Anonymous_User Absent Member.
Absent Member.
3210 views

nldap - not listening on SSL port

Hi all

I have seen this problem on some threads, and read some TID, but nothing
that could help. This OES linux sp2 is running inside VMware (where i
see this pb all the time?)

nldap fails to start on port 636, thus preventing me from accessing
iManager. Also, eDir fails to start at system bootup because of this I
guess.

FBL-VM-oes:/etc/ssl/servercerts # nldap -s
NLDAP server loading / unloading utility for Novell eDirectory 8.7.3.7
v10554.24
SSL Port is disabled / not Listening

I tried deleting the Certificate objects via ConsoleOne, and ran a
ndsconfig upgrade to try reinstalling everything, but there is still
nothing being copied into /etc/ssl/servercerts. The objects are being
recreated however.

I tried following this -
http://wiki.novell.com/index.php/Recreating_Server_Certificates_on_OES_Linux -, but I couldn't reproduce it via consoleone.

I tried to reconfigure Edir from scratch via YaST, but no luck there
either.

Has anyone a tip/pointers?

Thanks a lot.

fred



Labels (2)
0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: nldap - not listening on SSL port

Fred Blaise wrote:
> Has anyone a tip/pointers?


- Did you make sure OpenLDAP isn't running?

- Did you check /var/log/messages and /var/nds/ndsd.log for any clues?

- Here's the consoleone-equivalent steps for that wiki article. I'll add
a note to the article:

http://www.novell.com/documentation/crt203ad/crtadmin/data/fbccjfei.html

But yeah, if there aren't any other errors, it is most likely that your
/etc/ssl/servercerts certificate isn't present.

--
Justin Grote
Novell Support Connection Sysop
Network Architect
JWG Networks
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nldap - not listening on SSL port

On Tue, 2006-05-30 at 15:36 +0000, Justin Grote [SysOp] wrote:
> Fred Blaise wrote:
> > Has anyone a tip/pointers?

>
> - Did you make sure OpenLDAP isn't running?

Yes. Not running. Never ran actually.

>
> - Did you check /var/log/messages and /var/nds/ndsd.log for any clues?

Nada.

>
> - Here's the consoleone-equivalent steps for that wiki article. I'll add
> a note to the article:
>
> http://www.novell.com/documentation/crt203ad/crtadmin/data/fbccjfei.html
>
> But yeah, if there aren't any other errors, it is most likely that your
> /etc/ssl/servercerts certificate isn't present.

Yes, the files are not there, and are not getting copied/created even
after an ndsconfig upgrade. I thought that would have taken care of it,
but apparently not.

I'll try your link, and post back my results. Thanks.

fred

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nldap - not listening on SSL port

Fred Blaise wrote:
> Yes, the files are not there, and are not getting copied/created even
> after an ndsconfig upgrade. I thought that would have taken care of it,
> but apparently not.


Is your certificate authority in working order? It can't mint any
certificates without a valid CA.

--
Justin Grote
Novell Support Connection Sysop
Network Architect
JWG Networks
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nldap - not listening on SSL port

On Tue, 2006-05-30 at 16:06 +0000, Justin Grote [SysOp] wrote:
> Fred Blaise wrote:
> > Yes, the files are not there, and are not getting copied/created even
> > after an ndsconfig upgrade. I thought that would have taken care of it,
> > but apparently not.

>
> Is your certificate authority in working order? It can't mint any
> certificates without a valid CA.

YaST says it is valid. This is the default CA created during
installation, without modifications.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nldap - not listening on SSL port

Fred Blaise wrote:
> YaST says it is valid. This is the default CA created during
> installation, without modifications.


The YaST CA is *completely* different from the eDirectory CA. The YaST
CA is a legacy setting from SLES9 that will probably be gone in OESv2.



In any case, if I remember correctly the Linux LDAP service pulls its
certificate directly from eDirectory and not the /etc/ssl/servercerts
one, so if the server certificate exists then it should be available to
the LDAP service.

Create a CA if it doesn't already exist:
http://www.novell.com/documentation/crt252/crtadmin/data/fbgccghh.html

then run ndsconfig upgrade. It should create the SSL CertificateIP and
SSL CertificateDNS files for the server in eDirectory. The LDAP service
should work then.

If worse comes to worst, you can always create another OES VM, join it
to the existing tree, and use its iManager to fix the problem.


--
Justin Grote
Novell Support Connection Sysop
Network Architect
JWG Networks
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.