Console breaks when enabling no anoymous binding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gerrard Geldenhuis wrote:
>>> I found the cause of the problem for the "An error has occurred".
>>> When you first click on Manage Certificates in the Admin Server console it prompts you for a password and I believe create the cert store in /etc/dirsrv/admin->serv/
>>> I then added the same CA that I used in /etc/dirsrv/slapd-testmasterserver/ cert db. However if you then again remove this CA you get the error has mentioned >message as mentioned above. This is probably not strictly spoken a bug but it would be really "nice" if the error message could tell you that the cert database for >the admin console is empty. I am not sure why it what the interdependence is but from my 10 000 feet view it seems not necessary.
>>>       
>> What's not necessary?  Note that the admin server and directory server
>> have separate cert databases.  Also note that the NSS crypto team is
>> working towards a unified system-wide cert db.
>>     
>
> That could have been more clear, I meant that a lack of certs in the Admin Server db should not cause an error when trying to access cert information in the directory server db. But as I said that is from 10 000 feet viewpoint.
>   
The SSL client must have a CA cert.  In this case, the SSL client is the 
Admin Server, and the SSL server is the configuration directory server 
(the directory server that holds o=NetscapeRoot).  When the "Use SSL in 
Console" is selected, the console and admin server will use SSL to 
contact the configuration DS.
> A system-wide cert db would be really cool. Out of interest, would that also unify /etc/openldap/cacerts?
>   
Not sure, but I would assume it would include those as well.
> Regards
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from 
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux