[Fedora-directory-users] Class Loader

Rich Megginson rmeggins at redhat.com
Thu Jan 3 19:32:44 UTC 2008 

audunroe at tihlde.org wrote:
> The saga continues..
>
> After finally getting the admin-server to run and just briefly verifying
> that the console would run from my windows machine but not being able to
> connect because of firewall issues, I'm now picking up the thread again.
>
> To briefly recap, there are firewall issues preventing me from connecting
> easily with the admin server on the machine running fedora-ds. Iow: I can
> reach the ldap port fine - but not the admin server. I have no control
> over the firewall, and getting an opening poked in it is turning out to
> be, if not difficult then at least time consuming. I've been trying to
> sneak around the problem by using ssh-tunneling for now. I can use this to
> successfully connect the client java console with the server. However,
> that's pretty much as far as I've been able to get.
>
> The Fedora Management Console opens and connects nicely. In the console
> view, I can see the rootnode of myldap.foo.com, as well as the ldap
> instance just beneath it and its "Server Group" node. However, if I expand
> this node and try to click on the "Administration Server" or "Directory
> Server" leafs, I get a long pause and then an error dialog saying: "Class
> Loader error: Failed to install a local copy of fedora-admserv-1.0.jar or
> one of its supporting files: Can not connect to
> http://myldap.foo.com:56789".
>   
The console supports multiple versions of admin server and directory 
server.  Each unique version of admin server and directory server has 
its own versioned jar file (e.g. fedora-admserv-1.0.jar, 
fedora-admserv-1.1.jar, etc.)  These jar files are provided via http by 
the admin server and are downloaded into the ~/.fedora-console/jars (or 
~/.fedora-idm-console/jars in 1.1) directory.  The console looks for 
them in there.  So one possible workaround would be to just grab those 
files from the server and copy them to this directory.
> Initially,I was thrown off by the class loader heading, assuming I'd left
> the jar out of the classpath. The jar it's requestion is indeed not not
> the classpath, however, the jar in question is not included in the
> original startconsole script either (meaning I have no idea how the client
> would find it). In any case I get the exact same error when the jar's on
> the cp as well. The client then goes on to try and download the jar -
> which will not work as the windows machine I'm running it on does not have
> open internet access - intranet only.
>   
On windows, the jar file location is a little bit different.  See 
http://directory.fedoraproject.org/wiki/Howto:WindowsConsole for more 
information.
> However the errmsg also mentions connection problems, and there's a
> lengthy delay when clicking the nodes in question consistent with a
> connection attempt that's blocked by, say, a firewall.
Right.  There is a timeout - I can't remember how long.
> I've since verified
> with Ethereal that the console does indeed try to bypass my ssh tunnel and
> instead hits the admin server directly, an attempt which is of course
> blocked by the firewall.
Right.  Because once the console is started, it ignores the URL you 
provide in the login dialog box and instead reads the URL from the admin 
server configuration under o=netscaperoot in the configuration directory 
server.
> In addition, connections to the ldap port are
> also attempted, though this is not a problem as that port is actually
> open. Maybe the reason why I can get this far in the first place. However,
> could anyone confirm that the connection url (in my case ssh tunnel at
> localhost:56789) is only used for the initial connect, and that later the
> admin client may try to establish a direct link to the correct url of the
> servernode? If so, is there any possible workaround for this, or will I
> basically need a firewall-opening? Or could it be a dependency/classpath
> problem after all?
>   
The best bet is to either open the firewall, or to install the admin 
server to use a well known http port (e.g. port 80) that most firewalls 
will leave open by default.
> --
> Regards,
> Audun
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080103/a62a726b/attachment.bin>

More information about the Fedora-directory-users mailing list