On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote:
Craig White wrote:
>FDS is running as nobody UID - I checked off in console to run with SSL
>eneabled, ignored warning about only root can run ports < 1024 restarted
>server - you know what happened next ;-)
>
>
No, not really. The admin server has the capability to start up slapd
as root so that it can listen to port 389 and 636. slapd then does a
setuid to "nobody" after it has bound to these ports.
----
ok - good to know. It is running and peering into console I see that it
is still checked. Restarting from console was a failure and I ended up
closing out the console, restarting from SysV and getting back into
console (that's not a big problem but very confusing)
----
>OK so I have it turned off and server back up and running.
>
>1. Following instructions on wiki...
>
http://directory.fedora.redhat.com/wiki/Howto:SSL
>
> # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)'
> SSL initialization failed: error -8192 (An I/O error occurred
> during security authorization.)
>
>
No, not exactly. The instructions assume you are setting up the other
ldap clients on the linux box, almost all of which use openldap. So, in
order to test, you must use the openldap ldapsearch from /usr/bin.
----
OK - not a problem, I can use openldap clients...
# ldapsearch -ZZ '(uid=jim)'
ldap_start_tls: Protocol error (2)
additional info: unsupported extended operation
oh - oh...still same issue
# tail -n 5 /etc/openldap/ldap.conf
URI
ldap://srv1.clsurvey.com
HOST 127.0.0.1
BASE dc=clsurvey,dc=com
TLS_CACERTDIR /etc/ssl
TLS_REQCERT allow
tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access
[08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT
oid="1.3.6.1.4.1.1466.20037"
[08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120
nentries=0 etime=0
[08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1
[08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from
127.0.0.1 to 127.0.0.1
?
Craig