On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote: > [root@ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI- > IPA/dse.ldif > [root@ipa0 slapd-PKI-IPA]# > > So, it apparently is not in there at all. There are a couple dse.ldif > backup configs in that dir, but nothing in them either. > > In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see: > > nsslapd-security: on
So, I copied the cert8.db, key3.db, secmod.db and pin.txt and pwdfile.txt from /etc/dirsrv/slapd-LAB-WHAMCLOUD-COM to /etc/dirsrv/slapd-PKI-CA. I edited PKI-CA's dse.ldif to include nsslapd-security: on but when I try to start it, I get: # /etc/init.d/dirsrv start PKI-IPA Starting dirsrv: PKI-IPA...[21/Jun/2013:15:50:17 -0700] createprlistensockets - PR_Bind() on All Interfaces port 636 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.) [FAILED] *** Warning: 1 instance(s) failed to start I see that the PKI-CA is listening on 7389, and has these lines in its config: nsslapd-port: 7389 nsslapd-referral: ldap://ipa1.lab.whamcloud.com:7389/o%3Dipaca nsDS5ReplicaPort: 7389 nsds50ruv: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 4d48c6ad00000061000 nsds50ruv: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 4d48c6cb00000060000 nsruvReplicaLastModified: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 0000 nsruvReplicaLastModified: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 0000 nsDS5ReplicaPort: 7389 Is there a way to 1) set it to listen on 7636 for ldaps or 2) Enable TLS without having it try to listen on 636? I see that the LAB-WHAMCLOUD-COM dse.ldif also contains this: nsusestarttls: off So I don't know if TLS connections will work there either. Still trying to figure this out... j _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users