Juan Asensio S?nchez wrote: >>> And reboot... After that, when connecting with the console, we have >>> two entries for the directory server and two for the administration >>> server. >>> >> Yep, this is a known bug. You can ignore the Fedora ones - the 389 ones are >> the real ones. >> > > Is there any bug open about this and how to fix/remove these entries? > There is a bug open - https://bugzilla.redhat.com/show_bug.cgi?id=520493 389 1.2.3 will contain code to fix these issues during update - this code is now in our SCM - Unfortunately, fixing/removing these entries manually will be tricky > >>> One of each does not show the icon it should, and when I click >>> on it, it tries to download new jars, but it can not. >>> >> What error does it give? >> > > Failed to install a local copy of 389-ds-1.2.jar or one of it supporting files. > Please ensure that the appropiate console package is installed on the > Administration Server. > HTTP response timeout > > I think it is trying to get the files with http instead of https, > although I have connected to the console with https. > One of the side effects of the bug is that it nukes your tls/ssl configuration. > >>> If I use the old >>> item for the administration console (that shows the icon), in the >>> encryption tab , SSL is disabled, but before the upgrade it was >>> enabled, but if i try to access the server with the browser, i must >>> use https (??). Why is SSL disabled? And if it is disabled, why must I >>> access using https? Is there any step I haven't done? >>> >>> >> This is also a bug. The update procedure does not preserve the SSL settings >> for your old (Fedora) servers when it adds the new (389) servers. >> > > But how can I connect to the console with https if the upgrade has disabled it? > You need to find the entries that the console uses to get the TLS/SSL information: ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -b o=NetscapeRoot objectclass=nsConfig dn you can ignore the entries that start with cn=task summary For the entry that begins with cn=configuration, cn=admin-serv-..... do an ldapmodify like this: ldapmodify x -D "cn=directory manager" -w yourpassword dn: cn=configuration, cn=admin-serv-..... changetype: modify replace: nsServerSecurity nsServerSecurity: on For the entries that begin with cn=slapd-........ do an ldapmodify like this: ldapmodify x -D "cn=directory manager" -w yourpassword dn: cn=slapd-....... changetype: modify replace: nsServerSecurity nsServerSecurity: on You should also verify the nsSecureServerPort attribute in the cn=slapd-.... entries if you used a port other than 636. After you make these changes, restart your admin server (service dirsrv-admin restart), then try the console again. > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090921/4e47a1e6/attachment.bin
