[Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server - support cacert for configds, fix permissions

Richard Megginson rmeggins at redhat.com
Wed Jun 20 15:14:16 UTC 2007

Resolves: bug 237356
Bug Description: Move DS Admin Code into Admin Server - support cacert 
for configds, fix permissions.
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: If the Config DS is set up to use TLS/SSL, we should 
allow the admin to setup a new admin server to use TLS/SSL with the 
Config DS.  The user may supply either a cacert file in ascii/pem 
format, or just set the CACertificate param in the .inf file to the 
actual ascii value.  This latter option allows you to have a single .inf 
file that you can carry around to all of your servers that you want to 
set up, instead of having to have an additional file for the cacert.
However, it only works for the initial setup.  It should probably detect 
if the cacert already exists and just use it if so.
File permissions need to be set correctly.  The code that deals with 
file and directory creation should ensure that permissions are set 
properly.  This mostly applies to the configdir, so that the config 
files needed to be read and written by the admin server have the correct 
permissions and ownership.
Also fixed a minor bug about changing the admin server port, and with 
detecting if there is an existing config ds to use or not.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20070620/46d0a02b/attachment.bin 

More information about the 389-devel mailing list