[389-users] Console breaks when enabling no anoymous binding
Rich Megginson
rmeggins at redhat.com
Tue Aug 10 15:41:09 UTC 2010
Gerrard Geldenhuis wrote:
> Hi
> If I set
> nsslapd-allow-anonymous-access: off
> I am not able to login to the 389-console. I can remedy this by checking the checkbox "Use SSL in Console" in the Encryption tab on the Directory Server console. This seems a strange solution to the problem. Why would disabing anonymous access break console access and why would enabling "Use SSL in Console" fix it?
>
When you first log in to the console, and you type in your ID, the
directory server has no credentials, and has to perform an anonymous
search for uid=youruid to find your BIND DN. This is the same as when
you log in to the operating system - pam has to do a search like
uid=youruserid as anonymous to find your BIND DN. Not sure why
selecting Use SSL in Console would fix that.
You can use 389-console -D 9 -f console.log to get detailed logging.
> I get another interesting error as well with the "Use SSL in Console" checkbox checked.
> Login to Management Console
> Open Directory Console
> Click on Configuration tab
> Click on Encryption tab
>
> I get "An error has occured"
> Could not open file(null). File does not exist or filename is invalid.
>
> After I click on OK, I can proceed to the Encryption tab. Is this a bug or me not configuring something. The error message is not very helpfull.
>
I think you have to install the CA cert in the admin server cert db
before you can do Use SSL in Console.
> Regards
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list