[389-users] 389 upgrade
Juan Asensio Sánchez
okelet at gmail.com
Wed Sep 23 06:58:35 UTC 2009
Hi
Thanks Rich for your help. I finally have upgraded FDS to 389. I'll
try to remove the entries in the admin console referring to the old
Fedora DS. Now I will test replication and some other things.
One more thing. Where is the parameter to fully disable anonymous connections?
Regards.
2009/9/21 Rich Megginson <rmeggins at redhat.com>:
> Juan Asensio Sánchez wrote:
>>>>
>>>> And reboot... After that, when connecting with the console, we have
>>>> two entries for the directory server and two for the administration
>>>> server.
>>>>
>>>
>>> Yep, this is a known bug. You can ignore the Fedora ones - the 389 ones
>>> are
>>> the real ones.
>>>
>>
>> Is there any bug open about this and how to fix/remove these entries?
>>
>
> There is a bug open - https://bugzilla.redhat.com/show_bug.cgi?id=520493
>
> 389 1.2.3 will contain code to fix these issues during update - this code is
> now in our SCM - Unfortunately, fixing/removing these entries manually will
> be tricky
>>
>>
>>>>
>>>> One of each does not show the icon it should, and when I click
>>>> on it, it tries to download new jars, but it can not.
>>>>
>>>
>>> What error does it give?
>>>
>>
>> Failed to install a local copy of 389-ds-1.2.jar or one of it supporting
>> files.
>> Please ensure that the appropiate console package is installed on the
>> Administration Server.
>> HTTP response timeout
>>
>> I think it is trying to get the files with http instead of https,
>> although I have connected to the console with https.
>>
>
> One of the side effects of the bug is that it nukes your tls/ssl
> configuration.
>>
>>
>>>>
>>>> If I use the old
>>>> item for the administration console (that shows the icon), in the
>>>> encryption tab , SSL is disabled, but before the upgrade it was
>>>> enabled, but if i try to access the server with the browser, i must
>>>> use https (¿?). Why is SSL disabled? And if it is disabled, why must I
>>>> access using https? Is there any step I haven't done?
>>>>
>>>>
>>>
>>> This is also a bug. The update procedure does not preserve the SSL
>>> settings
>>> for your old (Fedora) servers when it adds the new (389) servers.
>>>
>>
>> But how can I connect to the console with https if the upgrade has
>> disabled it?
>>
>
> You need to find the entries that the console uses to get the TLS/SSL
> information:
> ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -b
> o=NetscapeRoot objectclass=nsConfig dn
>
> you can ignore the entries that start with cn=task summary
>
> For the entry that begins with cn=configuration, cn=admin-serv-.....
> do an ldapmodify like this:
> ldapmodify x -D "cn=directory manager" -w yourpassword
> dn: cn=configuration, cn=admin-serv-.....
> changetype: modify
> replace: nsServerSecurity
> nsServerSecurity: on
>
>
> For the entries that begin with cn=slapd-........
> do an ldapmodify like this:
> ldapmodify x -D "cn=directory manager" -w yourpassword
> dn: cn=slapd-.......
> changetype: modify
> replace: nsServerSecurity
> nsServerSecurity: on
>
>
> You should also verify the nsSecureServerPort attribute in the cn=slapd-....
> entries if you used a port other than 636.
>
> After you make these changes, restart your admin server (service
> dirsrv-admin restart), then try the console again.
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
More information about the Fedora-directory-users
mailing list