Thanks for the help. I've added that object and was able to modify the configuration without further issues. Unfortunately, I've run into another problem now. Now when I try to start the directory it's complaining about one of the ciphers. I get the following error when I attempt to start the server ... [03/Aug/2005:13:19:35 -0400] - SSL alert: Security Initialization: Failed to set SSL cipher preference information: unknown cipher fo (Netscape Portable Runtime error -5950 - File not found.) [03/Aug/2005:13:19:35 -0400] - ERROR: SSL Initialization Failed. It looks like it's complaining about the 'fo cipher' that was added in the same configuration modifications? The change I'm talking about is the following ... add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha, +rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fo I looked at the dse.ldif file and it looks like it was added correctly (as it's presented in the SSL HOWTO) Any advice? Thanks. - Kevin On 8/3/05, Adam Stokes <astokes at redhat.com> wrote: > On Wed, 2005-08-03 at 10:35 -0400, Kevin Kovach wrote: > > Hello, > > > > I've worked through the SSL howto on the FDS site and everything went > > well until I got to the part where I modified the schema. > > > > The /tmp/ssl_enable.ldif modifications that are suggested work well up > > to the point where it tries to modify cn=RSA,cn=encryption,cn=config > > > > To be specific, the recommended changes are as follows... > > > > dn: cn=encryption,cn=config > > changetype: modify > > replace: nsSSL3 > > nsSSL3: on > > - > > replace: nsSSLClientAuth > > nsSSLClientAuth: allowed > > - > > add: nsSSL3Ciphers > > nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha, > > +rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fo > > - > > add: nsKeyfile > > nsKeyfile: alias/slapd-directory-key3.db > > - > > add: nsCertfile > > nsCertfile: alias/slapd-directory-cert8.db > > > > dn: cn=RSA,cn=encryption,cn=config > > changetype: modify > > add: nsSSLPersonalitySSL > > nsSSLPersonalitySSL: Server-Cert > > > > dn: cn=config > > changetype: modify > > add: nsslapd-security > > nsslapd-security: on > > - > > replace: nsslapd-ssl-check-hostname > > nsslapd-ssl-check-hostname: off > > > > It seems as though when I get to the point where I want to add the > > 'nsSSLPersonalitySSL' attribute my directory server complains that the > > 'cn=RSA,cn=encryption,cn=config' object does not exist to be modified. > > > > I don't see anywhere in the HOWTO where I would have created this > > object. Am I missing something? Thanks. > > > > - Kevin > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > Refresh the wiki page I have updated this problem. > > Thanks for pointing that out please create an ldif /tmp/addrsa.ldif and > have the following : > > dn: cn=RSA,cn=encryption,cn=config > objectclass: top > objectclass: nsEncryptionModule > cn: RSA > nsSSLPersonalitySSL: Server-Cert > nsSSLToken: internal (software) > > Use ldapadd to add the entry into the directory server.. Ill fix the > how-to now as well :) > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Take back the web, http://www.switch2firefox.com/
