[Fedora-directory-devel] Please Review: (247283) Multiple problems with CGIs used by Admin Server Console

Fri Jul 6 17:14:43 UTC 2007

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247283
Resolves: bug 247283
Bug Description: While working on getting the Admin Server Console
  to work with the new Admin Server, I ran into multiple problems
  with various CGIs that the Console calls.  I'll detail each of
  the issues below.
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: The ReadLog CGI was changed to eliminate the 
possibility of the caller
  passing in the path to the log files.  To get the path to the log 
file, the CGI was
  concatenating the logdir with the value of the configuration parameter 
that says
  where the requested log type is.  The problem is that the config 
parameters use
  an absolute path, not just the file name.  This was resulting in the 
logdir
  being listed twice, which is obviously wrong.  In addition to the 
logdir being
  listed twice, the config parameter for the error log had the log file name
  listed as "errors" instead of "error".  This would cause the CGI to 
not find the
  logfile.  The solution for these issues is to just use the config 
value directly
  without prepending the logdir, as well as fixing the logfile name for 
the error log.

  The config CGI is used to read and write Admin Server configuration 
parameters.
  This CGI was setting overriding the user DN and password with the sie 
DN and
  password.  These is no need to use the sie DN, and doing so was 
causing this CGI
  to fail to read and set the config values.  The solution is to just 
use the
  passed in user DN and password.

  The sec-activate CGI is used to enable SSL for the Admin Server.  When 
using the
  Console, I found that I could check the enable SSL checkbox, then 
uncheck it and
  click on save.  This would call sec-activate to save the changes, 
which would
  result in an error about the cipher family setting not being present.  
We should
  only require a cipher family setting if we are turning SSL on.  The 
solution is
  to first check if the setting being saved have SSL off, and only 
require the
  cipher family settings if SSL is set to on.

  The last issue isn't actually a CGI issue, but instead is an issue in
  mod_admserv when the "admin-serv/authenticate" URI is called.  This URI is
  supposed to return the user and group directory connection information 
to the
  caller.  The problem is that the user and group directory info is set 
at Admin
  Server startup time.  The Admin Server doesn't have the ability to 
authenticate
  to LDAP at startup since it has no credentials, so it always ends up 
setting the
  user and group directory to point to the config directory (it uses
  "o=netscaperoot" as the base).  This causes the users and groups tab 
in Console
  to search the wrong tree in the directory.  The solution is to not set 
the user
  & group directory info at startup, but instead delay it until the 
first time
  that it is needed during an authentication.  We can then pass that
  authentication info through to get a valid LDAP handle which will 
allow us to
  search for the real user and group information.
Platforms tested: FC6
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158674&action=diff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070706/0750694d/attachment.bin>