[389-users] 389 upgrade
Rich Megginson
rmeggins at redhat.com
Mon Sep 21 20:18:09 UTC 2009
Juan Asensio Sánchez wrote:
>>> And reboot... After that, when connecting with the console, we have
>>> two entries for the directory server and two for the administration
>>> server.
>>>
>> Yep, this is a known bug. You can ignore the Fedora ones - the 389 ones are
>> the real ones.
>>
>
> Is there any bug open about this and how to fix/remove these entries?
>
There is a bug open - https://bugzilla.redhat.com/show_bug.cgi?id=520493
389 1.2.3 will contain code to fix these issues during update - this
code is now in our SCM - Unfortunately, fixing/removing these entries
manually will be tricky
>
>>> One of each does not show the icon it should, and when I click
>>> on it, it tries to download new jars, but it can not.
>>>
>> What error does it give?
>>
>
> Failed to install a local copy of 389-ds-1.2.jar or one of it supporting files.
> Please ensure that the appropiate console package is installed on the
> Administration Server.
> HTTP response timeout
>
> I think it is trying to get the files with http instead of https,
> although I have connected to the console with https.
>
One of the side effects of the bug is that it nukes your tls/ssl
configuration.
>
>>> If I use the old
>>> item for the administration console (that shows the icon), in the
>>> encryption tab , SSL is disabled, but before the upgrade it was
>>> enabled, but if i try to access the server with the browser, i must
>>> use https (¿?). Why is SSL disabled? And if it is disabled, why must I
>>> access using https? Is there any step I haven't done?
>>>
>>>
>> This is also a bug. The update procedure does not preserve the SSL settings
>> for your old (Fedora) servers when it adds the new (389) servers.
>>
>
> But how can I connect to the console with https if the upgrade has disabled it?
>
You need to find the entries that the console uses to get the TLS/SSL
information:
ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -b
o=NetscapeRoot objectclass=nsConfig dn
you can ignore the entries that start with cn=task summary
For the entry that begins with cn=configuration, cn=admin-serv-.....
do an ldapmodify like this:
ldapmodify x -D "cn=directory manager" -w yourpassword
dn: cn=configuration, cn=admin-serv-.....
changetype: modify
replace: nsServerSecurity
nsServerSecurity: on
For the entries that begin with cn=slapd-........
do an ldapmodify like this:
ldapmodify x -D "cn=directory manager" -w yourpassword
dn: cn=slapd-.......
changetype: modify
replace: nsServerSecurity
nsServerSecurity: on
You should also verify the nsSecureServerPort attribute in the
cn=slapd-.... entries if you used a port other than 636.
After you make these changes, restart your admin server (service
dirsrv-admin restart), then try the console again.
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090921/4e47a1e6/attachment.bin>
More information about the Fedora-directory-users
mailing list