Hi Graham,
I too haven't done enabling SSL using setup-ds.pl, and I don't believe setup-ds.pl was written to allow you to configure SSL as part of directory server initial setup.
Of course you can modify setup-ds.pl per your need to configure SSL in one shot but now you will be maintaining your own version of setup-ds.pl and you have to keep in sync with the latest setup-ds.pl if you decide to reinstall the LDAP with the latest version or for other reasons.
What I have been doing is similar to what Vlad suggested. I ran setup-ds.plfirst and then run my own script to configure SSL and replication. I believe the Red Hat Directory Server Administration has instructions on how to configure SSL via command-line.
Good luck!
- dc
On Mon, Dec 24, 2012 at 6:32 AM, Graham Leggett minfrin@sharp.fm wrote:
On 24 Dec 2012, at 12:52 PM, Vlad vovan@vovan.nl wrote:
I don't see the problem. Simply install DS without SSL and then:
- use ldapmodify to import SSL settings (see the example below)
- use pk12util tiu import certificate
- use certutil to change trusts
All the things above could be done completely unattended…
The problem is that the above shouldn't be necessary, because setup-ds.plhas the INF file and ConfigFile options to provide the config in one go. This ConfigFile mechanism is rendered useless, because there is no ability to configure the certificate database in advance.
Regards, Graham --
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users