Hi, I''m setting up FDS 1.0.2 on RHEL4 x86_64, and everything was going rather well, until I started trying to use SSL/TLS everywhere. Following the instructions in the Wiki I got the certificates created and installed using the provided script. I can now see the FDS listening on port 636. But I think I also enabled SSL or TLS for the admin server... which now refuses to start. All I see in the admin-serv/logs/error file is this : [Wed Jun 07 13:16:30 2006] [crit] buildUGInfo(): unable to initialize TLS connection to LDAP host ldap.mydomain port 636: 4 [Wed Jun 07 13:16:30 2006] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: Configuration Failed And I really don''t know how to fix this... I think I''ve really tried everything I could think of already. Setting the LogLevel to debug doesn''t give any more useful output. Is there any way I can revert to a plain connection to port 389? I don''t really understand the problem in the first place since I''ve put this in adm.conf but it didn''t change the error : ldapHost: ldap.mydomain ldapPort: 389 Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora Core release 5.89 (Rawhide) - Linux kernel 2.6.16-1.2232_FC6 Load : 1.51 1.39 1.22
I''m not sure it f this will work. Try NSSEngine off in admin-serv/config/console.conf? Matthias Saou wrote:> Hi, > > I''m setting up FDS 1.0.2 on RHEL4 x86_64, and everything was going > rather well, until I started trying to use SSL/TLS everywhere. > > Following the instructions in the Wiki I got the certificates created > and installed using the provided script. I can now see the FDS > listening on port 636. But I think I also enabled SSL or TLS for the > admin server... which now refuses to start. > > All I see in the admin-serv/logs/error file is this : > > [Wed Jun 07 13:16:30 2006] [crit] buildUGInfo(): unable to initialize > TLS connection to LDAP host ldap.mydomain port 636: 4 > [Wed Jun 07 13:16:30 2006] [crit] mod_admserv_post_config(): unable to > build user/group LDAP server info: > Configuration Failed > > And I really don''t know how to fix this... I think I''ve really tried > everything I could think of already. Setting the LogLevel to debug > doesn''t give any more useful output. > > Is there any way I can revert to a plain connection to port 389? I > don''t really understand the problem in the first place since I''ve put > this in adm.conf but it didn''t change the error : > > ldapHost: ldap.mydomain > ldapPort: 389 > > Matthias > >
Jeff Gamsby wrote :> I''m not sure it f this will work. > Try NSSEngine off in admin-serv/config/console.conf?Nope. It''s already off. I''ve looked at all the files in that directory and simply can''t figure out why it''s trying to connect to the FDS using TLS nor how to revert that behavior to the previous one. Other suggestions are welcome. Matthias> Matthias Saou wrote: > > Hi, > > > > I''m setting up FDS 1.0.2 on RHEL4 x86_64, and everything was going > > rather well, until I started trying to use SSL/TLS everywhere. > > > > Following the instructions in the Wiki I got the certificates created > > and installed using the provided script. I can now see the FDS > > listening on port 636. But I think I also enabled SSL or TLS for the > > admin server... which now refuses to start. > > > > All I see in the admin-serv/logs/error file is this : > > > > [Wed Jun 07 13:16:30 2006] [crit] buildUGInfo(): unable to initialize > > TLS connection to LDAP host ldap.mydomain port 636: 4 > > [Wed Jun 07 13:16:30 2006] [crit] mod_admserv_post_config(): unable to > > build user/group LDAP server info: > > Configuration Failed > > > > And I really don''t know how to fix this... I think I''ve really tried > > everything I could think of already. Setting the LogLevel to debug > > doesn''t give any more useful output. > > > > Is there any way I can revert to a plain connection to port 389? I > > don''t really understand the problem in the first place since I''ve put > > this in adm.conf but it didn''t change the error : > > > > ldapHost: ldap.mydomain > > ldapPort: 389 > > > > Matthias-- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora Core release 5.89 (Rawhide) - Linux kernel 2.6.16-1.2232_FC6 Load : 0.51 0.32 0.30
Matthias Saou wrote:> Jeff Gamsby wrote : > >> I''m not sure it f this will work. >> Try NSSEngine off in admin-serv/config/console.conf? > > Nope. It''s already off. I''ve looked at all the files in that directory > and simply can''t figure out why it''s trying to connect to the FDS using > TLS nor how to revert that behavior to the previous one. > > Other suggestions are welcome. > > MatthiasRight, console.conf configures the HTTP admin server itself, not the communication between the two servers. You need to edit /opt/fedora-ds/shared/config/dbswitch.conf and set it to ldap:// and port 389 (or whatever your non-secure port is). It worked in my quickie test anyway. rob> >> Matthias Saou wrote: >>> Hi, >>> >>> I''m setting up FDS 1.0.2 on RHEL4 x86_64, and everything was going >>> rather well, until I started trying to use SSL/TLS everywhere. >>> >>> Following the instructions in the Wiki I got the certificates created >>> and installed using the provided script. I can now see the FDS >>> listening on port 636. But I think I also enabled SSL or TLS for the >>> admin server... which now refuses to start. >>> >>> All I see in the admin-serv/logs/error file is this : >>> >>> [Wed Jun 07 13:16:30 2006] [crit] buildUGInfo(): unable to initialize >>> TLS connection to LDAP host ldap.mydomain port 636: 4 >>> [Wed Jun 07 13:16:30 2006] [crit] mod_admserv_post_config(): unable to >>> build user/group LDAP server info: >>> Configuration Failed >>> >>> And I really don''t know how to fix this... I think I''ve really tried >>> everything I could think of already. Setting the LogLevel to debug >>> doesn''t give any more useful output. >>> >>> Is there any way I can revert to a plain connection to port 389? I >>> don''t really understand the problem in the first place since I''ve put >>> this in adm.conf but it didn''t change the error : >>> >>> ldapHost: ldap.mydomain >>> ldapPort: 389 >>> >>> Matthias >
Rob Crittenden wrote :> Matthias Saou wrote: > > Jeff Gamsby wrote : > > > >> I''m not sure it f this will work. > >> Try NSSEngine off in admin-serv/config/console.conf? > > > > Nope. It''s already off. I''ve looked at all the files in that directory > > and simply can''t figure out why it''s trying to connect to the FDS using > > TLS nor how to revert that behavior to the previous one. > > > > Other suggestions are welcome. > > Right, console.conf configures the HTTP admin server itself, not the > communication between the two servers. > > You need to edit /opt/fedora-ds/shared/config/dbswitch.conf and set it > to ldap:// and port 389 (or whatever your non-secure port is). It worked > in my quickie test anyway.Aha, that''s where it was hiding! It works again, thanks a lot!! Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora Core release 5.89 (Rawhide) - Linux kernel 2.6.16-1.2232_FC6 Load : 0.69 0.65 0.52