I'm not sure. Are you sure you have no extraneous or trailing white spaces anywhere? It might help if you could post the raw file. Brian Kosick wrote: >Hi All, > >I have a quick question. I had SSL all setup and running on both the >admin server, and the directory server. My manager wanted it setup on >his windows box, so I followed the WindowsConsole HOWTO, and kept >getting stuck in the Mozilla libs not being able to make the SSL socket >connection, returning with class not found. I disabled SSL on the >admin server and was able to connect to that, and then disabled SSL on >the directory server, but couldn't get it to work. Now on my linux >admin console, which worked beautifully before, It keeps trying to >connect to port 636, rather than 389. > >I have tried re-enabling SSL in the directory server by following the >SSL Howto, but I keep getting > >ldapadd -f /tmp/ssl_enable.ldif -xv -D "cn=Directory Manager" -h >qapxe.corp.mxlogic.com -w <snip> >ldap_initialize( ldap://qapxe.corp.mxlogic.com ) >ldapadd: invalid format (line 8) entry: "cn=encryption,cn=config" > >Based on a list thread that I found, I removed all the newlines in >cipher list and still have the same issue. > >Here's my enable_ssl.ldif >dn: cn=encryption,cn=config >changetype: modify >replace: nsSSL3 >nsSSL3: on >- >replace: nsSSLClientAuth >nsSSLClientAuth: allowed >- >add: nsSSL3Ciphers >nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5, >+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha, >+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null, >+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha >- >add: nsKeyfile >nsKeyfile: alias/slapd-qapxe-key3.db >- >add: nsCertfile >nsCertfile: alias/slapd-qapxe-cert8.db > >dn: cn=config >changetype: modify >add: nsslapd-security >nsslapd-security: on >- >replace: nsslapd-ssl-check-hostname >nsslapd-ssl-check-hostname: off > >My question is how do I either get the admin console to try to connect >via 389, rather than 636, or get SSL re-enabled on the directory server. > >Thanks in advance >Brian > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051006/2530c244/attachment.bin
