[Fedora-directory-users] Trouble upgrading 1.0.2 -> 1.0.4 w/ SSL-enabled configuration directory server

[Jeremy Thornhill]

We have a single supplier / multiple replica setup, using SSL.  The supplier
is configured as the "Configuration Directory Server" and clients are
configured accordingly.  I attempted to upgrade one of the replicas in
accordance with the release notes (i.e. Upgrade the RPM, restart the server,
run /opt/fedora-ds/setup/setup).

Setup proceeds as expected until the point where the application prompts for
the admin password.  This is the text of the dialogue:

> In order to reconfigure your installation, the Configuration Directory
> Administrator password is required.  Here is your current information:
> 
> Configuration Directory: ldaps://<myldapmaster>.<mydomain>:636/o=NetscapeRoot
> Configuration Administrator ID: admin
> 
> At the prompt, please enter the password for the Configuration Administrator.
>
> Fedora configuration directory server
> administrator ID [admin]:
> Password: 

Regardless of what information is entered, the application seems to hang,
and does not display any new information or prompts after this point.

Curious, I tried disabling SSL on the upgraded replica's admin server config
by editing the following files (the information at this url pointed me in
the right direction:
http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt):

/opt/fedora-ds/admin-serv/config/adm.conf
/opt/fedora-ds/shared/config/dbswitch.conf

Disabling ssl in these locations and re-running setup resulted in success.
Once the upgrade was complete, I shut the server down and re-enabled ssl -
everything worked swimmingly thereafter.

Now, we've been using ssl successfully for pretty much everything with no
issue (certs all distributed and everything working fine), so I'm not sure
why this is failing.  Is this perhaps a bug in setup?  Is there something
else I need to be doing to have SSL work for the setup application?  It's
ultimately not a huge issue since it can be worked around, but it took a
good chunk of time for me to track down the problem.

Thanks,
Jeremy Thornhill
System administrator
jeremy.thornhill at motricity.com


NOTICE: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information of Motricity.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.