Bug 442103 - rhds8.0 "manage certificates" and ssl in console java.lang.NullPointerException
Summary: rhds8.0 "manage certificates" and ssl in console java.lang.NullPointerException
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Directory Console
Version: 8.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
: 430499 (view as bug list)
Depends On:
Blocks: 249650 FDS112
TreeView+ depends on / blocked
Reported: 2008-04-11 18:41 UTC by Issue Tracker
Modified: 2018-10-19 22:10 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-08-27 20:38:44 UTC
Target Upstream Version:

Attachments (Terms of Use)
diffs (30.50 KB, patch)
2008-07-14 16:57 UTC, Rich Megginson
no flags Details | Diff
admin server diffs (30.99 KB, patch)
2008-07-14 17:29 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (2.27 KB, text/plain)
2008-07-14 20:00 UTC, Rich Megginson
no flags Details
cvs commit log for 8.0 branch (2.33 KB, text/plain)
2008-07-14 20:16 UTC, Rich Megginson
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0602 0 normal SHIPPED_LIVE Moderate: redhat-ds-base and redhat-ds-admin security and bug fix update 2008-08-27 20:38:30 UTC

Comment 8 Rich Megginson 2008-07-14 16:57:24 UTC
Created attachment 311733 [details]

Comment 9 Rich Megginson 2008-07-14 17:29:57 UTC
Created attachment 311739 [details]
admin server diffs

Comment 10 Rich Megginson 2008-07-14 17:30:49 UTC
Comment on attachment 311739 [details]
admin server diffs

wrong diffs - please ignore

Comment 11 Rich Megginson 2008-07-14 20:00:42 UTC
Created attachment 311765 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: I changed security to get the security file directory for the
directory server from cn=config from that directory server.  Unfortunately, I
didn't take into consideration that the CGI might have to use LDAPS to connect.
 If you have checked the Use SSL for Console button in the console when
configuring that directory server for SSL, the CGIs will attempt to use LDAPS. 
In this case, there were several problems:
1) NSS was not initialized - need to use the admin server key/cert db to talk
LDAPS to the directory server
2) When I did do the NSS init, it failed because the admin server key/cert db
did not exist, and the directory was not writable.
3) I needed to shutdown NSS so that the key/cert db for the directory server
itself could be opened in order to get its contents
The consequences of this are that now, when you attempt to use NSS for the
first time, if the key/cert databases do not exist, they will be created empty.
 If the user sets up the directory server for SSL, and tells the console to use
SSL with this directory server, the user will have to install the CA
certificate in the admin server key/cert db, so that the console and admin CGIs
can talk to that directory server using LDAPS.
I changed all of the admin server CGIs to properly initialize NSS in case they
too needed to speak LDAPS for some reason.  I also cleaned up several compiler
warnings in the admin server CGIs.
I believe this is also the same problem as
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
QA impact: Will need to test various console interactions with SSL with admin
server and directory server.
New Tests integrated into TET: none

Comment 20 errata-xmlrpc 2008-08-27 20:38:44 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Comment 22 Rich Megginson 2008-09-16 20:57:54 UTC
*** Bug 430499 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.