Red Hat Bugzilla – Bug 175051
ns-slapd: Fails to start, seems to be unable to find key3.db and cert3.db files
Last modified: 2008-08-11 19:42:58 EDT
Description of problem:
ns-slapd: Fails to start with the following after attempting to install a
self-signed SSL certificate and key.
SSL alert: Security Initialization: NSS initialization failed (Netscape Portable
Runtime error -8192 - An I/O error occurred during security authorization.):
path: /opt/fedora-ds/alias/, certdb prefix: slapd-ldap-, keydb prefix: slapd-ldap-.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Installed fedora-ds-1.0.2... using default values. Server starts
2. Follow the directions HowTo:SSL
2a. Follow directions for self-signed certificate
3. restart ns-slapd
See error message above
Server to start.
What are the contents of your /opt/fedora-ds/alias directory?
e.g. do an
ls -l /opt/fedora-ds/alias
and attach the output to this bug.
Created attachment 121883 [details]
ls directory listing of /opt/fedora-ds/alias
I've attempted to change the permissions on the all the files so that they were
readable, thinking that it may have been a permssision problem.
Some additional information:
This system is running FC3 completely update-to-date with the latest updates
Is your directory server running as uid ldap? If so, try changing all of your
files to be owned by ldap e.g.
chown ldap:ldap *.db
That corrected the problem. So FDS 1.0 now checks for file ownership and not
whether the file is readable?
No, it has to open the key/cert db in read-write mode. However, it's safer to
change the owner rather than leave the files with wide open read-write permissions.
Was this a fresh FDS 1.0 installation? The server is supposed to chmod/chown
those files appropriately, so this step should have been unnecessary. Did you
change the server uid after running setup?
No further response from customer.
Appears to have be a configuration problem
Bug already CLOSED. setting screened+ flag