On Thu, 2010-09-30 at 19:50 -0500, Sean Carolan wrote:
Due to some issues with an expired SSL cert I had to disable SSL on
our 389 directory server. It's working fine for authentication
without SSL, but I have lost all ability to manage the server via the
management console. It appears that the management console still
wants to connect to the directory server on port 636, but I see no way
to change what port it uses. Also, both Administration server and
Directory server are showing Server status: Stopped, even though I
know both are running.
Anyone have some pointers on how to disable all SSL on the management console?
<snip>
Ouch! That happened to us once before and it was a real pain. I believe
this is how we did it:
/usr/lib64/mozldap/ldapsearch -x -b o=netscaperoot -D "cn=<Directory Manager
Name>" -w - -h <ldap server IP address>
"objectclass=nsAdminConfig"
That should give you the various bits of information you will need to
make the changes. In particular, you will need the dn of the
nsAdminConfig object and you will be changing the nsServerSecurity
attribute and I think we also needed to reset the nsServerAddress
attribute although I don't recall why. The steps are:
/usr/lib64/mozldap/ldapmodify -D "cn=<Directory Manager Name>" -w - -h
<ldap server IP address>
Enter bind password:
dn: <dn from above>
changetype: modify
replace: nsServerSecurity
nsServerSecurity: off
<CTL><D>
dn: <dn from above>
changetype: modify
replace: nsServerAddress
nsServerAddress: <ldap server IP address>
<CTL><D> twice to exit
Hope that helps - John