[389-users] Help disabling SSL

John A. Sullivan III jsullivan at opensourcedevel.com
Fri Oct 1 01:24:35 UTC 2010


On Thu, 2010-09-30 at 19:50 -0500, Sean Carolan wrote:
> Due to some issues with an expired SSL cert I had to disable SSL on
> our 389 directory server.  It's working fine for authentication
> without SSL, but I have lost all ability to manage the server via the
> management console.  It appears that the management console still
> wants to connect to the directory server on port 636, but I see no way
> to change what port it uses.  Also, both Administration server and
> Directory server are showing Server status: Stopped, even though I
> know both are running.
> 
> Anyone have some pointers on how to disable all SSL on the management console?
<snip>
Ouch! That happened to us once before and it was a real pain.  I believe
this is how we did it:

/usr/lib64/mozldap/ldapsearch -x -b o=netscaperoot -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address> "objectclass=nsAdminConfig"

That should give you the various bits of information you will need to
make the changes.  In particular, you will need the dn of the
nsAdminConfig object and you will be changing the nsServerSecurity
attribute and I think we also needed to reset the nsServerAddress
attribute although I don't recall why.  The steps are:

/usr/lib64/mozldap/ldapmodify -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address>
Enter bind password:
dn: <dn from above>
changetype: modify
replace: nsServerSecurity
nsServerSecurity: off
<CTL><D>
dn: <dn from above>
changetype: modify
replace: nsServerAddress
nsServerAddress: <ldap server IP address>

<CTL><D> twice to exit

Hope that helps - John





More information about the 389-users mailing list