Fedora directory users - Nov 2006 - v1.0.4 SSL: Could not open file slapd-<servername>-cert8.db

Hi all,

While trying to enable SSL on a v1.0.4 FDS directory instance, an 
attempt to click on "Manage Certificates" results in the above error 
message.

In v1.0.2, the certificate database was in /opt/fedora-ds/alias, and in 
this case the database was created in this directory and is owned by 
ldap:ldap (the user running the ldap server).

No indication is given as to why the file could not be opened, nor is an 
indication given of which path is being used to find the database.

Does anyone have any ideas?

Regards,
Graham
--

Check the permissions on the folder. I''ve had problems where the file
is owned by ldap but the folder isn''t.

Gordon

On 11/12/06, Graham Leggett <minfrin@sharp.fm>
wrote:
> Hi all,
>
> While trying to enable SSL on a v1.0.4 FDS directory instance, an
> attempt to click on "Manage Certificates" results in the above
error
> message.
>
> In v1.0.2, the certificate database was in /opt/fedora-ds/alias, and in
> this case the database was created in this directory and is owned by
> ldap:ldap (the user running the ldap server).
>
> No indication is given as to why the file could not be opened, nor is an
> indication given of which path is being used to find the database.
>
> Does anyone have any ideas?
>
> Regards,
> Graham
> --
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Gordon May wrote:
> Check the permissions on the folder. I''ve had problems where the
file
> is owned by ldap but the folder isn''t.
The alias folder in this case is owned by the ldap:ldap user/group, 
which in turn matches the user running the slapd server.

The admin server is running as root, so should not have hassles (the 
admin server can see the admin server certificate database, it cannot 
however find the directory server certificate database).

Regards,
Graham
--

Graham Leggett wrote:
> Hi all,
>
> While trying to enable SSL on a v1.0.4 FDS directory instance, an 
> attempt to click on "Manage Certificates" results in the above
error
> message.
Was this an upgrade install or a fresh install?  I''ve tried to
reproduce
this with a fresh install of fds1.0.4.  I did the setup with all of the 
defaults, including the default nobody:nobody (I didn''t create an ldap 
user).  After running the console, I went into the directory server 
console, ran Manage Certificates, entered the new password for the 
cert/key db, and pressed ok.  I got no errors.  This is what I had:
ls -al /opt/fedora-ds/alias
drwxrwxr-x  2 nobody nobody   4096 Nov  13 11:09 .
drwxr-xr-x 15 root root   4096 Nov  13 11:09 ..
-rwxr-xr-x  1 nobody nobody 239744 Nov  7 21:38 libnssckbi.so
-rw-------  1 nobody nobody  16384 Nov  13 11:09 secmod.db
-rw-------  1 nobody nobody  65536 Nov  13 11:09 slapd-localhost-cert8.db
-rw-------  1 nobody nobody  16384 Nov  13 11:09 slapd-localhost-key3.db

>
> In v1.0.2, the certificate database was in /opt/fedora-ds/alias, and 
> in this case the database was created in this directory and is owned 
> by ldap:ldap (the user running the ldap server).
>
> No indication is given as to why the file could not be opened, nor is 
> an indication given of which path is being used to find the database.
You can use startconsole -D to get more information.  If the problem is 
with the admin server, you can use start-admin -e debug or edit 
admin-serv/config/httpd.conf and change LogLevel to
debug.
>
> Does anyone have any ideas?
>
> Regards,
> Graham
> -- 
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users