Ski Kacoroski wrote: > Rich, > > Thanks for all your help. I got it all working like I expect except I > still get the errors in the logs about admserv_host_ip_check's. I > really do not want to turn on HostnameLookups so is there anyway to stop > the notices so they do not fill up the logs. I searched the > documentation and could not find out how to do this. Also I could not > find anything in > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt about > hostname lookups (did I just miss it). > The reason why it is attempting to lookup the hostname is because the default access control works based on the hostname. That wiki page should explain how to turn that off (and/or just use IP address based access control). > Thanks again for your time and help. > > cheers, > > ski > > On 03/03/2010 07:05 PM, Rich Megginson wrote: > >> Ski Kacoroski wrote: >> >>> Ah, I do not get this error when I connect to the IP, only to the >>> hostname. I am also getting a lot of notices for: >>> >>> admserv_host_ip_check: ap_get_remote_host could not resolve 10.1.9.10 >>> >>> even though I have defined in the /etc/hosts file and in dns: >>> >>> ;; ANSWER SECTION: >>> 10.9.1.10.in-addr.arpa. 86400 IN PTR ldaptest.nsd.org. >>> >>> Very strange. >>> >>> >> look for HostnameLookups in /etc/dirsrv/admin-serv/console.conf >> >> See also >> http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt for >> why the admin server is attempting to perform hostname lookups >> >>> ski >>> >>> On 03/03/2010 11:14 AM, Ski Kacoroski wrote: >>> >>> >>>> Ok, I got the admin server to partially work (took a while to figure out >>>> that it uses a different way to get the password from a file for a >>>> restart). So it works, but even though the cert path is ok and the cert >>>> is ok for SSL server and SSL client, I am getting this warning on logon: >>>> >>>> "The certificate this server present is either untrusted or unknown. >>>> This server can only communicate through a secure connection >>>> involving a certificate. >>>> Do you wish to accept this certificate anyway? >>>> " >>>> >>>> When I look at the details I see: >>>> >>>> "this certificate does not contain the correct site name" >>>> >>>> I am guessing this is because I am using my "*.nsd.org" cert and the >>>> admin server requires a specific named cert. Does that sound correct to >>>> you? >>>> >>>> Again, thanks for your help. >>>> >>>> cheers, >>>> >>>> ski >>>> >>>> On 03/03/2010 10:29 AM, Ski Kacoroski wrote: >>>> >>>> >>>>> Rich& Rob, >>>>> >>>>> I am making some progress. I got it to work partially. My problem was >>>>> that it did not like the default digicert root cert (the one I see by >>>>> linking to /usr/lib64/libnssckbi.so). When I installed the digicert >>>>> root cert that came with the server cert, it worked. I figured this out >>>>> by looking at the server cert certification path and seeing it was broken. >>>>> >>>>> So I am now trying to turn it on for the console by ticking the checkbox >>>>> (the admin server is next). It seems to work as I can save the setting >>>>> and then I restart the services. However, when I go into the console >>>>> and try to either "Manage Certs" or choose Configuration->Encryption I >>>>> get a dialog that shows up twice: >>>>> >>>>> "An error has occurred, Could not open file (null). File does not exist >>>>> or filename is invalid." >>>>> >>>>> I am able to untick the use ssl in console option and then I can manage >>>>> my certs again. >>>>> >>>>> Any ideas on what is going on here. >>>>> >>>>> Again, thanks very much for your help. >>>>> >>>>> cheers, >>>>> >>>>> ski >>>>> >>>>> On 03/03/2010 08:46 AM, Rich Megginson wrote: >>>>> >>>>> >>>>>> Ski Kacoroski wrote: >>>>>> >>>>>> >>>>>>> Ok, looks like I need to reboot the entire server to get the admin >>>>>>> console stop server functionality to work. >>>>>>> >>>>>>> >>>>>> You probably could have just restarted the directory server and admin >>>>>> server: >>>>>> service dirsrv restart >>>>>> service dirsrv-admin restart >>>>>> >>>>>> >>>>>>> Now, has anyone had any luck >>>>>>> using a * cert with the 389 server? >>>>>>> >>>>>>> >>>>>>> >>>>>> What problems are you having still? >>>>>> >>>>>> >>>>>>> cheers, >>>>>>> >>>>>>> ski >>>>>>> >>>>>>> On 03/02/2010 03:24 PM, Ski Kacoroski wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I am having problems with SSL setup. First I tried via the admin >>>>>>>> console to use our company's star cert, but no matter what [in/password >>>>>>>> I picked for the keystore, when I tried to restart the server it would >>>>>>>> not accept my pin/password that I had just entered. I then gave up and >>>>>>>> ran the setupssl2.sh script and this worked except that it threw an >>>>>>>> error when trying to modify the directory to turn on ssl. So I went in >>>>>>>> via the admin console and was able to turn on ssl for the admin console >>>>>>>> and my directory. The problem now is that I cannot stop the server from >>>>>>>> the admin console (I can start it ok). I just get a dialog with >>>>>>>> "Directory Server nsd-org could not be stopped". Any ideas on why when >>>>>>>> I can start the server ok? Also has any one else made this work with a >>>>>>>> star cert? >>>>>>>> >>>>>>>> cheers, >>>>>>>> >>>>>>>> ski >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>>> >>>>>> >>> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
