[Freeipa-users] No LDAPS for dirsrv
Chris Mohler
cmohler at oberlin.edu
Tue Feb 17 16:35:57 UTC 2015
On 02/17/2015 11:26 AM, Thomas Raehalme wrote:
> Hi!
>
> As I wrote earlier we are having some serious problems with IPA right
> now. dirsrv seems to hang every 15 minutes or so, but that's another post.
>
> It seems that slapd/dirsrv is now only listening on port 389 for LDAP
> and socket for LDAPI requests. Any idea what could have caused
> previously available LDAPS port 636 to disappear?
>
> Looking at the logs before this whole ordeal started port 636 was also
> in use.
>
> After the latest upgrade I have re-enabled port 389 manually because
> it's used by some apps, but disabling it also doesn't bring back port 636.
>
> Best regards,
> Thomas
>
>
Hi Thomas,
I'm not an expert but just throwing out a few ideas for you.
> As I wrote earlier we are having some serious problems with IPA right
> now. dirsrv seems to hang every 15 minutes or so, but that's another post.
Are you running in a VM? If so check your entropy.
cat /proc/sys/kernel/random/entropy_avail
It should be ~1k less than 50 is not great and caused me some issues in
the past.
> It seems that slapd/dirsrv is now only listening on port 389 for LDAP
> and socket for LDAPI requests. Any idea what could have caused
> previously available LDAPS port 636 to disappear?
Did your certificates expire? I usually check the web interface and look
at the SSL Cert in the browser to see when it expires. I bet there is a
better way to check but I don't know it off hand.
It might help to know what OS/version you are using? and what version of
FreeIPA you are using.
Cheers, and Good luck,
-Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150217/31805081/attachment.htm>
More information about the Freeipa-users
mailing list