I too haven't done enabling SSL using setup-ds.pl, and I don't believe
setup-ds.pl was written to allow you to configure SSL as part of directory
server initial setup.
Of course you can modify setup-ds.pl per your need to configure SSL in one
shot but now you will be maintaining your own version of setup-ds.pl and
you have to keep in sync with the latest setup-ds.pl if you decide to
reinstall the LDAP with the latest version or for other reasons.
What I have been doing is similar to what Vlad suggested. I ran
setup-ds.plfirst and then run my own script to configure SSL and
believe the Red Hat Directory Server Administration has instructions on how
to configure SSL via command-line.
On Mon, Dec 24, 2012 at 6:32 AM, Graham Leggett <minfrin(a)sharp.fm> wrote:
On 24 Dec 2012, at 12:52 PM, Vlad <vovan(a)vovan.nl> wrote:
> I don't see the problem. Simply install DS without SSL and then:
> 1. use ldapmodify to import SSL settings (see the example below)
> 2. use pk12util tiu import certificate
> 3. use certutil to change trusts
> All the things above could be done completely unattended…
The problem is that the above shouldn't be necessary, because setup-ds.plhas the INF
file and ConfigFile options to provide the config in one go.
This ConfigFile mechanism is rendered useless, because there is no ability
to configure the certificate database in advance.
389 users mailing list