Bug 493012

Summary: Authentication plugin hangs, later throws Exception, when SSL is enabled for authentication plugin
Product: [Retired] Dogtag Certificate System Reporter: Kashyap Chamarthy <kchamart>
Component: AuthenticationAssignee: Andrew Wnuk <awnuk>
Status: CLOSED WORKSFORME QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: 1.1CC: awnuk, benl, dpal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-16 15:16:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    

Description Kashyap Chamarthy 2009-03-31 10:02:18 UTC 
Description of problem:

Pkiconsole(CA)  hangs for a long duration when SSL is enabled(ldap.ldapcpnn.port=636) for any of the authentication plugin. Later throws the below execption

"SERVER_NORESPONSE-java.util.
MissingResouceException: Can't find resource for bundle com.netscape.admin.
certsrv.CMSAdminResources,key SERVER_NORESPONSE"



How reproducible:
Always

Steps to Reproduce:
1. Request a Server certificate via Directory Server "Manage Certificates" console, approve the PKCS#10 request in the CA agent pages.
2. Install the server certificate in Directory Server which was approved in CA agent pages.
3. Now get the base64 encoded CA Cert from CA agent pages and install it in the "CA Certs" console, and restart the directory server instance.
4. Enable SSL/TLS in the Configuration->Settings tab of the directory server console. Also enable the "Use this ciper family-pointing to the directory server cert.
5. Now, in the CA admin console, go to "Authentication" tab, and edit "UserDirEnrollment" plugin and enable the ssl(ldap.ldapcpnn.port=636) and try to save the configuration.
  
Actual results:
pkiconsole hangs for a long time, and later throws an exception:

"SERVER_NORESPONSE-java.util.
MissingResouceException: Can't find resource for bundle com.netscape.admin.
certsrv.CMSAdminResources,key SERVER_NORESPONSE"

Expected results:
The plugin should accept the SSL changes successfully.

Otherinfo:
-- CA debug also hangs for a minute,when tried a 
#tail -f /var/log/pki-ca/debug
but, does not provide much info about any errors. 
-- There are no selinux alerts for this, I verified.

Please let me know if any other info. is required.
Comment 1 Andrew Wnuk 2009-06-16 01:20:47 UTC 
The only thing missing in above procedure is that I was prompt to restart directory server after finishing (4), which I did.

I finished above procedure and I have have no problems with directory enrollment authenticated over SSL.

It works for me.