This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 578219 - Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certificate
Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certif...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-30 11:16 EDT by James Laska
Modified: 2013-09-02 02:47 EDT (History)
4 users (show)

See Also:
Fixed In Version: authconfig-6.1.3-1.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-22 18:58:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Screenshot.png (8.98 KB, image/png)
2010-03-30 11:16 EDT, James Laska
no flags Details

  None (edit)
Description James Laska 2010-03-30 11:16:19 EDT
Created attachment 403514 [details]
Screenshot.png

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
Follow instructions at https://fedoraproject.org/wiki/QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication

Specifically, in firstboot
1. Under, ''User account database'' select LDAP
2. For ''base DN'', enter 'dc=fedoraproject,dc=org'
3. For ''LDAP Server'', enter 'ldaps://publitest9.fedoraproject.org'
4. Click "Download certificate" and use http://jlaska.fedorapeople.org/sssd/cacert.asc
5. Leave TLS *UNCHECKED*
6. Under ''Authentication Method'', select LDAP
7. Select Apply and complete firstboot setup
  
Actual results:

/etc/openldap/cacerts does not contain the cert symlink as expected.  I have to manually run 'cacert_rehash /etc/openldap/cacerts' in order to setup the symlink so that I can properly identify and authentication LDAP users.

Expected results:

/etc/openldap/cacerts should contain a symlink to authconfig_downloaded.pem

Additional info:

 * See attached screenshot
 * sgallagh notes that cacert_rehash should be run regardless of whether using TLS or not.  In further testing, if you enable TLS, it is properly setup.  However, when TLS is disabled, cacert_rehash is not run
Comment 1 He Rui 2010-04-01 03:01:15 EDT
I tested this case after a f13 fresh install using http brached repo. I didn't reproduce this issue. it works for me.
Comment 2 He Rui 2010-04-01 03:29:37 EDT
(In reply to comment #1)
> I tested this case after a f13 fresh install using http brached repo. I didn't
> reproduce this issue. it works for me.    

Ah, I was wrong. It passed because I enabled TLS before this case as James provided in Additional info.
Comment 3 Fedora Update System 2010-04-07 16:30:59 EDT
authconfig-6.1.3-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/authconfig-6.1.3-1.fc13
Comment 4 Fedora Update System 2010-04-09 00:04:32 EDT
authconfig-6.1.3-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update authconfig'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/authconfig-6.1.3-1.fc13
Comment 5 Fedora Update System 2010-04-22 18:57:34 EDT
authconfig-6.1.3-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.