I have just gone through the setup process to install an instance of
Fedora DS. Nowhere in the setup process is SSL or TLS mentioned, at the
end of the config process I have an insecure LDAP server.
My next task is to try and switch on SSL/TLS for both the admin console,
and the LDAP server itself. I figure out how to add my certs to the
alias directory using certutil and pk12util.
My next task is to move the admin server port from my default 1390 to a
secure version at 1637. A recursive grep finds the port 1390 in a whole
host of config files. Changing the config files to 1637 causes me to end
up with a broken admin server to which startconsole cannot connect.
Just to clarify - is it worth me trying to fix the admin server port in
my config files, or is this too complicated to be worth while? Should I
just delete the fedora-ds installation and start again from scratch?
It seems one of the most basic things that need to be fixed in the
directory is to simplify the configuration. Some of the config is in
Windows INI format, some of the config is in XML, some of the config is
in name: value format, it's very difficult as a new user of the software
to be able to figure out what is going on.