On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote:
> [root@ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI-
> IPA/dse.ldif
> [root@ipa0 slapd-PKI-IPA]#
>
> So, it apparently is not in there at all. There are a couple dse.ldif
> backup configs in that dir, but nothing in them either.
>
> In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see:
>
> nsslapd-security: on
So, I copied the cert8.db, key3.db, secmod.db and pin.txt and pwdfile.txt from
/etc/dirsrv/slapd-LAB-WHAMCLOUD-COM to /etc/dirsrv/slapd-PKI-CA.
I edited PKI-CA's dse.ldif to include
nsslapd-security: on
but when I try to start it, I get:
# /etc/init.d/dirsrv start PKI-IPA
Starting dirsrv:
PKI-IPA...[21/Jun/2013:15:50:17 -0700] createprlistensockets - PR_Bind()
on All Interfaces port 636 failed: Netscape Portable Runtime error -5982
(Local Network address is in use.)
[FAILED]
*** Warning: 1 instance(s) failed to start
I see that the PKI-CA is listening on 7389, and has these lines in its config:
nsslapd-port: 7389
nsslapd-referral: ldap://ipa1.lab.whamcloud.com:7389/o%3Dipaca
nsDS5ReplicaPort: 7389
nsds50ruv: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 4d48c6ad00000061000
nsds50ruv: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 4d48c6cb00000060000
nsruvReplicaLastModified: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 0000
nsruvReplicaLastModified: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 0000
nsDS5ReplicaPort: 7389
Is there a way to
1) set it to listen on 7636 for ldaps
or
2) Enable TLS without having it try to listen on 636?
I see that the LAB-WHAMCLOUD-COM dse.ldif also contains this:
nsusestarttls: off
So I don't know if TLS connections will work there either.
Still trying to figure this out...
j
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
