Stephen Gallagher wrote:
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:

PKI
nsslapd-secureport: 7390

Why doesn IPA set up  ldaps    on port 636?


I think you're confused. FreeIPA does indeed set up to listen on both
636 (LDAPS) and 389 (LDAP/TLS) by default.

Take a look at 'netstat -lptn' as root.

If you cannot connect to the LDAPS port, it may be due to a firewall
issue or a certificate issue (make sure you have the FreeIPA CA cert
loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that
directory)

Adam, are you looking in dse.ldif? I'm guessing that the default settings aren't written. It does appear in ldap:

$ ldapsearch -LL -x -D 'cn=directory manager' -W -s base -b cn=config nsslapd-secureport
Enter LDAP Password:
version: 1

dn: cn=config
nsslapd-secureport: 636

It isn't set in dse.ldif:

# grep -c nsslapd-secureport /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
0

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to