[Fedora-directory-users] Auto-Staring slapd in SSL mode
Tay, Gary
Gary_Tay at platts.com
Thu Jul 14 08:38:01 UTC 2005
You wrote:
===
Later, when you start the server on the command line,
this second password is required.
===
I suspect something was not done properly, I may not wrong.
If the slapd-`hostname`-pin.txt has been setup correctly, ./start-slapd
will NOT prompt you for any SSL Security DB private key password.
Pls double check these two points (I am saying this based on my
experience with SUN ONE DS5.2 which is similar to FDS7.1)
1) When you create the PIN text file.
# echo "Internal (Software) Token:secret"
>$FDS_ROOT/alias/slapd-`hostname`-pin.txt
IMPORTANT NOTE: DO NOT LEAVE ANY SPACES after the "Token:" and at the
end of the line or else the password will not be recognized by
"start-slapd".
2) You need to protect this PIN text file with mode 400 or else
"start-slapd" will not be happy to let you go auto.
# chmod 400 $FDS_ROOT/alias/slapd-`hostname`-pin.txt
Rgds
Gary
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Vsevolod
(Simon) Ilyushchenko
Sent: Thursday, July 14, 2005 3:32 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Database recreation,automount and
performance
Rich,
Thanks for the quick answer! Perhaps this information should go into the
FAQ - what do you think?
Rich Megginson wrote on 07/13/2005 12:47 PM:
> The IETF LDAP community has decided to deprecated them in favor of the
> new netgroups stuff.
OK, I'll reconfigure my entries. Does Fedora automounter understand the
netgroups structure?
> We don't yet have a way to set an ACI to allow users other than the
> Directory Manager (i.e. cn=Directory Manager, not the admin console
> user) to create the entry for a root suffix. In the console, you can
> Log In As New User, and specify cn=directory manager (or whatever you
> used for your directory manager user when you performed the initial
> installation).
This is very non-trivial. :) Creating the root suffix now works, but I
tried creating top-level entries one by one, as well as creating a new
server in the administration console, and it all failed. I had to delete
the RPM and reinstall it.
By the way, I found out that if I install the RPM a second time, the
admin console tries to connect to port 15918, but the admin server is
running on port 25394. I don't remember what port was used the first
time. :(
This time I successfully created an SSL-enabled directory and was able
to authenticate to it. I followed the steps here:
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158
to create a self-signed certificate.
For archives - the docs don't tell you that after running pk12util in
step 9 you first have to enter the password 'secretpwd' that you've
saved in the file pwdfile.txt, and then you have to create a different
startup password. Later, when you start the server on the command line,
this second password is required.
Simon
--
Simon (Vsevolod ILyushchenko) simonf at cshl.edu
http://www.simonf.com
Terrorism is a tactic and so to declare war on terrorism
is equivalent to Roosevelt's declaring war on blitzkrieg.
Zbigniew Brzezinski, U.S. national security advisor, 1977-81
--
Fedora-directory-users mailing list Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the Fedora-directory-users
mailing list