Nicholas Byrne wrote: > Hi, > > With FDS 1.0.2, I've followed the configuration howto guide lines to > setup the Directory Server to use SSL (as per my post a few days ago) > however after configuring the Administration Server and Console to use > SSL as well i've run into trouble. The directory server alone works > fine with SSL. > > The reason i'm trying to get Admin and console working in SSL is so i > can setup a secure windows sync agreement, without this all i can do > is setup a insecure sync agreement. But you don't have to get Admin and console working with SSL in order to set up a windows sync agreement with SSL. Do the docs say you have to do this? If so, where? > > The console will not display anything (absolutely no screen or > anything) after entering password and clicking OK in the > authentication dialog. There are no messages in the console i started > it on. startconsole -D will give you debug information, and startconsole -D 9 will give you everything. > > Before i configured the SSL on the admin server and console it was > working correctly and displayed the normal Admin server/Directory > Server screens. > > The console which i'm running using (i also tried admin user): > > startconsole -u "cn=Directory Manager" -a https://ds01.tech:59910 -x > nologo > > I turned loglevel to debug in the admin server and this is what i see: > > [Tue Nov 28 14:22:46 2006] [info] Connection to child 30 established > (server ds01.tech:443, client 10.170.99.22) > [Tue Nov 28 14:22:47 2006] [notice] [client 10.170.99.22] > admserv_host_ip_check: ap_get_remote_host could not resolve 10.170.99.22 > [Tue Nov 28 14:22:47 2006] [info] Initial (No.1) HTTPS request > received for child 30 (server ds01.tech:443) > [Tue Nov 28 14:22:47 2006] [debug] mod_admserv.c(2518): [client > 10.170.99.22] checking user cache for: cn=Directory Manager > [Tue Nov 28 14:22:47 2006] [debug] mod_admserv.c(2525): [client > 10.170.99.22] not in cache, trying DS > [Tue Nov 28 14:22:47 2006] [debug] mod_admserv.c(1480): [client > 10.170.99.22] admserv_check_authz: request for uri > [/admin-serv/authenticate] > [Tue Nov 28 14:22:47 2006] [notice] [client 10.170.99.22] > admserv_check_authz(): passing [/admin-serv/authenticate] to the > userauth handler > [Tue Nov 28 14:22:47 2006] [info] Connection to child 30 closed > (server ds01.tech:443, client 10.170.99.22) This looks ok, except for the log shows port 443 and you are using port 59910. > > In the slapd log i see: > > [28/Nov/2006:14:22:46 +0000] conn=51 fd=65 slot=65 SSL connection from > 10.170.99.22 to 10.103.20.21 > [28/Nov/2006:14:22:46 +0000] conn=51 SSL 128-bit RC4 > [28/Nov/2006:14:22:46 +0000] conn=51 op=0 BIND dn="cn=Directory > Manager" method=128 version=3 > [28/Nov/2006:14:22:46 +0000] conn=51 op=0 RESULT err=0 tag=97 > nentries=0 etime=0 dn="cn=directory manager" This looks like the /admin-serv/authenticate request as logged in the admin server. > [28/Nov/2006:14:22:46 +0000] conn=52 fd=64 slot=64 SSL connection from > 10.170.99.22 to 10.103.20.21 > [28/Nov/2006:14:32:04 +0000] conn=52 op=-1 fd=64 closed - Encountered > end of file. This looks like the console is attempting to use ldap on the ldaps port. I think you need to tell the console to use SSL when talking to this directory server - http://directory.fedora.redhat.com/wiki/Howto:SSL#Using_the_command_line > > Anyone know how i can fix this? Thanks very much > Nick > > > > > This e-mail is the property of Quadriga Worldwide Ltd, intended for > the addressee only and confidential. Any dissemination, copying or > distribution of this message or any attachments is strictly prohibited. > > If you have received this message in error, please notify us > immediately by replying to the message and deleting it from your > computer. > > Messages sent to and from Quadriga may be monitored. > > Quadriga cannot guarantee any message delivery method is secure or > error-free. Information could be intercepted, corrupted, lost, > destroyed, arrive late or incomplete, or contain viruses. > > We do not accept responsibility for any errors or omissions in this > message and/or attachment that arise as a result of transmission. > > You should carry out your own virus checks before opening any attachment. > > Any views or opinions presented are solely those of the author and do > not necessarily represent those of Quadriga. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061128/23eeec8f/attachment.bin
