Created attachment 311733 [details] diffs
Created attachment 311739 [details] admin server diffs
Comment on attachment 311739 [details] admin server diffs wrong diffs - please ignore
Created attachment 311765 [details] cvs commit log Reviewed by: nkinder (Thanks!) Branch: HEAD Fix Description: I changed security to get the security file directory for the directory server from cn=config from that directory server. Unfortunately, I didn't take into consideration that the CGI might have to use LDAPS to connect. If you have checked the Use SSL for Console button in the console when configuring that directory server for SSL, the CGIs will attempt to use LDAPS. In this case, there were several problems: 1) NSS was not initialized - need to use the admin server key/cert db to talk LDAPS to the directory server 2) When I did do the NSS init, it failed because the admin server key/cert db did not exist, and the directory was not writable. 3) I needed to shutdown NSS so that the key/cert db for the directory server itself could be opened in order to get its contents The consequences of this are that now, when you attempt to use NSS for the first time, if the key/cert databases do not exist, they will be created empty. If the user sets up the directory server for SSL, and tells the console to use SSL with this directory server, the user will have to install the CA certificate in the admin server key/cert db, so that the console and admin CGIs can talk to that directory server using LDAPS. I changed all of the admin server CGIs to properly initialize NSS in case they too needed to speak LDAPS for some reason. I also cleaned up several compiler warnings in the admin server CGIs. I believe this is also the same problem as https://bugzilla.redhat.com/show_bug.cgi?id=430499 Platforms tested: RHEL5, Fedora 8, Fedora 9 Flag Day: no Doc impact: no QA impact: Will need to test various console interactions with SSL with admin server and directory server. New Tests integrated into TET: none
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2008-0602.html
*** Bug 430499 has been marked as a duplicate of this bug. ***