Search Results

Search found 38064 results on 1523 pages for 'oracle linux'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 607/1523 | < Previous Page | 603 604 605 606 607 608 609 610 611 612 613 614  | Next Page >

  • ArchBeat Link-o-Rama for 2012-03-28

    - by Bob Rhubart
    Beware the 'Facebook Effect' when service-orienting information technology | Joe McKenrick www.zdnet.com Experiences seen with Facebook provide a fair warning to shared-service providers in enterprises. Cookbook: SES and UCM setup | George Maggessy blogs.oracle.com WebCenter A-Team member George Maggessy guides you through setting up the integration between UCM and SES. Using Oracle VM with Amazon EC2 | Marc Fielding www.pythian.com "If you’re planning on running Oracle VM with Amazon EC2, there are some important limitations you should know about," says Pythian's Marc Fielding. Oracle Enterprise Pack for Eclipse 12.1.1 update on OTN blogs.oracle.com Oracle Enterprise Pack for Eclipse (OEPE) 12.1.1.0.1 was released to OTN last week with support for new standards and several new features. Thought for the Day "If the mind really is the finest computer, then there are a lot of people out there who need to be rebooted." — Tim Bryce

    Read the article

  • Can't SSH to remote server,how to avoid this

    - by snow8261
    From time to time,we suffer problems like we can not remote connect to our server via ssh.So we have to send someone on site to restart the computer for this problem.It causes a lot of pain.The situation is we have to remote connect to our server,which are very important like database server and application server and etc.We have met problems like ssh hang,like command ssh [email protected] with no response. when using ssh -v debug mode, it says : debug1: Connection established. debug1: identity file /.ssh/identity type -1 debug1: identity file /.ssh/id_rsa type -1 debug1: identity file /.ssh/id_dsa type -1 debug1: loaded 3 keys and we met this situation many times with no clue how to solve it.Is any log which can identify this problem? or Is there a tool for this problem? help needed!Any idea are appreciated.

    Read the article

  • x11vnc is slow, but using only 10% of available bandwidth

    - by mmm
    I am using x11vnc over 15Mbit/s network with 20ms latency. When the screen is changing a lot x11vnc is slow - for example when I switch a tab in a browser, it takes almost two seconds until the view is fully redrawn. The strange thing is that max connection speed of x11vnc is even during slow redrawing only about 10% of the available bandwidth. Why is x11vnc not using available bandwidth to speed the redrawing up? For example scp is using 100% of available bandwidth without problems. How can I identify what is the bottleneck for x11vnc on my system? So far I think: 10% network usage = network is not a bottleneck fb read rate: 601 MB/sec = reading fb is not a bottleneck Any ideas how can I further profile x11vnc and find out what is causing a slowdown? For example is there any switch for x11vnc to show how much data it is handling and how long it takes to grab a screen, process and compress it and send it over the network?

    Read the article

  • Elinks and flash

    - by bajki
    Hello everybody, is there a possibility to "use" flash based objects with elinks ? I mean, i have an online flash based multiplayer game ( http://haxball.appspot.com ) and i want to connect to game with elinks installed on my shell server to create an always-present game room. To do it, i need a terminal-based webbrowser with flash support. There is an elinks installed so it would be great if there is such a possibility in it. Any ideas? Thanks, Mike

    Read the article

  • "postgres blocked for more than 120 seconds" - is my db still consistent?

    - by nn4l
    I am using an iscsi volume on an Open-E storage system for several virtual machines running on a XenServer host. Occasionally, when there is a very high disk I/O load on the virtual machines (and therefore also on the storage system), I got this error message on the vm consoles: [2594520.161701] INFO: task kjournald:117 blocked for more than 120 seconds. [2594520.161787] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [2594520.162194] INFO: task flush-202:0:229 blocked for more than 120 seconds. [2594520.162274] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [2594520.162801] INFO: task postgres:1567 blocked for more than 120 seconds. [2594520.162882] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. I understand this error message is caused by the kernel to inform that these processes haven't been run for 120 seconds, most likely because a disk access to the storage system has not yet been processed. But what is the effect on the processes. For example, will the postgres process eventually write its data when the storage system is idle again after a few minutes, so that all data is still consistent? Or will it abort the write, leaving some tables in an inconsistent state? I certainly expect that the former should be the case - if the disk access is slow, postgres (or any other affected process) should just wait as long as it takes. I can live with the application hanging for a few minutes. But if there is a chance for data corruption then any of these errors is really bad news. Please advise what to do here.

    Read the article

  • Preventing auto-restart of nautilus on gnome 2.28

    - by Ivan Vucica
    Cheers! I dislike disobedience from my system. When I want to explicitly kill Nautilus with kill or killall, I am no longer able to do so. Previously I could disable this erroneous behavior (which even Windows do not exhibit!) through gnome-session-properties, however, it is no longer possible to set the "restart style" there (or whatever it was called). What is nowadays the correct way to disable nautilus autorestart under gnome? Reasons: I'm writing a piece of software that's painting directly into X11 root window. Nautilus is interfering. Compiz has a wallpapers plugin which Nautilus is painting over.

    Read the article

  • Good Free Ubuntu Server VMWare Image Needed

    - by Yaakov Ellis
    Can anyone recommend a good, free Ubuntu Server VMWare Image (or Virtual Appliance, as they call them)? I have looked on the VMWare VAM and there are literally hundreds to choose from. I am looking for something that can with very minimal effort serve as a development platform for LAMP applications (so it should have all of those installed, plus things like PhpMyAdmin). Bonus points if there is some way to create new Virtual Hosts (for developing and testing new sites) on Apache without having to go digging around conf files and guessing on the sytax.

    Read the article

  • Segmentation fault on login to mysql

    - by numberwhun
    Hello everyone! I recently did a fresh install of Ubuntu on my laptop (HP dv7, AMD Dual Core with 4 gigs RAM). I am working on installing my development environment and tools and one of the first things I was working on is getting MySQL installed. The following was my configure statement with options: ./configure --prefix=/usr/local/mysql --with-big-tables --with-unix-socket-path=/usr/local/mysql/tmp/mysql.sock --with-named-curses-libs=/lib/libncurses.so.5.7 After I did the make;make install, I did the post configuration such as setting the root password and installing the mysqld daemon in its rightful place. My issue is when I try to log in to mysql to start using it, the following shows what happens: $ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.1.42 Source distribution Segmentation fault I have searched Google extensively, I have searched through the mysql bugs database and I have yet to find anything that matches my issue. Here is the contents of my my.cnf file, in case you want to see it: $ cat /etc/my.cnf [mysqld] basedir=/usr/local/mysql datadir=/usr/local/mysql socket=/usr/local/mysql/tmp/mysql.sock [mysql.server] user=mysql #basedir=/var/lib [client] socket=/usr/local/mysql/tmp/mysql.sock [mysqld_safe] err-log=/usr/local/mysql/logs/mysqld.log pid-file=/var/run/mysqld/mysqld.pid I am really hoping that someone here can tell me what has gone wrong with my installation as I would really love to know. I welcome and look forward to all responses. Thank you in advance! Best regards, Jeff

    Read the article

  • ODI 11g - Scripting a Reverse Engineer

    - by David Allan
    A common question is related to how to script the reverse engineer using the ODI SDK. This follows on from some of my posts on scripting in general and accelerated model and topology setup. Check out this viewlet here to see how to define a reverse engineering process using ODI's package. Using the ODI SDK, you can script this up using the OdiPackage and StepOdiCommand classes as follows;  OdiPackage pkg = new OdiPackage(folder, "Pkg_Rev"+modName);   StepOdiCommand step1 = new StepOdiCommand(pkg,"step1_cmd_reset");   step1.setCommandExpression(new Expression("OdiReverseResetTable \"-MODEL="+mod.getModelId()+"\"",null, Expression.SqlGroupType.NONE));   StepOdiCommand step2 = new StepOdiCommand(pkg,"step2_cmd_reset");   step2.setCommandExpression(new Expression("OdiReverseGetMetaData \"-MODEL="+mod.getModelId()+"\"",null, Expression.SqlGroupType.NONE));   StepOdiCommand step3 = new StepOdiCommand(pkg,"step3_cmd_reset");   step3.setCommandExpression(new Expression("OdiReverseSetMetaData \"-MODEL="+mod.getModelId()+"\"",null, Expression.SqlGroupType.NONE));   pkg.setFirstStep(step1);   step1.setNextStepAfterSuccess(step2);   step2.setNextStepAfterSuccess(step3); The biggest leap of faith for users is getting to know which SDK classes have to be used to build the objects in the design, using StepOdiCommand isn't necessarily obvious, once you see it in action though it is very simple to use. The above snippet uses an OdiModel variable named mod, its a snippet I added to the accelerated model creation script in the post linked above.

    Read the article

  • hplip gui required plugin

    - by Terence Stamp
    I downloaded hplip gui to manage my printer, but in order to set it up correctly, you must click the green puzzle piece labeled "install required plugin." Once you do, you are presented with two options: download it from HP's server or locate the file locally on your hard disk. In the past, I have had success with downloading it from HP's server. Currently, my luck is not as good. My question is simple. Where can I find the plugin on the Internet so that I might download it and install it using the second option of installing from my hard drive?

    Read the article

  • What else is needed to get iptables to log into this file I created?

    - by anthony01
    I want to create the logging of iptables DROP's and intrusion attemps. First, I put --log-prefix "iptables: " at the end of every iptables rules in my iptables rules file. But this doesn't work, as it says there is a syntax error. So where should I put that command? (I would want to have it included in the saved rules file) Secondly, I created a file iptables.conf within /etc/rsyslog.d/, and I put the following inside of it: :msg, startswith, "iptables: " -/var/log/iptables.log & ~ I assume that at this stage, I'm supposed to restart the rsyslog daemon. What else is needed to do what I'm attempting? Thanks a lot

    Read the article

  • F3-F5 keys incorrectly behaving as audio keys

    - by obvio171
    I don't know if this is a configuration issue or a hardware issue, but I have a Kinesis Advantage USB keyboard and for some reason the F3-F5 keys aren't responding as they used to. They don't respond to anything and, when I tried using F5 on Emacs, it said <XF86AudioNext> is undefined, so I guess it's a weird mapping problem. Any idea how I could remap them to the original meaning?

    Read the article

  • Nginx error page with JSON response

    - by Waseem
    I'm trying to serve a maintenance page to clients making request to my application when it is under maintenance. Following is my nginx configuration for that purpose. server { recursive_error_pages on; listen 80; ... if (-f $document_root/maintenance.html) { return 503; } error_page 404 /404.html; error_page 500 502 504 /500.html; error_page 503 @503; location = /404.html { root $document_root; } location = /500.html { root $document_root; } location @503 { error_page 405 =/maintenance.html; if (-f $request_filename) { break; } rewrite ^(.*)$ /maintenance.html break; } } Lets say I have enabled maintenance of my site by creating a $document_root/maintenance.html. This file, correctly, is served when a user makes a request with with Accept header of text/html. $ curl http://server.com/ -i -v -X GET -H "Accept: text/html" * Adding handle: conn: 0xf89420 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0xf89420) send_pipe: 1, recv_pipe: 0 * About to connect() to server.com port 80 (#0) * Trying xxx.xxx.xxx.xxx... * Connected to server.com (xxx.xxx.xxx.xxx) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.33.0 > Host: server.com > Accept: text/html > < HTTP/1.1 503 Service Temporarily Unavailable HTTP/1.1 503 Service Temporarily Unavailable * Server nginx/1.1.19 is not blacklisted < Server: nginx/1.1.19 Server: nginx/1.1.19 < Date: Thu, 14 Nov 2013 11:16:16 GMT Date: Thu, 14 Nov 2013 11:16:16 GMT < Content-Type: text/html Content-Type: text/html < Content-Length: 27 Content-Length: 27 < Connection: keep-alive Connection: keep-alive < This is under maintenance. * Connection #0 to host server.com left intact Now some clients set Accept header to application/json. How do I send them a JSON response instead of maintenance.html? Following is the response that I get when setting Accept to application/json. $ curl http://server.com/ -i -v -X GET -H "Accept: application/json" * Adding handle: conn: 0x190c430 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x190c430) send_pipe: 1, recv_pipe: 0 * About to connect() to server.com port 80 (#0) * Trying xxx.xxx.xxx.xxx... * Connected to server.com (xxx.xxx.xxx.xxx) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.33.0 > Host: server.com > Accept: application/json > < HTTP/1.1 503 Service Temporarily Unavailable HTTP/1.1 503 Service Temporarily Unavailable * Server nginx/1.1.19 is not blacklisted < Server: nginx/1.1.19 Server: nginx/1.1.19 < Date: Thu, 14 Nov 2013 11:15:50 GMT Date: Thu, 14 Nov 2013 11:15:50 GMT < Content-Type: text/html Content-Type: text/html < Content-Length: 27 Content-Length: 27 < Connection: keep-alive Connection: keep-alive < This is under maintenance. * Connection #0 to host server.com left intact

    Read the article

  • can 'Percona MySQL Data Recovery' be used to recover dropped tables if the datadir filesystem is mounted as /

    - by Tom Geee
    according to Percona: Unmount the filesystem or make it read-only if... You have filesystem corruption OR You have dropped tables in innodb_file_per_table format If I have innodb_file_per_table enabled, and accidently dropped a table, while the datadir is mounted as within the / partition , can data still be recovered? Obviously you can't work with an unmounted root filesystem. Our VPS host has a defaulted filesystem table which we cannot customize. I was wondering in case of any future scenario. edit: would mounting the / filesystem through NFS onto another system as read-only be a workaround? TIA.

    Read the article

  • Moving from Ubuntu desktop to Ubuntu Server via SSH

    - by Daniel Elessedil Kjeserud
    So a little while ago I installed regular Ubuntu for a home server, but that gave me a lot of extra packages. What I should have done was to install Ubuntu Server, since I don't even own a screen to connect to it. Does anybody know of a way to convert my Ubuntu machine to a Ubuntu Server machine in one big swoop? It has to be done over SSH, since I don't have a screen to connect to it, like I said. It's currently running 9.10, about to be upgraded to 10.4.

    Read the article

  • Chmod 644 on /etc/ any way to fix?

    - by DazSlayer
    I tried to tab complete something and I guess it wasnt there. I know you are not supposed to set the permissions to /etc/ like that, but my permissions seem to be all messed up. whoami prints out cannot find name for user ID 1002 and I cannot cd into /etc/ anymore. passwd and shadow use 640 and 644 so I am not sure why this is a problem. Regardless, is there any way to fix this? The command run was sudo chmod 644 /etc/ I have no name!@vpn-server:/$ whoami whoami: cannot find name for user ID 1002 I have no name!@vpn-server:/$ cd etc bash: cd: etc: Permission denied I have no name!@vpn-server:/$ ls -al etc d????????? ? ? ? ? ? . d????????? ? ? ? ? ? .. d????????? ? ? ? ? ? acpi -????????? ? ? ? ? ? adduser.conf I have no name!@vpn-server:/$ sudo su sudo: can't open /etc/sudoers: Permission denied

    Read the article

  • MegaCLI always returns blank output

    - by JamesHannah
    This server is a Dell R200 running Ubuntu 8.04LTS using a LSI SAS1068E raid card supplied from Dell, I suspect that there might be some kind of RAID issue with the hardware raid built into the motherboard, but I can't seem to get MegaCLi to return any useful output: root@81 $ ./MegaCli -AdpAllInfo -aALL root@81 $ ./MegaCli -PDList -aALL root@81 $ The disks work and AFAIK the raid software is installed correctly. I've seen this issue on RedHat issues also in the past. The RAID was initially setup through the BIOS on this server and appears to be functioning fine apart from this.

    Read the article

  • "TCP Sweep" - What is it? How am I causing it?

    - by Stephen Melrose
    Hi there, I've just had an email from my hosting company telling me I'm in violation of their Acceptable Use Policy. They forwarded me an email from another company complaining about something to do with a "TCP sweep of port 22". They included a snippet from their logs, 20:29:43 <MY_SERVER_IP> 0.0.0.0 [TCP-SWEEP] (total=325,dp=22,min=212.1.191.0,max=212.1.191.255,Mar21-20:26:34,Mar21-20:26:34) (USI-amsxaid01) Now, my server knowledge is limited at best, and I've absolutely no idea what this is or what could be causing it. Any help would be greatly appreciated! Thank you

    Read the article

  • obiee memory usage

    - by user554629
    Heap memory is a frequent customer topic. Here's the quick refresher, oriented towards AIX, but the principles apply to other unix implementations. 1. 32-bit processes have a maximum addressability of 4GB; usable application heap size of 2-3 GB.  On AIX it is controlled by an environment variable: export LDR_CNTRL=....=MAXDATA=0x080000000   # 2GB ( The leading zero is deliberate, not required )   1a. It is  possible to get 3.25GB  heap size for a 32-bit process using @DSA (Discontiguous Segment Allocation)     export LDR_CNTRL=MAXDATA=0xd0000000@DSA  # 3.25 GB 32-bit only        One side-effect of using AIX segments "c" and "d" is that shared libraries will be loaded privately, and not shared.        If you need the additional heap space, this is worth the trade-off.  This option is frequently used for 32-bit java.   1b. 64-bit processes have no need for the @DSA option. 2. 64-bit processes can double the 32-bit heap size to 4GB using: export LDR_CNTRL=....=MAXDATA=0x100000000  # 1 with 8-zeros    2a. But this setting would place the same memory limitations on obiee as a 32-bit process    2b. The major benefit of 64-bit is to break the binds of 32-bit addressing.  At a minimum, use 8GB export LDR_CNTRL=....=MAXDATA=0x200000000  # 2 with 8-zeros    2c.  Many large customers are providing extra safety to their servers by using 16GB: export LDR_CNTRL=....=MAXDATA=0x400000000  # 4 with 8-zeros There is no performance penalty for providing virtual memory allocations larger than required by the application.  - If the server only uses 2GB of space in 64-bit ... specifying 16GB just provides an upper bound cushion.    When an unexpected user query causes a sudden memory surge, the extra memory keeps the server running. 3.  The next benefit to 64-bit is that you can provide huge thread stack sizes for      strange queries that might otherwise crash the server.      nqsserver uses fast recursive algorithms to traverse complicated control structures.    This means lots of thread space to hold the stack frames.    3a. Stack frames mostly contain register values;  64-bit registers are twice as large as 32-bit          At a minimum you should  quadruple the size of the server stack threads in NQSConfig.INI          when migrating from 32- to 64-bit, to prevent a rogue query from crashing the server.           Allocate more than is normally necessary for safety.    3b. There is no penalty for allocating more stack size than you need ...           it is just virtual memory;   no real resources  are consumed until the extra space is needed.    3c. Increasing thread stack sizes may require the process heap size (MAXDATA) to be increased.          Heap space is used for dynamic memory requests, and for thread stacks.          No performance penalty to run with large heap and thread stack sizes.           In a 32-bit world, this safety would require careful planning to avoid exceeding 2GM usable storage.     3d. Increasing the number of threads also may require additional heap storage.          Most thread stack frames on obiee are allocated when the server is started,          and the real memory usage increases as threads run work. Does 2.8GB sound like a lot of memory for an AIX application server? - I guess it is what you are accustomed to seeing from "grandpa's applications". - One of the primary design goals of obiee is to trade memory for services ( db, query caches, etc) - 2.8GB is still well under the 4GB heap size allocated with MAXDATA=0x100000000 - 2.8GB process size is also possible even on 32-bit Windows applications - It is not unusual to receive a sudden request for 30MB of contiguous storage on obiee.- This is not a memory leak;  eventually the nqsserver storage will stabilize, but it may take days to do so. vmstat is the tool of choice to observe memory usage.  On AIX vmstat will show  something that may be  startling to some people ... that available free memory ( the 2nd column ) is always  trending toward zero ... no available free memory.  Some customers have concluded that "nearly zero memory free" means it is time to upgrade the server with more real memory.   After the upgrade, the server again shows very little free memory available. Should you be concerned about this?   Many customers are !!  Here is what is happening: - AIX filesystems are built on a paging model.   If you read/write a  filesystem block it is paged into memory ( no read/write system calls ) - This filesystem "page" has its own "backing store" on disk, the original filesystem block.   When the system needs the real memory page holding the file block, there is no need to "page out".    The page can be stolen immediately, because the original is still on disk in the filesystem. - The filesystem  pages tend to collect ... every filesystem block that was ever seen since    system boot is available in memory.  If another application needs the file block, it is retrieved with no physical I/O. What happens if the system does need the memory ... to satisfy a 30MB heap request by nqsserver, for example? - Since the filesystem blocks have their own backing store ( not on a paging device )   the kernel can just steal any filesystem block ... on a least-recently-used basis   to satisfy a new real memory request for "computation pages". No cause for alarm.   vmstat is accurately displaying whether all filesystem blocks have been touched, and now reside in memory.   Back to nqsserver:  when should you be worried about its memory footprint? Answer:  Almost never.   Stop monitoring it ... stop fussing over it ... stop trying to optimize it. This is a production application, and nqsserver uses the memory it requires to accomplish the job, based on demand. C'mon ... never worry?   I'm from New York ... worry is what we do best. Ok, here is the metric you should be watching, using vmstat: - Are you paging ... there are several columns of vmstat outputbash-2.04$ vmstat 3 3 System configuration: lcpu=4 mem=4096MB kthr    memory              page              faults        cpu    ----- ------------ ------------------------ ------------ -----------  r  b    avm   fre  re  pi  po  fr   sr  cy  in   sy  cs us sy id wa  0  0 208492  2600   0   0   0   0    0   0  13   45  73  0  0 99  0  0  0 208492  2600   0   0   0   0    0   0   9   12  77  0  0 99  0  0  0 208492  2600   0   0   0   0    0   0   9   40  86  0  0 99  0 avm is the "available free memory" indicator that trends toward zerore   is "re-page".  The kernel steals a real memory page for one process;  immediately repages back to original processpi  "page in".   A process memory page previously paged out, now paged back in because the process needs itpo "page out" A process memory block was paged out, because it was needed by some other process Light paging activity ( re, pi, po ) is not a concern for worry.   Processes get started, need some memory, go away. Sustained paging activity  is cause for concern.   obiee users are having a terrible day if these counters are always changing. Hang on ... if nqsserver needs that memory and I reduce MAXDATA to keep the process under control, won't the nqsserver process crash when the memory is needed? Yes it will.   It means that nqsserver is configured to require too much memory and there are  lots of options to reduce the real memory requirement.  - number of threads  - size of query cache  - size of sort But I need nqsserver to keep running. Real memory is over-committed.    Many things can cause this:- running all application processes on a single server    ... DB server, web servers, WebLogic/WebSphere, sawserver, nqsserver, etc.   You could move some of those to another host machine and communicate over the network  The need for real memory doesn't go away, it's just distributed to other host machines. - AIX LPAR is configured with too little memory.     The AIX admin needs to provide more real memory to the LPAR running obiee. - More memory to this LPAR affects other partitions. Then it's time to visit your friendly IBM rep and buy more memory.

    Read the article

  • Keeping new Ubuntu installation's /var on separate drive without formatting

    - by tlayton
    I have a server running an older version of Ubuntu and with /var stored on a separate partition on a separate hard drive. I am attempting to update Ubuntu to 10.04, but I still want to store /var on a separate partition and hard drive. However, I don't want to format the drive which currently contains /var, as it has important data. Is there some way to have 10.04 set up the new /var on this separate drive at installation, without formatting the drive and losing the old /var?

    Read the article

  • Persuading openldap to work with SSL on Ubuntu with cn=config

    - by Roger
    I simply cannot get this (TLS connection to openldap) to work and would appreciate some assistance. I have a working openldap server on ubuntu 10.04 LTS, it is configured to use cn=config and most of the info I can find for TLS seems to use the older slapd.conf file :-( I've been largely following the instructions here https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html plus stuff I've read here and elsewhere - which of course could be part of the problem as I don't totally understand all of this yet! I have created an ssl.ldif file as follows; dn:cn=config add: olcTLSCipherSuite olcTLSCipherSuite: TLSV1+RSA:!NULL add: olcTLSCRLCheck olcTLSCRLCheck: none add: olcTLSVerifyClient olcTLSVerifyClient: never add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/ldap_cacert.pem add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/my.domain.com_slapd_cert.pem add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/my.domain.com_slapd_key.pem and I import it using the following command line ldapmodify -x -D cn=admin,dc=mydomain,dc=com -W -f ssl.ldif I have edited /etc/default/slapd so that it has the following services line; SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///" And everytime I'm making a change, I'm restarting slapd with /etc/init.d/slapd restart The following command line to test out the non TLS connection works fine; ldapsearch -d 9 -D cn=admin,dc=mydomain,dc=com -w mypassword \ -b dc=mydomain,dc=com -H "ldap://mydomain.com" "cn=roger*" But when I switch to ldaps using this command line; ldapsearch -d 9 -D cn=admin,dc=mydomain,dc=com -w mypassword \ -b dc=mydomain,dc=com -H "ldaps://mydomain.com" "cn=roger*" This is what I get; ldap_url_parse_ext(ldaps://mydomain.com) ldap_create ldap_url_parse_ext(ldaps://mydomain.com:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP mydomain.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: can't connect: A TLS packet with unexpected length was received.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Now if I check netstat -al I can see; tcp 0 0 *:www *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:https *:* LISTEN tcp 0 0 *:ldaps *:* LISTEN tcp 0 0 *:ldap *:* LISTEN I'm not sure if this is significant as well ... I suspect it is; openssl s_client -connect mydomain.com:636 -showcerts CONNECTED(00000003) 916:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: I think I've made all my certificates etc OK and here are the results of some checks; If I do this; certtool -e --infile /etc/ssl/certs/ldap_cacert.pem I get Chain verification output: Verified. certtool -e --infile /etc/ssl/certs/mydomain.com_slapd_cert.pem Gives "certtool: the last certificate is not self signed" but it otherwise seems OK? Where have I gone wrong? Surely getting openldap to run securely on ubuntu should be easy and not require a degree in rocket science! Any ideas?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 603 604 605 606 607 608 609 610 611 612 613 614  | Next Page >