Ok, I figured this out. The setupssl.sh script correctly names the cert
and key databases for the administrator server based on identifier you
give the directory server on setup. The default administrator server
configuration, on the other hand, creates and uses databases named after
the system's host name. This problem was corrected by setting the
correct database file names in
/opt/fedora-ds/admin-serv/config/adm.conf. Or alternatively, simply
copy the database files created by the script to the filenames that the
administrator wants to use.
The setupssl script should probably be altered to set the correct
database file names in the adm.conf file.
Thanks for the responses,
Jason
Hi all,
I'm pretty uncertain about the best way to go about configuring the
admin server to use SSL (FDS1.0.2) . All of the docs I'm finding are
pretty shaky. Ultimately, I want users to manage their passwords and
info via the web-based Directory Server Gateway over SSL. This would
appear to be the same thing as enabling SSL for the admin server.
The setupssl.sh script provided by the SSL howto, generates the
keys/certs for the admin server and imports them into the appropriate
cert db (I guess, I've performed the process by hand as well, based
on RedHat's docs and the script itself). This would imply to me that
the admin console would find the generated certs and present them in
the admin server's console (under the Configuration -> Encryption
tab) in much the same way that it does in the directory server's
console. I can't tell if something that's suppose to work isn't or
if I'm misunderstanding something. I'd like to know before I try to
generate new SSL certificates and import them.
Yes, that's the way it is supposed to work. I verified that it does
work on FC5 using FDS 1.0.2.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
