[Fedora-directory-users] Issues with SSL/Admin console

Rich Megginson rmeggins at redhat.com
Thu Oct 6 19:22:15 UTC 2005


I'm not sure.  Are you sure you have no extraneous or trailing white 
spaces anywhere?  It might help if you could post the raw file.

Brian Kosick wrote:

>Hi All,
>
>I have a quick question.   I had SSL all setup and running on both the
>admin server, and the directory server.  My manager wanted it setup on
>his windows box, so I followed the WindowsConsole HOWTO, and kept
>getting stuck in the Mozilla libs not being able to make the SSL socket
>connection, returning with class not found.   I disabled SSL on the
>admin server and was able to connect to that, and then disabled SSL on
>the directory server, but couldn't get it to work.   Now on my linux
>admin console, which worked beautifully before, It keeps trying to
>connect to port 636, rather than 389.  
>
>I have tried re-enabling SSL in the directory server by following the
>SSL Howto, but I keep getting
>
>ldapadd -f /tmp/ssl_enable.ldif -xv  -D "cn=Directory Manager" -h
>qapxe.corp.mxlogic.com -w <snip>
>ldap_initialize( ldap://qapxe.corp.mxlogic.com )
>ldapadd: invalid format (line 8) entry: "cn=encryption,cn=config"
>
>Based on a list thread that I found, I removed all the newlines in 
>cipher list and still have the same issue.
>
>Here's my enable_ssl.ldif
>dn: cn=encryption,cn=config
>changetype: modify
>replace: nsSSL3
>nsSSL3: on
>-
>replace: nsSSLClientAuth
>nsSSLClientAuth: allowed
>-
>add: nsSSL3Ciphers
>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,
>+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
>+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,
>+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
>-
>add: nsKeyfile
>nsKeyfile: alias/slapd-qapxe-key3.db
>-
>add: nsCertfile
>nsCertfile: alias/slapd-qapxe-cert8.db
>
>dn: cn=config
>changetype: modify
>add: nsslapd-security
>nsslapd-security: on
>-
>replace: nsslapd-ssl-check-hostname
>nsslapd-ssl-check-hostname: off
>
>My question is how do I either get the admin console to try to connect
>via 389, rather than 636, or get SSL re-enabled on the directory server.
>
>Thanks in advance
>Brian
>  
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051006/2530c244/attachment.bin>


More information about the Fedora-directory-users mailing list