]> Posts for August 2019 🌐:aligrant.com

openSUSE 15.1 creating new directory server instance

Alastair Grant | Saturday 3 August 2019

openSUSE 15.1 YaST has options for creating new "directory server instance" (that's, LDAP).  It's a very basic form that takes some credential information and generates the "389 Directory Server" bits in the back end.  It looks simple enough, put in your hostname, what you want to name your instance, your LDAP settings and, allegedly: optional SSL files.

But, whilst the certificate fields aren't labelled as mandatory, they indeed are.  This is probably a good thing, as X509 certificates are easy enough to come by these days.

The problem comes when you get:

Failed to enable TLS! Log output may be found in /root/yast2-auth-server-dir-setup.log

Which doesn't say much useful.  More information comes from the logs: journalctl -eu dirsrv@[instance]

- ERR - attrcrypt_fetch_private_key - Can't find certificate Server-Cert: -5950 - File not found.

Which is odd, as you've literally just specified a certificate to use.  It seems there is a missing step, and that's to copy said certificate into /etc/dirsrv/slapd-[Instance]/Server-Cert.  Once that file is in place, the whole thing seems to start up.

Wiping the instance

If you have messed up this instance and want to try again, you won't be able to as the name will already be in use.  New instances are created in /etc/dirsrv/slapd-[instance].  If you want to start again, delete this directory.  If you want to rollback everything, then remove the package 389-ds, being sure to enable cleanup.  This will remove the remaining files in the neighbouring directories.  The wizard will reinstall this package when you try creating an instance again.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.

Entries for: August 2019