Scott Ding
2007-Sep-10 20:38 UTC
[Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)?
Rob Crittenden
2007-Sep-11 14:24 UTC
Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Scott Ding wrote:> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >In theory this should work ok. I spent a little time many months ago to try to build it on Solaris 10 x86 and nearly got there before running out of time and I never got back to it because I needed to reclaim the disk space :-( I would recommend the manual build process defined at http://directory.fedoraproject.org/wiki/Building . I would avoid the "one-step build" because I suspect this is going to be very iterative and while the auto-fetching is nice developing in that environment just adds another layer of pain. It is possible to build on Solaris with gcc, the trick is figuring out the magic to tell the various components to use it. I think things like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set that to 1 and give it a go. There may be other tweaks required. And note that the manual instructions just cover the server itself. For console, the plugins, etc there is more to do. rob
Scott Ding
2007-Sep-11 14:59 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Thanks for the tips! I will give it a try. -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob Crittenden Sent: Tuesday, September 11, 2007 7:25 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Scott Ding wrote:> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >In theory this should work ok. I spent a little time many months ago to try to build it on Solaris 10 x86 and nearly got there before running out of time and I never got back to it because I needed to reclaim the disk space :-( I would recommend the manual build process defined at http://directory.fedoraproject.org/wiki/Building . I would avoid the "one-step build" because I suspect this is going to be very iterative and while the auto-fetching is nice developing in that environment just adds another layer of pain. It is possible to build on Solaris with gcc, the trick is figuring out the magic to tell the various components to use it. I think things like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set that to 1 and give it a go. There may be other tweaks required. And note that the manual instructions just cover the server itself. For console, the plugins, etc there is more to do. rob
Scott Ding
2007-Sep-11 21:49 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Rob, We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The compiled result contains the following files: LICENSE.txt README.txt disktune slapd.tar.gz After I untar slapd.tar.gz, I got the following: alias manual shared bin - slapd - admin - server - install - property -lib lib plugins I checked the Installation Guide. The instructions are based on RedHat. Are there any installation instructions based on Solaris? Regards, Scott -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob Crittenden Sent: Tuesday, September 11, 2007 7:25 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Scott Ding wrote:> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >In theory this should work ok. I spent a little time many months ago to try to build it on Solaris 10 x86 and nearly got there before running out of time and I never got back to it because I needed to reclaim the disk space :-( I would recommend the manual build process defined at http://directory.fedoraproject.org/wiki/Building . I would avoid the "one-step build" because I suspect this is going to be very iterative and while the auto-fetching is nice developing in that environment just adds another layer of pain. It is possible to build on Solaris with gcc, the trick is figuring out the magic to tell the various components to use it. I think things like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set that to 1 and give it a go. There may be other tweaks required. And note that the manual instructions just cover the server itself. For console, the plugins, etc there is more to do. rob
Richard Megginson
2007-Sep-11 21:54 UTC
Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Scott Ding wrote:> Rob, > > We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The compiled > result contains the following files: > > LICENSE.txt > README.txt > disktune > slapd.tar.gz > > > After I untar slapd.tar.gz, I got the following: > > alias > manual > shared > bin > - slapd > - admin > - server > - install > - property > -lib > lib > plugins > > I checked the Installation Guide. The instructions are based on RedHat. > Are there any installation instructions based on Solaris? >Is there a setup command in there somewhere?> Regards, > Scott > > > > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob > Crittenden > Sent: Tuesday, September 11, 2007 7:25 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris > 10? > > Scott Ding wrote: > >> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >> >> > > In theory this should work ok. > > I spent a little time many months ago to try to build it on Solaris 10 > x86 and nearly got there before running out of time and I never got back > to it because I needed to reclaim the disk space :-( > > I would recommend the manual build process defined at > http://directory.fedoraproject.org/wiki/Building . I would avoid the > "one-step build" because I suspect this is going to be very iterative > and while the auto-fetching is nice developing in that environment just > adds another layer of pain. > > It is possible to build on Solaris with gcc, the trick is figuring out > the magic to tell the various components to use it. I think things like > NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set that to 1 > and give it a go. There may be other tweaks required. > > And note that the manual instructions just cover the server itself. For > console, the plugins, etc there is more to do. > > rob > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Scott Ding
2007-Sep-11 23:17 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
I got the FDS installed on Solaris 10 by calling ds_newinst.pl with a inf file. However, when I tried to start the FDS, I got the following error. It looks like I did not set up SSL correctly. Can anyone help? [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8174 - security library: bad database.): path: /home/dings/fds/alias/, certdb prefix: slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. -----Original Message----- From: Scott Ding Sent: Tuesday, September 11, 2007 2:50 PM To: General discussion list for the Fedora Directory server project. Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Rob, We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The compiled result contains the following files: LICENSE.txt README.txt disktune slapd.tar.gz After I untar slapd.tar.gz, I got the following: alias manual shared bin - slapd - admin - server - install - property -lib lib plugins I checked the Installation Guide. The instructions are based on RedHat. Are there any installation instructions based on Solaris? Regards, Scott -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob Crittenden Sent: Tuesday, September 11, 2007 7:25 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Scott Ding wrote:> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >In theory this should work ok. I spent a little time many months ago to try to build it on Solaris 10 x86 and nearly got there before running out of time and I never got back to it because I needed to reclaim the disk space :-( I would recommend the manual build process defined at http://directory.fedoraproject.org/wiki/Building . I would avoid the "one-step build" because I suspect this is going to be very iterative and while the auto-fetching is nice developing in that environment just adds another layer of pain. It is possible to build on Solaris with gcc, the trick is figuring out the magic to tell the various components to use it. I think things like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set that to 1 and give it a go. There may be other tweaks required. And note that the manual instructions just cover the server itself. For console, the plugins, etc there is more to do. rob
Richard Megginson
2007-Sep-12 00:55 UTC
Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Scott Ding wrote:> I got the FDS installed on Solaris 10 by calling ds_newinst.pl with a > inf file. However, when I tried to start the FDS, I got the following > error. It looks like I did not set up SSL correctly. Can anyone help? > > [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: NSS > initialization failed (Netscape Portable Runtime error -8174 - security > library: bad database.): path: /home/dings/fds/alias/, certdb prefix: > slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >Does the directory /home/dings/fds/alias exist? Is it owned by the server user? Is it writable by the server user?> [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. > > -----Original Message----- > From: Scott Ding > Sent: Tuesday, September 11, 2007 2:50 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris > 10? > > Rob, > > We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The compiled > result contains the following files: > > LICENSE.txt > README.txt > disktune > slapd.tar.gz > > > After I untar slapd.tar.gz, I got the following: > > alias > manual > shared > bin > - slapd > - admin > - server > - install > - property > -lib > lib > plugins > > I checked the Installation Guide. The instructions are based on RedHat. > Are there any installation instructions based on Solaris? > > Regards, > Scott > > > > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob > Crittenden > Sent: Tuesday, September 11, 2007 7:25 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris > 10? > > Scott Ding wrote: > >> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >> >> > > In theory this should work ok. > > I spent a little time many months ago to try to build it on Solaris 10 > x86 and nearly got there before running out of time and I never got back > to it because I needed to reclaim the disk space :-( > > I would recommend the manual build process defined at > http://directory.fedoraproject.org/wiki/Building . I would avoid the > "one-step build" because I suspect this is going to be very iterative > and while the auto-fetching is nice developing in that environment just > adds another layer of pain. > > It is possible to build on Solaris with gcc, the trick is figuring out > the magic to tell the various components to use it. I think things like > NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set that to 1 > and give it a go. There may be other tweaks required. > > And note that the manual instructions just cover the server itself. For > console, the plugins, etc there is more to do. > > rob > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Scott Ding
2007-Sep-12 02:56 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
/home/dings/fds/alias does exist. I am starting FDS by using start-slapd as root user. /home/dings/fds/alias is writable by the server. It looks like start-slapd is looking for some certificate under /home/dings/fds/alias. I checked the content under /home/dings/alias. It contains only one file: libnssckbi.so. -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Tuesday, September 11, 2007 5:56 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Scott Ding wrote:> I got the FDS installed on Solaris 10 by calling ds_newinst.pl with a > inf file. However, when I tried to start the FDS, I got the following > error. It looks like I did not set up SSL correctly. Can anyone help? > > [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: NSS> initialization failed (Netscape Portable Runtime error -8174 - > security > library: bad database.): path: /home/dings/fds/alias/, certdb prefix: > slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >Does the directory /home/dings/fds/alias exist? Is it owned by the server user? Is it writable by the server user?> [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. > > -----Original Message----- > From: Scott Ding > Sent: Tuesday, September 11, 2007 2:50 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris> 10? > > Rob, > > We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The > compiled result contains the following files: > > LICENSE.txt > README.txt > disktune > slapd.tar.gz > > > After I untar slapd.tar.gz, I got the following: > > alias > manual > shared > bin > - slapd > - admin > - server > - install > - property > -lib > lib > plugins > > I checked the Installation Guide. The instructions are based onRedHat.> Are there any installation instructions based on Solaris? > > Regards, > Scott > > > > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob > Crittenden > Sent: Tuesday, September 11, 2007 7:25 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris> 10? > > Scott Ding wrote: > >> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >> >> > > In theory this should work ok. > > I spent a little time many months ago to try to build it on Solaris 10 > x86 and nearly got there before running out of time and I never got > back to it because I needed to reclaim the disk space :-( > > I would recommend the manual build process defined at > http://directory.fedoraproject.org/wiki/Building . I would avoid the > "one-step build" because I suspect this is going to be very iterative > and while the auto-fetching is nice developing in that environment > just adds another layer of pain. > > It is possible to build on Solaris with gcc, the trick is figuring out> the magic to tell the various components to use it. I think things > like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set > that to 1 and give it a go. There may be other tweaks required. > > And note that the manual instructions just cover the server itself. > For console, the plugins, etc there is more to do. > > rob > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Dave Augustus
2007-Sep-12 11:49 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote:> /home/dings/fds/alias does exist. I am starting FDS by using start-slapd > as root user. /home/dings/fds/alias is writable by the server. It looks > like start-slapd is looking for some certificate under > /home/dings/fds/alias. I checked the content under /home/dings/alias. It > contains only one file: libnssckbi.so. > > > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard > Megginson > Sent: Tuesday, September 11, 2007 5:56 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris > 10? > > Scott Ding wrote: > > I got the FDS installed on Solaris 10 by calling ds_newinst.pl with a > > inf file. However, when I tried to start the FDS, I got the following > > error. It looks like I did not set up SSL correctly. Can anyone help? > > > > [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: NSS > > > initialization failed (Netscape Portable Runtime error -8174 - > > security > > library: bad database.): path: /home/dings/fds/alias/, certdb prefix: > > slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. > > > Does the directory /home/dings/fds/alias exist? Is it owned by the > server user? Is it writable by the server user? > > [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. > > > > -----Original Message----- > > From: Scott Ding > > Sent: Tuesday, September 11, 2007 2:50 PM > > To: General discussion list for the Fedora Directory server project. > > Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris > > > 10? > > > > Rob, > > > > We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The > > compiled result contains the following files: > > > > LICENSE.txt > > README.txt > > disktune > > slapd.tar.gz > > > > > > After I untar slapd.tar.gz, I got the following: > > > > alias > > manual > > shared > > bin > > - slapd > > - admin > > - server > > - install > > - property > > -lib > > lib > > plugins > > > > I checked the Installation Guide. The instructions are based on > RedHat. > > Are there any installation instructions based on Solaris? > > > > Regards, > > Scott > > > > > > > > > > -----Original Message----- > > From: fedora-directory-users-bounces@redhat.com > > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob > > Crittenden > > Sent: Tuesday, September 11, 2007 7:25 AM > > To: General discussion list for the Fedora Directory server project. > > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris > > > 10? > > > > Scott Ding wrote: > > > >> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? > >> > >> > > > > In theory this should work ok. > > > > I spent a little time many months ago to try to build it on Solaris 10 > > x86 and nearly got there before running out of time and I never got > > back to it because I needed to reclaim the disk space :-( > > > > I would recommend the manual build process defined at > > http://directory.fedoraproject.org/wiki/Building . I would avoid the > > "one-step build" because I suspect this is going to be very iterative > > and while the auto-fetching is nice developing in that environment > > just adds another layer of pain. > > > > It is possible to build on Solaris with gcc, the trick is figuring out > > > the magic to tell the various components to use it. I think things > > like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set > > that to 1 and give it a go. There may be other tweaks required. > > > > And note that the manual instructions just cover the server itself. > > For console, the plugins, etc there is more to do. > > > > rob > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-usersMy guess is that you just need to create the cert files. Look for the certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on Solaris). Do certutil-bin -h . The cert db files will need to be named appropriately and located in alias. Something like: slapd-lsctsol06-key3.db slapd-lsctsol06-cert8.db Also, I think that secmod.db is needed but I don''t know what it contains. Dave
Rob Crittenden
2007-Sep-12 13:08 UTC
Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Dave Augustus wrote:> > > On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote: >> /home/dings/fds/alias does exist. I am starting FDS by using start-slapd >> as root user. /home/dings/fds/alias is writable by the server. It looks >> like start-slapd is looking for some certificate under >> /home/dings/fds/alias. I checked the content under /home/dings/alias. It >> contains only one file: libnssckbi.so. >> >> >> >> -----Original Message----- >> From: fedora-directory-users-bounces@redhat.com <mailto:fedora-directory-users-bounces@redhat.com> >> [mailto:fedora-directory-users-bounces@redhat.com <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of Richard >> Megginson >> Sent: Tuesday, September 11, 2007 5:56 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris >> 10? >> >> Scott Ding wrote: >> > I got the FDS installed on Solaris 10 by calling ds_newinst.pl with a >> > inf file. However, when I tried to start the FDS, I got the following >> > error. It looks like I did not set up SSL correctly. Can anyone help? >> > >> > [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: NSS >> >> > initialization failed (Netscape Portable Runtime error -8174 - >> > security >> > library: bad database.): path: /home/dings/fds/alias/, certdb prefix: >> > slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >> > >> Does the directory /home/dings/fds/alias exist? Is it owned by the >> server user? Is it writable by the server user? >> > [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. >> > >> > -----Original Message----- >> > From: Scott Ding >> > Sent: Tuesday, September 11, 2007 2:50 PM >> > To: General discussion list for the Fedora Directory server project. >> > Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris >> >> > 10? >> > >> > Rob, >> > >> > We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The >> > compiled result contains the following files: >> > >> > LICENSE.txt >> > README.txt >> > disktune >> > slapd.tar.gz >> > >> > >> > After I untar slapd.tar.gz, I got the following: >> > >> > alias >> > manual >> > shared >> > bin >> > - slapd >> > - admin >> > - server >> > - install >> > - property >> > -lib >> > lib >> > plugins >> > >> > I checked the Installation Guide. The instructions are based on >> RedHat. >> > Are there any installation instructions based on Solaris? >> > >> > Regards, >> > Scott >> > >> > >> > >> > >> > -----Original Message----- >> > From: fedora-directory-users-bounces@redhat.com <mailto:fedora-directory-users-bounces@redhat.com> >> > [mailto:fedora-directory-users-bounces@redhat.com <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of Rob >> > Crittenden >> > Sent: Tuesday, September 11, 2007 7:25 AM >> > To: General discussion list for the Fedora Directory server project. >> > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris >> >> > 10? >> > >> > Scott Ding wrote: >> > >> >> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >> >> >> >> >> > >> > In theory this should work ok. >> > >> > I spent a little time many months ago to try to build it on Solaris 10 >> > x86 and nearly got there before running out of time and I never got >> > back to it because I needed to reclaim the disk space :-( >> > >> > I would recommend the manual build process defined at >> > http://directory.fedoraproject.org/wiki/Building . I would avoid the >> > "one-step build" because I suspect this is going to be very iterative >> > and while the auto-fetching is nice developing in that environment >> > just adds another layer of pain. >> > >> > It is possible to build on Solaris with gcc, the trick is figuring out >> >> > the magic to tell the various components to use it. I think things >> > like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set >> > that to 1 and give it a go. There may be other tweaks required. >> > >> > And note that the manual instructions just cover the server itself. >> > For console, the plugins, etc there is more to do. >> > >> > rob >> > >> > >> > -- >> > Fedora-directory-users mailing list >> > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > My guess is that you just need to create the cert files. Look for the > certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on > Solaris). Do certutil-bin -h . The cert db files will need to be named > appropriately and located in alias. Something like: > slapd-lsctsol06-key3.db > slapd-lsctsol06-cert8.db > Also, I think that secmod.db is needed but I don''t know what it contains.Solaris should already have certutil. You need to run something like: # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06- Note that there is a trailing dash. This is important. You''ll be prompted to set a security password. Enter one or just press ENTER twice to not set one. That should do the trick. rob
Scott Ding
2007-Sep-12 17:46 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Using the certutil-bin instructions given by Rob, I was able to generate slapd-lsctsol06-key3.db,slapd-lsctsol06-cert8.db, and secmod.db successfully under /home/dings/fds/alias. However, when I call start-slapd as root, I still get the same errors. Attached is the errors log file under logs. -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob Crittenden Sent: Wednesday, September 12, 2007 6:09 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Dave Augustus wrote:> > > On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote: >> /home/dings/fds/alias does exist. I am starting FDS by using >> start-slapd as root user. /home/dings/fds/alias is writable by the >> server. It looks like start-slapd is looking for some certificate >> under /home/dings/fds/alias. I checked the content under >> /home/dings/alias. It contains only one file: libnssckbi.so. >> >> >> >> -----Original Message----- >> From: fedora-directory-users-bounces@redhat.com >> <mailto:fedora-directory-users-bounces@redhat.com> >> [mailto:fedora-directory-users-bounces@redhat.com >> <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >> Richard Megginson >> Sent: Tuesday, September 11, 2007 5:56 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >> Solaris 10? >> >> Scott Ding wrote: >> > I got the FDS installed on Solaris 10 by calling ds_newinst.pl with >> > a inf file. However, when I tried to start the FDS, I got the >> > following error. It looks like I did not set up SSL correctly. Can anyone help? >> > >> > [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: >> > NSS >> >> > initialization failed (Netscape Portable Runtime error -8174 - >> > security >> > library: bad database.): path: /home/dings/fds/alias/, certdb prefix: >> > slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >> > >> Does the directory /home/dings/fds/alias exist? Is it owned by the >> server user? Is it writable by the server user? >> > [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. >> > >> > -----Original Message----- >> > From: Scott Ding >> > Sent: Tuesday, September 11, 2007 2:50 PM >> > To: General discussion list for the Fedora Directory server project. >> > Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on >> > Solaris >> >> > 10? >> > >> > Rob, >> > >> > We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The >> > compiled result contains the following files: >> > >> > LICENSE.txt >> > README.txt >> > disktune >> > slapd.tar.gz >> > >> > >> > After I untar slapd.tar.gz, I got the following: >> > >> > alias >> > manual >> > shared >> > bin >> > - slapd >> > - admin >> > - server >> > - install >> > - property >> > -lib >> > lib >> > plugins >> > >> > I checked the Installation Guide. The instructions are based on >> RedHat. >> > Are there any installation instructions based on Solaris? >> > >> > Regards, >> > Scott >> > >> > >> > >> > >> > -----Original Message----- >> > From: fedora-directory-users-bounces@redhat.com >> > <mailto:fedora-directory-users-bounces@redhat.com> >> > [mailto:fedora-directory-users-bounces@redhat.com >> > <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >> > Rob Crittenden >> > Sent: Tuesday, September 11, 2007 7:25 AM >> > To: General discussion list for the Fedora Directory server project. >> > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >> > Solaris >> >> > 10? >> > >> > Scott Ding wrote: >> > >> >> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >> >> >> >> >> > >> > In theory this should work ok. >> > >> > I spent a little time many months ago to try to build it on Solaris >> > 10 >> > x86 and nearly got there before running out of time and I never got >> > back to it because I needed to reclaim the disk space :-( >> > >> > I would recommend the manual build process defined at >> > http://directory.fedoraproject.org/wiki/Building . I would avoid >> > the "one-step build" because I suspect this is going to be very >> > iterative and while the auto-fetching is nice developing in that >> > environment just adds another layer of pain. >> > >> > It is possible to build on Solaris with gcc, the trick is figuring >> > out >> >> > the magic to tell the various components to use it. I think things >> > like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set >> > that to 1 and give it a go. There may be other tweaks required. >> > >> > And note that the manual instructions just cover the server itself. >> > For console, the plugins, etc there is more to do. >> > >> > rob >> > >> > >> > -- >> > Fedora-directory-users mailing list >> > Fedora-directory-users@redhat.com >> > <mailto:Fedora-directory-users@redhat.com> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> <mailto:Fedora-directory-users@redhat.com> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > My guess is that you just need to create the cert files. Look for the > certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on > Solaris). Do certutil-bin -h . The cert db files will need to be named > appropriately and located in alias. Something like: > slapd-lsctsol06-key3.db > slapd-lsctsol06-cert8.db > Also, I think that secmod.db is needed but I don't know what it contains.Solaris should already have certutil. You need to run something like: # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06- Note that there is a trailing dash. This is important. You'll be prompted to set a security password. Enter one or just press ENTER twice to not set one. That should do the trick. rob
Rob Crittenden
2007-Sep-12 18:06 UTC
Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Scott Ding wrote:> Using the certutil-bin instructions given by Rob, I was able to generate slapd-lsctsol06-key3.db,slapd-lsctsol06-cert8.db, and secmod.db successfully under /home/dings/fds/alias. However, when I call start-slapd as root, I still get the same errors. Attached is the errors log file under logs. >Are the files readable by the user the server run as? You can find out what that is configured by by looking for nsslapd-localuser in config/dse.ldif. I''m a glutton for punishment so I might run truss on the start script and look for where the NSS database is being opened and see if any errors are thrown (EPERM, etc). You''ll need a flag to follow forks, I think it is -f. rob> -----Original Message----- > From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob Crittenden > Sent: Wednesday, September 12, 2007 6:09 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? > > Dave Augustus wrote: >> >> On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote: >>> /home/dings/fds/alias does exist. I am starting FDS by using >>> start-slapd as root user. /home/dings/fds/alias is writable by the >>> server. It looks like start-slapd is looking for some certificate >>> under /home/dings/fds/alias. I checked the content under >>> /home/dings/alias. It contains only one file: libnssckbi.so. >>> >>> >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces@redhat.com >>> <mailto:fedora-directory-users-bounces@redhat.com> >>> [mailto:fedora-directory-users-bounces@redhat.com >>> <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >>> Richard Megginson >>> Sent: Tuesday, September 11, 2007 5:56 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >>> Solaris 10? >>> >>> Scott Ding wrote: >>>> I got the FDS installed on Solaris 10 by calling ds_newinst.pl with >>>> a inf file. However, when I tried to start the FDS, I got the >>>> following error. It looks like I did not set up SSL correctly. Can anyone help? >>>> >>>> [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: >>>> NSS >>>> initialization failed (Netscape Portable Runtime error -8174 - >>>> security >>>> library: bad database.): path: /home/dings/fds/alias/, certdb prefix: >>>> slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >>>> >>> Does the directory /home/dings/fds/alias exist? Is it owned by the >>> server user? Is it writable by the server user? >>>> [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. >>>> >>>> -----Original Message----- >>>> From: Scott Ding >>>> Sent: Tuesday, September 11, 2007 2:50 PM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on >>>> Solaris >>>> 10? >>>> >>>> Rob, >>>> >>>> We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The >>>> compiled result contains the following files: >>>> >>>> LICENSE.txt >>>> README.txt >>>> disktune >>>> slapd.tar.gz >>>> >>>> >>>> After I untar slapd.tar.gz, I got the following: >>>> >>>> alias >>>> manual >>>> shared >>>> bin >>>> - slapd >>>> - admin >>>> - server >>>> - install >>>> - property >>>> -lib >>>> lib >>>> plugins >>>> >>>> I checked the Installation Guide. The instructions are based on >>> RedHat. >>>> Are there any installation instructions based on Solaris? >>>> >>>> Regards, >>>> Scott >>>> >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces@redhat.com >>>> <mailto:fedora-directory-users-bounces@redhat.com> >>>> [mailto:fedora-directory-users-bounces@redhat.com >>>> <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >>>> Rob Crittenden >>>> Sent: Tuesday, September 11, 2007 7:25 AM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >>>> Solaris >>>> 10? >>>> >>>> Scott Ding wrote: >>>> >>>>> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >>>>> >>>>> >>>> In theory this should work ok. >>>> >>>> I spent a little time many months ago to try to build it on Solaris >>>> 10 >>>> x86 and nearly got there before running out of time and I never got >>>> back to it because I needed to reclaim the disk space :-( >>>> >>>> I would recommend the manual build process defined at >>>> http://directory.fedoraproject.org/wiki/Building . I would avoid >>>> the "one-step build" because I suspect this is going to be very >>>> iterative and while the auto-fetching is nice developing in that >>>> environment just adds another layer of pain. >>>> >>>> It is possible to build on Solaris with gcc, the trick is figuring >>>> out >>>> the magic to tell the various components to use it. I think things >>>> like NSS, NSPR and FDS itself use the env variable NS_USE_GCC. Set >>>> that to 1 and give it a go. There may be other tweaks required. >>>> >>>> And note that the manual instructions just cover the server itself. >>>> For console, the plugins, etc there is more to do. >>>> >>>> rob >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> <mailto:Fedora-directory-users@redhat.com> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> <mailto:Fedora-directory-users@redhat.com> >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> My guess is that you just need to create the cert files. Look for the >> certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on >> Solaris). Do certutil-bin -h . The cert db files will need to be named >> appropriately and located in alias. Something like: >> slapd-lsctsol06-key3.db >> slapd-lsctsol06-cert8.db >> Also, I think that secmod.db is needed but I don''t know what it contains. > > Solaris should already have certutil. You need to run something like: > > # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06- > > Note that there is a trailing dash. This is important. > > You''ll be prompted to set a security password. Enter one or just press ENTER twice to not set one. > > That should do the trick. > > rob > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Scott Ding
2007-Sep-12 19:57 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
The three certificate db files need to be read/write. After I changed them, the NSS initialization errors are gone. However, I now get server failed to start prompt on the console. The logs/errors does not show any specific errors. I used the truss on start-slapd. It seems complaining it could not find logs/startpid. Attached is the errors log file. The tail of truss output below. ---- 4431: getrlimit(RLIMIT_STACK, 0xFFBFF740) = 0 4431: getpid() = 4431 [4388] 4431: setustack(0xFF3A2088) 4431: brk(0x000222F8) = 0 4431: brk(0x000242F8) = 0 4431: stat("/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1", 0xFFBFECF8) = 0 4431: resolvepath("/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1", "/platform/sun4u-us3/lib/libc_psr.so.1", 1023) = 37 4431: open("/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1", O_RDONLY) = 3 4431: mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 3, 0) = 0xFF390000 4431: mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF380000 4431: close(3) = 0 4431: stat("/usr/lib/locale/en_US/en_US.so.3", 0xFFBFEE80) Err#2 ENOENT 4431: open("/usr/lib/locale/en_US/LC_MESSAGES/SUNW_OST_SGS.mo", O_RDONLY) Err#2 ENOENT 4431: open("/usr/lib/locale/en_US/LC_MESSAGES/SUNW_OST_OSLIB.mo", O_RDONLY) Err#2 ENOENT 4431: sigaction(SIGALRM, 0xFFBFFAF0, 0xFFBFFB90) = 0 4388: waitid(P_PID, 4431, 0xFFBFF808, WEXITED|WTRAPPED|WNOWAIT) (sleeping...) 4431: nanosleep(0xFFBFFBC8, 0xFFBFFBC0) = 0 4431: _exit(0) 4388: waitid(P_PID, 4431, 0xFFBFF808, WEXITED|WTRAPPED|WNOWAIT) = 0 4388: ioctl(0, TIOCGPGRP, 0xFFBFF824) = 0 4388: ioctl(0, TCGETS, 0x00039178) = 0 4388: waitid(P_PID, 4431, 0xFFBFF808, WEXITED|WTRAPPED) = 0 4388: brk(0x0003AB20) = 0 4388: read(19, " t e s t ! - f $".., 128) = 128 4388: stat64("/home/dings/fds/slapd-lsctsol06/logs/startpid", 0xFFBFF7C0) Err#2 ENOENT Server failed to start !!! Please check errors log for problems 4388: write(1, " S e r v e r f a i l e".., 64) = 64 4388: _exit(1) -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob Crittenden Sent: Wednesday, September 12, 2007 11:06 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Scott Ding wrote:> Using the certutil-bin instructions given by Rob, I was able to generate slapd-lsctsol06-key3.db,slapd-lsctsol06-cert8.db, and secmod.db successfully under /home/dings/fds/alias. However, when I call start-slapd as root, I still get the same errors. Attached is the errors log file under logs. >Are the files readable by the user the server run as? You can find out what that is configured by by looking for nsslapd-localuser in config/dse.ldif. I'm a glutton for punishment so I might run truss on the start script and look for where the NSS database is being opened and see if any errors are thrown (EPERM, etc). You'll need a flag to follow forks, I think it is -f. rob> -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob > Crittenden > Sent: Wednesday, September 12, 2007 6:09 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? > > Dave Augustus wrote: >> >> On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote: >>> /home/dings/fds/alias does exist. I am starting FDS by using >>> start-slapd as root user. /home/dings/fds/alias is writable by the >>> server. It looks like start-slapd is looking for some certificate >>> under /home/dings/fds/alias. I checked the content under >>> /home/dings/alias. It contains only one file: libnssckbi.so. >>> >>> >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces@redhat.com >>> <mailto:fedora-directory-users-bounces@redhat.com> >>> [mailto:fedora-directory-users-bounces@redhat.com >>> <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >>> Richard Megginson >>> Sent: Tuesday, September 11, 2007 5:56 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >>> Solaris 10? >>> >>> Scott Ding wrote: >>>> I got the FDS installed on Solaris 10 by calling ds_newinst.pl with >>>> a inf file. However, when I tried to start the FDS, I got the >>>> following error. It looks like I did not set up SSL correctly. Can anyone help? >>>> >>>> [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: >>>> NSS >>>> initialization failed (Netscape Portable Runtime error -8174 - >>>> security >>>> library: bad database.): path: /home/dings/fds/alias/, certdb prefix: >>>> slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >>>> >>> Does the directory /home/dings/fds/alias exist? Is it owned by the >>> server user? Is it writable by the server user? >>>> [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. >>>> >>>> -----Original Message----- >>>> From: Scott Ding >>>> Sent: Tuesday, September 11, 2007 2:50 PM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on >>>> Solaris 10? >>>> >>>> Rob, >>>> >>>> We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The >>>> compiled result contains the following files: >>>> >>>> LICENSE.txt >>>> README.txt >>>> disktune >>>> slapd.tar.gz >>>> >>>> >>>> After I untar slapd.tar.gz, I got the following: >>>> >>>> alias >>>> manual >>>> shared >>>> bin >>>> - slapd >>>> - admin >>>> - server >>>> - install >>>> - property >>>> -lib >>>> lib >>>> plugins >>>> >>>> I checked the Installation Guide. The instructions are based on >>> RedHat. >>>> Are there any installation instructions based on Solaris? >>>> >>>> Regards, >>>> Scott >>>> >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces@redhat.com >>>> <mailto:fedora-directory-users-bounces@redhat.com> >>>> [mailto:fedora-directory-users-bounces@redhat.com >>>> <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >>>> Rob Crittenden >>>> Sent: Tuesday, September 11, 2007 7:25 AM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >>>> Solaris 10? >>>> >>>> Scott Ding wrote: >>>> >>>>> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >>>>> >>>>> >>>> In theory this should work ok. >>>> >>>> I spent a little time many months ago to try to build it on Solaris >>>> 10 >>>> x86 and nearly got there before running out of time and I never got >>>> back to it because I needed to reclaim the disk space :-( >>>> >>>> I would recommend the manual build process defined at >>>> http://directory.fedoraproject.org/wiki/Building . I would avoid >>>> the "one-step build" because I suspect this is going to be very >>>> iterative and while the auto-fetching is nice developing in that >>>> environment just adds another layer of pain. >>>> >>>> It is possible to build on Solaris with gcc, the trick is figuring >>>> out the magic to tell the various components to use it. I think >>>> things like NSS, NSPR and FDS itself use the env variable >>>> NS_USE_GCC. Set that to 1 and give it a go. There may be other >>>> tweaks required. >>>> >>>> And note that the manual instructions just cover the server itself. >>>> For console, the plugins, etc there is more to do. >>>> >>>> rob >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> <mailto:Fedora-directory-users@redhat.com> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> <mailto:Fedora-directory-users@redhat.com> >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> My guess is that you just need to create the cert files. Look for the >> certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on >> Solaris). Do certutil-bin -h . The cert db files will need to be >> named appropriately and located in alias. Something like: >> slapd-lsctsol06-key3.db >> slapd-lsctsol06-cert8.db >> Also, I think that secmod.db is needed but I don't know what it contains. > > Solaris should already have certutil. You need to run something like: > > # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06- > > Note that there is a trailing dash. This is important. > > You'll be prompted to set a security password. Enter one or just press ENTER twice to not set one. > > That should do the trick. > > rob > > > > ---------------------------------------------------------------------- > -- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Scott Ding
2007-Sep-12 20:45 UTC
RE: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
I got it working. The logs directory needs executable permission. Thank you all for helping me out! -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob Crittenden Sent: Wednesday, September 12, 2007 11:06 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? Scott Ding wrote:> Using the certutil-bin instructions given by Rob, I was able to generate slapd-lsctsol06-key3.db,slapd-lsctsol06-cert8.db, and secmod.db successfully under /home/dings/fds/alias. However, when I call start-slapd as root, I still get the same errors. Attached is the errors log file under logs. >Are the files readable by the user the server run as? You can find out what that is configured by by looking for nsslapd-localuser in config/dse.ldif. I''m a glutton for punishment so I might run truss on the start script and look for where the NSS database is being opened and see if any errors are thrown (EPERM, etc). You''ll need a flag to follow forks, I think it is -f. rob> -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Rob > Crittenden > Sent: Wednesday, September 12, 2007 6:09 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10? > > Dave Augustus wrote: >> >> On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote: >>> /home/dings/fds/alias does exist. I am starting FDS by using >>> start-slapd as root user. /home/dings/fds/alias is writable by the >>> server. It looks like start-slapd is looking for some certificate >>> under /home/dings/fds/alias. I checked the content under >>> /home/dings/alias. It contains only one file: libnssckbi.so. >>> >>> >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces@redhat.com >>> <mailto:fedora-directory-users-bounces@redhat.com> >>> [mailto:fedora-directory-users-bounces@redhat.com >>> <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >>> Richard Megginson >>> Sent: Tuesday, September 11, 2007 5:56 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >>> Solaris 10? >>> >>> Scott Ding wrote: >>>> I got the FDS installed on Solaris 10 by calling ds_newinst.pl with >>>> a inf file. However, when I tried to start the FDS, I got the >>>> following error. It looks like I did not set up SSL correctly. Can anyone help? >>>> >>>> [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization: >>>> NSS >>>> initialization failed (Netscape Portable Runtime error -8174 - >>>> security >>>> library: bad database.): path: /home/dings/fds/alias/, certdb prefix: >>>> slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-. >>>> >>> Does the directory /home/dings/fds/alias exist? Is it owned by the >>> server user? Is it writable by the server user? >>>> [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed. >>>> >>>> -----Original Message----- >>>> From: Scott Ding >>>> Sent: Tuesday, September 11, 2007 2:50 PM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on >>>> Solaris 10? >>>> >>>> Rob, >>>> >>>> We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The >>>> compiled result contains the following files: >>>> >>>> LICENSE.txt >>>> README.txt >>>> disktune >>>> slapd.tar.gz >>>> >>>> >>>> After I untar slapd.tar.gz, I got the following: >>>> >>>> alias >>>> manual >>>> shared >>>> bin >>>> - slapd >>>> - admin >>>> - server >>>> - install >>>> - property >>>> -lib >>>> lib >>>> plugins >>>> >>>> I checked the Installation Guide. The instructions are based on >>> RedHat. >>>> Are there any installation instructions based on Solaris? >>>> >>>> Regards, >>>> Scott >>>> >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: fedora-directory-users-bounces@redhat.com >>>> <mailto:fedora-directory-users-bounces@redhat.com> >>>> [mailto:fedora-directory-users-bounces@redhat.com >>>> <mailto:fedora-directory-users-bounces@redhat.com>] On Behalf Of >>>> Rob Crittenden >>>> Sent: Tuesday, September 11, 2007 7:25 AM >>>> To: General discussion list for the Fedora Directory server project. >>>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on >>>> Solaris 10? >>>> >>>> Scott Ding wrote: >>>> >>>>> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)? >>>>> >>>>> >>>> In theory this should work ok. >>>> >>>> I spent a little time many months ago to try to build it on Solaris >>>> 10 >>>> x86 and nearly got there before running out of time and I never got >>>> back to it because I needed to reclaim the disk space :-( >>>> >>>> I would recommend the manual build process defined at >>>> http://directory.fedoraproject.org/wiki/Building . I would avoid >>>> the "one-step build" because I suspect this is going to be very >>>> iterative and while the auto-fetching is nice developing in that >>>> environment just adds another layer of pain. >>>> >>>> It is possible to build on Solaris with gcc, the trick is figuring >>>> out the magic to tell the various components to use it. I think >>>> things like NSS, NSPR and FDS itself use the env variable >>>> NS_USE_GCC. Set that to 1 and give it a go. There may be other >>>> tweaks required. >>>> >>>> And note that the manual instructions just cover the server itself. >>>> For console, the plugins, etc there is more to do. >>>> >>>> rob >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> <mailto:Fedora-directory-users@redhat.com> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> <mailto:Fedora-directory-users@redhat.com> >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> My guess is that you just need to create the cert files. Look for the >> certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on >> Solaris). Do certutil-bin -h . The cert db files will need to be >> named appropriately and located in alias. Something like: >> slapd-lsctsol06-key3.db >> slapd-lsctsol06-cert8.db >> Also, I think that secmod.db is needed but I don''t know what it contains. > > Solaris should already have certutil. You need to run something like: > > # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06- > > Note that there is a trailing dash. This is important. > > You''ll be prompted to set a security password. Enter one or just press ENTER twice to not set one. > > That should do the trick. > > rob > > > > ---------------------------------------------------------------------- > -- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Below is an inf file I created. Can someone tell me if it is correct syntactically? I am not sure about Suffix, RootDN. In the installation guide, there are spaces in front of the actual values like this. Suffix= dc=example,dc=com RootDN= cn=Directory Manager Are those spaces required? In my inf, I did not have the spaces. Using LDAP browser, I couldn''t find any objects below dc=example. ------ [General] FullMachineName=lsctsol06.autodesk.com SuiteSpotUserID=nobody ServerRoot=/opt/fds ConfigDirectoryAdminID=admin ConfigDirectoryAdminPwd=test1234 ConfigDirectoryLdapURL=ldap://lsctsol06.autodesk.tld:389/o=NetscapeRoot AdminDomain=lsctsol06.autodesk.com UserDirectoryLdapURL=ldap://lsctsol06.autodesk.tld:389/dc=example,dc=com [slapd] ServerPort=389 ServerIdentifier=lsctsol06 Suffix=dc=example,dc=com RootDN=cn=Directory Manager RootDNPwd=test1234 InstallLdifFile=/opt/fds/bin/slapd/install/ldif/Example.ldif
Scott Ding wrote:> Below is an inf file I created. Can someone tell me if it is correct > syntactically? I am not sure about Suffix, RootDN. In the installation > guide, there are spaces in front of the actual values like this. > > Suffix= dc=example,dc=com > RootDN= cn=Directory Manager > > > Are those spaces required?No.> In my inf, I did not have the spaces. Using > LDAP browser, I couldn''t find any objects below dc=example. >I''m not sure if InstallLdifFile works. Try using ldif2db after ds_newinst> ------ > > [General] > FullMachineName=lsctsol06.autodesk.com > SuiteSpotUserID=nobody > ServerRoot=/opt/fds > ConfigDirectoryAdminID=admin > ConfigDirectoryAdminPwd=test1234 > ConfigDirectoryLdapURL=ldap://lsctsol06.autodesk.tld:389/o=NetscapeRoot > AdminDomain=lsctsol06.autodesk.com > UserDirectoryLdapURL=ldap://lsctsol06.autodesk.tld:389/dc=example,dc=com > [slapd] > ServerPort=389 > ServerIdentifier=lsctsol06 > Suffix=dc=example,dc=com > RootDN=cn=Directory Manager > RootDNPwd=test1234 > InstallLdifFile=/opt/fds/bin/slapd/install/ldif/Example.ldif > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >