https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247283 Resolves: bug 247283 Bug Description: While working on getting the Admin Server Console to work with the new Admin Server, I ran into multiple problems with various CGIs that the Console calls. I'll detail each of the issues below. Reviewed by: ??? Files: see diff Branch: HEADFix Description: The ReadLog CGI was changed to eliminate the possibility of the caller passing in the path to the log files. To get the path to the log file, the CGI was concatenating the logdir with the value of the configuration parameter that says where the requested log type is. The problem is that the config parameters use an absolute path, not just the file name. This was resulting in the logdir being listed twice, which is obviously wrong. In addition to the logdir being
listed twice, the config parameter for the error log had the log file namelisted as "errors" instead of "error". This would cause the CGI to not find the logfile. The solution for these issues is to just use the config value directly without prepending the logdir, as well as fixing the logfile name for the error log.
The config CGI is used to read and write Admin Server configuration parameters. This CGI was setting overriding the user DN and password with the sie DN and password. These is no need to use the sie DN, and doing so was causing this CGI to fail to read and set the config values. The solution is to just use the
passed in user DN and password.The sec-activate CGI is used to enable SSL for the Admin Server. When using the Console, I found that I could check the enable SSL checkbox, then uncheck it and click on save. This would call sec-activate to save the changes, which would result in an error about the cipher family setting not being present. We should only require a cipher family setting if we are turning SSL on. The solution is to first check if the setting being saved have SSL off, and only require the
cipher family settings if SSL is set to on. The last issue isn't actually a CGI issue, but instead is an issue in mod_admserv when the "admin-serv/authenticate" URI is called. This URI issupposed to return the user and group directory connection information to the caller. The problem is that the user and group directory info is set at Admin Server startup time. The Admin Server doesn't have the ability to authenticate to LDAP at startup since it has no credentials, so it always ends up setting the
user and group directory to point to the config directory (it uses"o=netscaperoot" as the base). This causes the users and groups tab in Console to search the wrong tree in the directory. The solution is to not set the user & group directory info at startup, but instead delay it until the first time
that it is needed during an authentication. We can then pass thatauthentication info through to get a valid LDAP handle which will allow us to
search for the real user and group information. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158674&action=diff
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
