On 11/08/2011 08:43 AM, Rob Crittenden wrote:
Stephen Gallagher wrote:
On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:
I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:
PKI
nsslapd-secureport: 7390
Why doesn IPA set up ldaps on port 636?
I think you're confused. FreeIPA does indeed set up to listen on both
636 (LDAPS) and 389 (LDAP/TLS) by default.
Take a look at 'netstat -lptn' as root.
If you cannot connect to the LDAPS port, it may be due to a firewall
issue or a certificate issue (make sure you have the FreeIPA CA cert
loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that
directory)
Adam, are you looking in dse.ldif? I'm guessing that the default
settings aren't written. It does appear in ldap:
Yes, I was. Thanks.
$ ldapsearch -LL -x -D 'cn=directory manager' -W -s base -b cn=config
nsslapd-secureport
Enter LDAP Password:
version: 1
dn: cn=config
nsslapd-secureport: 636
It isn't set in dse.ldif:
# grep -c nsslapd-secureport /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
0
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel