Steven Jones wrote: > > 8><----- > > > > This is the real problem I think - looks like you've told the > > console/admin server to use SSL to connect to the directory server, but > > you haven't specified to use port 636 > > > > 8><----- > > Im not aware I did.... > > 8><----- > > > > http://directory.fedoraproject.org/wiki/Howto:SSL#Console_SSL_Information > > > > see also the configuration directory ldap url - ldapurl in > > /etc/dirsrv/admin-serv/adm.conf > > > > 8><----- > > > > Ok, I fixed the latter by editing the adm.conf to point at > 636....however I now have a SSL error... > > > > ============ > > [root at vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w > XXXXXXX -b o=netscaperoot "(&(nsServerID=slapd-vuwunicooimm001))" > > ldap_bind: Can't contact LDAP server (-1) > > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > Why is /usr/bin/ldapsearch attempting to use SSL by default? What's in your /etc/openldap/ldap.conf or ~/.ldaprc? > > ============ > > > > Ive tried using this syntax but with no joy... > > > > ldapmodify -x -D "cn=directory manager" -w password > > dn: dn of your server instance entry > > changetype: modify > > replace: nsServerSecurity > > nsServerSecurity: on > > > > so my command is, > > > > ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX > dn:vuwunicooimm001.vuw.ac.nz changetype: modify replace: > nsServerSecurity nsServerSecurity on > ? this is all on one command line? I guess it's not clear from the example, but ldapmodify by default wants to read the LDIF input from stdin - so after you type in $ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX it will wait for you to type in the rest on stdin, followed by a blank line (i.e. hit Enter twice) followed by Ctrl-C or Ctrl-D to "get out" of ldapmodify you could also dump those commands in a file and run $ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX -f /path/to/file.ldif > > > > which fails...... > > > > Doing a, > > > > [root at vuwunicooimm001 admin-serv]# certutil -d . -L > > > > =============== > > Certificate Nickname Trust > Attributes > > > SSL,S/MIME,JAR/XPI > > > > VUW CA cert CT,, > > ============== > > > > So I dont know if cutting and pasting the errors work, anyway, > attempting to restart the console I get, > > > > > > So I put in the details, > > > > > > Which fails, > Is the directory server listening for TLS/SSL requests on port 636? That is, have you configured the directory server for TLS/SSL and have you confirmed that it is listening? > > > > > > error log for adminserv.... > > > > > > ========================== > > [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 > > [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: host [localhost.localdomain] did not match > pattern [*.vuw.ac.nz] -will scan aliases > > [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1] > admserv_host_ip_check: host alias [localhost] did not match pattern > [*.vuw.ac.nz] > > [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(2762): > admserv_check_user_id > > [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(1910): > [25584] cache entry not found for user [ldapadmin] > > [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(1918): > [25584] user [ldapadmin] not cached - reason user not in cache > > [Fri Jun 25 09:19:22 2010] [crit] buildUGInfo(): unable to initialize > TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 636: 4 > > [Fri Jun 25 09:19:22 2010] [notice] [client 127.0.0.1] > admserv_check_authz(): passing [/admin-serv/authenticate] to the > userauth handler > > [Fri Jun 25 09:19:22 2010] [crit] buildUGInfo(): unable to initialize > TLS connection to LDAP host vuwunicooimm001.vuw.ac.nz port 636: 4 > > [Fri Jun 25 09:19:22 2010] [debug] mod_admserv/mod_admserv.c(2609): > userauth, bind (null) > > ========================= > > > > > > regards > Before you do anything else, confirm that the directory server is indeed listening for TLS/SSL requests on port 636. > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
