Bug 677819

Summary: Cannot access to admin server over https - cannot download jars
Product: [Retired] 389 Reporter: Orion Poplawski <orion>
Component: Directory ConsoleAssignee: Rich Megginson <rmeggins>
Status: CLOSED NOTABUG QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: unspecified    
Version: 1.1.3CC: benl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-16 17:52:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
console.log none

Description Orion Poplawski 2011-02-15 22:58:46 UTC 
Description of problem:

When trying to connect to the admin server via the 389-console via https, it cannot download the needed jars because it attempts to download them via http, but the admin server is expecting ssl traffic on that port.

389-console -u admin -a https://ldap.cora.nwra.com:9830/ -D 9

ClassLoader: loadJarFile(): attempting to download http://ldap.cora.nwra.com:9830/java/jars/389-admin-1.1.jar
CommManager> New CommRecord (http://ldap.cora.nwra.com:9830/java/jars/389-admin-1.1.jar)
http://ldap.cora.nwra.com:9830/[2:0] open> Ready
http://ldap.cora.nwra.com:9830/[2:0] accept> http://ldap.cora.nwra.com:9830/java/jars/389-admin-1.1.jar
http://ldap.cora.nwra.com:9830/[2:0] send> GET  \
http://ldap.cora.nwra.com:9830/[2:0] send> /java/jars/389-admin-1.1.jar \
http://ldap.cora.nwra.com:9830/[2:0] send>  HTTP/1.0
http://ldap.cora.nwra.com:9830/[2:0] send> Host: ldap.cora.nwra.com:9830
http://ldap.cora.nwra.com:9830/[2:0] send> Connection: Keep-Alive
http://ldap.cora.nwra.com:9830/[2:0] send> User-Agent: 389-Management-Console/1.1.5
http://ldap.cora.nwra.com:9830/[2:0] send> Accept-Language: en
http://ldap.cora.nwra.com:9830/[2:0] send> Authorization: Basic  \
http://ldap.cora.nwra.com:9830/[2:0] send> dWlkPWFkbWluLG91PUFkbWluaXN0cmF0b3JzLG91PVRvcG9sb2d5TWFuYWdlbWVudCxvPU5ldHNjYXBlUm9vdDoqcmVDZWVsZWQ3NA== \
http://ldap.cora.nwra.com:9830/[2:0] send> 
http://ldap.cora.nwra.com:9830/[2:0] send> 
http://ldap.cora.nwra.com:9830/[2:0] recv> interrupted
http://ldap.cora.nwra.com:9830/[2:0] error> java.io.InterruptedIOException: HTTP response timeout
http://ldap.cora.nwra.com:9830/[2:0] close> Closed
ClassLoader: loadJarFile(): java.io.InterruptedIOException: HTTP response timeout
ClassLoader: Cannot create LocalJarClassLoader for 389-admin-1.1.jar
ClassLoader: HTTP response timeout

Version-Release number of selected component (if applicable):
389-console-1.1.4-1.fc14.noarch
Comment 1 Rich Megginson 2011-02-15 23:17:34 UTC 
How did you get it into this state, where you have configured admin server to listen to https?  Can you attach the entire output of running the console with -D 9?
Comment 2 Orion Poplawski 2011-02-16 15:55:51 UTC 
Created attachment 479142 [details]
console.log

I turned on SSL:

/etc/dirsrv/admin-serv/console.conf:
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
-NSSEngine off
+NSSEngine on

Ala http://directory.fedoraproject.org/wiki/Howto:SSL#.2Fetc.2Fdirsrv.2Fadmin-serv.2Fconsole.conf_.28or_admin-serv.2Fconfig.2Fconsole.conf.29

I am now trying to connect from a new machine and user that has never connected before.
Comment 3 Rich Megginson 2011-02-16 17:52:40 UTC 
You also have to tell the console that all contact with this admin server must use https instead of http.  The console looks up the configuration entry of the admin server to determine if it needs to use http or https:

ClassLoader: checkJarAvailability():sie is cn=admin-serv-ldap,cn=389 Administration Server,cn=Server Group,cn=ldap.cora.nwra.com,ou=nwra.com,o=NetscapeRoot
ClassLoader: checkJarAvailability():reading cn=Configuration,cn=admin-serv-ldap,cn=389 Administration Server,cn=Server Group,cn=ldap.cora.nwra.com,ou=nwra.com,o=NetscapeRoot
HttpManager> I/O buffer size set to 32768
ClassLoader: loadJarFile(): attempting to download http://ldap.cora.nwra.com:9830/java/jars/389-ds-1.2.3.jar

This is the cn=Configuration,cn=admin-serv-ldap,.... entry
See - http://directory.fedoraproject.org/wiki/Howto:SSL#cn.3Dconfiguration_entry_for_Admin_Server
Comment 4 Orion Poplawski 2011-02-16 18:18:08 UTC 
Thanks, applying this:

dn: cn=configuration,cn=admin-serv-ldap,cn=389 Administration Server,cn=Server
  Group,cn=ldap.cora.nwra.com,ou=nwra.com,o=NetscapeRoot
changetype: modify
add: nsServerSecurity
nsServerSecurity: on

Fixed it.  Sorry for my complete inability to read directions.