Re: [389-users] restarting the 389 after a reboot

Steven Jones <Steven.Jones@xxxxxxxxx> · Fri, 25 Jun 2010 10:49:09 +1200

Steven Jones wrote:
>
8><-----
>
>
> see also the configuration directory ldap url - ldapurl in
>
> /etc/dirsrv/admin-serv/adm.conf
>  
8><-----  
>
> Ok, I fixed the latter by editing the adm.conf to point at 
> 636....however I now have a SSL error... 
>
> ============
>
> [root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w 
> XXXXXXX -b o=netscaperoot "(&(nsServerID=slapd-vuwunicooimm001))"
>
> ldap_bind: Can't contact LDAP server (-1)
>
>         additional info: error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
Why is /usr/bin/ldapsearch attempting to use SSL by default?  What's in 
your /etc/openldap/ldap.conf or ~/.ldaprc?

Ok, fixed

ldaps changed to ldap

>
> ============
>
>  
>
> Ive tried using this syntax but with no joy...
>
>  
>
> ldapmodify -x -D "cn=directory manager" -w password
>
> dn: dn of your server instance entry
>
> changetype: modify
>
> replace: nsServerSecurity
>
> nsServerSecurity: on
>
>  
>
> so my command is,
>
>  
>
> ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX 
> dn:vuwunicooimm001.vuw.ac.nz changetype: modify replace: 
> nsServerSecurity nsServerSecurity on
>
? this is all on one command line? 

Yes...

   I guess it's not clear from the 
example, but ldapmodify by default wants to read the LDIF input from 
stdin - so after you type in

OK.......

$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
it will wait for you to type in the rest on stdin, followed by a blank 
line (i.e. hit Enter twice) followed by Ctrl-C or Ctrl-D to "get out" of 
ldapmodify

===================
[root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin"
ldap_bind: Server is unwilling to perform (53)
        additional info: Unauthenticated binds are not allowed
[root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w XXXXXX
ldap_bind: No such object (32)
[root@vuwunicooimm001 admin-serv]#
===================

um?

you could also dump those commands in a file and run
$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX -f /path/to/file.ldif

===================
[root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin" -w cvbrty542 -f file.ldif
ldap_bind: No such object (32)
[root@vuwunicooimm001 admin-serv]#
===================

8><----------
>
Is the directory server listening for TLS/SSL requests on port 636?  
That is, have you configured the directory server for TLS/SSL and have 
you confirmed that it is listening?
>
8><-----
>
Before you do anything else, confirm that the directory server is indeed 
listening for TLS/SSL requests on port 636.
>

=============
[root@vuwunicooimm001 admin-serv]# netstat -a -n |grep :636
tcp        0      0 127.0.0.1:49186             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:49185             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35428             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35429             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35430             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35424             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35425             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35426             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35427             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35412             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35413             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35414             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35415             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35408             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35409             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35410             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35411             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35420             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35421             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35422             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35423             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35416             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35417             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35418             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35419             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35404             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35405             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35406             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35407             127.0.0.1:636               TIME_WAIT   
tcp        0      0 127.0.0.1:35403             127.0.0.1:636               TIME_WAIT   
tcp        0      0 :::636                      :::*                        LISTEN      
[root@vuwunicooimm001 admin-serv]#
============

regards

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users