Rich, Thanks for the quick answer! Perhaps this information should go into the FAQ - what do you think? Rich Megginson wrote on 07/13/2005 12:47 PM: > The IETF LDAP community has decided to deprecated them in favor of the > new netgroups stuff. OK, I'll reconfigure my entries. Does Fedora automounter understand the netgroups structure? > We don't yet have a way to set an ACI to allow users other than the > Directory Manager (i.e. cn=Directory Manager, not the admin console > user) to create the entry for a root suffix. In the console, you can > Log In As New User, and specify cn=directory manager (or whatever you > used for your directory manager user when you performed the initial > installation). This is very non-trivial. :) Creating the root suffix now works, but I tried creating top-level entries one by one, as well as creating a new server in the administration console, and it all failed. I had to delete the RPM and reinstall it. By the way, I found out that if I install the RPM a second time, the admin console tries to connect to port 15918, but the admin server is running on port 25394. I don't remember what port was used the first time. :( This time I successfully created an SSL-enabled directory and was able to authenticate to it. I followed the steps here: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 to create a self-signed certificate. For archives - the docs don't tell you that after running pk12util in step 9 you first have to enter the password 'secretpwd' that you've saved in the file pwdfile.txt, and then you have to create a different startup password. Later, when you start the server on the command line, this second password is required. Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com Terrorism is a tactic and so to declare war on terrorism is equivalent to Roosevelt's declaring war on blitzkrieg. Zbigniew Brzezinski, U.S. national security advisor, 1977-81
