[Freeipa-users] No LDAPS for dirsrv
Thomas Raehalme
thomas.raehalme at codecenter.fi
Tue Feb 17 17:20:29 UTC 2015
Hi Chris!
On Tue, Feb 17, 2015 at 6:35 PM, Chris Mohler <cmohler at oberlin.edu> wrote:
>
> As I wrote earlier we are having some serious problems with IPA right now.
> dirsrv seems to hang every 15 minutes or so, but that's another post.
>
> Are you running in a VM? If so check your entropy.
> cat /proc/sys/kernel/random/entropy_avail
> It should be ~1k less than 50 is not great and caused me some issues in
> the past.
>
Yes, the server is a VM. Entropy value is 135 at the moment. Do you know
how to increase the value?
It seems that slapd/dirsrv is now only listening on port 389 for LDAP and
> socket for LDAPI requests. Any idea what could have caused previously
> available LDAPS port 636 to disappear?
>
> Did your certificates expire? I usually check the web interface and look
> at the SSL Cert in the browser to see when it expires. I bet there is a
> better way to check but I don't know it off hand.
>
No, at least for the web interface certificates expire in August.
It turned out the nsslapd-security was 'off' when it should have been 'on'.
I really don't know what had changed the value.
Now I only wish we could resolve what's causing the dirsrv process to hang
(wrote about that in another message last Sunday) about 10 minutes after
IPA services were started.
Thanks for your help!
Best regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150217/7c25bd62/attachment.htm>
More information about the Freeipa-users
mailing list