see: > > > > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] > > admserv_host_ip_check: ap_get_remote_host could not > resolve 127.0.0.1 > > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] > > admserv_host_ip_check: host [localhost.localdomain] did > not match > > pattern [*.barf.hra.local] -will scan aliases > > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] > > admserv_host_ip_check: host alias [localhost] did not match > > pattern [*.barf.hra.local] > > [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to > > initialize TLS connection to LDAP host > barfolomew.hra.local port > > 389: 4 > > [Tue Sep 14 08:53:43 2010] [notice] [client 127.0.0.1] > > admserv_check_authz(): passing > [/admin-serv/authenticate] to the > > userauth handler > > [Tue Sep 14 08:53:43 2010] [crit] buildUGInfo(): unable to > > initialize TLS connection to LDAP host > barfolomew.hra.local port > > 389: 4 > > > > Now I see what the problem is about the cert name but I > never told the > > admin server to use TLS to connect to the LDAP server and > when I was > > running 1.2.5 I never had this problem. I do run my server > on SSL as > > well on port 636. Is it trying start TLS because it can? > No. Not sure what changed. Take a look at the directory > server access > log from around this time. Let's see what the admin server is > looking > for. Also check /etc/dirsrv/admin-serv/adm.conf and > local.conf for any > tls/ssl/ldaps settings. > > Anyway to disable that since I do not feel like generating a > new cert > > to match my administrative domain I put in when I setup the DS. > http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information > or > http://directory.fedoraproject.org/wiki/Howto:SSL#Admin_Server_SSL_Information > > > > > > > > [root@barfolomew admin-serv]# rpm -qi 389-ds-base > > Name : 389-ds-base Relocations: (not > relocatable) > > Version : 1.2.6 Vendor: > Fedora Project > > Release : 1.fc13 Build Date: Thu > 26 Aug > > 2010 04:34:30 PM CDT > > Install Date: Mon 13 Sep 2010 09:19:02 AM CDT Build Host: > > x86-20.phx2.fedoraproject.org > <http://x86-20.phx2.fedoraproject.org> > <http://x86-20.phx2.fedoraproject.org> > > Group : System Environment/Daemons Source RPM: > > 389-ds-base-1.2.6-1.fc13.src.rpm > > Size : 6043179 License: > GPLv2 with > > exceptions > > Signature : RSA/SHA256, Thu 26 Aug 2010 08:43:14 PM CDT, > Key ID > > 7edc6ad6e8e40fde > > Packager : Fedora Project > > URL : http://port389.org/ > > Summary : 389 Directory Server (base) > > Description : > > 389 Directory Server is an LDAPv3 compliant server. The > base package > > includes > > the LDAP server and command line utilities for server > administration. > > > > [root@barfolomew admin-serv]# rpm -qi 389-admin > > Name : 389-admin Relocations: (not > relocatable) > > Version : 1.1.11 Vendor: > Fedora Project > > Release : 1.fc13 Build Date: Thu > 26 Aug > > 2010 04:53:40 PM CDT > > Install Date: Mon 13 Sep 2010 09:19:35 AM CDT Build Host: > > x86-20.phx2.fedoraproject.org > <http://x86-20.phx2.fedoraproject.org> > <http://x86-20.phx2.fedoraproject.org> > > Group : System Environment/Daemons Source RPM: > > 389-admin-1.1.11-1.fc13.src.rpm > > Size : 1510119 License: > GPLv2 and ASL 2.0 > > Signature : RSA/SHA256, Thu 26 Aug 2010 08:49:10 PM CDT, > Key ID > > 7edc6ad6e8e40fde > > Packager : Fedora Project > > URL : http://port389.org/ > > Summary : 389 Administration Server (admin) > > Description : > > 389 Administration Server is an HTTP agent that provides > management > > features > > for 389 Directory Server. It provides some management web > apps that can > > be used through a web browser. It provides the > authentication, access > > control, > > and CGI utilities used by the console. > > > > > > > > > > On Mon, Sep 13, 2010 at 2:03 PM, Rich Megginson > <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx> > > <mailto:rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>>> > wrote: > > > > The 389 team is pleased to announce the availability of > version 1.2.6. > > This release is essentially the same as 1.2.6 RC7. > > > > * Release Notes - http://port389.org/wiki/Release_Notes > > * Install_Guide - http://port389.org/wiki/Install_Guide > > * Download - http://port389.org/wiki/Download > > > > === New features === > > * Upgrade_to_New_DN_Format > > > http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format > > ** in order to make sure DN valued attributes can be > searched > > correctly, > > an upgrade will automatically fix these values in the > database > > > > * Replication_Session_Hooks > > > http://directory.fedoraproject.org/wiki/Replication_Session_Hooks > > ** API for plugins to intercept replication session at > various points > > > > * Managed Entries - > > http://directory.fedoraproject.org/wiki/Managed_Entry_Design > > ** Used, for example, to automatically create the user's > group entry > > when adding a user entry > > > > * Subtree Rename and Entry Move (modifyDN with newSuperior) > > ** https://bugzilla.redhat.com/show_bug.cgi?id=429005 > > ** ability to rename a node that has children > > ** ability to move a node, with or without children, to > another > > parent node > > > > * Security Enhancements > > ** SELinux Policy > > http://directory.fedoraproject.org/wiki/SELinux_Policy > > *** https://bugzilla.redhat.com/show_bug.cgi?id=442228 > > > > * Matching rules > > ** support for all RFC 4517 matching rules (except the > > FirstComponent ones) > > > > === Bugs Fixed === > > This release contains many, many bug fixes. The > complete list of bugs > > fixed is found at the link below. Note that bugs marked > as MODIFIED > > have been fixed but are still in testing. > > * Tracking bug for 1.2.6 release - > > > https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0 > <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0> > > > <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0 > <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0>> > > > > > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>> > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
