[Freeipa-devel] LDAPS for the IPA LDAP server?
Rob Crittenden
rcritten at redhat.com
Tue Nov 8 13:43:25 UTC 2011
Stephen Gallagher wrote:
> On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
>> I noticed that the PKI Directory server has a secure port set but the
>> IPA DS instance does not:
>>
>> PKI
>> nsslapd-secureport: 7390
>>
>> Why doesn IPA set up ldaps on port 636?
>
>
> I think you're confused. FreeIPA does indeed set up to listen on both
> 636 (LDAPS) and 389 (LDAP/TLS) by default.
>
> Take a look at 'netstat -lptn' as root.
>
> If you cannot connect to the LDAPS port, it may be due to a firewall
> issue or a certificate issue (make sure you have the FreeIPA CA cert
> loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that
> directory)
Adam, are you looking in dse.ldif? I'm guessing that the default
settings aren't written. It does appear in ldap:
$ ldapsearch -LL -x -D 'cn=directory manager' -W -s base -b cn=config
nsslapd-secureport
Enter LDAP Password:
version: 1
dn: cn=config
nsslapd-secureport: 636
It isn't set in dse.ldif:
# grep -c nsslapd-secureport /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
0
rob
More information about the Freeipa-devel
mailing list