Hi Thanks Rich for your help. I finally have upgraded FDS to 389. I'll try to remove the entries in the admin console referring to the old Fedora DS. Now I will test replication and some other things. One more thing. Where is the parameter to fully disable anonymous connections? Regards. 2009/9/21 Rich Megginson <rmeggins@xxxxxxxxxx>: > Juan Asensio Sánchez wrote: >>>> >>>> And reboot... After that, when connecting with the console, we have >>>> two entries for the directory server and two for the administration >>>> server. >>>> >>> >>> Yep, this is a known bug. You can ignore the Fedora ones - the 389 ones >>> are >>> the real ones. >>> >> >> Is there any bug open about this and how to fix/remove these entries? >> > > There is a bug open - https://bugzilla.redhat.com/show_bug.cgi?id=520493 > > 389 1.2.3 will contain code to fix these issues during update - this code is > now in our SCM - Unfortunately, fixing/removing these entries manually will > be tricky >> >> >>>> >>>> One of each does not show the icon it should, and when I click >>>> on it, it tries to download new jars, but it can not. >>>> >>> >>> What error does it give? >>> >> >> Failed to install a local copy of 389-ds-1.2.jar or one of it supporting >> files. >> Please ensure that the appropiate console package is installed on the >> Administration Server. >> HTTP response timeout >> >> I think it is trying to get the files with http instead of https, >> although I have connected to the console with https. >> > > One of the side effects of the bug is that it nukes your tls/ssl > configuration. >> >> >>>> >>>> If I use the old >>>> item for the administration console (that shows the icon), in the >>>> encryption tab , SSL is disabled, but before the upgrade it was >>>> enabled, but if i try to access the server with the browser, i must >>>> use https (¿?). Why is SSL disabled? And if it is disabled, why must I >>>> access using https? Is there any step I haven't done? >>>> >>>> >>> >>> This is also a bug. The update procedure does not preserve the SSL >>> settings >>> for your old (Fedora) servers when it adds the new (389) servers. >>> >> >> But how can I connect to the console with https if the upgrade has >> disabled it? >> > > You need to find the entries that the console uses to get the TLS/SSL > information: > ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -b > o=NetscapeRoot objectclass=nsConfig dn > > you can ignore the entries that start with cn=task summary > > For the entry that begins with cn=configuration, cn=admin-serv-..... > do an ldapmodify like this: > ldapmodify x -D "cn=directory manager" -w yourpassword > dn: cn=configuration, cn=admin-serv-..... > changetype: modify > replace: nsServerSecurity > nsServerSecurity: on > > > For the entries that begin with cn=slapd-........ > do an ldapmodify like this: > ldapmodify x -D "cn=directory manager" -w yourpassword > dn: cn=slapd-....... > changetype: modify > replace: nsServerSecurity > nsServerSecurity: on > > > You should also verify the nsSecureServerPort attribute in the cn=slapd-.... > entries if you used a port other than 636. > > After you make these changes, restart your admin server (service > dirsrv-admin restart), then try the console again. >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > > -- > 389 users mailing list > 389-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
