Craig White wrote: >On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>FDS is running as nobody UID - I checked off in console to run with SSL >>>eneabled, ignored warning about only root can run ports < 1024 restarted >>>server - you know what happened next ;-) >>> >>> >>> >>> >>No, not really. The admin server has the capability to start up slapd >>as root so that it can listen to port 389 and 636. slapd then does a >>setuid to "nobody" after it has bound to these ports. >> >> >---- >ok - good to know. It is running and peering into console I see that it >is still checked. Restarting from console was a failure and I ended up >closing out the console, restarting from SysV and getting back into >console (that's not a big problem but very confusing) > > When you tried to restart in the console, what error messages did you get? Did you get any error messages in admin-serv/logs/access or admin-serv/logs/error? >---- > > >>>OK so I have it turned off and server back up and running. >>> >>>1. Following instructions on wiki... >>> http://directory.fedora.redhat.com/wiki/Howto:SSL >>> >>> # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)' >>> SSL initialization failed: error -8192 (An I/O error occurred >>> during security authorization.) >>> >>> >>> >>> >>No, not exactly. The instructions assume you are setting up the other >>ldap clients on the linux box, almost all of which use openldap. So, in >>order to test, you must use the openldap ldapsearch from /usr/bin. >> >> >---- >OK - not a problem, I can use openldap clients... ># ldapsearch -ZZ '(uid=jim)' >ldap_start_tls: Protocol error (2) > additional info: unsupported extended operation > > You will get this error if you try to use startTLS but the server is not configured for security, which brings us back to your earlier problem . . . What are the first few lines of slapd-srv1/logs/errors? >oh - oh...still same issue > ># tail -n 5 /etc/openldap/ldap.conf >URI ldap://srv1.clsurvey.com >HOST 127.0.0.1 >BASE dc=clsurvey,dc=com >TLS_CACERTDIR /etc/ssl >TLS_REQCERT allow > >tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access >[08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT >oid="1.3.6.1.4.1.1466.20037" >[08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120 >nentries=0 etime=0 >[08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1 >[08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from >127.0.0.1 to 127.0.0.1 > >? > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051208/dc47fb27/attachment.bin
