I found that the procedure you give me is part of my problem. I ended up with running remove-ds-admin.pl command then re-create my directory server instance and admin server instance. Luckily I kept answers file and ldif data. I also re-run the setupssl2.sh script. Since this time I didn't mess up with environment variables, it did go through successfully. I also did go through your procedure, and successfully run the ldapsearch command. However, how do I know "ldapsearch -x -L -b 'dc=christianbook,dc=com'" uses secure connection or not? I tail my access log, and it shows something like below:
[12/Apr/2016:21:24:47 -0400] conn=46 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[12/Apr/2016:21:24:47 -0400] conn=46 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[12/Apr/2016:21:24:47 -0400] conn=46 op=-1 fd=64 closed - Peer does not recognize and trust the CA that issued your certificate.
[12/Apr/2016:21:26:46 -0400] conn=47 fd=64 slot=64 connection from ::1 to ::1
[12/Apr/2016:21:26:46 -0400] conn=47 op=0 BIND dn="" method=128 version=3
[12/Apr/2016:21:26:46 -0400] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[12/Apr/2016:21:26:46 -0400] conn=47 op=1 SRCH base="dc=christianbook,dc=com" scope=2 filter="(objectClass=*)" attrs=ALL
[12/Apr/2016:21:26:46 -0400] conn=47 op=1 RESULT err=0 tag=101 nentries=103 etime=0 notes=U
[12/Apr/2016:21:26:46 -0400] conn=47 op=2 UNBIND
[12/Apr/2016:21:26:46 -0400] conn=47 op=2 fd=64 closed - U1
It did say "Peer does not recognize and trust the CA that issued your certificate." However, it did return 103 entries for the ldapsearch. I don't understand that. Is the secure connection successfully established or is it actually failed back to non-secure connection?
Thanks,
- xinhuan
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
No comments:
Post a Comment