[389-users] 389 upgrade

Rich Megginson rmeggins at redhat.com
Tue Sep 15 14:23:56 UTC 2009


Juan Asensio Sánchez wrote:
> Hi
>
> I am trying to upgrade some of our FDS servers. The test versions we
> are using for upgrade are (the same that the production servers):
>
> [root at fdsold ~]# rpm -qa | grep -i fedora
> fedora-ds-dsgw-1.1.1-1.fc6
> fedora-ds-1.1.2-1.fc6
> fedora-ds-admin-1.1.2-2.fc6
> fedora-ds-console-1.1.2-1.fc6
> fedora-idm-console-1.1.0-5.fc6
> fedora-ds-base-1.1.3-2.fc6
> fedora-ds-admin-console-1.1.2-1.fc6
>
> We have two test servers, with replication agreements between them,
> and SSL configured for directory and console; 389 port is disabled.
> Then we upgrade FDS/389 with this command (we do not want to upgrade
> the full server):
>
> yum upgrade 389-admin 389-admin-console 389-console 389-ds 389-ds-base
> 389-ds-console 389-dsgw
>
> The upgrade is done correctly, then we run "setup-ds-admin.pl -u":
>
> [root at fdsnew ~]# setup-ds-admin.pl -u
>
> ==============================================================================
> The update option will allow you to re-register your servers with the
> configuration directory server and update the information about your
> servers that the console and admin server uses.  You will need your
> configuration directory server admin ID and password to continue.
>
> Continue? [yes]:
>
> ==============================================================================
> Please specify the information about your configuration directory
> server.  The following information is required:
> - host (fully qualified), port (non-secure or secure), suffix,
>   protocol (ldap or ldaps) - this information should be provided in the
>   form of an LDAP url e.g. for non-secure
> ldap://host.example.com:389/o=NetscapeRoot
>   or for secure
> ldaps://host.example.com:636/o=NetscapeRoot
> - admin ID and password
> - admin domain
> - a CA certificate file may be required if you choose to use ldaps and
>   security has not yet been configured - the file must be in PEM/ASCII
>   format - specify the absolute path and filename
>
> Configuration directory server URL
> [ldaps://fdsnew.sacyl.es:636/o=NetscapeRoot]:
> Configuration directory server admin ID [uid=admin, ou=Administrators,
> ou=TopologyManagement, o=NetscapeRoot]:
> Configuration directory server admin password:
> Configuration directory server admin domain [center2.sacyl.es]:
> CA certificate filename: /etc/openldap/cacerts/cert-CA-cacert.pem
>
> ==============================================================================
> The interactive phase is complete.  The script will now set up your
> servers.  Enter No or go Back if you want to change something.
>
> Are you ready to set up your servers? [yes]:
> Registering the directory server instances with the configuration
> directory server . . .
> Beginning Admin Server reconfiguration . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server . . .
> Exiting . . .
> Log file is '/tmp/setupwDn6B0.log'
>
> And reboot... After that, when connecting with the console, we have
> two entries for the directory server and two for the administration
> server.
Yep, this is a known bug.  You can ignore the Fedora ones - the 389 ones 
are the real ones.
> One of each does not show the icon it should, and when I click
> on it, it tries to download new jars, but it can not.
What error does it give?
> If I use the old
> item for the administration console (that shows the icon), in the
> encryption tab , SSL is disabled, but before the upgrade it was
> enabled, but if i try to access the server with the browser, i must
> use https (¿?). Why is SSL disabled? And if it is disabled, why must I
> access using https? Is there any step I haven't done?
>   
This is also a bug.  The update procedure does not preserve the SSL 
settings for your old (Fedora) servers when it adds the new (389) servers.
> Regards and thanks in advance.
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090915/54f07b38/attachment.bin>


More information about the Fedora-directory-users mailing list