Gerrard Geldenhuis wrote:
> From: 389-users-bounces(a)lists.fedoraproject.org
[389-users-bounces(a)lists.fedoraproject.org] on behalf of Gerrard Geldenhuis
> Sent: 10 August 2010 16:00
> To: 389-users(a)lists.fedoraproject.org
> Subject: [389-users] Console breaks when enabling no anoymous binding
> If I set
> nsslapd-allow-anonymous-access: off
> I am not able to login to the 389-console. I can remedy this by checking the checkbox
"Use SSL in Console" in the Encryption tab on the Directory Server console.
>This seems a strange solution to the problem. Why would disabing anonymous access
break console access and why would enabling "Use SSL in Console" fix it?
> I get another interesting error as well with the "Use SSL in Console"
> Login to Management Console
> Open Directory Console
> Click on Configuration tab
> Click on Encryption tab
> I get "An error has occured"
> Could not open file(null). File does not exist or filename is invalid.
> After I click on OK, I can proceed to the Encryption tab. Is this a bug or me not
configuring something. The error message is not very helpful.
I found the cause of the problem for the "An error has occurred".
When you first click on Manage Certificates in the Admin Server console it prompts you
for a password and I believe create the cert store in /etc/dirsrv/admin-serv/
I then added the same CA that I used in /etc/dirsrv/slapd-testmasterserver/ cert db.
However if you then again remove this CA you get the error has mentioned message as
mentioned above. This is probably not strictly spoken a bug but it would be really
"nice" if the error message could tell you that the cert database for the admin
console is empty. I am not sure why it what the interdependence is but from my 10 000 feet
view it seems not necessary.
What's not necessary? Note that the admin server
and directory server
have separate cert databases. Also note that the NSS crypto team is
working towards a unified system-wide cert db.
If there is any agreement I will file this as an enhancement request
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
389 users mailing list