The saga continues..
After finally getting the admin-server to run and just briefly verifying
that the console would run from my windows machine but not being able to
connect because of firewall issues, I'm now picking up the thread again.
To briefly recap, there are firewall issues preventing me from connecting
easily with the admin server on the machine running fedora-ds. Iow: I can
reach the ldap port fine - but not the admin server. I have no control
over the firewall, and getting an opening poked in it is turning out to
be, if not difficult then at least time consuming. I've been trying to
sneak around the problem by using ssh-tunneling for now. I can use this to
successfully connect the client java console with the server. However,
that's pretty much as far as I've been able to get.
The Fedora Management Console opens and connects nicely. In the console
view, I can see the rootnode of myldap.foo.com
, as well as the ldap
instance just beneath it and its "Server Group" node. However, if I expand
this node and try to click on the "Administration Server" or "Directory
Server" leafs, I get a long pause and then an error dialog saying: "Class
Loader error: Failed to install a local copy of fedora-admserv-1.0.jar or
one of its supporting files: Can not connect to
The console supports multiple versions of admin server and directory
server. Each unique version of admin server and directory server has
its own versioned jar file (e.g. fedora-admserv-1.0.jar,
fedora-admserv-1.1.jar, etc.) These jar files are provided via http by
the admin server and are downloaded into the ~/.fedora-console/jars (or
~/.fedora-idm-console/jars in 1.1) directory. The console looks for
them in there. So one possible workaround would be to just grab those
files from the server and copy them to this directory.
Initially,I was thrown off by the class loader heading, assuming
the jar out of the classpath. The jar it's requestion is indeed not not
the classpath, however, the jar in question is not included in the
original startconsole script either (meaning I have no idea how the client
would find it). In any case I get the exact same error when the jar's on
the cp as well. The client then goes on to try and download the jar -
which will not work as the windows machine I'm running it on does not have
open internet access - intranet only.
On windows, the jar file location is a little bit different. See
However the errmsg also mentions connection problems, and there's
lengthy delay when clicking the nodes in question consistent with a
connection attempt that's blocked by, say, a firewall.
Right. There is a
timeout - I can't remember how long.
I've since verified
with Ethereal that the console does indeed try to bypass my ssh tunnel and
instead hits the admin server directly, an attempt which is of course
blocked by the firewall.
Right. Because once the console is started, it ignores
the URL you
provide in the login dialog box and instead reads the URL from the admin
server configuration under o=netscaperoot in the configuration directory
In addition, connections to the ldap port are
also attempted, though this is not a problem as that port is actually
open. Maybe the reason why I can get this far in the first place. However,
could anyone confirm that the connection url (in my case ssh tunnel at
localhost:56789) is only used for the initial connect, and that later the
admin client may try to establish a direct link to the correct url of the
servernode? If so, is there any possible workaround for this, or will I
basically need a firewall-opening? Or could it be a dependency/classpath
problem after all?
The best bet is to either open the firewall, or to install the admin
server to use a well known http port (e.g. port 80) that most firewalls
will leave open by default.
Fedora-directory-users mailing list