Juan Asensio S?nchez wrote: > Hi > > Thanks Rich for your help. I finally have upgraded FDS to 389. I'll > try to remove the entries in the admin console referring to the old > Fedora DS. Now I will test replication and some other things. > > One more thing. Where is the parameter to fully disable anonymous connections? > nsslapd-allow-unauthenticated-binds in cn=config > Regards. > > 2009/9/21 Rich Megginson <rmeggins at redhat.com>: > >> Juan Asensio S?nchez wrote: >> >>>>> And reboot... After that, when connecting with the console, we have >>>>> two entries for the directory server and two for the administration >>>>> server. >>>>> >>>>> >>>> Yep, this is a known bug. You can ignore the Fedora ones - the 389 ones >>>> are >>>> the real ones. >>>> >>>> >>> Is there any bug open about this and how to fix/remove these entries? >>> >>> >> There is a bug open - https://bugzilla.redhat.com/show_bug.cgi?id=520493 >> >> 389 1.2.3 will contain code to fix these issues during update - this code is >> now in our SCM - Unfortunately, fixing/removing these entries manually will >> be tricky >> >>> >>>>> One of each does not show the icon it should, and when I click >>>>> on it, it tries to download new jars, but it can not. >>>>> >>>>> >>>> What error does it give? >>>> >>>> >>> Failed to install a local copy of 389-ds-1.2.jar or one of it supporting >>> files. >>> Please ensure that the appropiate console package is installed on the >>> Administration Server. >>> HTTP response timeout >>> >>> I think it is trying to get the files with http instead of https, >>> although I have connected to the console with https. >>> >>> >> One of the side effects of the bug is that it nukes your tls/ssl >> configuration. >> >>> >>>>> If I use the old >>>>> item for the administration console (that shows the icon), in the >>>>> encryption tab , SSL is disabled, but before the upgrade it was >>>>> enabled, but if i try to access the server with the browser, i must >>>>> use https (??). Why is SSL disabled? And if it is disabled, why must I >>>>> access using https? Is there any step I haven't done? >>>>> >>>>> >>>>> >>>> This is also a bug. The update procedure does not preserve the SSL >>>> settings >>>> for your old (Fedora) servers when it adds the new (389) servers. >>>> >>>> >>> But how can I connect to the console with https if the upgrade has >>> disabled it? >>> >>> >> You need to find the entries that the console uses to get the TLS/SSL >> information: >> ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -b >> o=NetscapeRoot objectclass=nsConfig dn >> >> you can ignore the entries that start with cn=task summary >> >> For the entry that begins with cn=configuration, cn=admin-serv-..... >> do an ldapmodify like this: >> ldapmodify x -D "cn=directory manager" -w yourpassword >> dn: cn=configuration, cn=admin-serv-..... >> changetype: modify >> replace: nsServerSecurity >> nsServerSecurity: on >> >> >> For the entries that begin with cn=slapd-........ >> do an ldapmodify like this: >> ldapmodify x -D "cn=directory manager" -w yourpassword >> dn: cn=slapd-....... >> changetype: modify >> replace: nsServerSecurity >> nsServerSecurity: on >> >> >> You should also verify the nsSecureServerPort attribute in the cn=slapd-.... >> entries if you used a port other than 636. >> >> After you make these changes, restart your admin server (service >> dirsrv-admin restart), then try the console again. >> >>> -- >>> 389 users mailing list >>> 389-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> >> -- >> 389 users mailing list >> 389-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090923/118d15ef/attachment.bin
