Try using ldapmodify instead of ldapadd. Brian Kosick wrote:
Here it is. Thanks Brian On Thu, 2005-10-06 at 13:22 -0600, Rich Megginson wrote:I'm not sure. Are you sure you have no extraneous or trailing white spaces anywhere? It might help if you could post the raw file.Brian Kosick wrote:Hi All, I have a quick question. I had SSL all setup and running on both the admin server, and the directory server. My manager wanted it setup on his windows box, so I followed the WindowsConsole HOWTO, and kept getting stuck in the Mozilla libs not being able to make the SSL socket connection, returning with class not found. I disabled SSL on the admin server and was able to connect to that, and then disabled SSL on the directory server, but couldn't get it to work. Now on my linux admin console, which worked beautifully before, It keeps trying toconnect to port 636, rather than 389.I have tried re-enabling SSL in the directory server by following the SSL Howto, but I keep getting ldapadd -f /tmp/ssl_enable.ldif -xv -D "cn=Directory Manager" -h qapxe.corp.mxlogic.com -w <snip> ldap_initialize( ldap://qapxe.corp.mxlogic.com ) ldapadd: invalid format (line 8) entry: "cn=encryption,cn=config"Based on a list thread that I found, I removed all the newlines in cipher list and still have the same issue.Here's my enable_ssl.ldif dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: on - replace: nsSSLClientAuth nsSSLClientAuth: allowed - add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5, +rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha, +rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null, +tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha - add: nsKeyfile nsKeyfile: alias/slapd-qapxe-key3.db - add: nsCertfile nsCertfile: alias/slapd-qapxe-cert8.db dn: cn=config changetype: modify add: nsslapd-security nsslapd-security: on - replace: nsslapd-ssl-check-hostname nsslapd-ssl-check-hostname: off My question is how do I either get the admin console to try to connect via 389, rather than 636, or get SSL re-enabled on the directory server. Thanks in advance Brian ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users------------------------------------------------------------------------ dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: on - replace: nsSSLClientAuth nsSSLClientAuth: allowed - add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha - add: nsKeyfile nsKeyfile: alias/slapd-qapxe-key3.db - add: nsCertfile nsCertfile: alias/slapd-qapxe-cert8.db dn: cn=config changetype: modify add: nsslapd-security nsslapd-security: on - replace: nsslapd-ssl-check-hostname nsslapd-ssl-check-hostname: off------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
