Craig White wrote:
When you tried to restart in the console, what error messages did you get? Did you get any error messages in admin-serv/logs/access or admin-serv/logs/error?On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote:Craig White wrote:No, not really. The admin server has the capability to start up slapd as root so that it can listen to port 389 and 636. slapd then does a setuid to "nobody" after it has bound to these ports.FDS is running as nobody UID - I checked off in console to run with SSL eneabled, ignored warning about only root can run ports < 1024 restarted server - you know what happened next ;-)---- ok - good to know. It is running and peering into console I see that it is still checked. Restarting from console was a failure and I ended up closing out the console, restarting from SysV and getting back into console (that's not a big problem but very confusing)
You will get this error if you try to use startTLS but the server is not configured for security, which brings us back to your earlier problem . . .----No, not exactly. The instructions assume you are setting up the other ldap clients on the linux box, almost all of which use openldap. So, in order to test, you must use the openldap ldapsearch from /usr/bin.OK so I have it turned off and server back up and running. 1. Following instructions on wiki... http://directory.fedora.redhat.com/wiki/Howto:SSL # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)'SSL initialization failed: error -8192 (An I/O error occurred during security authorization.)---- OK - not a problem, I can use openldap clients... # ldapsearch -ZZ '(uid=jim)' ldap_start_tls: Protocol error (2) additional info: unsupported extended operation
What are the first few lines of slapd-srv1/logs/errors?
oh - oh...still same issue # tail -n 5 /etc/openldap/ldap.conf URI ldap://srv1.clsurvey.com HOST 127.0.0.1 BASE dc=clsurvey,dc=com TLS_CACERTDIR /etc/ssl TLS_REQCERT allow tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access [08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT oid="1.3.6.1.4.1.1466.20037" [08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120 nentries=0 etime=0 [08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1 [08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1 ? Craig -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
