Alex aka Magobin wrote: > As suggested, I checked if ssl worked....to test it I did a fresh > install and I corrected the problem about node, now each node use its > real address and name (I moved in future cluster configuration)...About > SSL I exactly follow documentation and your tips...according with SSL > howto in fedora wiki directory, I follow it until "Importing the CA cert > into another Fedora DS"...after that: > > - in console I activated ssl for my directory. > - I restarted directory server > - In log I can see that now slapd listening on all interfaces on port > 389 and port 636 for LDAPS requests. > > unfortunatly, when I try : > > ldapsearch -ZZ -h nodo1.domain.example.com -b > "dc=domain,dc=example,dc=com" -s sub "objectclass=*" > > the answer is: > > SSL initialization failed: error -8174 (security library:bad database) > The instructions at http://directory.fedora.redhat.com/wiki/Howto:SSL#Configure_LDAP_clients refer to /usr/bin/ldapsearch and other openldap clients (e.g. pam_ldap, nss_ldap, other system LDAP usage). We do not have instructions for using /opt/fedora-ds/shared/bin/ldapsearch with SSL (but we should). I suggest following the instructions at the link specified above and use /usr/bin/ldapsearch to test SSL. > ..but in log...nothing > > I tried also to erase db andfollowing the link below to make it > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 > If you want to just start over from scratch, I suggest using the setup_ssl.sh script found here - http://directory.fedora.redhat.com/wiki/Howto:SSL#Script > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060328/63bb3f9a/attachment.bin
