Richard Hesse
2007-Oct-06 00:27 UTC
[Fedora-directory-users] slapi search internal errors popping up in error log
[06/Oct/2007:00:24:51 +0000] - slapi_search_internal ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 I''m guessing that this is cert related, but the TLS/SSL operations are working fine. However, I noticed that I can no longer view the encryption tab for this server in the console. Any ideas what this error means or how to fix it? Thanks. -richard
Richard Megginson
2007-Oct-06 20:46 UTC
Re: [Fedora-directory-users] slapi search internal errors popping up in error log
Richard Hesse wrote:> > [06/Oct/2007:00:24:51 +0000] - slapi_search_internal > ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, > O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 > > > > I''m guessing that this is cert related, but the TLS/SSL operations are > working fine. >Are you using client cert based authentication? cat /opt/fedora-ds/slapd-instance/config/certmap.conf /opt/fedora-ds/shared/config/certmap.conf> > However, I noticed that I can no longer view the encryption tab for > this server in the console. >What error do you get when you try to view the encryption tab? ls -al /opt/fedora-ds/alias> > > > Any ideas what this error means or how to fix it? > > > > Thanks. > > > > -richard > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Richard Hesse
2007-Oct-08 17:53 UTC
RE: [Fedora-directory-users] slapi search internal errors popping up in error log
No, we''re not using client certs but that doesn''t preclude someone using their own certs. No certmap.conf in the instance directory and it looks like the shared one is stock: cat certmap.conf | grep -v "#" certmap default default The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs. Alias directory: drwxr-xr-x 2 nobody nobody 4096 Oct 8 17:42 . drwxr-xr-x 15 root root 4096 Oct 8 17:42 .. -rwxr-xr-x 1 root nobody 347368 Oct 6 00:22 libnssckbi.so -rw------- 1 nobody nobody 16384 Oct 6 00:24 secmod.db -rw------- 1 nobody nobody 65536 Oct 6 00:22 slapd-fds-cert8.db -rw------- 1 nobody nobody 16384 Oct 6 00:22 slapd-fds-key3.db -r-------- 1 nobody nobody 41 Oct 6 00:22 slapd-fds-pin.txt Thanks in advance. -richard -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Saturday, October 06, 2007 1:46 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log Richard Hesse wrote:> > [06/Oct/2007:00:24:51 +0000] - slapi_search_internal > ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, > O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 > > > > I''m guessing that this is cert related, but the TLS/SSL operations are > working fine. >Are you using client cert based authentication? cat /opt/fedora-ds/slapd-instance/config/certmap.conf /opt/fedora-ds/shared/config/certmap.conf> > However, I noticed that I can no longer view the encryption tab for > this server in the console. >What error do you get when you try to view the encryption tab? ls -al /opt/fedora-ds/alias> > > > Any ideas what this error means or how to fix it? > > > > Thanks. > > > > -richard > > ---------------------------------------------------------------------- > -- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Richard Megginson
2007-Oct-08 18:08 UTC
Re: [Fedora-directory-users] slapi search internal errors popping up in error log
Richard Hesse wrote:> No, we''re not using client certs but that doesn''t preclude someone using their own certs. > > No certmap.conf in the instance directory and it looks like the shared one is stock: > cat certmap.conf | grep -v "#" > certmap default default > > The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs. >Check the admin server access and error log - /opt/fedora-ds/admin-serv/logs> Alias directory: > drwxr-xr-x 2 nobody nobody 4096 Oct 8 17:42 . > drwxr-xr-x 15 root root 4096 Oct 8 17:42 .. > -rwxr-xr-x 1 root nobody 347368 Oct 6 00:22 libnssckbi.so > -rw------- 1 nobody nobody 16384 Oct 6 00:24 secmod.db > -rw------- 1 nobody nobody 65536 Oct 6 00:22 slapd-fds-cert8.db > -rw------- 1 nobody nobody 16384 Oct 6 00:22 slapd-fds-key3.db > -r-------- 1 nobody nobody 41 Oct 6 00:22 slapd-fds-pin.txt > > > Thanks in advance. > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson > Sent: Saturday, October 06, 2007 1:46 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log > > Richard Hesse wrote: > >> [06/Oct/2007:00:24:51 +0000] - slapi_search_internal >> ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, >> O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 >> >> >> >> I''m guessing that this is cert related, but the TLS/SSL operations are >> working fine. >> >> > Are you using client cert based authentication? > > cat /opt/fedora-ds/slapd-instance/config/certmap.conf > /opt/fedora-ds/shared/config/certmap.conf > >> However, I noticed that I can no longer view the encryption tab for >> this server in the console. >> >> > What error do you get when you try to view the encryption tab? > > ls -al /opt/fedora-ds/alias > >> >> Any ideas what this error means or how to fix it? >> >> >> >> Thanks. >> >> >> >> -richard >> >> ---------------------------------------------------------------------- >> -- >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Richard Hesse
2007-Oct-08 19:22 UTC
RE: [Fedora-directory-users] slapi search internal errors popping up in error log
Nothing really informative in the admin server logs. Just the 500''s being recorded: 10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620 -richard -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Monday, October 08, 2007 11:09 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log Richard Hesse wrote:> No, we''re not using client certs but that doesn''t preclude someone using their own certs. > > No certmap.conf in the instance directory and it looks like the shared one is stock: > cat certmap.conf | grep -v "#" > certmap default default > > The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs. >Check the admin server access and error log - /opt/fedora-ds/admin-serv/logs> Alias directory: > drwxr-xr-x 2 nobody nobody 4096 Oct 8 17:42 . > drwxr-xr-x 15 root root 4096 Oct 8 17:42 .. > -rwxr-xr-x 1 root nobody 347368 Oct 6 00:22 libnssckbi.so > -rw------- 1 nobody nobody 16384 Oct 6 00:24 secmod.db > -rw------- 1 nobody nobody 65536 Oct 6 00:22 slapd-fds-cert8.db > -rw------- 1 nobody nobody 16384 Oct 6 00:22 slapd-fds-key3.db > -r-------- 1 nobody nobody 41 Oct 6 00:22 slapd-fds-pin.txt > > > Thanks in advance. > > -richard > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of > Richard Megginson > Sent: Saturday, October 06, 2007 1:46 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] slapi search internal errors > popping up in error log > > Richard Hesse wrote: > >> [06/Oct/2007:00:24:51 +0000] - slapi_search_internal >> ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, >> O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 >> >> >> >> I''m guessing that this is cert related, but the TLS/SSL operations >> are working fine. >> >> > Are you using client cert based authentication? > > cat /opt/fedora-ds/slapd-instance/config/certmap.conf > /opt/fedora-ds/shared/config/certmap.conf > >> However, I noticed that I can no longer view the encryption tab for >> this server in the console. >> >> > What error do you get when you try to view the encryption tab? > > ls -al /opt/fedora-ds/alias > >> >> Any ideas what this error means or how to fix it? >> >> >> >> Thanks. >> >> >> >> -richard >> >> --------------------------------------------------------------------- >> - >> -- >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Richard Megginson
2007-Oct-08 21:16 UTC
Re: [Fedora-directory-users] slapi search internal errors popping up in error log
Richard Hesse wrote:> Nothing really informative in the admin server logs. Just the 500''s being recorded: > > 10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620 >ps -ef|grep httpd ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config # do the following only after obscuring any sensitive data cat /opt/fedora-ds/shared/config/dbswitch.conf cat /opt/fedora-ds/admin-serv/config/adm.conf> -richard > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson > Sent: Monday, October 08, 2007 11:09 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log > > Richard Hesse wrote: > >> No, we''re not using client certs but that doesn''t preclude someone using their own certs. >> >> No certmap.conf in the instance directory and it looks like the shared one is stock: >> cat certmap.conf | grep -v "#" >> certmap default default >> >> The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs. >> >> > Check the admin server access and error log - /opt/fedora-ds/admin-serv/logs > >> Alias directory: >> drwxr-xr-x 2 nobody nobody 4096 Oct 8 17:42 . >> drwxr-xr-x 15 root root 4096 Oct 8 17:42 .. >> -rwxr-xr-x 1 root nobody 347368 Oct 6 00:22 libnssckbi.so >> -rw------- 1 nobody nobody 16384 Oct 6 00:24 secmod.db >> -rw------- 1 nobody nobody 65536 Oct 6 00:22 slapd-fds-cert8.db >> -rw------- 1 nobody nobody 16384 Oct 6 00:22 slapd-fds-key3.db >> -r-------- 1 nobody nobody 41 Oct 6 00:22 slapd-fds-pin.txt >> >> >> Thanks in advance. >> >> -richard >> >> -----Original Message----- >> From: fedora-directory-users-bounces@redhat.com >> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of >> Richard Megginson >> Sent: Saturday, October 06, 2007 1:46 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] slapi search internal errors >> popping up in error log >> >> Richard Hesse wrote: >> >> >>> [06/Oct/2007:00:24:51 +0000] - slapi_search_internal >>> ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, >>> O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 >>> >>> >>> >>> I''m guessing that this is cert related, but the TLS/SSL operations >>> are working fine. >>> >>> >>> >> Are you using client cert based authentication? >> >> cat /opt/fedora-ds/slapd-instance/config/certmap.conf >> /opt/fedora-ds/shared/config/certmap.conf >> >> >>> However, I noticed that I can no longer view the encryption tab for >>> this server in the console. >>> >>> >>> >> What error do you get when you try to view the encryption tab? >> >> ls -al /opt/fedora-ds/alias >> >> >>> Any ideas what this error means or how to fix it? >>> >>> >>> >>> Thanks. >>> >>> >>> >>> -richard >>> >>> --------------------------------------------------------------------- >>> - >>> -- >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Richard Hesse
2007-Oct-08 22:09 UTC
RE: [Fedora-directory-users] slapi search internal errors popping up in error log
ps -ef | grep httpd root 2231 1 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf root 2317 2231 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf nobody 2320 2231 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf root 4830 2425 0 21:58 pts/0 00:00:00 grep httpd # ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config /opt/fedora-ds/admin-serv/config: total 84 drwxr-xr-x 2 nobody nobody 4096 Oct 5 18:31 . drwxr-xr-x 6 root root 4096 Sep 27 03:24 .. -rw-r--r-- 1 root root 0 Oct 5 18:31 Admin -rw------- 1 nobody nobody 350 Sep 27 03:24 adm.conf -rw------- 1 nobody nobody 54 Sep 27 03:24 admpw -rw------- 1 root root 4598 Sep 27 03:24 admserv.conf -rw------- 1 nobody nobody 3733 Sep 27 03:24 console.conf -rw------- 1 root root 26784 Sep 27 03:24 httpd.conf -rw-r--r-- 1 root root 16632 Oct 5 05:07 local.conf -rw------- 1 nobody nobody 4573 Sep 27 03:24 nss.conf /opt/fedora-ds/admin-serv/logs: total 1652 drwxr-xr-x 2 root root 4096 Oct 8 21:59 . drwxr-xr-x 6 root root 4096 Sep 27 03:24 .. -rw-r--r-- 1 root root 500844 Oct 5 04:59 access srwx------ 1 nobody root 0 Oct 8 19:12 cgisock.2231 -rw-r--r-- 1 root root 1164192 Oct 8 19:12 error -rw-r--r-- 1 root root 5 Oct 8 19:12 pid cat /opt/fedora-ds/shared/config/dbswitch.conf directory default ldap://localhost:22000/o%3DNetscapeRoot cat /opt/fedora-ds/admin-serv/config/adm.conf ldapHost: localhost ldapPort: 22000 sie: cn=admin-serv-$host, cn=Fedora Administration Server, cn=Server Group,$host,ou=$domain,o=NetscapeRoot userdn: cn=directory manager isie: cn=Fedora Administration Server, cn=Server Group,cn=$host,ou=$domain,o=NetscapeRoot port: 22628 Upon later inspection of the admin-serv error logs, I noticed this: [Mon Oct 08 19:12:40 2007] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache. -richard -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson Sent: Monday, October 08, 2007 2:16 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log Richard Hesse wrote:> Nothing really informative in the admin server logs. Just the 500''s being recorded: > > 10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST > /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620 >ps -ef|grep httpd ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config # do the following only after obscuring any sensitive data cat /opt/fedora-ds/shared/config/dbswitch.conf cat /opt/fedora-ds/admin-serv/config/adm.conf> -richard > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of > Richard Megginson > Sent: Monday, October 08, 2007 11:09 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] slapi search internal errors > popping up in error log > > Richard Hesse wrote: > >> No, we''re not using client certs but that doesn''t preclude someone using their own certs. >> >> No certmap.conf in the instance directory and it looks like the shared one is stock: >> cat certmap.conf | grep -v "#" >> certmap default default >> >> The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs. >> >> > Check the admin server access and error log - > /opt/fedora-ds/admin-serv/logs > >> Alias directory: >> drwxr-xr-x 2 nobody nobody 4096 Oct 8 17:42 . >> drwxr-xr-x 15 root root 4096 Oct 8 17:42 .. >> -rwxr-xr-x 1 root nobody 347368 Oct 6 00:22 libnssckbi.so >> -rw------- 1 nobody nobody 16384 Oct 6 00:24 secmod.db >> -rw------- 1 nobody nobody 65536 Oct 6 00:22 slapd-fds-cert8.db >> -rw------- 1 nobody nobody 16384 Oct 6 00:22 slapd-fds-key3.db >> -r-------- 1 nobody nobody 41 Oct 6 00:22 slapd-fds-pin.txt >> >> >> Thanks in advance. >> >> -richard >> >> -----Original Message----- >> From: fedora-directory-users-bounces@redhat.com >> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of >> Richard Megginson >> Sent: Saturday, October 06, 2007 1:46 PM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] slapi search internal errors >> popping up in error log >> >> Richard Hesse wrote: >> >> >>> [06/Oct/2007:00:24:51 +0000] - slapi_search_internal >>> ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, >>> O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 >>> >>> >>> >>> I''m guessing that this is cert related, but the TLS/SSL operations >>> are working fine. >>> >>> >>> >> Are you using client cert based authentication? >> >> cat /opt/fedora-ds/slapd-instance/config/certmap.conf >> /opt/fedora-ds/shared/config/certmap.conf >> >> >>> However, I noticed that I can no longer view the encryption tab for >>> this server in the console. >>> >>> >>> >> What error do you get when you try to view the encryption tab? >> >> ls -al /opt/fedora-ds/alias >> >> >>> Any ideas what this error means or how to fix it? >>> >>> >>> >>> Thanks. >>> >>> >>> >>> -richard >>> >>> -------------------------------------------------------------------- >>> - >>> - >>> -- >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Richard Megginson
2007-Oct-08 22:47 UTC
Re: [Fedora-directory-users] slapi search internal errors popping up in error log
Richard Hesse wrote:> ps -ef | grep httpd > root 2231 1 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf > root 2317 2231 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf > nobody 2320 2231 0 19:12 ? 00:00:00 /usr/sbin//httpd.worker -k start -d /opt/fedora-ds/admin-serv -f /opt/fedora-ds/admin-serv/config/httpd.conf > root 4830 2425 0 21:58 pts/0 00:00:00 grep httpd > > # ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config > /opt/fedora-ds/admin-serv/config: > total 84 > drwxr-xr-x 2 nobody nobody 4096 Oct 5 18:31 . > drwxr-xr-x 6 root root 4096 Sep 27 03:24 .. > -rw-r--r-- 1 root root 0 Oct 5 18:31 Admin > -rw------- 1 nobody nobody 350 Sep 27 03:24 adm.conf > -rw------- 1 nobody nobody 54 Sep 27 03:24 admpw > -rw------- 1 root root 4598 Sep 27 03:24 admserv.conf > -rw------- 1 nobody nobody 3733 Sep 27 03:24 console.conf > -rw------- 1 root root 26784 Sep 27 03:24 httpd.conf > -rw-r--r-- 1 root root 16632 Oct 5 05:07 local.conf > -rw------- 1 nobody nobody 4573 Sep 27 03:24 nss.conf > > /opt/fedora-ds/admin-serv/logs: > total 1652 > drwxr-xr-x 2 root root 4096 Oct 8 21:59 . > drwxr-xr-x 6 root root 4096 Sep 27 03:24 .. > -rw-r--r-- 1 root root 500844 Oct 5 04:59 access > srwx------ 1 nobody root 0 Oct 8 19:12 cgisock.2231 > -rw-r--r-- 1 root root 1164192 Oct 8 19:12 error > -rw-r--r-- 1 root root 5 Oct 8 19:12 pid > > cat /opt/fedora-ds/shared/config/dbswitch.conf > directory default ldap://localhost:22000/o%3DNetscapeRoot > > cat /opt/fedora-ds/admin-serv/config/adm.conf > ldapHost: localhost > ldapPort: 22000 > sie: cn=admin-serv-$host, cn=Fedora Administration Server, cn=Server Group,$host,ou=$domain,o=NetscapeRoot > userdn: cn=directory manager > isie: cn=Fedora Administration Server, cn=Server Group,cn=$host,ou=$domain,o=NetscapeRoot > port: 22628 > > Upon later inspection of the admin-serv error logs, I noticed this: > > [Mon Oct 08 19:12:40 2007] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache. >Looks like there are some permissions problems. local.conf should be owned by nobody. What is the setting for User in console.conf? Have you changed any settings or admin user names or passwords?> -richard > > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard Megginson > Sent: Monday, October 08, 2007 2:16 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] slapi search internal errors popping up in error log > > Richard Hesse wrote: > >> Nothing really informative in the admin server logs. Just the 500''s being recorded: >> >> 10.69.66.9 - cn=directory manager [08/Oct/2007:17:51:56 +0000] "POST >> /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 500 620 >> >> > ps -ef|grep httpd > ls -al /opt/fedora-ds/admin-serv/logs /opt/fedora-ds/admin-serv/config # do the following only after obscuring any sensitive data cat /opt/fedora-ds/shared/config/dbswitch.conf > cat /opt/fedora-ds/admin-serv/config/adm.conf > >> -richard >> >> -----Original Message----- >> From: fedora-directory-users-bounces@redhat.com >> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of >> Richard Megginson >> Sent: Monday, October 08, 2007 11:09 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: [Fedora-directory-users] slapi search internal errors >> popping up in error log >> >> Richard Hesse wrote: >> >> >>> No, we''re not using client certs but that doesn''t preclude someone using their own certs. >>> >>> No certmap.conf in the instance directory and it looks like the shared one is stock: >>> cat certmap.conf | grep -v "#" >>> certmap default default >>> >>> The error from the configuration tab is just a generic 500. No additional text in the dialog nor in the logs. >>> >>> >>> >> Check the admin server access and error log - >> /opt/fedora-ds/admin-serv/logs >> >> >>> Alias directory: >>> drwxr-xr-x 2 nobody nobody 4096 Oct 8 17:42 . >>> drwxr-xr-x 15 root root 4096 Oct 8 17:42 .. >>> -rwxr-xr-x 1 root nobody 347368 Oct 6 00:22 libnssckbi.so >>> -rw------- 1 nobody nobody 16384 Oct 6 00:24 secmod.db >>> -rw------- 1 nobody nobody 65536 Oct 6 00:22 slapd-fds-cert8.db >>> -rw------- 1 nobody nobody 16384 Oct 6 00:22 slapd-fds-key3.db >>> -r-------- 1 nobody nobody 41 Oct 6 00:22 slapd-fds-pin.txt >>> >>> >>> Thanks in advance. >>> >>> -richard >>> >>> -----Original Message----- >>> From: fedora-directory-users-bounces@redhat.com >>> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of >>> Richard Megginson >>> Sent: Saturday, October 06, 2007 1:46 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] slapi search internal errors >>> popping up in error log >>> >>> Richard Hesse wrote: >>> >>> >>> >>>> [06/Oct/2007:00:24:51 +0000] - slapi_search_internal >>>> ("CN=fds1.sv.powerset.com, OU=Domain Control Validated, >>>> O=fds1.sv.powerset.com", subtree, objectclass=*) err 32 >>>> >>>> >>>> >>>> I''m guessing that this is cert related, but the TLS/SSL operations >>>> are working fine. >>>> >>>> >>>> >>>> >>> Are you using client cert based authentication? >>> >>> cat /opt/fedora-ds/slapd-instance/config/certmap.conf >>> /opt/fedora-ds/shared/config/certmap.conf >>> >>> >>> >>>> However, I noticed that I can no longer view the encryption tab for >>>> this server in the console. >>>> >>>> >>>> >>>> >>> What error do you get when you try to view the encryption tab? >>> >>> ls -al /opt/fedora-ds/alias >>> >>> >>> >>>> Any ideas what this error means or how to fix it? >>>> >>>> >>>> >>>> Thanks. >>>> >>>> >>>> >>>> -richard >>>> >>>> -------------------------------------------------------------------- >>>> - >>>> - >>>> -- >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >