Graham Leggett wrote:
There's more to making it use ssl than disabling ssl. The easiest way is to use the script at http://directory.fedora.redhat.com/wiki/Howto:SSL to generate the keys/certs, then use the console. You first have to go to Directory->Configuration->Data->Security and check the button that tells the console to use SSL. Then, go to Admin Server->Configuration->Security and tell Admin Server to use SSL.Richard Megginson wrote:1) edit admin-serv/config/console.conf and change NSSEngine from "on" to "off"2) find the cn=configuration entry for the admin server:ldapsearch -x -D "cn=directory manager" -w password -s sub -b o=netscaperoot "nsserversecurity=on" 3) If this returns the config entry for the admin server, use ldapmodify to turn security off:ldapmodify -x -D "cn=directory manager" -w password dn: dn returned above changetype: modify replace: nsServerSecurity nsServerSecurity: off 4) restart admin server - restart-admin This should cause admin server to use http instead of https.In this case the admin server was already http.I tried to switch the admin server SSL on, by manually editing the directory.Now the admin server won't start at all, and no error message is logged to the console or error log.
It should go off the url you specify when using startconsole, either http or https.A couple of questions at this point:- How does the console know whether to contact the admin server using SSL or clear?
Only local.conf is read-only. It is basically a cache of the information under the admin server instance entry under o=NetscapeRoot.- How do you reset the state of the console entirely? In the case of the admin server:- Which files in the config directory can be edited by a human and have an actual effect?
http://directory.fedora.redhat.com/wiki/AdminServer#Admin_Server_Config_Files
The surest way to make the Admin Server refresh its config based on changes made in the DS is to restart the admin server.- How do you refresh the files in the config directory, so that they reflect changes you've made in the directory itself?
- How do you completely and entirely flush a server out of the directory and the console so that you can start the process from scratch yet again?Regards, Graham -- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
