[389-users] Console breaks when enabling no anoymous binding

Gerrard Geldenhuis Gerrard.Geldenhuis at betfair.com
Tue Aug 10 15:46:11 UTC 2010 

>________________________________________
>From: 389-users-bounces at lists.fedoraproject.org [389-users-bounces at lists.fedoraproject.org] on behalf of Gerrard Geldenhuis [Gerrard.Geldenhuis at betfair.com]
>Sent: 10 August 2010 16:00
>To: 389-users at lists.fedoraproject.org
>Subject: [389-users] Console breaks when enabling no anoymous binding
>
>Hi
>If I set
>nsslapd-allow-anonymous-access: off
>I am not able to login to the 389-console. I can remedy this by checking the checkbox "Use SSL in Console" in the Encryption tab on the Directory Server console. >This seems a strange solution to the problem. Why would disabing anonymous access break console access and why would enabling "Use SSL in Console" fix it?
>
>I get another interesting error as well with the "Use SSL in Console" checkbox checked.
>Login to Management Console
>Open Directory Console
>Click on Configuration tab
>Click on Encryption tab
>
>I get "An error has occured"
>Could not open file(null). File does not exist or filename is invalid.
>
>After I click on OK, I can proceed to the Encryption tab. Is this a bug or me not configuring something. The error message is not very helpful.
>

I found the cause of the problem for the "An error has occurred".
When you first click on Manage Certificates in the Admin Server console it prompts you for a password and I believe create the cert store in /etc/dirsrv/admin-serv/
I then added the same CA that I used in /etc/dirsrv/slapd-testmasterserver/ cert db. However if you then again remove this CA you get the error has mentioned message as mentioned above. This is probably not strictly spoken a bug but it would be really "nice" if the error message could tell you that the cert database for the admin console is empty. I am not sure why it what the interdependence is but from my 10 000 feet view it seems not necessary. If there is any agreement I will file this as an enhancement request on bugzilla.

Regards


________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________

More information about the 389-users mailing list