[Freeipa-users] No LDAPS for dirsrv
Rob Crittenden
rcritten at redhat.com
Tue Feb 17 16:34:33 UTC 2015
Thomas Raehalme wrote:
> Hi!
>
> As I wrote earlier we are having some serious problems with IPA right
> now. dirsrv seems to hang every 15 minutes or so, but that's another post.
>
> It seems that slapd/dirsrv is now only listening on port 389 for LDAP
> and socket for LDAPI requests. Any idea what could have caused
> previously available LDAPS port 636 to disappear?
>
> Looking at the logs before this whole ordeal started port 636 was also
> in use.
>
> After the latest upgrade I have re-enabled port 389 manually because
> it's used by some apps, but disabling it also doesn't bring back port 636.
>
> Best regards,
> Thomas
>
>
If after an upgrade you had no listeners that means that the upgrade
failed and wasn't able to restore the previous state. Look in
/etc/dirsrv/slapd-YOURREALM for dse.ldif.ipa.#######. This is the copy
saved prior to the upgrade attempt. I'd diff it to dse.ldif to see what
has changed.
To enable port 636 just set nsslapd-security to on. If you do this via
dse.ldif you'll need to stop the service before editing the file.
Check /var/log/ipaupgrade.log for information on the upgrade.
rob
More information about the Freeipa-users
mailing list