Graham Leggett wrote:
Yes, this is poorly documented, and scattered about in a half dozen config files, as well as several entries under o=netscaperootRichard Megginson wrote:Now the admin server won't start at all, and no error message is logged to the console or error log.There's more to making it use ssl than disabling ssl. The easiest way is to use the script at http://directory.fedora.redhat.com/wiki/Howto:SSL to generate the keys/certs, then use the console. You first have to go to Directory->Configuration->Data->Security and check the button that tells the console to use SSL. Then, go to Admin Server->Configuration->Security and tell Admin Server to use SSL.Trouble is, if you've made the smallest config error, the console is left in a corrupt state. There seems to be no way to correct an error once its been made.
No, once it uses the url you type in to bootstrap, it reads the security settings for the other servers from the config ds o=netscaperoot.I managed to get this right once, then made a config error somewhere, and the directory config for this member of the cluster has been corrupt ever since.It should go off the url you specify when using startconsole, either http or https.A couple of questions at this point:- How does the console know whether to contact the admin server using SSL or clear?Ok... the URL I used in startconsole pointed at the configuration directory's admin server, not the new admin server I am trying to set up.Is the startconsole somehow assuming that because the admin server belonging to the configuration directory is secure, then all other admin servers are secure too?
Should I point startconsole at the new admin server, rather than the configuration admin server, when I want to edit the new admin server?
You could try that.
- Which files in the config directory can be edited by a human and have an actual effect?Only local.conf is read-only. It is basically a cache of the information under the admin server instance entry under o=NetscapeRoot.http://directory.fedora.redhat.com/wiki/AdminServer#Admin_Server_Config_FilesIf I delete all the files in the admin server config directory, will the restart-admin script rebuild these files from the directory?
No. Only local.conf will be rebuilt.
Right. console.conf, adm.conf, and shared/config/dbswitch.conf are modified via console operations, via CGI programs. They are not modified via LDAP operations, and the admin server + console code has to jump through some hoops to keep the data stored in LDAP in sync with the corresponding data in those config files.- How do you refresh the files in the config directory, so that they reflect changes you've made in the directory itself?The surest way to make the Admin Server refresh its config based on changes made in the DS is to restart the admin server.The behaviour I was seeing was that after modifying the directory and restarting the admin server, the only file that changed was local.conf.
All other files remained untouched, meaning that despite the directory having been modified, the admin server did not pick up the changes.Regards, Graham -- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
