[Fedora-directory-users] still working instructions through...

Richard Megginson rmeggins at redhat.com
Fri Dec 9 00:58:48 UTC 2005 

Craig White wrote:

>On Thu, 2005-12-08 at 16:37 -0700, Richard Megginson wrote:
>  
>
>>Craig White wrote:
>>
>>    
>>
>>>FDS is running as nobody UID - I checked off in console to run with SSL
>>>eneabled, ignored warning about only root can run ports < 1024 restarted
>>>server - you know what happened next   ;-)
>>> 
>>>
>>>      
>>>
>>No, not really.  The admin server has the capability to start up slapd 
>>as root so that it can listen to port 389 and 636.  slapd then does a 
>>setuid to "nobody" after it has bound to these ports.
>>    
>>
>----
>ok - good to know. It is running and peering into console I see that it
>is still checked. Restarting from console was a failure and I ended up
>closing out the console, restarting from SysV and getting back into
>console (that's not a big problem but very confusing)
>  
>
When you tried to restart in the console, what error messages did you 
get?  Did you get any error messages in admin-serv/logs/access or 
admin-serv/logs/error?

>----
>  
>
>>>OK so I have it turned off and server back up and running.
>>>
>>>1. Following instructions on wiki...
>>>  http://directory.fedora.redhat.com/wiki/Howto:SSL
>>>
>>>  # ./ldapsearch -b "dc=clsurvey,dc=com" -x -ZZ '(uid=jim)'
>>>  SSL initialization failed: error -8192 (An I/O error occurred 
>>>  during security authorization.)
>>> 
>>>
>>>      
>>>
>>No, not exactly.  The instructions assume you are setting up the other 
>>ldap clients on the linux box, almost all of which use openldap.  So, in 
>>order to test, you must use the openldap ldapsearch from /usr/bin.
>>    
>>
>----
>OK - not a problem, I can use openldap clients...
># ldapsearch -ZZ '(uid=jim)'
>ldap_start_tls: Protocol error (2)
>        additional info: unsupported extended operation
>  
>
You will get this error if you try to use startTLS but the server is not 
configured for security, which brings us back to your earlier problem . . .
What are the first few lines of slapd-srv1/logs/errors?

>oh - oh...still same issue
>
># tail -n 5 /etc/openldap/ldap.conf
>URI     ldap://srv1.clsurvey.com
>HOST 127.0.0.1
>BASE dc=clsurvey,dc=com
>TLS_CACERTDIR /etc/ssl
>TLS_REQCERT allow
>
>tail -n 4 /opt/fedora-ds/slapd-srv1/logs/access
>[08/Dec/2005:16:55:26 -0700] conn=20 op=0 EXT
>oid="1.3.6.1.4.1.1466.20037"
>[08/Dec/2005:16:55:26 -0700] conn=20 op=0 RESULT err=2 tag=120
>nentries=0 etime=0
>[08/Dec/2005:16:55:26 -0700] conn=20 op=-1 fd=66 closed - B1
>[08/Dec/2005:16:56:21 -0700] conn=0 fd=64 slot=64 connection from
>127.0.0.1 to 127.0.0.1
>
>?
>
>Craig
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051208/dc47fb27/attachment.bin>

More information about the Fedora-directory-users mailing list