Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2546E998B for ; Tue, 12 Jun 2012 03:58:07 +0000 (UTC) Received: (qmail 86842 invoked by uid 500); 12 Jun 2012 03:58:06 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 86794 invoked by uid 500); 12 Jun 2012 03:58:06 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 86752 invoked by uid 99); 12 Jun 2012 03:58:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Jun 2012 03:58:04 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of c.a.herriges@gmail.com designates 209.85.160.50 as permitted sender) Received: from [209.85.160.50] (HELO mail-pb0-f50.google.com) (209.85.160.50) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Jun 2012 03:57:57 +0000 Received: by pbbrr4 with SMTP id rr4so240738pbb.37 for ; Mon, 11 Jun 2012 20:57:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=kAnNM1W5zSmGI+oWy+4zl4WoJAr3fizFkhTuffRH6UY=; b=Lbzs1ZLth4yqYMvb42168m3CEcAovKwXXAiy67psoKVHqtktycrsqVmkLYv5JYiqcM 2ZWUNbzUtVFhGYNMvgBq55B3zACbB4slox/WaDpgUi9jIMU4snNni8ViOhgvdwYYWlRm Wj5ILBqhBNU31jXc9Gas0yBYgCb6wyC93wXmjIrRcORldGCG57s4TkrklLfmYRjDkDaN jvrpctFWWgyXvugMmY2G2nGL5mKJrDfG3mydGNWtKR/IlLCcrVNWfoihGXPuwkvI3r+1 T/Eyucv8GRwgkQY0fmZOJF8DsxAemKyQSXQD4nU1epUwQgHRZa3qyW0ptMVsA6tBH66O 5B+g== Received: by 10.68.220.39 with SMTP id pt7mr22313471pbc.40.1339473454841; Mon, 11 Jun 2012 20:57:34 -0700 (PDT) Received: from [192.168.2.4] (static-50-53-30-1.bvtn.or.frontiernet.net. [50.53.30.1]) by mx.google.com with ESMTPS id os1sm520465pbb.49.2012.06.11.20.57.33 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 11 Jun 2012 20:57:34 -0700 (PDT) From: Cody Herriges Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Java keystone issues in 2.0.0-M7 Date: Mon, 11 Jun 2012 20:57:32 -0700 Message-Id: To: users@directory.apache.org Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) I am pretty close to a fully functional set of puppet modules to set up = ApacheDS with one hitch, ApacheDS fails to start when using my own = keystore. I get the following error '[20:51:35] ERROR = [org.apache.directory.server.ApacheDsService] - Cannot start the server = : ERR_683 Failed to create a SSL context.' You will see below the = values of ads-keystoreFile and ads-certificatePassword. After the ldif = you will find the print out of a -list from keytool. I haven't seen = anything in the configuration schemas to indicate that I have forgotten = something. Ideas? dn: = ads-serverId=3DldapServer,ou=3Dservers,ads-directoryServiceId=3Ddefault,ou= =3Dconfig ads-transports: ldap ads-transports: ldaps ads-serverid: ldapServer ads-searchbasedn: ou=3Dusers,ou=3Dsystem ads-replreqhandler: = org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandl= er ads-enabled: TRUE ads-saslprincipal: ldap/ldap.example.com@EXAMPLE.COM ads-saslrealms: example.com ads-saslrealms: apache.org objectclass: ads-server objectclass: ads-ldapServer objectclass: ads-dsBasedServer objectclass: ads-base objectclass: top ads-saslmechhandlers: CRAM-MD5 ads-saslmechhandlers: DIGEST-MD5 ads-saslmechhandlers: GSS-SPNEGO ads-saslmechhandlers: GSSAPI ads-saslmechhandlers: NTLM ads-saslmechhandlers: SIMPLE ads-confidentialityrequired: FALSE ads-maxsizelimit: 1000 ads-maxtimelimit: 15000 ads-extendedophandlers: gracefulShutdownHandler ads-extendedophandlers: starttlshandler ads-extendedophandlers: storedprochandler ads-saslhost: ldap.dc1.puppetlabs.net ads-keystoreFile: /etc/apacheds/apacheds.jks ads-certificatePassword: password =3D=3D keytool -list -keystore /etc/apacheds/apacheds.jks -storepass password Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries startcom_certification_authority, Jun 11, 2012, trustedCertEntry, Certificate fingerprint (MD5): = 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16 startssl_sub.class1.server.ca, Jun 11, 2012, trustedCertEntry, Certificate fingerprint (MD5): = 30:B0:5A:F7:B2:F4:BE:0C:28:67:15:EA:CC:5B:24:20 yellow.dc1.puppetlabs.net, Jun 11, 2012, PrivateKeyEntry,=20 Certificate fingerprint (MD5): = C3:CF:0E:DC:61:D6:F0:4C:54:E3:D7:F2:BE:DF:E0:BD -- Cody Herriges Operations Engineer - Puppet Labs pgp key: 0x5DB77142 @ pgp.mit.edu