FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 10-01-2010, 12:50 AM
Sean Carolan
 
Default Help disabling SSL

Due to some issues with an expired SSL cert I had to disable SSL on
our 389 directory server. It's working fine for authentication
without SSL, but I have lost all ability to manage the server via the
management console. It appears that the management console still
wants to connect to the directory server on port 636, but I see no way
to change what port it uses. Also, both Administration server and
Directory server are showing Server status: Stopped, even though I
know both are running.

Anyone have some pointers on how to disable all SSL on the management console?
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-01-2010, 01:24 AM
"John A. Sullivan III"
 
Default Help disabling SSL

On Thu, 2010-09-30 at 19:50 -0500, Sean Carolan wrote:
> Due to some issues with an expired SSL cert I had to disable SSL on
> our 389 directory server. It's working fine for authentication
> without SSL, but I have lost all ability to manage the server via the
> management console. It appears that the management console still
> wants to connect to the directory server on port 636, but I see no way
> to change what port it uses. Also, both Administration server and
> Directory server are showing Server status: Stopped, even though I
> know both are running.
>
> Anyone have some pointers on how to disable all SSL on the management console?
<snip>
Ouch! That happened to us once before and it was a real pain. I believe
this is how we did it:

/usr/lib64/mozldap/ldapsearch -x -b o=netscaperoot -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address> "objectclass=nsAdminConfig"

That should give you the various bits of information you will need to
make the changes. In particular, you will need the dn of the
nsAdminConfig object and you will be changing the nsServerSecurity
attribute and I think we also needed to reset the nsServerAddress
attribute although I don't recall why. The steps are:

/usr/lib64/mozldap/ldapmodify -D "cn=<Directory Manager Name>" -w - -h <ldap server IP address>
Enter bind password:
dn: <dn from above>
changetype: modify
replace: nsServerSecurity
nsServerSecurity: off
<CTL><D>
dn: <dn from above>
changetype: modify
replace: nsServerAddress
nsServerAddress: <ldap server IP address>

<CTL><D> twice to exit

Hope that helps - John


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-01-2010, 01:40 AM
Sean Carolan
 
Default Help disabling SSL

> Ouch! That happened to us once before and it was a real pain. *I believe
> this is how we did it:

Thank you, this is what I ended up doing; turning off nsServerSecurity
did the trick.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-01-2010, 05:08 PM
"Edward Z. Yang"
 
Default Help disabling SSL

If I understand correctly, this also disables encryption, so your passwords
are being sent in the clear. Reenable ASAP!

Edward
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 01:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org