[Fedora-directory-users] Issues with SSL/Admin console

Thu Oct 6 20:05:04 UTC 2005

Here it is.

Thanks
Brian

On Thu, 2005-10-06 at 13:22 -0600, Rich Megginson wrote:
> I'm not sure.  Are you sure you have no extraneous or trailing white 
> spaces anywhere?  It might help if you could post the raw file.
> 
> Brian Kosick wrote:
> 
> >Hi All,
> >
> >I have a quick question.   I had SSL all setup and running on both the
> >admin server, and the directory server.  My manager wanted it setup on
> >his windows box, so I followed the WindowsConsole HOWTO, and kept
> >getting stuck in the Mozilla libs not being able to make the SSL socket
> >connection, returning with class not found.   I disabled SSL on the
> >admin server and was able to connect to that, and then disabled SSL on
> >the directory server, but couldn't get it to work.   Now on my linux
> >admin console, which worked beautifully before, It keeps trying to
> >connect to port 636, rather than 389.  
> >
> >I have tried re-enabling SSL in the directory server by following the
> >SSL Howto, but I keep getting
> >
> >ldapadd -f /tmp/ssl_enable.ldif -xv  -D "cn=Directory Manager" -h
> >qapxe.corp.mxlogic.com -w <snip>
> >ldap_initialize( ldap://qapxe.corp.mxlogic.com )
> >ldapadd: invalid format (line 8) entry: "cn=encryption,cn=config"
> >
> >Based on a list thread that I found, I removed all the newlines in 
> >cipher list and still have the same issue.
> >
> >Here's my enable_ssl.ldif
> >dn: cn=encryption,cn=config
> >changetype: modify
> >replace: nsSSL3
> >nsSSL3: on
> >-
> >replace: nsSSLClientAuth
> >nsSSLClientAuth: allowed
> >-
> >add: nsSSL3Ciphers
> >nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,
> >+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
> >+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,
> >+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
> >-
> >add: nsKeyfile
> >nsKeyfile: alias/slapd-qapxe-key3.db
> >-
> >add: nsCertfile
> >nsCertfile: alias/slapd-qapxe-cert8.db
> >
> >dn: cn=config
> >changetype: modify
> >add: nsslapd-security
> >nsslapd-security: on
> >-
> >replace: nsslapd-ssl-check-hostname
> >nsslapd-ssl-check-hostname: off
> >
> >My question is how do I either get the admin console to try to connect
> >via 389, rather than 636, or get SSL re-enabled on the directory server.
> >
> >Thanks in advance
> >Brian
> >  
> >
> >------------------------------------------------------------------------
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users at redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >  
> >
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
-
add: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
-
add: nsKeyfile
nsKeyfile: alias/slapd-qapxe-key3.db
-
add: nsCertfile
nsCertfile: alias/slapd-qapxe-cert8.db

dn: cn=config
changetype: modify
add: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2846 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051006/d569dd48/attachment.bin>