On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote: > Craig White wrote: > > >FDS is running as nobody UID - I checked off in console to run with SSL > >eneabled, ignored warning about only root can run ports < 1024 restarted > >server - you know what happened next ;-) > > > > > No, not really. The admin server has the capability to start up slapd > as root so that it can listen to port 389 and 636. slapd then does a > setuid to "nobody" after it has bound to these ports. ---- ok - good to know. It is running and peering into console I see that it is still checked. Restarting from console was a failure and I ended up closing out the console, restarting from SysV and getting back into console (that's not a big problem but very confusing) ---- > > >OK so I have it turned off and server back up and running. > > > >1. Following instructions on wiki... > > http://directory.fedora.redhat.com/wiki/Howto:SSL > > > > # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' > > SSL initialization failed: error -8192 (An I/O error occurred > > during security authorization.) > > > > > No, not exactly. The instructions assume you are setting up the other > ldap clients on the linux box, almost all of which use openldap. So, in > order to test, you must use the openldap ldapsearch from /usr/bin. ---- OK - not a problem, I can use openldap clients... # ldapsearch -ZZ '(uid=jim)' ldap_start_tls: Protocol error (2) additional info: unsupported extended operation oh - oh...still same issue # tail -n 5 /etc/openldap/ldap.conf URI ldap://srv1.clsurvey.com HOST 127.0.0.1 BASE dc=clsurvey,dc=com TLS_CACERTDIR /etc/ssl TLS_REQCERT allow tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access [08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT oid="1.3.6.1.4.1.1466.20037" [08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120 nentries=0 etime=0 [08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1 [08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1 ? Craig
