This list covers some of the known problems with the Java Desktop System Configuration Manager. Read the list before reporting any new bugs.
Problem ID |
Description and Workaround. |
|
---|---|---|
5004807 |
When installing on Red Hat 7.3, the following error occurs:
The error has no negative impact, and can be ignored. |
If exceptions are displayed in your HTML pages directly after entering the Configuration Manager from the Java™ Web Console, try the following:
Clear the cache directory (/usr/share/webconsole/work/Standalone/localhost/apoc/jsp/) where tomcat stores its compiled JSPs.
Verify that the file policymgr.cfg exists (/usr/share/webconsole/apoc/WEB-INF/).
Verify that the file policymgr.cfg has correct user rights (read access for noaccess:noaccess).
Verify that the LDAP data stored in the file policymgr.cfg corresponds to your LDAP server, such as host, port, baseDN, and so on.
This patch should be applied to avail of the fix for bug 4903368. Without this fix, if a user chooses to remove five or more policy groups assigned to an entity, then the Configuration Manager will remove all the assigned policy groups from that entity. More importantly, if a user chooses to remove five or more policy groups assigned to the root entity, then not only will all assigned policy groups be removed from that entity, but the Configuration Manager LDAP metaconfiguration data will also be deleted from the Directory Server. The Directory Server cannot then be used by the Configuration Manager until the createServiceTree installation script is run again.
The Accessing the Bootstrapping Information in Java Desktop System Configuration Manager Release 1.1 Administration Guide section of the Accessing the Bootstrapping Information in Java Desktop System Configuration Manager Release 1.1 Administration Guide states that a default bootstrapping file called policymgr.cfg is installed at /etc/apoc during the CLI installation. This policymgr.cfg file is no longer installed. Currently, the user can specify a bootstrapping file with the --file (-f) option or specify the other bootstrapping options, such as --base (-b). Otherwise, the CLI defaults to a bootstrapping file that is called pgtool.properties in the user's home directory.
To configure SSL communication between the LDAP server (policy backend) and the Configuration Manager you must perform the following steps:
As a prerequisite, your LDAP server must be configured to support client authentication through SSL. You can find further details in the Sun ONE Directory Server 5.2 Administration Guide at http://docs.sun.com/source/816-6698-10/.
Install the LDAP server's certificate, or its CA's certificate, in the Java Web Console's database of trusted certificates:
# cd $JAVA_HOME/bin # ./keytool -import -file server_cert.cer -keystore /etc/opt/webconsole/keystore |
The initial default keystore password is changeit . It is important to change this password in the production environment.
Run the following script to point the Configuration Manager to your LDAP server:
# /usr/share/webconsole/apoc/configure |
Run the smreg command to enable SSL communication for the LDAP login module:
# /usr/sbin/smreg add -m -b optional -o ldap.provider.url="ldaps://<LDAP_SERVER_HOST>:<LDAP_SERVER_PORT>" -o ldap.provider.authentication=simple -o ldap.baseDN="<LDAP_BASEDN>" -o ldap.userAttribute="<LDAP_USER_UNIQUE_ATTRIBUTE>" -o ldap.search.userDN="<LDAP_SEARCH_USER>" -o ldap.search.password="<LDAP_SEARCH_PASSWORD>" com.sun.apoc.authentication.LdapLoginModule; |
The placeholders, such as LDAP_SERVER_HOST and LDAP_SERVER_PORT, must be replaced by the actual values that you specified during the configuration of the Configuration Manager in step 3. The ldap.search.userDN and ldap.search.password parameters can be omitted if anonymous LDAP access is allowed.
Restart the Java Web Console:
# /usr/sbin/smcwebserver restart |
The description of the Template DTD given in the Chapter 1, Configuration Manager Overview, in Java Desktop System Configuration Manager Release 1.1 Developer Guide deviates in two ways from the correct definition given in the file policytemplate.dtd.
The visual element is an optional element, not a mandatory element.
The apt:listDataPath attribute of the chooser element does not exist. Use apt:dataPath instead.