On Wed, 2005-08-03 at 10:35 -0400, Kevin Kovach wrote: > Hello, > > I've worked through the SSL howto on the FDS site and everything went > well until I got to the part where I modified the schema. > > The /tmp/ssl_enable.ldif modifications that are suggested work well up > to the point where it tries to modify cn=RSA,cn=encryption,cn=config > > To be specific, the recommended changes are as follows... > > dn: cn=encryption,cn=config > changetype: modify > replace: nsSSL3 > nsSSL3: on > - > replace: nsSSLClientAuth > nsSSLClientAuth: allowed > - > add: nsSSL3Ciphers > nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha, > +rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fo > - > add: nsKeyfile > nsKeyfile: alias/slapd-directory-key3.db > - > add: nsCertfile > nsCertfile: alias/slapd-directory-cert8.db > > dn: cn=RSA,cn=encryption,cn=config > changetype: modify > add: nsSSLPersonalitySSL > nsSSLPersonalitySSL: Server-Cert > > dn: cn=config > changetype: modify > add: nsslapd-security > nsslapd-security: on > - > replace: nsslapd-ssl-check-hostname > nsslapd-ssl-check-hostname: off > > It seems as though when I get to the point where I want to add the > 'nsSSLPersonalitySSL' attribute my directory server complains that the > 'cn=RSA,cn=encryption,cn=config' object does not exist to be modified. > > I don't see anywhere in the HOWTO where I would have created this > object. Am I missing something? Thanks. > > - Kevin > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users Refresh the wiki page I have updated this problem. Thanks for pointing that out please create an ldif /tmp/addrsa.ldif and have the following : dn: cn=RSA,cn=encryption,cn=config objectclass: top objectclass: nsEncryptionModule cn: RSA nsSSLPersonalitySSL: Server-Cert nsSSLToken: internal (software) Use ldapadd to add the entry into the directory server.. Ill fix the how-to now as well :)
