Bug 442103 - rhds8.0 "manage certificates" and ssl in console java.lang.NullPointerException
rhds8.0 "manage certificates" and ssl in console java.lang.NullPointerException
Status: CLOSED ERRATA
Product: Red Hat Directory Server
Classification: Red Hat
Component: Directory Console (Show other bugs)
8.0
All Linux
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
: 430499 (view as bug list)
Depends On:
Blocks: 249650 FDS112
  Show dependency treegraph
 
Reported: 2008-04-11 14:41 EDT by Issue Tracker
Modified: 2015-01-04 18:31 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-27 16:38:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (30.50 KB, patch)
2008-07-14 12:57 EDT, Rich Megginson
no flags Details | Diff
admin server diffs (30.99 KB, patch)
2008-07-14 13:29 EDT, Rich Megginson
no flags Details | Diff
cvs commit log (2.27 KB, text/plain)
2008-07-14 16:00 EDT, Rich Megginson
no flags Details
cvs commit log for 8.0 branch (2.33 KB, text/plain)
2008-07-14 16:16 EDT, Rich Megginson
no flags Details

  None (edit)
Comment 8 Rich Megginson 2008-07-14 12:57:24 EDT
Created attachment 311733 [details]
diffs
Comment 9 Rich Megginson 2008-07-14 13:29:57 EDT
Created attachment 311739 [details]
admin server diffs
Comment 10 Rich Megginson 2008-07-14 13:30:49 EDT
Comment on attachment 311739 [details]
admin server diffs

wrong diffs - please ignore
Comment 11 Rich Megginson 2008-07-14 16:00:42 EDT
Created attachment 311765 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: I changed security to get the security file directory for the
directory server from cn=config from that directory server.  Unfortunately, I
didn't take into consideration that the CGI might have to use LDAPS to connect.
 If you have checked the Use SSL for Console button in the console when
configuring that directory server for SSL, the CGIs will attempt to use LDAPS. 
In this case, there were several problems:
1) NSS was not initialized - need to use the admin server key/cert db to talk
LDAPS to the directory server
2) When I did do the NSS init, it failed because the admin server key/cert db
did not exist, and the directory was not writable.
3) I needed to shutdown NSS so that the key/cert db for the directory server
itself could be opened in order to get its contents
The consequences of this are that now, when you attempt to use NSS for the
first time, if the key/cert databases do not exist, they will be created empty.
 If the user sets up the directory server for SSL, and tells the console to use
SSL with this directory server, the user will have to install the CA
certificate in the admin server key/cert db, so that the console and admin CGIs
can talk to that directory server using LDAPS.
I changed all of the admin server CGIs to properly initialize NSS in case they
too needed to speak LDAPS for some reason.  I also cleaned up several compiler
warnings in the admin server CGIs.
I believe this is also the same problem as
https://bugzilla.redhat.com/show_bug.cgi?id=430499
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
QA impact: Will need to test various console interactions with SSL with admin
server and directory server.
New Tests integrated into TET: none
Comment 20 errata-xmlrpc 2008-08-27 16:38:44 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0602.html
Comment 22 Rich Megginson 2008-09-16 16:57:54 EDT
*** Bug 430499 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.