[Fedora-directory-users] Issues with SSL/Admin console

Fri Oct 7 02:25:28 UTC 2005

Try using ldapmodify instead of ldapadd.

Brian Kosick wrote:

>Here it is.
>
>Thanks
>Brian
>
>On Thu, 2005-10-06 at 13:22 -0600, Rich Megginson wrote:
>  
>
>>I'm not sure.  Are you sure you have no extraneous or trailing white 
>>spaces anywhere?  It might help if you could post the raw file.
>>
>>Brian Kosick wrote:
>>
>>    
>>
>>>Hi All,
>>>
>>>I have a quick question.   I had SSL all setup and running on both the
>>>admin server, and the directory server.  My manager wanted it setup on
>>>his windows box, so I followed the WindowsConsole HOWTO, and kept
>>>getting stuck in the Mozilla libs not being able to make the SSL socket
>>>connection, returning with class not found.   I disabled SSL on the
>>>admin server and was able to connect to that, and then disabled SSL on
>>>the directory server, but couldn't get it to work.   Now on my linux
>>>admin console, which worked beautifully before, It keeps trying to
>>>connect to port 636, rather than 389.  
>>>
>>>I have tried re-enabling SSL in the directory server by following the
>>>SSL Howto, but I keep getting
>>>
>>>ldapadd -f /tmp/ssl_enable.ldif -xv  -D "cn=Directory Manager" -h
>>>qapxe.corp.mxlogic.com -w <snip>
>>>ldap_initialize( ldap://qapxe.corp.mxlogic.com )
>>>ldapadd: invalid format (line 8) entry: "cn=encryption,cn=config"
>>>
>>>Based on a list thread that I found, I removed all the newlines in 
>>>cipher list and still have the same issue.
>>>
>>>Here's my enable_ssl.ldif
>>>dn: cn=encryption,cn=config
>>>changetype: modify
>>>replace: nsSSL3
>>>nsSSL3: on
>>>-
>>>replace: nsSSLClientAuth
>>>nsSSLClientAuth: allowed
>>>-
>>>add: nsSSL3Ciphers
>>>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,
>>>+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
>>>+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,
>>>+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
>>>-
>>>add: nsKeyfile
>>>nsKeyfile: alias/slapd-qapxe-key3.db
>>>-
>>>add: nsCertfile
>>>nsCertfile: alias/slapd-qapxe-cert8.db
>>>
>>>dn: cn=config
>>>changetype: modify
>>>add: nsslapd-security
>>>nsslapd-security: on
>>>-
>>>replace: nsslapd-ssl-check-hostname
>>>nsslapd-ssl-check-hostname: off
>>>
>>>My question is how do I either get the admin console to try to connect
>>>via 389, rather than 636, or get SSL re-enabled on the directory server.
>>>
>>>Thanks in advance
>>>Brian
>>> 
>>>
>>>------------------------------------------------------------------------
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> 
>>>
>>>      
>>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>    
>>
>>------------------------------------------------------------------------
>>
>>dn: cn=encryption,cn=config
>>changetype: modify
>>replace: nsSSL3
>>nsSSL3: on
>>-
>>replace: nsSSLClientAuth
>>nsSSLClientAuth: allowed
>>-
>>add: nsSSL3Ciphers
>>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
>>-
>>add: nsKeyfile
>>nsKeyfile: alias/slapd-qapxe-key3.db
>>-
>>add: nsCertfile
>>nsCertfile: alias/slapd-qapxe-cert8.db
>>
>>dn: cn=config
>>changetype: modify
>>add: nsslapd-security
>>nsslapd-security: on
>>-
>>replace: nsslapd-ssl-check-hostname
>>nsslapd-ssl-check-hostname: off
>>    
>>
>>------------------------------------------------------------------------
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>    
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20051006/6e42d930/attachment.bin>