[Fedora-directory-users] Infinite loop during installation process
Richard Megginson
rmeggins at redhat.com
Mon Nov 6 22:29:08 UTC 2006
Graham Leggett wrote:
> Richard Megginson wrote:
>
>>> It appears when an attempt is made to select "manage certificates",
>>> and a number of other places.
>> I think this means it's trying to talk SSL. It could be attempting
>> to open an https connection to the admin server which is only
>> listening to http. You could try starting the console using
>> startconsole -D 9 > file 2>&1
>> to capture the detailed debug log to file. This should give us more
>> information about what it's doing when it gets that exception.
>
> Using tcplow to sniff the admin console port, the admin server is
> definitely trying to talk ssl.
>
> Is there a method of telling the admin server _not_ to use SSL? I have
> searched high and low inside the directory, and all the config I can
> find has the admin server defined with SSL disabled.
>
> Alternatively, is there a way to switch SSL on on the admin server
> without using the console?
1) edit admin-serv/config/console.conf and change NSSEngine from "on" to
"off"
2) find the cn=configuration entry for the admin server:
ldapsearch -x -D "cn=directory manager" -w password -s sub -b
o=netscaperoot "nsserversecurity=on"
3) If this returns the config entry for the admin server, use ldapmodify
to turn security off:
ldapmodify -x -D "cn=directory manager" -w password
dn: dn returned above
changetype: modify
replace: nsServerSecurity
nsServerSecurity: off
4) restart admin server - restart-admin
This should cause admin server to use http instead of https.
>
> Regards,
> Graham
> --
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20061106/9e2c7745/attachment.bin>
More information about the 389-users
mailing list