Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   Help disabling SSL (http://www.linux-archive.org/fedora-directory/434041-help-disabling-ssl.html)

Sean Carolan 10-01-2010 12:50 AM
Help disabling SSL
 
Due to some issues with an expired SSL cert I had to disable SSL on
our 389 directory server. It's working fine for authentication
without SSL, but I have lost all ability to manage the server via the
management console. It appears that the management console still
wants to connect to the directory server on port 636, but I see no way
to change what port it uses. Also, both Administration server and
Directory server are showing Server status: Stopped, even though I
know both are running.

Anyone have some pointers on how to disable all SSL on the management console?
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

"John A. Sullivan III" 10-01-2010 01:24 AM
Help disabling SSL
 
On Thu, 2010-09-30 at 19:50 -0500, Sean Carolan wrote:
> Due to some issues with an expired SSL cert I had to disable SSL on
> our 389 directory server. It's working fine for authentication
> without SSL, but I have lost all ability to manage the server via the
> management console. It appears that the management console still
> wants to connect to the directory server on port 636, but I see no way
> to change what port it uses. Also, both Administration server and
> Directory server are showing Server status: Stopped, even though I
> know both are running.
>
> Anyone have some pointers on how to disable all SSL on the management console?
<snip>
Ouch! That happened to us once before and it was a real pain. I believe
this is how we did it:

/usr/lib64/mozldap/ldapsearch -x -b o=netscaperoot -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address> "objectclass=nsAdminConfig"

That should give you the various bits of information you will need to
make the changes. In particular, you will need the dn of the
nsAdminConfig object and you will be changing the nsServerSecurity
attribute and I think we also needed to reset the nsServerAddress
attribute although I don't recall why. The steps are:

/usr/lib64/mozldap/ldapmodify -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address>
Enter bind password:
dn: <dn from above>
changetype: modify
replace: nsServerSecurity
nsServerSecurity: off
<CTL><D>
dn: <dn from above>
changetype: modify
replace: nsServerAddress
nsServerAddress: <ldap server IP address>

<CTL><D> twice to exit

Hope that helps - John


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Sean Carolan 10-01-2010 01:40 AM
Help disabling SSL
 
> Ouch! That happened to us once before and it was a real pain. *I believe
> this is how we did it:

Thank you, this is what I ended up doing; turning off nsServerSecurity
did the trick.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

"Edward Z. Yang" 10-01-2010 05:08 PM
Help disabling SSL
 
If I understand correctly, this also disables encryption, so your passwords
are being sent in the clear. Reenable ASAP!

Edward
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 03:06 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.