578219 – Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certificate

Bug 578219 - Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certificate

Summary: Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certif...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	authconfig
Sub Component:
Version:	13
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-03-30 15:16 UTC by James Laska
Modified:	2013-09-02 06:47 UTC (History)
CC List:	4 users (show)
Fixed In Version:	authconfig-6.1.3-1.fc13
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-04-22 22:58:00 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Screenshot.png (8.98 KB, image/png) 2010-03-30 15:16 UTC, James Laska	no flags	Details
View All

Description James Laska 2010-03-30 15:16:19 UTC

Created attachment 403514 [details]
Screenshot.png

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
Follow instructions at https://fedoraproject.org/wiki/QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication

Specifically, in firstboot
1. Under, ''User account database'' select LDAP
2. For ''base DN'', enter 'dc=fedoraproject,dc=org'
3. For ''LDAP Server'', enter 'ldaps://publitest9.fedoraproject.org'
4. Click "Download certificate" and use http://jlaska.fedorapeople.org/sssd/cacert.asc
5. Leave TLS *UNCHECKED*
6. Under ''Authentication Method'', select LDAP
7. Select Apply and complete firstboot setup
  
Actual results:

/etc/openldap/cacerts does not contain the cert symlink as expected.  I have to manually run 'cacert_rehash /etc/openldap/cacerts' in order to setup the symlink so that I can properly identify and authentication LDAP users.

Expected results:

/etc/openldap/cacerts should contain a symlink to authconfig_downloaded.pem

Additional info:

 * See attached screenshot
 * sgallagh notes that cacert_rehash should be run regardless of whether using TLS or not.  In further testing, if you enable TLS, it is properly setup.  However, when TLS is disabled, cacert_rehash is not run

Comment 1 He Rui 2010-04-01 07:01:15 UTC

I tested this case after a f13 fresh install using http brached repo. I didn't reproduce this issue. it works for me.

Comment 2 He Rui 2010-04-01 07:29:37 UTC

(In reply to comment #1)
> I tested this case after a f13 fresh install using http brached repo. I didn't
> reproduce this issue. it works for me.    

Ah, I was wrong. It passed because I enabled TLS before this case as James provided in Additional info.

Comment 3 Fedora Update System 2010-04-07 20:30:59 UTC

authconfig-6.1.3-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/authconfig-6.1.3-1.fc13

Comment 4 Fedora Update System 2010-04-09 04:04:32 UTC

authconfig-6.1.3-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update authconfig'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/authconfig-6.1.3-1.fc13

Comment 5 Fedora Update System 2010-04-22 22:57:34 UTC

authconfig-6.1.3-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.