Bug 430499
Summary: | "Manage Certificates" button in fedora-ds-console causes Exception | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Andrey Ivanov <andrey.ivanov> | ||||
Component: | Directory Console | Assignee: | Rich Megginson <rmeggins> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 1.1.0 | CC: | benl, orion, sputhenp | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-09-16 20:57:54 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 249650, 452721 | ||||||
Attachments: |
|
Description
Andrey Ivanov
2008-01-28 14:49:07 UTC
Created attachment 293158 [details]
The logfile of "fedora-idm-console -D 9 2>&1 |tee console.log"
Same here when I check "Use SSL in Console" under encryption in the directory server config. What appears to be going on is that in 1.1, the code was changed to get the security dir from the directory server, from the cn=config entry. If the Use SSL in Console is checked, it attempts to use LDAPS to read this entry. However, the CGI code is not properly initializing NSS, so this fails. But even if this is fixed, it will still fail, unless the CA certificate has been installed in the Admin Server's key/cert database (/etc/dirsrv/admin-serv). The reason why it worked in the old code is that it just assumed the key/cert database was under /opt/fedora-ds/alias. In 1.1, each server has its own private key/cert db directory, which defaults to /etc/dirsrv/slapd-instance, but may be different depending on the security needs of the user. > But even if this is fixed, it will still fail, unless the CA certificate has
> been installed in the Admin Server's key/cert database (/etc/dirsrv/admin-serv).
I think that this point is not a real problem - anyway the CA certificate SHOULD
be installed in the admin server's key/cert store (/etc/dirsrv/admin-serv).
fedora-ds-admin-1.1.6-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/fedora-ds-admin-1.1.6-1.fc8 fedora-ds-admin-1.1.6-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/fedora-ds-admin-1.1.6-1.fc9 fedora-ds-admin-1.1.6-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. fedora-ds-admin-1.1.6-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. *** This bug has been marked as a duplicate of bug 442103 *** |