Re: [Freeipa-devel] LDAPS for the IPA LDAP server?

Adam Young Tue, 08 Nov 2011 07:33:06 -0800

On 11/08/2011 08:43 AM, Rob Crittenden wrote:

Stephen Gallagher wrote:

On Mon, 2011-11-07 at 21:24 -0500, Adam Young wrote:

I noticed that the PKI Directory server has a secure port set but the
IPA DS instance does not:


PKI
nsslapd-secureport: 7390

Why doesn IPA set up  ldaps    on port 636?



I think you're confused. FreeIPA does indeed set up to listen on both
636 (LDAPS) and 389 (LDAP/TLS) by default.

Take a look at 'netstat -lptn' as root.

If you cannot connect to the LDAPS port, it may be due to a firewall
issue or a certificate issue (make sure you have the FreeIPA CA cert
loaded in /etc/openldap/cacerts and have called cacertdir_rehash on that
directory)

Adam, are you looking in dse.ldif? I'm guessing that the defaultsettings aren't written. It does appear in ldap:


Yes, I was.  Thanks.

$ ldapsearch -LL -x -D 'cn=directory manager' -W -s base -b cn=confignsslapd-secureport

Enter LDAP Password:
version: 1

dn: cn=config
nsslapd-secureport: 636

It isn't set in dse.ldif:

# grep -c nsslapd-secureport /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
0

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] LDAPS for the IPA LDAP server?

Reply via email to