Juan Asensio S?nchez wrote: > Hi > > I am trying to upgrade some of our FDS servers. The test versions we > are using for upgrade are (the same that the production servers): > > [root at fdsold ~]# rpm -qa | grep -i fedora > fedora-ds-dsgw-1.1.1-1.fc6 > fedora-ds-1.1.2-1.fc6 > fedora-ds-admin-1.1.2-2.fc6 > fedora-ds-console-1.1.2-1.fc6 > fedora-idm-console-1.1.0-5.fc6 > fedora-ds-base-1.1.3-2.fc6 > fedora-ds-admin-console-1.1.2-1.fc6 > > We have two test servers, with replication agreements between them, > and SSL configured for directory and console; 389 port is disabled. > Then we upgrade FDS/389 with this command (we do not want to upgrade > the full server): > > yum upgrade 389-admin 389-admin-console 389-console 389-ds 389-ds-base > 389-ds-console 389-dsgw > > The upgrade is done correctly, then we run "setup-ds-admin.pl -u": > > [root at fdsnew ~]# setup-ds-admin.pl -u > > ============================================================================== > The update option will allow you to re-register your servers with the > configuration directory server and update the information about your > servers that the console and admin server uses. You will need your > configuration directory server admin ID and password to continue. > > Continue? [yes]: > > ============================================================================== > Please specify the information about your configuration directory > server. The following information is required: > - host (fully qualified), port (non-secure or secure), suffix, > protocol (ldap or ldaps) - this information should be provided in the > form of an LDAP url e.g. for non-secure > ldap://host.example.com:389/o=NetscapeRoot > or for secure > ldaps://host.example.com:636/o=NetscapeRoot > - admin ID and password > - admin domain > - a CA certificate file may be required if you choose to use ldaps and > security has not yet been configured - the file must be in PEM/ASCII > format - specify the absolute path and filename > > Configuration directory server URL > [ldaps://fdsnew.sacyl.es:636/o=NetscapeRoot]: > Configuration directory server admin ID [uid=admin, ou=Administrators, > ou=TopologyManagement, o=NetscapeRoot]: > Configuration directory server admin password: > Configuration directory server admin domain [center2.sacyl.es]: > CA certificate filename: /etc/openldap/cacerts/cert-CA-cacert.pem > > ============================================================================== > The interactive phase is complete. The script will now set up your > servers. Enter No or go Back if you want to change something. > > Are you ready to set up your servers? [yes]: > Registering the directory server instances with the configuration > directory server . . . > Beginning Admin Server reconfiguration . . . > Registering admin server with the configuration directory server . . . > Updating adm.conf with information from configuration directory server . . . > Exiting . . . > Log file is '/tmp/setupwDn6B0.log' > > And reboot... After that, when connecting with the console, we have > two entries for the directory server and two for the administration > server. Yep, this is a known bug. You can ignore the Fedora ones - the 389 ones are the real ones. > One of each does not show the icon it should, and when I click > on it, it tries to download new jars, but it can not. What error does it give? > If I use the old > item for the administration console (that shows the icon), in the > encryption tab , SSL is disabled, but before the upgrade it was > enabled, but if i try to access the server with the browser, i must > use https (??). Why is SSL disabled? And if it is disabled, why must I > access using https? Is there any step I haven't done? > This is also a bug. The update procedure does not preserve the SSL settings for your old (Fedora) servers when it adds the new (389) servers. > Regards and thanks in advance. > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090915/54f07b38/attachment.bin
