[389-users] Command line to request certificate

Rich Megginson rmeggins at redhat.com
Thu Aug 13 15:58:25 UTC 2009 

Prashanth Sundaram wrote:
> Rich,
>
> I went forward with manual SSL install. I still see the console 
> showing ldap.foo.com:389 on the top tree level.
That's just for labeling. If you have restarted the directory server 
after configuring it to use TLS, you should see in the error log a 
message that it is listening on the TLS/SSL port. You should also be 
able to use netstat to see that it is listening to both the LDAP port 
(389) and the LDAPS port (636) (or whatever other port numbers you may 
have configured).
> The “User DS” field in Admin server points to ldap.foo.com:636. I have 
> set all the encryption via console. Am I missing something? When I 
> issue ldapsearch –p 389, it returns ldap_sasl_interactive_bind_s: 
> Unknown authentication method (-6) additional info: SASL(-4): no 
> mechanism available:
/usr/bin/ldapsearch by default will attempt a SASL bind. You must use 
the -x argument to use simple bind.
>
> When I issue, ldapsearch –p 636 is asks for pass but hangs thereafter. 
> I have imported 500 entries. Also my indexes don’t seem to work, when 
> searched on console.
Why do you think your indexes are not working?
> I used proper ldapsearch with all possible switches -x , -Z, -ZZ.
Note that -Z will require you to configure your ldapsearch client to use 
a CA cert - see man ldap.conf - search for TLS - you can also create/use 
~/.ldaprc
> After I enabled indexing on the directory level and ou levels, when I 
> click on search with nothing on search bar, it retuns the ou levels 
> and not users. So I manually indexed individual users, they don;t show 
> up anyway.
I'm not sure what you mean by "index" in this context.
>
> Thanks,
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090813/dd065000/attachment.bin>

More information about the Fedora-directory-users mailing list