On Thu, 2010-09-30 at 19:50 -0500, Sean Carolan wrote: > Due to some issues with an expired SSL cert I had to disable SSL on > our 389 directory server. It's working fine for authentication > without SSL, but I have lost all ability to manage the server via the > management console. It appears that the management console still > wants to connect to the directory server on port 636, but I see no way > to change what port it uses. Also, both Administration server and > Directory server are showing Server status: Stopped, even though I > know both are running. > > Anyone have some pointers on how to disable all SSL on the management console? <snip> Ouch! That happened to us once before and it was a real pain. I believe this is how we did it: /usr/lib64/mozldap/ldapsearch -x -b o=netscaperoot -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address> "objectclass=nsAdminConfig" That should give you the various bits of information you will need to make the changes. In particular, you will need the dn of the nsAdminConfig object and you will be changing the nsServerSecurity attribute and I think we also needed to reset the nsServerAddress attribute although I don't recall why. The steps are: /usr/lib64/mozldap/ldapmodify -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address> Enter bind password: dn: <dn from above> changetype: modify replace: nsServerSecurity nsServerSecurity: off <CTL><D> dn: <dn from above> changetype: modify replace: nsServerAddress nsServerAddress: <ldap server IP address> <CTL><D> twice to exit Hope that helps - John
