389-ds installation when setting the Configuration Server to a remote host over SSL seems to go fine until it tries to start dirsrv-admin.
... Configuration directory server URL [ldap://<local FQDN>:389/o=NetscapeRoot]: ldaps://<Config Server FQDN>:636/o=NetscapeRoot ... CA certificate filename: /etc/openldap/cacerts/<base64 cert file> ... output: Server failed to start !!! Please check errors log for problems output: [FAILED] /var/log/dirsrv/admin-serv/error: [Wed Feb 08 13:35:26 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Wed Feb 08 13:35:32 2012] [crit] sslinit: NSS is required to use LDAPS, but security initialization failed [-12285:Unable to find the certificate or key necessary for authentication.]. Cannot start server
The server, has however successfully registered itself with the remote Configuration Directory Server. (shows up in the server group in 389-Console and Directory Server is available).
SELinux Status:
$ sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive
389 RPM's installed:
389-admin-console-doc-1.1.8-1.el6.noarch 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64 389-admin-console-1.1.8-1.el6.noarch 389-adminutil-1.1.14-2.el6.x86_64 389-ds-console-1.2.6-1.el6.noarch 389-ds-1.2.2-1.el6.noarch 389-ds-base-1.2.9.14-1.el6_2.2.x86_64 389-ds-console-doc-1.2.6-1.el6.noarch 389-console-1.1.7-1.el6.noarch 389-admin-1.1.25-1.el6.x86_64 389-dsgw-1.1.7-2.el6.x86_64
Certificate stored during the installation procedure:
[root@<host> admin-serv]# certutil -d . -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CA certificate CT,,
Which leads me to believe that it should be able to at least find the certificate... I also checked file/directory ownership and permissions which match those on the working ‘master’ server.
389-Users mailing list thread http://lists.fedoraproject.org/pipermail/389-users/2012-February/014063.html
set default ticket origin to Community
Added initial screened field value.
Not sure how to reproduce this. I'll note that a couple of NSS problems related to NSS, openldap, and admin server have been fixed in the latest version RHEL 6.4.z. Please try upgrading to the latest RHEL 6.4.z packages.
Since there's no response for more than 10 months, we are closing this ticket for now.
Please reopen the ticket if the issue is still observed on the supported versions.
Metadata Update from @nhosoi: - Issue assigned to rmeggins - Issue set to the milestone: 389-admin,console 1.1.36
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/287
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.