I am pretty close to a fully functional set of puppet modules to set up ApacheDS with one hitch, ApacheDS fails to start when using my own keystore. I get the following error '[20:51:35] ERROR [org.apache.directory.server.ApacheDsService] - Cannot start the server : ERR_683 Failed to create a SSL context.' You will see below the values of ads-keystoreFile and ads-certificatePassword. After the ldif you will find the print out of a -list from keytool. I haven't seen anything in the configuration schemas to indicate that I have forgotten something. Ideas?
dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config ads-transports: ldap ads-transports: ldaps ads-serverid: ldapServer ads-searchbasedn: ou=users,ou=system ads-replreqhandler: org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandler ads-enabled: TRUE ads-saslprincipal: ldap/[email protected] ads-saslrealms: example.com ads-saslrealms: apache.org objectclass: ads-server objectclass: ads-ldapServer objectclass: ads-dsBasedServer objectclass: ads-base objectclass: top ads-saslmechhandlers: CRAM-MD5 ads-saslmechhandlers: DIGEST-MD5 ads-saslmechhandlers: GSS-SPNEGO ads-saslmechhandlers: GSSAPI ads-saslmechhandlers: NTLM ads-saslmechhandlers: SIMPLE ads-confidentialityrequired: FALSE ads-maxsizelimit: 1000 ads-maxtimelimit: 15000 ads-extendedophandlers: gracefulShutdownHandler ads-extendedophandlers: starttlshandler ads-extendedophandlers: storedprochandler ads-saslhost: ldap.dc1.puppetlabs.net ads-keystoreFile: /etc/apacheds/apacheds.jks ads-certificatePassword: password == keytool -list -keystore /etc/apacheds/apacheds.jks -storepass password Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries startcom_certification_authority, Jun 11, 2012, trustedCertEntry, Certificate fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16 startssl_sub.class1.server.ca, Jun 11, 2012, trustedCertEntry, Certificate fingerprint (MD5): 30:B0:5A:F7:B2:F4:BE:0C:28:67:15:EA:CC:5B:24:20 yellow.dc1.puppetlabs.net, Jun 11, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): C3:CF:0E:DC:61:D6:F0:4C:54:E3:D7:F2:BE:DF:E0:BD -- Cody Herriges Operations Engineer - Puppet Labs pgp key: 0x5DB77142 @ pgp.mit.edu
