Jeff Gamsby wrote: > > Jeff Gamsby > Center for X-Ray Optics > Lawrence Berkeley National Laboratory > (510) 486-7783 > > > > Richard Megginson wrote: >> Jeff Gamsby wrote: >>> >>> >>> Richard Megginson wrote: >>>> Jeff Gamsby wrote: >>>>> >>>>> I am having a hard time getting the admin console to work in ssl >>>>> mode. I get this "notice" error in the admin serv logs, is it a >>>>> cause for concern? As far as I know, everything is setup correctly. >>>>> >>>>> [notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: >>>>> ap_get_remote_host could not resolve xxx.xxx.xxx.xxx >>>> This usually means reverse DNS is not working. >>>>> >>>>> I have created the certificates, >>>> Following the SSL howto at >>>> http://directory.fedora.redhat.com/wiki/Howto:SSL ? >>> >>> Yes, but instead of creating an admin-serv-<serverID>- I copied the >>> slapd-<serverID>- cert db's over. >>> It is true that I can use these same certs? >> I think so, but I've never tried it that way. >>> >>> I tried creating the admin certs db's seperately and importing the >>> CA cert, but that did't work either. >>> >>> I had this working a few weeks ago, I'm not sure what has changed. >> What, if anything, has changed? > I blew away the server and started over. When I had password sync > problems with AD, I reinstalled the server several times. Each time I > reinstall, I delete the /opt/fedora-ds directory. > > I don't really care about the admin console in SSL mode, I can use the > Linux console or X, but I need the Sync agreements to run SSL in both > directions, and so far, the only way I been able to establish that is > when the admin console is in SSL mode. Unless there is another way. Well, one thing is that if you recreate the CA cert you'll need to copy that CA cert to all clients who use it. You can use ldapsearch to verify the LDAPS connections to the SSL enabled directory servers (FDS and AD). Someone recently published steps to make windows sync work both ways with SSL to the fds users email list. Check the archives. I think someone was going to update the wiki with this information. >>> >>>>> then copied the slapd-<server>-* files to admin-serv-*, then tried >>>>> to enable SSL in the admin console. I have followed the directions >>>>> from "Managing SSL and SASL" but I get the error "Invalid LDAP >>>>> Host/IP, could not connect to server in secure mode" when I change >>>>> to secure mode in the "User DS" tab. >>>> This error is from the console? Try using startconsole -D >>> Using this method I get this error: >>> >>> validateLDAPParams netscape.ldap.LDAPException: >>> JSSSocketFactory.makeSocket fds.server.example.com:636, >>> SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot >>> connect to the LDAP server >>>>> >>>>> Any suggestions? >>>>> >>>>> Thanks, >>>>> Jeff >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060620/19ed29ca/attachment.bin