https://bugzilla.redhat.com/show_bug.cgi?id=622957
batch update moving tickets to future
set default ticket origin to Community
Added initial screened field value.
Console is working as expected, you can not use a absolute/relative path to a file because of CGI security issues. The library must be located in /etc/dirsrv/slapd-INSTANCE. Then you simply specify the library file name in the console.
There is a bug in how the modutil command is generated in the admin server code.
attachment 0001-Ticket-201-nCipher-HSM-cannot-be-configured-via-the-.patch
The fix looks good.
Now I wonder where this type of knowledge about the installation/configuration is available... Since it's not our "product", what we could do is just having a pointer to the right contents, I guess...
Fix Description: First new modules must be located in the server instance security directory (symlinks work best).
Replying to [comment:15 nhosoi]:
The fix looks good. Now I wonder where this type of knowledge about the installation/configuration is available... Since it's not our "product", what we could do is just having a pointer to the right contents, I guess... Fix Description: First new modules must be located in the server instance security directory (symlinks work best).
There is documentation about the HSM security module here:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/mgng-tokens.html#installing-pkcs11-mods-cmd
In the documentation it even states that it's best to use modutil to add modules, and not the console :-)
Due to cgi security issues, the console only allows you to specify the library name, and not the absolute path to the library. It expects to find the library in the instance security directory: /etc/dirsrv/slapd-INSTANCE.
The reason I mentioned the symlink, is because if you use a symlink in the security directory to the actual library then you don't have to worry about SELinux.
/etc/dirsrc/slapd-INSTANCE/libcknfast.so -> /opt/nfast/toolkit/pkcs11/libcknfast.so
If you directly copy the library to /etc/dirsrv/slapd-INSTANCE then you must update SELinux for the library.
I will be writing up a wiki page on this as well.
To ssh://git.fedorahosted.org/git/389/admin.git c9b6de5..5af4170 master -> master
commit 5af417033e9cf532856a105a6113825a4d20bbfa Author: Mark Reynolds mreynolds@redhat.com Date: Tue Oct 14 14:11:23 2014 -0400
Thank you soooo much for the details, Mark!!
Metadata Update from @nhosoi: - Issue assigned to mreynolds - Issue set to the milestone: 389-admin,console 1.1.36
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/201
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.