[Freeipa-devel] LDAPS for the IPA LDAP server?
Adam Young
ayoung at redhat.com
Tue Nov 8 15:32:26 UTC 2011
On 11/08/2011 08:43 AM, Rob Crittenden wrote:
> Stephen Gallagher wrote:
>> On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
>>> I noticed that the PKI Directory server has a secure port set but the
>>> IPA DS instance does not:
>>>
>>> PKI
>>> nsslapd-secureport: 7390
>>>
>>> Why doesn IPA set up ldaps on port 636?
>>
>>
>> I think you're confused. FreeIPA does indeed set up to listen on both
>> 636 (LDAPS) and 389 (LDAP/TLS) by default.
>>
>> Take a look at 'netstat -lptn' as root.
>>
>> If you cannot connect to the LDAPS port, it may be due to a firewall
>> issue or a certificate issue (make sure you have the FreeIPA CA cert
>> loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that
>> directory)
>
> Adam, are you looking in dse.ldif? I'm guessing that the default
> settings aren't written. It does appear in ldap:
Yes, I was. Thanks.
>
> $ ldapsearch -LL -x -D 'cn=directory manager' -W -s base -b cn=config
> nsslapd-secureport
> Enter LDAP Password:
> version: 1
>
> dn: cn=config
> nsslapd-secureport: 636
>
> It isn't set in dse.ldif:
>
> # grep -c nsslapd-secureport /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
> 0
>
> rob
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list