test

Java Desktop System Configuration Manager Release 1.1 Release Notes

Known Issues

This list covers some of the known problems with the Java Desktop System Configuration Manager. Read the list before reporting any new bugs.

Problem ID 

Description and Workaround. 

5004807 

When installing on Red Hat 7.3, the following error occurs: 


bash: /root/.bashrc: Permission denied error

The error has no negative impact, and can be ignored. 

Troubleshooting

If exceptions are displayed in your HTML pages directly after entering the Configuration Manager from the Java™ Web Console, try the following:

Sun Java System Directory Server 5.2 Hotfix 1

This patch should be applied to avail of the fix for bug 4903368. Without this fix, if a user chooses to remove five or more policy groups assigned to an entity, then the Configuration Manager will remove all the assigned policy groups from that entity. More importantly, if a user chooses to remove five or more policy groups assigned to the root entity, then not only will all assigned policy groups be removed from that entity, but the Configuration Manager LDAP metaconfiguration data will also be deleted from the Directory Server. The Directory Server cannot then be used by the Configuration Manager until the createServiceTree installation script is run again.

Changes to the Default CLI Bootstrapping File

The Accessing the Bootstrapping Information in Java Desktop System Configuration Manager Release 1.1 Administration Guide section of the Accessing the Bootstrapping Information in Java Desktop System Configuration Manager Release 1.1 Administration Guide states that a default bootstrapping file called policymgr.cfg is installed at /etc/apoc during the CLI installation. This policymgr.cfg file is no longer installed. Currently, the user can specify a bootstrapping file with the --file (-f) option or specify the other bootstrapping options, such as --base (-b). Otherwise, the CLI defaults to a bootstrapping file that is called pgtool.properties in the user's home directory.

Implementing SSL Support for the Login Module

To configure SSL communication between the LDAP server (policy backend) and the Configuration Manager you must perform the following steps:

  1. As a prerequisite, your LDAP server must be configured to support client authentication through SSL. You can find further details in the Sun ONE Directory Server 5.2 Administration Guide at http://docs.sun.com/source/816-6698-10/.

  2. Install the LDAP server's certificate, or its CA's certificate, in the Java Web Console's database of trusted certificates: 


    # cd $JAVA_HOME/bin
# ./keytool -import -file server_cert.cer -keystore /etc/opt/webconsole/keystore
    Note –

    The initial default keystore password is changeit . It is important to change this password in the production environment.

  3. Run the following script to point the Configuration Manager to your LDAP server:


    # /usr/share/webconsole/apoc/configure

  4. Run the smreg command to enable SSL communication for the LDAP login module:


    # /usr/sbin/smreg add -m -b optional -o 
ldap.provider.url="ldaps://<LDAP_SERVER_HOST>:<LDAP_SERVER_PORT>" -o 
ldap.provider.authentication=simple -o ldap.baseDN="<LDAP_BASEDN>" -o 
ldap.userAttribute="<LDAP_USER_UNIQUE_ATTRIBUTE>" -o 
ldap.search.userDN="<LDAP_SEARCH_USER>" -o 
ldap.search.password="<LDAP_SEARCH_PASSWORD>" 
com.sun.apoc.authentication.LdapLoginModule;
    Note –

    The placeholders, such as LDAP_SERVER_HOST and LDAP_SERVER_PORT, must be replaced by the actual values that you specified during the configuration of the Configuration Manager in step 3. The ldap.search.userDN and ldap.search.password parameters can be omitted if anonymous LDAP access is allowed.

  5. Restart the Java Web Console:


    # /usr/sbin/smcwebserver restart

Corrections to the Developer Guide

The description of the Template DTD given in the Chapter 1, Configuration Manager Overview, in Java Desktop System Configuration Manager Release 1.1 Developer Guide deviates in two ways from the correct definition given in the file policytemplate.dtd.