Alex aka Magobin wrote:
The instructions at http://directory.fedora.redhat.com/wiki/Howto:SSL#Configure_LDAP_clients refer to /usr/bin/ldapsearch and other openldap clients (e.g. pam_ldap, nss_ldap, other system LDAP usage). We do not have instructions for using /opt/fedora-ds/shared/bin/ldapsearch with SSL (but we should). I suggest following the instructions at the link specified above and use /usr/bin/ldapsearch to test SSL.As suggested, I checked if ssl worked....to test it I did a fresh install and I corrected the problem about node, now each node use its real address and name (I moved in future cluster configuration)...About SSL I exactly follow documentation and your tips...according with SSL howto in fedora wiki directory, I follow it until "Importing the CA cert into another Fedora DS"...after that: - in console I activated ssl for my directory. - I restarted directory server - In log I can see that now slapd listening on all interfaces on port 389 and port 636 for LDAPS requests. unfortunatly, when I try : ldapsearch -ZZ -h nodo1.domain.example.com -b "dc=domain,dc=example,dc=com" -s sub "objectclass=*" the answer is: SSL initialization failed: error -8174 (security library:bad database)
If you want to just start over from scratch, I suggest using the setup_ssl.sh script found here - http://directory.fedora.redhat.com/wiki/Howto:SSL#Script..but in log...nothing I tried also to erase db andfollowing the link below to make it http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
