On 24 Dec 2012, at 09:18, Vlad vovan@vovan.nl wrote:
Obviously the setup-ds.pl script can be modified to import certificate, but I'd prefer installing server without SSL firstly and then use additional script to install certificate(s) and enable SSL for server/admin unattended. Let me know if you need any examples.
This is a real pity.
The ConfigFile option is a clean and simple way to load ldif without messing about with trying to script an ldapmodify, which in turn means trying to script a secure way to pass the credentials.
It didn't make any sense that you could preconfigure the directory but not preconfigure the certs, which has to be done before you can preconfigure the ssl directory config. The error you get when trying to add the cn=RSA,cn=encryption,cn=config object when the corresponding cert doesn't exist is "No such object", which implies that cn=encryption,cn=config does not exist, which obviously it does.
Regards, Graham --