Re: OpenLDAP, OpenSSL, and Fedora 10 Stop Liking One Another ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 04, 2009 at 09:39:07AM +1100, Oscar Plameras wrote:
> 1. System1 - I had 3 test servers running OpenLDAP-2.3.30-3.fc6,
> OpenSSL-0.9.8b-15.fc6 on Linux-2.6.22.14-72.fc6.
> And these were perfectly running with OPENSSL configured on
> 'slapd.conf' as follows:
> 
> lines cut
> #
> #
> TLSCACertificateFile /etc/CA/cacert.pem
> TLSCertificateFile    /etc/pki/tls/newcert.pem
> TLSCertificateKeyFile /etc/pki/tls/newkey.pem
> #
> #
> lines cut
> 
> When I do,
> 
> #service ldap restart, and #ps -ax  I have this
> 
> slapd -h ldap:/// ldaps:/// -u ldap
> 
> I can do simple unsecured or secured queries from here.
> 
> 1. System2 - Now, I upgraded 2 test servers running
> OpenLDAP-2.4.12-1.fc10, OpenSSL-0.9.8g-12.fc10 on
> Linux-2.6.29-159.fc10.
> Suddenly I can't start slapd correctly. The problem is after
> configuring 'slapd.conf' with OPENSSL, as I did in System1 and I
> do a
> 
> #service ldap restart,  and #ps -ax
> 
> I found that I only have this process running:
> slapd -h ldap:/// -u ldap. The ldaps:/// process did not start
> suggesting I have incorrect certificates.
> But I can confirm that my certificates are correct with several tests.

In older releases, the init script checked for TLS-related settings in
slapd.conf and if it found some, forcibly added 'ldaps:///' to the list
of values passed to slapd as arguments for its '-h' flag.

It looks like it doesn't do that any more.  Rather, it expects that
you'll set SLAPD_LDAPS to "yes" in /etc/sysconfig/ldap.  I'm only
guessing as to why, but it looks like one of the benefits of changing
the way that the init script works is that you can now disable listening
for non-SSL connections without editing the init script.

HTH,

Nalin

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux