Here it is.
Thanks
Brian
On Thu, 2005-10-06 at 13:22 -0600, Rich Megginson wrote:
I'm not sure. Are you sure you have no extraneous or trailing
white
spaces anywhere? It might help if you could post the raw file.
Brian Kosick wrote:
>Hi All,
>
>I have a quick question. I had SSL all setup and running on both the
>admin server, and the directory server. My manager wanted it setup on
>his windows box, so I followed the WindowsConsole HOWTO, and kept
>getting stuck in the Mozilla libs not being able to make the SSL socket
>connection, returning with class not found. I disabled SSL on the
>admin server and was able to connect to that, and then disabled SSL on
>the directory server, but couldn't get it to work. Now on my linux
>admin console, which worked beautifully before, It keeps trying to
>connect to port 636, rather than 389.
>
>I have tried re-enabling SSL in the directory server by following the
>SSL Howto, but I keep getting
>
>ldapadd -f /tmp/ssl_enable.ldif -xv -D "cn=Directory Manager" -h
>qapxe.corp.mxlogic.com -w <snip>
>ldap_initialize(
ldap://qapxe.corp.mxlogic.com )
>ldapadd: invalid format (line 8) entry: "cn=encryption,cn=config"
>
>Based on a list thread that I found, I removed all the newlines in
>cipher list and still have the same issue.
>
>Here's my enable_ssl.ldif
>dn: cn=encryption,cn=config
>changetype: modify
>replace: nsSSL3
>nsSSL3: on
>-
>replace: nsSSLClientAuth
>nsSSLClientAuth: allowed
>-
>add: nsSSL3Ciphers
>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,
>+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
>+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,
>+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
>-
>add: nsKeyfile
>nsKeyfile: alias/slapd-qapxe-key3.db
>-
>add: nsCertfile
>nsCertfile: alias/slapd-qapxe-cert8.db
>
>dn: cn=config
>changetype: modify
>add: nsslapd-security
>nsslapd-security: on
>-
>replace: nsslapd-ssl-check-hostname
>nsslapd-ssl-check-hostname: off
>
>My question is how do I either get the admin console to try to connect
>via 389, rather than 636, or get SSL re-enabled on the directory server.
>
>Thanks in advance
>Brian
>
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users