Gerrard Geldenhuis wrote:
Hi
If I set
nsslapd-allow-anonymous-access: off
I am not able to login to the 389-console. I can remedy this by checking the checkbox
"Use SSL in Console" in the Encryption tab on the Directory Server console. This
seems a strange solution to the problem. Why would disabing anonymous access break console
access and why would enabling "Use SSL in Console" fix it?
When you first log in to the console, and you type in your ID, the
directory server has no credentials, and has to perform an anonymous
search for uid=youruid to find your BIND DN. This is the same as when
you log in to the operating system - pam has to do a search like
uid=youruserid as anonymous to find your BIND DN. Not sure why
selecting Use SSL in Console would fix that.
You can use 389-console -D 9 -f console.log to get detailed logging.
I get another interesting error as well with the "Use SSL in
Console" checkbox checked.
Login to Management Console
Open Directory Console
Click on Configuration tab
Click on Encryption tab
I get "An error has occured"
Could not open file(null). File does not exist or filename is invalid.
After I click on OK, I can proceed to the Encryption tab. Is this a bug or me not
configuring something. The error message is not very helpfull.
I think you have to install the CA cert in the admin server cert db
before you can do Use SSL in Console.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users