Hi German, Many Thanks for reply.
Yes, that SSL was checked by mistake and after that it did not came up. I am now able to start Admin server but seeing below error in logs and it simply do not connect to LDAP Sever. [Wed Sep 24 01:26:10 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server [Wed Sep 24 01:26:11 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server [Wed Sep 24 01:26:11 2014] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache. [Wed Sep 24 01:26:11 2014] [notice] Access Host filter is: *.initd.in [Wed Sep 24 01:26:11 2014] [notice] Access Address filter is: * [Wed Sep 24 01:26:12 2014] [notice] Apache/2.2.15 (Unix) configured -- resuming normal operations [Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server [Wed Sep 24 01:26:12 2014] [error] Could not bind as []: ldap error -1: Can't contact LDAP server [Wed Sep 24 01:26:12 2014] [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache. [Wed Sep 24 01:26:12 2014] [notice] Access Host filter is: *.initd.in [Wed Sep 24 01:26:12 2014] [notice] Access Address filter is: * [root@vm-ser-master-01 admin-serv]# cat /etc/dirsrv/admin-serv/local.conf | grep nsAdminAccessHosts configuration.nsAdminAccessHosts: *.initd.in [root@vm-ser-master-01 admin-serv]# [root@vm-ser-repo-01 ~]# ldapsearch -x -D "cn=ldap" -W Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) adm.conf: userdn: uid=ldap,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot sysuser: ldap sysgroup: ldap SuiteSpotUserID: ldap SuiteSpotGroup: ldap sie: cn=admin-serv-vm-ser-master-01,cn=389 Administration Server,cn=Server Group,cn=vm-ser-master-01.initd.in,ou=initd.in,o=NetscapeRoot securitydir: /etc/dirsrv/admin-serv ldapurl: ldap://ldap.initd.in:389/o=NetscapeRoot ldapStart: /usr/lib64/dirsrv/slapd-vm-ser-master-01/start-slapd isie: cn=389 Administration Server,cn=Server Group,cn= vm-ser-master-01.initd.in,ou=initd.in,o=NetscapeRoot AdminDomain: initd.in [root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv-admin status dirsrv-admin (pid 5364) is running... [root@vm-ser-master-01 admin-serv]# ps -ef | grep 5364 root 5364 1 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf root 5367 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf ldap 5368 5364 0 01:26 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf root 5720 3618 0 01:34 pts/0 00:00:00 grep 5364 [root@vm-ser-master-01 admin-serv]# lsof -i:9830 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd.wor 5364 root 3u IPv4 38803 0t0 TCP *:9830 (LISTEN) httpd.wor 5368 ldap 3u IPv4 38803 0t0 TCP *:9830 (LISTEN) [root@vm-ser-master-01 admin-serv]# access logs: 192.168.0.111 - cn=ldap [23/Sep/2014:04:03:49 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 192.168.0.111 - cn=ldap [23/Sep/2014:04:03:55 +0530] "POST /admin-serv/tasks/configuration/SecurityOp HTTP/1.0" 200 308 192.168.0.111 - cn=ldap [23/Sep/2014:04:04:04 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 192.168.0.112 - cn=ldap [23/Sep/2014:04:04:19 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 192.168.0.111 - cn=ldap [23/Sep/2014:04:04:10 +0530] "POST /admin-serv/tasks/Operation/Restart HTTP/1.0" 200 240 192.168.0.112 - cn=ldap [23/Sep/2014:04:04:35 +0530] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 192.168.0.111 - cn=ldap [24/Sep/2014:01:13:27 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470 192.168.0.111 - cn=ldap [24/Sep/2014:01:13:48 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470 192.168.0.111 - - [24/Sep/2014:01:14:08 +0530] "\x16\x03\x01" 302 309 192.168.0.111 - cn=ldap [24/Sep/2014:01:14:20 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470 192.168.0.111 - cn=ldap [24/Sep/2014:01:14:38 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470 192.168.0.111 - cn=config [24/Sep/2014:01:17:36 +0530] "GET /admin-serv/authenticate HTTP/1.0" 401 470 While trying to start DS. [root@vm-ser-master-01 admin-serv]# /etc/init.d/dirsrv start Starting dirsrv: vm-ser-master-01... [FAILED] *** Warning: 1 instance(s) failed to start [root@vm-ser-master-01 admin-serv]# No log trace in slapd logs. [root@vm-ser-master-01 admin-serv]# lsof -i:389 [root@vm-ser-master-01 admin-serv]# lsof -i:636 Please suggest. *Best Regards,__________________________________________* *Yogesh Sharma* *Email: [email protected] <[email protected]> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Tue, Sep 23, 2014 at 5:42 PM, German Parente <[email protected]> wrote: > > Hi Yogesh, > > seems there's no certificate in admin server. I don't see how you could > enable ssl in admin and not have any certificate in admin certificate db. > > To disable ssl, you could follow this article: > > https://access.redhat.com/solutions/762573 > > Thanks and regards, > > German. > > ----- Original Message ----- > > From: "Yogesh Sharma" <[email protected]> > > To: [email protected] > > Sent: Tuesday, September 23, 2014 1:54:12 AM > > Subject: [389-users] Issue Starting Admin Server after Enabling SSL in > Admin Server. > > > > Hi, > > > > > > My 389-ds is using SSL in Directory Server. Once I checked the checkbox > in > > Admin Server to use SSL and try to restart it (admin) it is failing. The > > logs says as below: > > > > [Tue Sep 23 05:20:35 2014] [notice] SELinux policy enabled; httpd > running as > > context unconfined_u:system_r:httpd_t:s0 > > [Tue Sep 23 05:20:36 2014] [crit] sslinit: NSS is required to use LDAPS, > but > > security initialization failed [-12285:Unable to find the certificate or > key > > necessary for authentication.]. Cannot start server > > > > > > [root@vm-ser-master-01 admin-serv]# certutil -d /etc/dirsrv/admin-serv > -L > > > > Certificate Nickname Trust Attributes > > SSL,S/MIME,JAR/XPI > > > > [root@vm-ser-master-01 admin-serv]# > > > > > > > > [root@vm-ser-master-01 admin-serv]# certutil -d > > /etc/dirsrv/slapd-vm-ser-master-01/ -L > > > > Certificate Nickname Trust Attributes > > SSL,S/MIME,JAR/XPI > > > > ca.initd.in CT,, > > server-cert u,u,u > > [root@vm-ser-master-01 admin-serv]# > > > > > > I also tried disbaling SSL to revert back but it is failing and No > messages > > in Log. Please suggest further to fix or revert this. > > > > > > Best Regards, > > __________________________________________ > > Yogesh Sharma > > > > > > > > -- > > 389 users mailing list > > [email protected] > > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
