On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote:
> [root@ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI-
> IPA/dse.ldif
> [root@ipa0 slapd-PKI-IPA]#
> So, it apparently is not in there at all.  There are a couple dse.ldif
> backup configs in that dir, but nothing in them either.
> In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see:
> nsslapd-security: on

So, I copied the cert8.db, key3.db, secmod.db and pin.txt and pwdfile.txt from 
/etc/dirsrv/slapd-LAB-WHAMCLOUD-COM to /etc/dirsrv/slapd-PKI-CA.

I edited PKI-CA's dse.ldif to include

nsslapd-security: on

but when I try to start it, I get:

# /etc/init.d/dirsrv start PKI-IPA
Starting dirsrv: 
    PKI-IPA...[21/Jun/2013:15:50:17 -0700] createprlistensockets - PR_Bind() 
on All Interfaces port 636 failed: Netscape Portable Runtime error -5982 
(Local Network address is in use.)
  *** Warning: 1 instance(s) failed to start

I see that the PKI-CA is listening on 7389, and has these lines in its config:

nsslapd-port: 7389
nsslapd-referral: ldap://ipa1.lab.whamcloud.com:7389/o%3Dipaca
nsDS5ReplicaPort: 7389
nsds50ruv: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 4d48c6ad00000061000
nsds50ruv: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 4d48c6cb00000060000
nsruvReplicaLastModified: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 0000
nsruvReplicaLastModified: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 0000
nsDS5ReplicaPort: 7389

Is there a way to

1) set it to listen on 7636 for ldaps
2) Enable TLS without having it try to listen on 636?

I see that the LAB-WHAMCLOUD-COM dse.ldif also contains this:

nsusestarttls: off

So I don't know if TLS connections will work there either.

Still trying to figure this out...


Freeipa-users mailing list

Reply via email to