Re: [Freeipa-devel] LDAPS for the IPA LDAP server?
On 11/08/2011 08:43 AM, Rob Crittenden wrote: Stephen Gallagher wrote: On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote: I noticed that the PKI Directory server has a secure port set but the IPA DS instance does not: PKI nsslapd-secureport: 7390 Why doesn IPA set up ldapson port 636? I think you're confused. FreeIPA does indeed set up to listen on both 636 (LDAPS) and 389 (LDAP/TLS) by default. Take a look at 'netstat -lptn' as root. If you cannot connect to the LDAPS port, it may be due to a firewall issue or a certificate issue (make sure you have the FreeIPA CA cert loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that directory) Adam, are you looking in dse.ldif? I'm guessing that the default settings aren't written. It does appear in ldap: Yes, I was. Thanks. $ ldapsearch -LL -x -D 'cn=directory manager' -W -s base -b cn=config nsslapd-secureport Enter LDAP Password: version: 1 dn: cn=config nsslapd-secureport: 636 It isn't set in dse.ldif: # grep -c nsslapd-secureport /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif 0 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] LDAPS for the IPA LDAP server?
Stephen Gallagher wrote: On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote: I noticed that the PKI Directory server has a secure port set but the IPA DS instance does not: PKI nsslapd-secureport: 7390 Why doesn IPA set up ldapson port 636? I think you're confused. FreeIPA does indeed set up to listen on both 636 (LDAPS) and 389 (LDAP/TLS) by default. Take a look at 'netstat -lptn' as root. If you cannot connect to the LDAPS port, it may be due to a firewall issue or a certificate issue (make sure you have the FreeIPA CA cert loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that directory) Adam, are you looking in dse.ldif? I'm guessing that the default settings aren't written. It does appear in ldap: $ ldapsearch -LL -x -D 'cn=directory manager' -W -s base -b cn=config nsslapd-secureport Enter LDAP Password: version: 1 dn: cn=config nsslapd-secureport: 636 It isn't set in dse.ldif: # grep -c nsslapd-secureport /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif 0 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] LDAPS for the IPA LDAP server?
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote: > I noticed that the PKI Directory server has a secure port set but the > IPA DS instance does not: > > PKI > nsslapd-secureport: 7390 > > Why doesn IPA set up ldapson port 636? I think you're confused. FreeIPA does indeed set up to listen on both 636 (LDAPS) and 389 (LDAP/TLS) by default. Take a look at 'netstat -lptn' as root. If you cannot connect to the LDAPS port, it may be due to a firewall issue or a certificate issue (make sure you have the FreeIPA CA cert loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that directory) signature.asc Description: This is a digitally signed message part ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] LDAPS for the IPA LDAP server?
Dne 8.11.2011 03:24, Adam Young napsal(a): I noticed that the PKI Directory server has a secure port set but the IPA DS instance does not: PKI nsslapd-secureport: 7390 Why doesn IPA set up ldaps on port 636? I guess secure connections are set up using STARTTLS. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel