Hi <span name="Graham Leggett" class="gD">Graham,<br><br>I too haven't done enabling SSL using <a href="http://setup-ds.pl">setup-ds.pl</a>, and I don't believe <a href="http://setup-ds.pl">setup-ds.pl</a> was written to allow you to configure SSL as part of directory server initial setup.<br>
<br>Of course you can modify <a href="http://setup-ds.pl">setup-ds.pl</a> per your need to configure SSL in one shot but now you will be maintaining your own version of <a href="http://setup-ds.pl">setup-ds.pl</a> and you have to keep in sync with the latest <a href="http://setup-ds.pl">setup-ds.pl</a> if you decide to reinstall the LDAP with the latest version or for other reasons.<br>
<br>What I have been doing is similar to what Vlad suggested. I ran <a href="http://setup-ds.pl">setup-ds.pl</a> first and then run my own script to configure SSL and replication. I believe the Red Hat Directory Server Administration has instructions on how to configure SSL via command-line.<br>
<br>Good luck!<br><br>- dc<br></span><br><div class="gmail_quote">On Mon, Dec 24, 2012 at 6:32 AM, Graham Leggett <span dir="ltr"><<a href="mailto:minfrin@sharp.fm" target="_blank">minfrin@sharp.fm</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 24 Dec 2012, at 12:52 PM, Vlad <<a href="mailto:vovan@vovan.nl">vovan@vovan.nl</a>> wrote:<br>
<br>
> I don't see the problem. Simply install DS without SSL and then:<br>
> 1. use ldapmodify to import SSL settings (see the example below)<br>
> 2. use pk12util tiu import certificate<br>
> 3. use certutil to change trusts<br>
</div>> All the things above could be done completely unattended…<br>
<br>
The problem is that the above shouldn't be necessary, because <a href="http://setup-ds.pl" target="_blank">setup-ds.pl</a> has the INF file and ConfigFile options to provide the config in one go. This ConfigFile mechanism is rendered useless, because there is no ability to configure the certificate database in advance.<br>
<br>
Regards,<br>
Graham<br>
--<br>
<br>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br>