Hello: I broke access completely to my LDAP after following the SSL HOWTO (in part because there are 2 sets of instructions -- one is a Redhat link appearing at the top of that howto page, which is what I followed and coincidently broke access with, the other set of instructions appear on the same page shortly after that Redhat link and was the correct way I should have implemented my self-signed certs). I am pretty sure this has to do with ports since there is some mention of needing to be at a port above 1024 if installed root, however I installed and run it as nobody. How do I go back in and disable SSL now that I can''t access anything? I can''t seem to log in anywhere now with my directory manager password. Thanks for the assistance. -jeff ____________________________________________________________________________________ Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
Richard Megginson
2007-Aug-30 00:05 UTC
Re: [Fedora-directory-users] Removing SSL, broke access
Jeff wrote:> Hello: > > I broke access completely to my LDAP after following > the SSL HOWTO (in part because there are 2 sets of > instructions -- one is a Redhat link appearing at the > top of that howto page, which is what I followed and > coincidently broke access with, the other set of > instructions appear on the same page shortly after > that Redhat link and was the correct way I should have > implemented my self-signed certs). I am pretty sure > this has to do with ports since there is some mention > of needing to be at a port above 1024 if installed > root, however I installed and run it as nobody. >Why do you think it has to do with ports? Note that the server can run as "nobody" and listen to 389 and/or 636, as long as the servers are _started_ by root (or from init). The server drops privileges after binding to the ports.> How do I go back in and disable SSL now that I can''t > access anything? I can''t seem to log in anywhere now > with my directory manager password. >It depends. But you can usually stop the server, edit dse.ldif, set nsslapd-security: off, save, and start.> Thanks for the assistance. > > -jeff > > > > ____________________________________________________________________________________ > Yahoo! oneSearch: Finally, mobile search > that gives answers, not web links. > http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >