Bug 323281

Summary: unhelpful message for TLS LDAP cert
Product: [Fedora] Fedora Reporter: cje
Component: authconfigAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: authconfig-5.3.19-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-09 17:50:20 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 235705    

Description cje 2007-10-08 12:36:59 EDT
if you select 'Use network login' and then say you're using LDAP with TLS then
it asks for a CA cert for the LDAP server.  the message tells you to copy the
cert file into a specific folder.  but you can't do that yet!

i _think_ the dialog will work if you use a URL for the CA cert file, but the
message doesn't suggest that.
Comment 1 Tomas Mraz 2007-10-08 13:37:00 EDT
If you can't do that on firstboot, you can certainly do that later. There is
also a button for the download of the CA cert from URL. The only change I can
see is to move/copy the button from the LDAP options dialog to the message box
which asks you for the copying.
Comment 2 cje 2007-10-09 15:01:23 EDT
hmm.  why not make it URL only?  (if people have the cert locally they could use
a file:// URL.)

copying a file into a special location sounds a bit 'system' to me!  isn't that
what this dialog is doing anyway - downloading the file from the URL and copying
it to that location for you?

then the message can just be a "you must enter the URL of the CA certificate
file, for example, http://www.mycompany.com/ca.cert" type of thing.  that can
pop up if the field is left blank.

i think that would work for both the firstboot scenario and the 'regular use'
scenario and wouldn't leave users frustrated by confusing instructions on firstboot.
Comment 3 Tomas Mraz 2007-10-09 15:13:51 EDT
OK, this, or something very similar to your proposal seems reasonable.
Comment 4 Tomas Mraz 2008-01-09 17:50:20 EST
Hopefully fixed now.