Hi Graham, I too haven't done enabling SSL using setup-ds.pl, and I don't believe setup-ds.pl was written to allow you to configure SSL as part of directory server initial setup.
Of course you can modify setup-ds.pl per your need to configure SSL in one shot but now you will be maintaining your own version of setup-ds.pl and you have to keep in sync with the latest setup-ds.pl if you decide to reinstall the LDAP with the latest version or for other reasons. What I have been doing is similar to what Vlad suggested. I ran setup-ds.plfirst and then run my own script to configure SSL and replication. I believe the Red Hat Directory Server Administration has instructions on how to configure SSL via command-line. Good luck! - dc On Mon, Dec 24, 2012 at 6:32 AM, Graham Leggett <[email protected]> wrote: > On 24 Dec 2012, at 12:52 PM, Vlad <[email protected]> wrote: > > > I don't see the problem. Simply install DS without SSL and then: > > 1. use ldapmodify to import SSL settings (see the example below) > > 2. use pk12util tiu import certificate > > 3. use certutil to change trusts > > All the things above could be done completely unattended… > > The problem is that the above shouldn't be necessary, because setup-ds.plhas > the INF file and ConfigFile options to provide the config in one go. > This ConfigFile mechanism is rendered useless, because there is no ability > to configure the certificate database in advance. > > Regards, > Graham > -- > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
