|
Hi I’m in the process of migrating from 389-Directory/1.2.11.15 -> 389-Directory/1.3.7.5. I’m trying to automate the setup. I’m finding that I can no longer enable SSL via the command line using ldapmodify.
For V1.3.7.5 setup I followed
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/enabling_tls. After restarting the service, SSL is not enabled. I am able to use the Admin Console to enable SSL. I found that the following is missing from
when I setup via ldapmodify vs Admin Console. Following is missing even after following the RedHat documentation. nsSSL3: on nsSSL3Ciphers: -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+ sa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+ ,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_exp 56_sha,+tls_rsa_export1024_with_des_cbc_sha,+tls_rsa_aes_128 _256_sha nsKeyfile: alias/slapd-XXXXX-key3.db nsCertfile: alias/slapd-XXXXX-cert8.db # RSA, encryption, config dn: cn=RSA,cn=encryption,cn=config nsSSLToken: internal (software) nsSSLPersonalitySSL: server-cert nsSSLActivation: on objectClass: top objectClass: nsEncryptionModule cn: RSA I do notice that when I make the changes via ldapmodify it says that the changes have been successfully made, but they don’t show up in a search before and after a service restart. Also “nsslapd-security”
never changes from off to on via command line edit. Here is some info about my system. OS: CentOS Linux release 7.5.1804 (Core) 389 packages installed: 389-adminutil-1.1.21-2.el7.x86_64 389-admin-console-doc-1.1.12-1.el7.noarch 389-admin-console-1.1.12-1.el7.noarch 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64 389-ds-console-1.2.16-1.el7.noarch 389-ds-1.2.2-6.el7.noarch 389-ds-base-1.3.7.5-28.el7_5.x86_64 389-ds-console-doc-1.2.16-1.el7.noarch 389-admin-1.1.46-1.el7.x86_64 389-console-1.1.18-1.el7.noarch 389-dsgw-1.1.11-5.el7.x86_64 Version of Directory Server: 389-Directory/1.3.7.5 B2018.269.1826 Commands executing: ldapmodify -x -D "cn=Directory Manager" -w XXXX << EOF dn: cn=config changetype: modify replace: nsslapd-securePort nsslapd-securePort: 636 - replace: nsslapd-security nsslapd-security: on dn: cn=RSA,cn=encryption,cn=config changetype: modify replace: nsSSLToken nsSSLToken: internal (software) - replace: nsSSLPersonalitySSL nsSSLPersonalitySSL: server-cert - replace: nsSSLActivation nsSSLActivation: on EOF systemctl restart dirsrv@XXXXX.service |
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
