Description of problem: ns-slapd: Fails to start with the following after attempting to install a self-signed SSL certificate and key. SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.): path: /opt/fedora-ds/alias/, certdb prefix: slapd-ldap-, keydb prefix: slapd-ldap-. Version-Release number of selected component (if applicable): How reproducible: Everytime Steps to Reproduce: 1. Installed fedora-ds-1.0.2... using default values. Server starts 2. Follow the directions HowTo:SSL 2a. Follow directions for self-signed certificate 3. restart ns-slapd Actual results: See error message above Expected results: Server to start. Additional info:
What are the contents of your /opt/fedora-ds/alias directory? e.g. do an ls -l /opt/fedora-ds/alias and attach the output to this bug.
Created attachment 121883 [details] ls directory listing of /opt/fedora-ds/alias I've attempted to change the permissions on the all the files so that they were readable, thinking that it may have been a permssision problem. Some additional information: This system is running FC3 completely update-to-date with the latest updates via 'yum'
Is your directory server running as uid ldap? If so, try changing all of your files to be owned by ldap e.g. chown ldap:ldap *.db
That corrected the problem. So FDS 1.0 now checks for file ownership and not whether the file is readable? Thanks again
No, it has to open the key/cert db in read-write mode. However, it's safer to change the owner rather than leave the files with wide open read-write permissions. Was this a fresh FDS 1.0 installation? The server is supposed to chmod/chown those files appropriately, so this step should have been unnecessary. Did you change the server uid after running setup?
No further response from customer. Appears to have be a configuration problem Closing bug
Bug already CLOSED. setting screened+ flag