[Fedora-directory-commits] adminserver/admserv/cgi-src40 config.c, 1.14, 1.15 getport.c, 1.6, 1.7 htmladmin.c, 1.9, 1.10 migrateConfig.c, 1.7, 1.8 restartsrv.c, 1.8, 1.9 sec-activate.c, 1.10, 1.11 security.c, 1.14, 1.15 setport.c, 1.6, 1.7 statpingserv.c, 1.6, 1.7 ugdsconfig.c, 1.10, 1.11 viewdata.c, 1.8, 1.9 viewlog.c, 1.10, 1.11
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26918/adminserver/admserv/cgi-src40
Modified Files:
config.c getport.c htmladmin.c migrateConfig.c restartsrv.c
sec-activate.c security.c setport.c statpingserv.c
ugdsconfig.c viewdata.c viewlog.c
Log Message:
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: I changed security to get the security file directory for the directory server from cn=config from that directory server. Unfortunately, I didn't take into consideration that the CGI might have to use LDAPS to connect. If you have checked the Use SSL for Console button in the console when configuring that directory server for SSL, the CGIs will attempt to use LDAPS. In this case, there were several problems:
1) NSS was not initialized - need to use the admin server key/cert db to talk LDAPS to the directory server
2) When I did do the NSS init, it failed because the admin server key/cert db did not exist, and the directory was not writable.
3) I needed to shutdown NSS so that the key/cert db for the directory server itself could be opened in order to get its contents
The consequences of this are that now, when you attempt to use NSS for the first time, if the key/cert databases do not exist, they will be created empty. If the user sets up the directory server for SSL, and tells the console to use SSL with this directory server, the user will have to install the CA certificate in the admin server key/cert db, so that the console and admin CGIs can talk to that directory server using LDAPS.
I changed all of the admin server CGIs to properly initialize NSS in case they too needed to speak LDAPS for some reason. I also cleaned up several compiler warnings in the admin server CGIs.
I believe this is also the same problem as https://bugzilla.redhat.com/show_bug.cgi?id=430499
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
QA impact: Will need to test various console interactions with SSL with admin server and directory server.
New Tests integrated into TET: none
Index: config.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/config.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- config.c 15 Nov 2007 17:32:22 -0000 1.14
+++ config.c 14 Jul 2008 20:00:02 -0000 1.15
@@ -148,8 +148,6 @@
char *localAdmin = 0;
char *binddn = 0;
char *bindpw = 0;
- char *newValue = 0;
- char *portVal = 0;
char **inputs = 0;
char *operation = 0;
char *qs = 0;
@@ -263,7 +261,7 @@
adminfo = admldapBuildInfo(configdir, &rv);
- errorCode = ADMSSL_InitSimple(configdir, secdir, 0);
+ errorCode = ADMSSL_InitSimple(configdir, secdir, 1);
if (errorCode) {
if (i18nResource)
rpt_err(APP_ERROR,
@@ -402,7 +400,7 @@
if (resultList) {
nvl = resultList;
- while (nv = *nvl++) {
+ while ((nv = *nvl++)) {
fprintf(stdout, "%s: %s\n",
nv->attrName,
nv->attrVal ? (nv->attrVal[0] ? nv->attrVal[0] : "") : "");
@@ -697,6 +695,7 @@
if (addList) deleteAttributeList(addList);
psetDelete(pset);
+ return 1;
}
@@ -870,6 +869,7 @@
else return 0;
+ return -1;
}
#endif
@@ -1055,7 +1055,7 @@
pr_st = PR_GetHostByName(systemInfo, buf, PR_NETDB_BUF_SIZE, &hostentry);
index = 0;
- while (index = PR_EnumerateHostEnt(index, &hostentry, 8000, &netaddr1)) {
+ while ((index = PR_EnumerateHostEnt(index, &hostentry, 8000, &netaddr1))) {
if (netaddr1.inet.ip == netaddr.inet.ip) return 1;
}
Index: getport.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/getport.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- getport.c 11 May 2007 19:44:05 -0000 1.6
+++ getport.c 14 Jul 2008 20:00:02 -0000 1.7
@@ -85,7 +85,7 @@
if (binddn) rv = ADM_GetCurrentPassword(&err, &bindpw);
/* Initialize the pset */
- rv = ADMSSL_InitSimple(configdir, secdir);
+ rv = ADMSSL_InitSimple(configdir, secdir, 1);
if (rv) {
rpt_err(APP_ERROR, "SSL related initialization failed", NULL, NULL);
}
Index: htmladmin.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/htmladmin.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- htmladmin.c 11 May 2007 19:44:05 -0000 1.9
+++ htmladmin.c 14 Jul 2008 20:00:02 -0000 1.10
@@ -325,7 +325,7 @@
if(!ldapInfo)
exit(0);
- rv = ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0);
+ rv = ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 1);
if(rv)
exit(0);
@@ -481,8 +481,6 @@
LDAPMessage *entry;
int ldapError;
- char *security = NULL;
-
char **vals;
char sie_conf[BIG_LINE];
@@ -810,7 +808,7 @@
char *endptr = NULL;
int rate = 300;
- if (val = admldapGetExpressRefreshRate(admInfo)) {
+ if ((val = admldapGetExpressRefreshRate(admInfo))) {
rate = strtol(val, &endptr, 10);
PL_strfree(val);
}
@@ -826,7 +824,7 @@
char *val = NULL;
int rate = 60;
- if (val = admldapGetExpressCGITimeout(admInfo)) {
+ if ((val = admldapGetExpressCGITimeout(admInfo))) {
rate = strtol(val, &endptr, 10);
PL_strfree(val);
}
@@ -1044,7 +1042,7 @@
img = strdup("oldservic.gif");
}
- if(vals2 = ldap_get_values(server, isie_entry, ISIE_PRODVER_ATTR)) {
+ if((vals2 = ldap_get_values(server, isie_entry, ISIE_PRODVER_ATTR))) {
version = (char *)malloc(4+strlen(vals2[0]));
sprintf(version, " %s", vals2[0]);
}
Index: migrateConfig.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/migrateConfig.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- migrateConfig.c 11 May 2007 19:44:05 -0000 1.7
+++ migrateConfig.c 14 Jul 2008 20:00:02 -0000 1.8
@@ -228,7 +228,7 @@
}
if (binddn) rv = ADM_GetCurrentPassword(&err, &bindpw);
- rv = ADMSSL_InitSimple(configdir, secdir);
+ rv = ADMSSL_InitSimple(configdir, secdir, 1);
if (rv) {
if (i18nResource &&
(errMsg = res_getstring(i18nResource,
Index: restartsrv.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/restartsrv.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- restartsrv.c 15 May 2007 16:45:45 -0000 1.8
+++ restartsrv.c 14 Jul 2008 20:00:02 -0000 1.9
@@ -295,7 +295,6 @@
static char buf[BIG_LINE];
char * p = NULL;
const char *configdir = util_get_conf_dir();
- const char *logdir = util_get_log_dir();
const char *piddir = util_get_pid_dir();
util_find_file_in_paths(filename, sizeof(filename), "console.conf", configdir, "", "admin-serv/config");
Index: sec-activate.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- sec-activate.c 6 Jul 2007 18:06:19 -0000 1.10
+++ sec-activate.c 14 Jul 2008 20:00:02 -0000 1.11
@@ -491,7 +491,6 @@
char error_info[BIG_LINE];
AdmldapInfo ldapInfo = NULL;
char *lang;
- char line[BIG_LINE];
memset((void *)errp, 0, sizeof(int));
method = getenv("REQUEST_METHOD");
Index: security.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- security.c 27 Nov 2007 16:55:49 -0000 1.14
+++ security.c 14 Jul 2008 20:00:02 -0000 1.15
@@ -54,6 +54,7 @@
#include "libadminutil/admutil.h"
#include "libadminutil/distadm.h"
#include "libadminutil/resource.h"
+#include "libadmsslutil/admsslutil.h"
#include "libadmsslutil/certmgt.h"
#include "libadmsslutil/psetcssl.h"
@@ -225,6 +226,7 @@
static void closeAllSecurityDB() {
/* close all db */
+ SSL_ClearSessionCache();
NSS_Shutdown();
}
@@ -725,7 +727,7 @@
if (entry != NULL) {
fprintf(stdout, "\t<ENTRY%d>\n", x);
- fprintf(stdout, "\t\t<SERIAL_NUMBER>%d</SERIAL_NUMBER>\n", Hexify(&entry->serialNumber));
+ fprintf(stdout, "\t\t<SERIAL_NUMBER>%s</SERIAL_NUMBER>\n", processNullString(Hexify(&entry->serialNumber)));
fprintf(stdout, "\t\t<REVOKE_DATE>%s</REVOKE_DATE>\n",DER_UTCTimeToAscii(&entry->revocationDate));
fprintf(stdout, "\t</ENTRY%d>\n", x);
x++;
@@ -837,22 +839,22 @@
return;
}
- internal_slot = PK11_GetInternalKeySlot();
- if (!internal_slot) {
- errorRpt(GENERAL_FAILURE, getResourceString(DBT_INIT_FAIL));
- return;
+ if (PK11_IsInternal(slot)) {
+ internal_slot = slot;
+ } else {
+ internal_slot = PK11_GetInternalKeySlot();
+ if (!internal_slot) {
+ errorRpt(GENERAL_FAILURE, getResourceString(DBT_INIT_FAIL));
+ return;
+ }
}
internalTokenName = PK11_GetTokenName(internal_slot);
- {
- PK11SlotInfo *slot = PK11_GetInternalKeySlot();
-
- if (PK11_NeedUserInit(slot) == PR_TRUE) {
- fprintf(stdout, "<NEEDINIT_INTERNAL>TRUE</NEEDINIT_INTERNAL>\n");
- } else {
- fprintf(stdout, "<NEEDINIT_INTERNAL>FALSE</NEEDINIT_INTERNAL>\n");
- }
+ if (PK11_NeedUserInit(internal_slot) == PR_TRUE) {
+ fprintf(stdout, "<NEEDINIT_INTERNAL>TRUE</NEEDINIT_INTERNAL>\n");
+ } else {
+ fprintf(stdout, "<NEEDINIT_INTERNAL>FALSE</NEEDINIT_INTERNAL>\n");
}
certList = PK11_ListCerts(PK11CertListUnique, NULL);
@@ -884,11 +886,18 @@
printCert(cln->cert, /*showDetail=*/PR_FALSE, NULL);
}
}
+ CERT_DestroyCertList(certList);
if (PK11_IsInternal(slot)) {
showCRL(certdb, SEC_CRL_TYPE);
showCRL(certdb, SEC_KRL_TYPE);
}
+
+ if (slot != internal_slot) {
+ PK11_FreeSlot(internal_slot);
+ }
+ PK11_FreeSlot(slot);
+
}
/*
@@ -1511,7 +1520,6 @@
FILE *f;
PR_snprintf(full_path, sizeof(full_path), "%s%c%s", secdir, FILE_PATHSEP, filename);
- form_unescape(full_path);
if( !(f = fopen(full_path, "rb")) ) {
PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), full_path);
@@ -1764,9 +1772,6 @@
PK11SlotList* slotList;
PK11SlotListElement *slot;
- /* Mechanism to be used to get all the tokens in PK11_GetAllTokens */
- CK_MECHANISM_TYPE all = CKM_INVALID_MECHANISM;
-
slotList = PK11_GetAllTokens(CKM_RSA_PKCS, PR_FALSE, PR_FALSE, NULL);
fprintf(stdout, "<TOKENINFO>\n");
@@ -1956,13 +1961,13 @@
/* cgi env setup */
int _ai = ADMUTIL_Init();
char * m = getenv("REQUEST_METHOD");
- char * qs = 0;
char *securitydir = NULL; /* looked up via sie */
char msg[BIG_LINE];
AdmldapInfo ldapInfo; /* our config */
int rc = 0;
char *sie;
char *configdir = util_get_conf_dir();
+ const char *secdir = util_get_security_dir();
#if 0
CGI_Debug("security");
@@ -1998,6 +2003,10 @@
errorRpt(FILE_ERROR, line);
}
+ if(ADMSSL_InitSimple((char *)configdir, (char *)secdir, 1)) {
+ errorRpt(SYSTEM_ERROR, getResourceString(CMN_SSL_INIT_ERROR));
+ }
+
securitydir = getSecurityDir(ldapInfo, sie);
{
@@ -2021,6 +2030,9 @@
}
/* we got here, we think sie is a valid prefix */
+ /* close all db - we may have had to open the admin server key/cert db
+ in order to use LDAPS before - now have to shut down NSS and reinit */
+ closeAllSecurityDB();
securityInitialization(securitydir);
if (!PORT_Strcmp(operation, "LIST_CERTIFICATE")) {
Index: setport.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/setport.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- setport.c 11 May 2007 19:44:05 -0000 1.6
+++ setport.c 14 Jul 2008 20:00:02 -0000 1.7
@@ -114,7 +114,7 @@
if (binddn) rv = ADM_GetCurrentPassword(&err, &bindpw);
- rv = ADMSSL_InitSimple(configdir, secdir);
+ rv = ADMSSL_InitSimple(configdir, secdir, 1);
if (rv) {
rpt_err(APP_ERROR, "SSL related initialization failed", NULL, NULL);
}
Index: statpingserv.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/statpingserv.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- statpingserv.c 9 May 2007 00:26:30 -0000 1.6
+++ statpingserv.c 14 Jul 2008 20:00:02 -0000 1.7
@@ -74,8 +74,6 @@
int port;
PRFileDesc *gif;
- int character;
- int count=0;
char *file;
char *portstr;
struct PRFileInfo64 prfileinfo;
Index: ugdsconfig.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ugdsconfig.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- ugdsconfig.c 18 Dec 2007 19:55:23 -0000 1.10
+++ ugdsconfig.c 14 Jul 2008 20:00:02 -0000 1.11
@@ -236,7 +236,7 @@
AdmldapInfo adminfo;
int rc;
- if(ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0)) {
+ if(ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 1)) {
rpt_err(SYSTEM_ERROR, i18nMsg(DBT_ADMSSL_INIT_FAILED,"Cannot initialize SSL"), NULL, NULL);
return NULL;
}
Index: viewdata.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewdata.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- viewdata.c 11 May 2007 19:44:05 -0000 1.8
+++ viewdata.c 14 Jul 2008 20:00:02 -0000 1.9
@@ -113,7 +113,7 @@
if(!ldapInfo)
exit(0);
- rv = ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0);
+ rv = ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 1);
if(rv)
exit(0);
@@ -261,11 +261,11 @@
}
PR_smprintf_free(dn);
- if(vals = ldap_get_values(server, entry, "nshtmladminproducturl")) {
+ if((vals = ldap_get_values(server, entry, "nshtmladminproducturl"))) {
*url = strdup(vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "nshtmladminproducttext")) {
+ if((vals = ldap_get_values(server, entry, "nshtmladminproducttext"))) {
*text = strdup(vals[0]);
ldap_value_free(vals);
}
@@ -292,13 +292,13 @@
return;
- if(vals = ldap_get_values(server, entry, "serverproductname")) {
+ if((vals = ldap_get_values(server, entry, "serverproductname"))) {
fprintf(stdout,(const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_PRODUCT_NAME), vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "installationtimestamp")) {
+ if((vals = ldap_get_values(server, entry, "installationtimestamp"))) {
struct tm tm;
char buf[BIG_LINE];
@@ -323,7 +323,7 @@
}
- if(vals = ldap_get_values(server, entry, "serverroot")) {
+ if((vals = ldap_get_values(server, entry, "serverroot"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_ROOT), vals[0]);
ldap_value_free(vals);
}
@@ -358,37 +358,37 @@
"(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS)
return;
- if(vals = ldap_get_values(server, entry, "nsproductname")) {
+ if((vals = ldap_get_values(server, entry, "nsproductname"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_PRODUCT_NAME), vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "nsvendor")) {
+ if((vals = ldap_get_values(server, entry, "nsvendor"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_VENDOR), vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "nsproductversion")) {
+ if((vals = ldap_get_values(server, entry, "nsproductversion"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_PRODUCT_VERSION), vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "nsbuildnumber")) {
+ if((vals = ldap_get_values(server, entry, "nsbuildnumber"))) {
fprintf(stdout,(const char*)getResourceString(DBT_OUTPUT_DATA_BUILD_NUMBER), vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "nsbuildsecurity")) {
+ if((vals = ldap_get_values(server, entry, "nsbuildsecurity"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_BUILD_SECURITY), vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "nsrevisionnumber")) {
+ if((vals = ldap_get_values(server, entry, "nsrevisionnumber"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_REVISION_NUMBER), vals[0]);
ldap_value_free(vals);
}
- if(vals = ldap_get_values(server, entry, "description")) {
+ if((vals = ldap_get_values(server, entry, "description"))) {
fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_DESCRIPTION), vals[0]);
ldap_value_free(vals);
}
@@ -403,12 +403,6 @@
char line[BIG_LINE];
FILE *html = open_html_file(MY_PAGE);
char *sie = NULL;
-
- char *request;
- int errorcode;
- PRFileDesc *sockd;
- bufstruct *nbuf;
-
char *binddn, *bindpw;
LDAP *server;
LDAPMessage *entry;
@@ -453,7 +447,7 @@
"(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS)
continue;
- if(vals = ldap_get_values(server, entry, "nsserverid")) {
+ if((vals = ldap_get_values(server, entry, "nsserverid"))) {
fprintf(stdout, (const char*)getResourceString(DBT_MAIN_SERVER_ID), vals[0]);
ldap_value_free(vals);
}
Index: viewlog.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewlog.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- viewlog.c 31 Oct 2007 05:30:53 -0000 1.10
+++ viewlog.c 14 Jul 2008 20:00:02 -0000 1.11
@@ -156,7 +156,6 @@
void display_logfiles(char *logdir, char *default_logfile)
{
int x;
- int cnt=0;
char *seps = "/";
char *token;
char *curlog = NULL;
@@ -289,7 +288,6 @@
char *file;
char *logdir = NULL;
char *id;
- char **logfiles = NULL;
char tmp[BIG_LINE];
int x;
int print_html = 1;
@@ -353,6 +351,11 @@
configdir ? configdir : "(null)", rc);
rpt_err(APP_ERROR, line, NULL, NULL);
} else {
+ const char *secdir = util_get_security_dir();
+ if(ADMSSL_InitSimple((char *)configdir, (char *)secdir, 1)) {
+ rpt_err(SYSTEM_ERROR, getResourceString(CMN_SSL_INIT_ERROR), NULL, NULL);
+ }
+
logdir = getLogDir(ldapInfo, id);
if(!logdir) {
PR_snprintf(msg, sizeof(msg),
@@ -407,7 +410,6 @@
}
PR_snprintf(full_path, sizeof(full_path), "%s%c%s", logdir, FILE_PATHSEP, file);
- form_unescape(full_path); /* bug 27409, 31807 */
cmd = fopen(full_path, "r");
fprintf(stdout, getResourceString(DBT_MAIN_WIDTH));
PR_snprintf(tmp, sizeof(tmp), getResourceString(DBT_SUBTITLE), num, file, (str)? getResourceString(DBT_WITH) : "",
@@ -435,7 +437,6 @@
if (file || *file || util_is_valid_path_string(file) ||
util_verify_file_or_dir(logdir, PR_FILE_DIRECTORY, file, -1, PR_FILE_FILE)) {
PR_snprintf(full_path, sizeof(full_path), "%s%c%s", logdir, FILE_PATHSEP, file);
- form_unescape(full_path); /* bug 27409, 31807 */
cmd = fopen(full_path, "r");
/* begin search */
15 years, 10 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSCreate.pm.in, 1.9, 1.9.2.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23942
Modified Files:
Tag: Directory_Server_8_0_Branch
DSCreate.pm.in
Log Message:
Resolves: bug 452323
Bug Description: rhds80 console - create new instance fails (only) after admin server restart
Reviewed by: nkinder (Thanks!)
Branch: Directory_Server_8_0_Branch
Fix Description: The problem was that the temp LDIF file used to init the new database was not created with the proper mode and ownership, so slapd could not load it. The fix is to make sure the ownership and mode is correct.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: DSCreate.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSCreate.pm.in,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- DSCreate.pm.in 17 Dec 2007 20:08:46 -0000 1.9
+++ DSCreate.pm.in 14 Jul 2008 19:40:12 -0000 1.9.2.1
@@ -498,6 +498,10 @@
if (@errs) {
return @errs;
}
+ if (@errs = changeOwnerMode($inf, 4, $templdif)) {
+ unlink($ldiffile);
+ return @errs;
+ }
# $templdif now contains the ldif to import
$ldiffile = $templdif;
$istempldif = 1;
15 years, 10 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSCreate.pm.in, 1.11, 1.12
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23383/ldapserver/ldap/admin/src/scripts
Modified Files:
DSCreate.pm.in
Log Message:
Resolves: bug 452323
Bug Description: rhds80 console - create new instance fails (only) after admin server restart
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The problem was that the temp LDIF file used to init the new database was not created with the proper mode and ownership, so slapd could not load it. The fix is to make sure the ownership and mode is correct.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: DSCreate.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSCreate.pm.in,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- DSCreate.pm.in 16 May 2008 16:25:54 -0000 1.11
+++ DSCreate.pm.in 14 Jul 2008 19:37:15 -0000 1.12
@@ -499,6 +499,10 @@
if (@errs) {
return @errs;
}
+ if (@errs = changeOwnerMode($inf, 4, $templdif)) {
+ unlink($ldiffile);
+ return @errs;
+ }
# $templdif now contains the ldif to import
$ldiffile = $templdif;
$istempldif = 1;
15 years, 10 months
[Fedora-directory-commits] adminserver/admserv/newinst/src AdminServer.pm.in, 1.12, 1.12.2.1 ConfigDSDialogs.pm, 1.6, 1.6.2.1 adminserver.map.in, 1.9, 1.9.2.1 dirserver.map.in, 1.9, 1.9.2.1 migrate-ds-admin.res.in, 1.2, 1.2.2.1 setup-ds-admin.pl.in, 1.11, 1.11.2.1 setup-ds-admin.res.in, 1.9, 1.9.2.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22641/adminserver/admserv/newinst/src
Modified Files:
Tag: Directory_Server_8_0_Branch
AdminServer.pm.in ConfigDSDialogs.pm adminserver.map.in
dirserver.map.in migrate-ds-admin.res.in setup-ds-admin.pl.in
setup-ds-admin.res.in
Log Message:
Resolves: bug 431103
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: Directory_Server_8_0_Branch
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
Index: AdminServer.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminServer.pm.in,v
retrieving revision 1.12
retrieving revision 1.12.2.1
diff -u -r1.12 -r1.12.2.1
--- AdminServer.pm.in 7 Dec 2007 00:09:36 -0000 1.12
+++ AdminServer.pm.in 14 Jul 2008 19:30:16 -0000 1.12.2.1
@@ -186,12 +186,37 @@
return 1;
}
+# sub addDefaultSecurityInfo {
+# my $setup = shift;
+# my $inf = $setup->{inf};
+# my $configdir = shift;
+# my $reconfig = shift;
+# my @errs;
+
+# my $admConf = getAdmConf($configdir);
+# my $localconf = "$configdir/local.conf";
+# if (!open(LOCALCONF, ">$localconf")) {
+# $setup->msg($FATAL, 'error_updating_localconf', $localconf, $!);
+# return 0;
+# }
+
+# if (!open(CONSOLECONF, "$admConf->{configdir}/console.conf")) {
+# debug(0, "Error opening $admConf->{configdir}/console.conf: $!");
+# return 0;
+# }
+
+# print LOCALCONF "configuration.Encryption\n";
+
+# close(LOCALCONF);
+# return 1;
+# }
+
# This is how we extract the sie and isie as the as entries are
# being added
sub registercb {
my ($context, $entry, $errs) = @_;
- my $rc = check_and_add_entry([$context->{conn}, $context->{reconfig}], $entry, $errs);
+ my $rc = check_and_add_entry([$context->{conn}], $entry, $errs);
my $setup = $context->{setup};
if ($rc) {
if ($entry->hasValue('objectclass', 'nsApplication', 1)) {
@@ -218,7 +243,6 @@
my $setup = shift;
my $inf = $setup->{inf};
my $configdir = shift;
- my $reconfig = shift;
my @errs;
$setup->msg('registering_adminserver');
@@ -261,7 +285,7 @@
$setup->msg($FATAL, 'error_updating_localconf', $localconf, $!);
return 0;
}
- my $context = {conn => $conn, localfh => \*LOCALCONF, setup => $setup, reconfig => $reconfig};
+ my $context = {conn => $conn, localfh => \*LOCALCONF, setup => $setup};
getMappedEntries($mapper, \@ldiffiles, \@errs, \®istercb, $context);
close(LOCALCONF);
@@ -418,6 +442,14 @@
$ENV{ADMSERV_PID_DIR} ||
"@piddir@";
+ # if we're just doing the update, just register and return
+ if ($setup->{update}) {
+ if (!registerASWithConfigDS($setup, $configdir)) {
+ return 0;
+ }
+ return 1;
+ }
+
if (!createASFilesAndDirs($setup, $configdir, $securitydir, $logdir, $rundir)) {
return 0;
}
@@ -426,7 +458,7 @@
return 0;
}
- if (!registerASWithConfigDS($setup, $configdir, $reconfig)) {
+ if (!registerASWithConfigDS($setup, $configdir)) {
return 0;
}
Index: ConfigDSDialogs.pm
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ConfigDSDialogs.pm,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- ConfigDSDialogs.pm 27 Jul 2007 01:42:46 -0000 1.6
+++ ConfigDSDialogs.pm 14 Jul 2008 19:30:16 -0000 1.6.2.1
@@ -409,6 +409,23 @@
['dialog_useconfigds_prompt'],
);
+my $updatedialog = new DialogYesNo (
+ $EXPRESS,
+ 'dialog_update_text',
+ 1,
+ sub {
+ my $self = shift;
+ my $ans = shift;
+ my $res = $self->handleResponse($ans);
+ if ($res == $DialogManager::NEXT) {
+ $res = $DialogManager::ERR if (!$self->isYes());
+ }
+ return $res;
+ },
+ ['dialog_update_prompt'],
+);
+
+
sub getDialogs {
return ($useconfigds, $configdsinfo, $configdsadmin, $configdsadmindomain);
}
@@ -417,4 +434,8 @@
return ($regconfigdsinfo, $configdsadmindomain);
}
+sub getUpdateDialogs {
+ return ($updatedialog, $configdsinfo);
+}
+
1;
Index: adminserver.map.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/adminserver.map.in,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- adminserver.map.in 15 Aug 2007 22:08:14 -0000 1.9
+++ adminserver.map.in 14 Jul 2008 19:30:16 -0000 1.9.2.1
@@ -44,6 +44,8 @@
vendor = Vendor
timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
+uname_a = `open(UNAMEA, "uname -a |"); $returnvalue = <UNAMEA>; chomp $returnvalue; close(UNAMEA);`
+uname_m = `open(UNAMEM, "uname -m |"); $returnvalue = <UNAMEM>; chomp $returnvalue; close(UNAMEM);`
asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
as_port = Port
admpw = "@configdir@/admpw"
Index: dirserver.map.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/dirserver.map.in,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- dirserver.map.in 17 Dec 2007 20:10:04 -0000 1.9
+++ dirserver.map.in 14 Jul 2008 19:30:16 -0000 1.9.2.1
@@ -43,6 +43,8 @@
vendor = Vendor
timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
+uname_a = `open(UNAMEA, "uname -a |"); $returnvalue = <UNAMEA>; chomp $returnvalue; close(UNAMEA);`
+uname_m = `open(UNAMEM, "uname -m |"); $returnvalue = <UNAMEM>; chomp $returnvalue; close(UNAMEM);`
asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
as_uid = ServerAdminID
as_sie = "cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot"
Index: migrate-ds-admin.res.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/migrate-ds-admin.res.in,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -r1.2 -r1.2.2.1
--- migrate-ds-admin.res.in 15 Aug 2007 22:08:14 -0000 1.2
+++ migrate-ds-admin.res.in 14 Jul 2008 19:30:16 -0000 1.2.2.1
@@ -18,7 +18,6 @@
error_opening_nssconf = Error: could not open NSS config file %s. Error: %s\n
error_writing_nssconf = Error: could not write NSS config file %s. Error: %s\n
-registering_dirserver_instances = Registering the migrated directory server instances with the configuration directory server . . .\n
error_creating_asmigration_maptbl = Error: could not create maptable for use in admin server migration.\n
error_creating_updateconsole_maptbl = Error: could not create maptable for use in admin server console migration.\n
error_migrating_console_entries = Error: Could not find the console customization entries under '%s'. Error: %s\n
Index: setup-ds-admin.pl.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.pl.in,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -u -r1.11 -r1.11.2.1
--- setup-ds-admin.pl.in 2 Aug 2007 14:44:10 -0000 1.11
+++ setup-ds-admin.pl.in 14 Jul 2008 19:30:16 -0000 1.11.2.1
@@ -54,6 +54,7 @@
$setup->{inf}->{admin}->{Port} = $pset->{"configuration.nsserverport"};
$setup->{asorigport} = $pset->{"configuration.nsserverport"}; # save orig. port
$setup->{inf}->{admin}->{ServerIpAddress} = $pset->{"configuration.nsserveraddress"};
+ $setup->{inf}->{General}->{FullMachineName} = $pset->{"serverhostname"};
}
my $admpw = AdminUtil::getAdmpw($admConf);
if ($admpw && %{$admpw}) {
@@ -67,6 +68,11 @@
$setup->{reconfigas} = 1; # allow AS reconfig
}
+# do not allow reconfig (setup -r) if no setup has been done
+if (! $setup->{reconfigas}) {
+ delete $setup->{update};
+}
+
if (!$setup->{silent}) {
my $dialogmgr = new DialogManager($setup, $res, $TYPICAL);
@@ -75,10 +81,15 @@
require ConfigDSDialogs;
require ASDialogs;
- my @dialogs = SetupDialogs->getDialogs();
- push @dialogs, ConfigDSDialogs->getDialogs();
- push @dialogs, DSDialogs->getDialogs();
- push @dialogs, ASDialogs->getDialogs();
+ my @dialogs;
+ if ($setup->{update}) {
+ push @dialogs, ConfigDSDialogs->getUpdateDialogs();
+ } else {
+ push @dialogs, SetupDialogs->getDialogs();
+ push @dialogs, ConfigDSDialogs->getDialogs();
+ push @dialogs, DSDialogs->getDialogs();
+ push @dialogs, ASDialogs->getDialogs();
+ }
my $readytoproceed = new DialogYesNo (
$EXPRESS,
@@ -123,46 +134,85 @@
$setup->{inf}->write();
-$setup->msg('create_dirserver');
+my @errs;
-# create a directory server instance
-my @errs = createDSInstance($setup->{inf});
-if (@errs) {
- $setup->msg(@errs);
- $setup->msg($FATAL, 'error_creating_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
- $setup->doExit(1);
-} else {
- $setup->msg('created_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
-}
+if (!$setup->{update}) {
+ $setup->msg('create_dirserver');
-# setup directory server instance to be the configuration DS
-if ($createconfigds) {
- $setup->msg('create_configds');
- if (!createConfigDS($setup->{inf}, \@errs)) {
- $setup->msg($FATAL, @errs);
- $setup->msg($FATAL, 'error_create_configds');
+ # create a directory server instance
+ # if we are not creating the config DS instance,
+ # create but do not start the server - start
+ # after createSubDS so the pta plugin will take effect
+ my $start_server_after_reg = 1; # default - start server after registration
+ if (!$createconfigds) {
+ if (exists($setup->{inf}->{slapd}->{start_server}) &&
+ defined($setup->{inf}->{slapd}->{start_server})) {
+ # user explicitly set this value
+ $start_server_after_reg = $setup->{inf}->{slapd}->{start_server};
+ }
+ $setup->{inf}->{slapd}->{start_server} = 0; # create server un-started
+ }
+
+ @errs = createDSInstance($setup->{inf});
+ if (@errs) {
+ $setup->msg(@errs);
+ $setup->msg($FATAL, 'error_creating_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
$setup->doExit(1);
+ } else {
+ $setup->msg('created_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
+ }
+
+ # setup directory server instance to be the configuration DS
+ if ($createconfigds) {
+ $setup->msg('create_configds');
+ if (!createConfigDS($setup->{inf}, \@errs)) {
+ $setup->msg($FATAL, @errs);
+ $setup->msg($FATAL, 'error_create_configds');
+ $setup->doExit(1);
+ }
+ } else {
+ # set up directory server instance to be managed by the console/adminserver
+ $setup->msg('create_subds');
+ if (!createSubDSNoConn($setup->{inf}, \@errs)) {
+ $setup->msg($FATAL, @errs);
+ $setup->msg($FATAL, 'error_create_configds');
+ $setup->doExit(1);
+ }
+ if ($start_server_after_reg) {
+ delete $setup->{inf}->{slapd}->{start_server}; # remove to start server
+ if (@errs = DSCreate::startServer($setup->{inf})) {
+ $setup->msg(@errs);
+ $setup->doExit(1);
+ }
+ # add the aci that allows the admin user to administer the server
+ if (!addConfigACIsToSubDS($setup->{inf}, \@errs)) {
+ $setup->msg(@errs);
+ $setup->doExit(1);
+ }
+ }
}
}
-else
-{
- $setup->msg('create_configds');
- if (!createSubDS($setup->{inf}, \@errs)) {
+
+if (!$setup->{update}) {
+ # register ds instances with config DS
+ if (!registerDSWithConfigDS($setup->{inf}->{slapd}->{ServerIdentifier},
+ \@errs,
+ $setup->{inf})) {
+ $setup->msg(@errs);
+ $setup->msg($FATAL, 'error_register_dirserver');
+ $setup->doExit(1);
+ }
+} else {
+ # register all instances
+ $setup->msg('registering_dirserver_instances');
+ if (!registerManyDSWithConfigDS($setup->{inf}, \@errs,
+ $setup->{configdir},
+ $setup->getDirServers())) {
$setup->msg($FATAL, @errs);
- $setup->msg($FATAL, 'error_create_configds');
$setup->doExit(1);
}
}
-# register ds instances with config DS
-if (!registerDSWithConfigDS($setup->{inf}->{slapd}->{ServerIdentifier},
- \@errs,
- $setup->{inf})) {
- $setup->msg(@errs);
- $setup->msg($FATAL, 'error_register_dirserver');
- $setup->doExit(1);
-}
-
# configure and register the admin server instance
if (!$setup->{reconfigas}) {
Index: setup-ds-admin.res.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.res.in,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- setup-ds-admin.res.in 11 Oct 2007 14:07:03 -0000 1.9
+++ setup-ds-admin.res.in 14 Jul 2008 19:30:16 -0000 1.9.2.1
@@ -63,6 +63,12 @@
dialog_configdsadmin_invalid = The password contains invalid characters. Please choose another one.\n\n
dialog_configdsadmin_nomatch = The passwords do not match. Please try again.\n\n
+# ----------- Update Intro Dialog Resource ----------------
+dialog_update_text = The update option will allow you to re-register your servers with the\
+configuration directory server and update the information about your\
+servers that the console and admin server uses. You will need your\
+configuration directory server admin ID and password to continue.\n\n
+dialog_update_prompt = Continue?
# ----------- Config DS admin domain Dialog Resource ----------------
dialog_configdsadmindomain_text = The information stored in the configuration directory server can be\nseparated into different Administration Domains. If you are managing\nmultiple software releases at the same time, or managing information\nabout multiple domains, you may use the Administration Domain to keep\nthem separate.\n\nIf you are not using administrative domains, press Enter to select the\ndefault. Otherwise, enter some descriptive, unique name for the\nadministration domain, such as the name of the organization\nresponsible for managing the domain.\n\n
@@ -115,6 +121,7 @@
end_reconfig_adminserver = Admin server was successfully reconfigured and started.\n
create_dirserver = Creating directory server . . .\n
create_configds = Creating the configuration directory server . . .\n
+create_subds = Creating the new directory server . . .\n
setup_complete = Setup is complete.\n\n
error_register_dirserver = Could not register the directory server with the configuration directory server.\n
registering_dirserver = Registering directory server with the configuration directory server . . .\n
@@ -129,3 +136,4 @@
error_return2_certutil = The certutil program returned error code '%s' from attempting to add the CA certificate. Error: %s\nHere is the output of the command: %s
cacert_already_exists = The certificate database in '%s' already contains a CA certificate. Please remove it first, or use the certutil program to add the CA certificate with a different name.\n
error_connection_failed = Error: failed to open an LDAP connection to host '%s' port '%s' as user '%s'. Error: %s.\n
+registering_dirserver_instances = Registering the directory server instances with the configuration directory server . . .\n
15 years, 10 months
[Fedora-directory-commits] adminserver/admserv/schema/ldif 01nsroot.ldif.tmpl, 1.6, 1.6.2.1 10dsdata.ldif.tmpl, 1.9, 1.9.2.1 20asdata.ldif.tmpl, 1.5, 1.5.2.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/schema/ldif
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22641/adminserver/admserv/schema/ldif
Modified Files:
Tag: Directory_Server_8_0_Branch
01nsroot.ldif.tmpl 10dsdata.ldif.tmpl 20asdata.ldif.tmpl
Log Message:
Resolves: bug 431103
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: Directory_Server_8_0_Branch
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
Index: 01nsroot.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- 01nsroot.ldif.tmpl 25 Jun 2007 18:23:53 -0000 1.6
+++ 01nsroot.ldif.tmpl 14 Jul 2008 19:30:17 -0000 1.6.2.1
@@ -91,33 +91,3 @@
objectClass: organizationalUnit
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
ou: uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
-
-dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
-objectClass: top
-objectClass: organizationalUnit
-aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
-ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
-
-dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-objectClass: top
-objectClass: nsHost
-objectClass: groupOfUniqueNames
-cn: %fqdn%
-serverHostName: %fqdn%
-nsOsVersion: %uname_a%
-nsHardwarePlatform: %uname_m%
-uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-
-dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-objectClass: nsAdminGroup
-objectClass: groupOfUniqueNames
-objectClass: nsDirectoryInfo
-objectClass: top
-nsAdminGroupName: Server Group
-nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
-nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-cn: Server Group
-uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
-aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 10dsdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- 10dsdata.ldif.tmpl 27 Sep 2007 16:54:31 -0000 1.9
+++ 10dsdata.ldif.tmpl 14 Jul 2008 19:30:17 -0000 1.9.2.1
@@ -22,6 +22,27 @@
add: aci
aci: (targetattr = "*")(version 3.0; acl "SIE Group (%dsid%)"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: nsHost
+objectClass: groupOfUniqueNames
+cn: %fqdn%
+serverHostName: %fqdn%
+nsOsVersion: %uname_a%
+nsHardwarePlatform: %uname_m%
+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: nsAdminGroup
+objectClass: groupOfUniqueNames
+objectClass: nsDirectoryInfo
+objectClass: top
+nsAdminGroupName: Server Group
+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
+cn: Server Group
+aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+
dn: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: nsApplication
objectClass: groupOfUniqueNames
@@ -39,6 +60,11 @@
nsServerMigrationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
nsServerCreationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+changetype: modify
+add: uniqueMember
+uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
dn: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: netscapeServer
objectClass: nsDirectoryServer
@@ -70,7 +96,7 @@
objectClass: top
cn: configuration
nsClassname: com.netscape.admin.dirserv.DSAdmin@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-nsJarfilename: @ds_console_jar@
+nsJarfilename: %ds_console_jar%
nsDirectoryInfoRef: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 20asdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/20asdata.ldif.tmpl,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- 20asdata.ldif.tmpl 25 Jun 2007 18:23:53 -0000 1.5
+++ 20asdata.ldif.tmpl 14 Jul 2008 19:30:17 -0000 1.5.2.1
@@ -17,6 +17,27 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# END COPYRIGHT BLOCK
+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: nsHost
+objectClass: groupOfUniqueNames
+cn: %fqdn%
+serverHostName: %fqdn%
+nsOsVersion: %uname_a%
+nsHardwarePlatform: %uname_m%
+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: nsAdminGroup
+objectClass: groupOfUniqueNames
+objectClass: nsDirectoryInfo
+objectClass: top
+nsAdminGroupName: Server Group
+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+cn: Server Group
+uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
dn: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: nsApplication
@@ -73,3 +94,14 @@
nsClassname: com.netscape.management.admserv.AdminServer@%as_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable delegated admin to access configuration"; allow (read, search) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+
+dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: organizationalUnit
+aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
+ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+changetype: modify
+add: aci
+aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
15 years, 10 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts Setup.pm.in, 1.10, 1.10.2.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22602/ldapserver/ldap/admin/src/scripts
Modified Files:
Tag: Directory_Server_8_0_Branch
Setup.pm.in
Log Message:
Resolves: bug 431103
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: Directory_Server_8_0_Branch
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
Index: Setup.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Setup.pm.in,v
retrieving revision 1.10
retrieving revision 1.10.2.1
diff -u -r1.10 -r1.10.2.1
--- Setup.pm.in 7 Sep 2007 15:02:25 -0000 1.10
+++ Setup.pm.in 14 Jul 2008 19:30:03 -0000 1.10.2.1
@@ -124,7 +124,7 @@
sub init {
my $self = shift;
$self->{res} = shift;
- my ($silent, $inffile, $keep, $preonly, $logfile);
+ my ($silent, $inffile, $keep, $preonly, $logfile, $update);
GetOptions('help|h|?' => sub { VersionMessage(); HelpMessage(); exit 0 },
'version|v' => sub { VersionMessage(); exit 0 },
@@ -133,13 +133,15 @@
'file|f=s' => \$inffile,
'keepcache|k' => \$keep,
'preonly|p' => \$preonly,
- 'logfile|l=s' => \$logfile
+ 'logfile|l=s' => \$logfile,
+ 'update|u' => \$update
);
$self->{silent} = $silent;
$self->{inffile} = $inffile;
$self->{keep} = $keep;
$self->{preonly} = $preonly;
+ $self->{update} = $update;
$self->{logfile} = $logfile;
$self->{log} = new SetupLog($self->{logfile});
# if user supplied inf file, use that to initialize
@@ -251,6 +253,7 @@
$self->{dirservers} = [];
for my $dir (glob("$self->{configdir}/slapd-*")) {
if (-d $dir) {
+ $dir =~ s,$self->{configdir}/,,; # strip off dir part
push @{$self->{dirservers}}, $dir;
}
}
15 years, 10 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts Setup.pm.in, 1.10, 1.11
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11695/ldapserver/ldap/admin/src/scripts
Modified Files:
Setup.pm.in
Log Message:
Resolves: bug 431103
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
Index: Setup.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Setup.pm.in,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- Setup.pm.in 7 Sep 2007 15:02:25 -0000 1.10
+++ Setup.pm.in 14 Jul 2008 18:43:21 -0000 1.11
@@ -124,7 +124,7 @@
sub init {
my $self = shift;
$self->{res} = shift;
- my ($silent, $inffile, $keep, $preonly, $logfile);
+ my ($silent, $inffile, $keep, $preonly, $logfile, $update);
GetOptions('help|h|?' => sub { VersionMessage(); HelpMessage(); exit 0 },
'version|v' => sub { VersionMessage(); exit 0 },
@@ -133,13 +133,15 @@
'file|f=s' => \$inffile,
'keepcache|k' => \$keep,
'preonly|p' => \$preonly,
- 'logfile|l=s' => \$logfile
+ 'logfile|l=s' => \$logfile,
+ 'update|u' => \$update
);
$self->{silent} = $silent;
$self->{inffile} = $inffile;
$self->{keep} = $keep;
$self->{preonly} = $preonly;
+ $self->{update} = $update;
$self->{logfile} = $logfile;
$self->{log} = new SetupLog($self->{logfile});
# if user supplied inf file, use that to initialize
@@ -251,6 +253,7 @@
$self->{dirservers} = [];
for my $dir (glob("$self->{configdir}/slapd-*")) {
if (-d $dir) {
+ $dir =~ s,$self->{configdir}/,,; # strip off dir part
push @{$self->{dirservers}}, $dir;
}
}
15 years, 10 months
[Fedora-directory-commits] adminserver/admserv/schema/ldif 01nsroot.ldif.tmpl, 1.6, 1.7 10dsdata.ldif.tmpl, 1.9, 1.10 20asdata.ldif.tmpl, 1.5, 1.6
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/schema/ldif
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11622/adminserver/admserv/schema/ldif
Modified Files:
01nsroot.ldif.tmpl 10dsdata.ldif.tmpl 20asdata.ldif.tmpl
Log Message:
Resolves: bug 431103
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
Index: 01nsroot.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- 01nsroot.ldif.tmpl 25 Jun 2007 18:23:53 -0000 1.6
+++ 01nsroot.ldif.tmpl 14 Jul 2008 18:43:02 -0000 1.7
@@ -91,33 +91,3 @@
objectClass: organizationalUnit
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
ou: uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
-
-dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
-objectClass: top
-objectClass: organizationalUnit
-aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
-ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
-
-dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-objectClass: top
-objectClass: nsHost
-objectClass: groupOfUniqueNames
-cn: %fqdn%
-serverHostName: %fqdn%
-nsOsVersion: %uname_a%
-nsHardwarePlatform: %uname_m%
-uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-
-dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-objectClass: nsAdminGroup
-objectClass: groupOfUniqueNames
-objectClass: nsDirectoryInfo
-objectClass: top
-nsAdminGroupName: Server Group
-nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
-nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-cn: Server Group
-uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
-aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 10dsdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- 10dsdata.ldif.tmpl 27 Sep 2007 16:54:31 -0000 1.9
+++ 10dsdata.ldif.tmpl 14 Jul 2008 18:43:02 -0000 1.10
@@ -22,6 +22,27 @@
add: aci
aci: (targetattr = "*")(version 3.0; acl "SIE Group (%dsid%)"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: nsHost
+objectClass: groupOfUniqueNames
+cn: %fqdn%
+serverHostName: %fqdn%
+nsOsVersion: %uname_a%
+nsHardwarePlatform: %uname_m%
+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: nsAdminGroup
+objectClass: groupOfUniqueNames
+objectClass: nsDirectoryInfo
+objectClass: top
+nsAdminGroupName: Server Group
+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
+cn: Server Group
+aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+
dn: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: nsApplication
objectClass: groupOfUniqueNames
@@ -39,6 +60,11 @@
nsServerMigrationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
nsServerCreationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+changetype: modify
+add: uniqueMember
+uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
dn: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: netscapeServer
objectClass: nsDirectoryServer
@@ -70,7 +96,7 @@
objectClass: top
cn: configuration
nsClassname: com.netscape.admin.dirserv.DSAdmin@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-nsJarfilename: @ds_console_jar@
+nsJarfilename: %ds_console_jar%
nsDirectoryInfoRef: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 20asdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/20asdata.ldif.tmpl,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- 20asdata.ldif.tmpl 25 Jun 2007 18:23:53 -0000 1.5
+++ 20asdata.ldif.tmpl 14 Jul 2008 18:43:02 -0000 1.6
@@ -17,6 +17,27 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# END COPYRIGHT BLOCK
+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: nsHost
+objectClass: groupOfUniqueNames
+cn: %fqdn%
+serverHostName: %fqdn%
+nsOsVersion: %uname_a%
+nsHardwarePlatform: %uname_m%
+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: nsAdminGroup
+objectClass: groupOfUniqueNames
+objectClass: nsDirectoryInfo
+objectClass: top
+nsAdminGroupName: Server Group
+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+cn: Server Group
+uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
dn: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: nsApplication
@@ -73,3 +94,14 @@
nsClassname: com.netscape.management.admserv.AdminServer@%as_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable delegated admin to access configuration"; allow (read, search) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+
+dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: organizationalUnit
+aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
+ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+changetype: modify
+add: aci
+aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
15 years, 10 months
[Fedora-directory-commits] adminserver/admserv/newinst/src AdminServer.pm.in, 1.12, 1.13 ConfigDSDialogs.pm, 1.6, 1.7 adminserver.map.in, 1.9, 1.10 dirserver.map.in, 1.9, 1.10 migrate-ds-admin.res.in, 1.2, 1.3 setup-ds-admin.pl.in, 1.11, 1.12 setup-ds-admin.res.in, 1.9, 1.10
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11622/adminserver/admserv/newinst/src
Modified Files:
AdminServer.pm.in ConfigDSDialogs.pm adminserver.map.in
dirserver.map.in migrate-ds-admin.res.in setup-ds-admin.pl.in
setup-ds-admin.res.in
Log Message:
Resolves: bug 431103
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
Index: AdminServer.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminServer.pm.in,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- AdminServer.pm.in 7 Dec 2007 00:09:36 -0000 1.12
+++ AdminServer.pm.in 14 Jul 2008 18:43:02 -0000 1.13
@@ -186,12 +186,37 @@
return 1;
}
+# sub addDefaultSecurityInfo {
+# my $setup = shift;
+# my $inf = $setup->{inf};
+# my $configdir = shift;
+# my $reconfig = shift;
+# my @errs;
+
+# my $admConf = getAdmConf($configdir);
+# my $localconf = "$configdir/local.conf";
+# if (!open(LOCALCONF, ">$localconf")) {
+# $setup->msg($FATAL, 'error_updating_localconf', $localconf, $!);
+# return 0;
+# }
+
+# if (!open(CONSOLECONF, "$admConf->{configdir}/console.conf")) {
+# debug(0, "Error opening $admConf->{configdir}/console.conf: $!");
+# return 0;
+# }
+
+# print LOCALCONF "configuration.Encryption\n";
+
+# close(LOCALCONF);
+# return 1;
+# }
+
# This is how we extract the sie and isie as the as entries are
# being added
sub registercb {
my ($context, $entry, $errs) = @_;
- my $rc = check_and_add_entry([$context->{conn}, $context->{reconfig}], $entry, $errs);
+ my $rc = check_and_add_entry([$context->{conn}], $entry, $errs);
my $setup = $context->{setup};
if ($rc) {
if ($entry->hasValue('objectclass', 'nsApplication', 1)) {
@@ -218,7 +243,6 @@
my $setup = shift;
my $inf = $setup->{inf};
my $configdir = shift;
- my $reconfig = shift;
my @errs;
$setup->msg('registering_adminserver');
@@ -261,7 +285,7 @@
$setup->msg($FATAL, 'error_updating_localconf', $localconf, $!);
return 0;
}
- my $context = {conn => $conn, localfh => \*LOCALCONF, setup => $setup, reconfig => $reconfig};
+ my $context = {conn => $conn, localfh => \*LOCALCONF, setup => $setup};
getMappedEntries($mapper, \@ldiffiles, \@errs, \®istercb, $context);
close(LOCALCONF);
@@ -418,6 +442,14 @@
$ENV{ADMSERV_PID_DIR} ||
"@piddir@";
+ # if we're just doing the update, just register and return
+ if ($setup->{update}) {
+ if (!registerASWithConfigDS($setup, $configdir)) {
+ return 0;
+ }
+ return 1;
+ }
+
if (!createASFilesAndDirs($setup, $configdir, $securitydir, $logdir, $rundir)) {
return 0;
}
@@ -426,7 +458,7 @@
return 0;
}
- if (!registerASWithConfigDS($setup, $configdir, $reconfig)) {
+ if (!registerASWithConfigDS($setup, $configdir)) {
return 0;
}
Index: ConfigDSDialogs.pm
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ConfigDSDialogs.pm,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ConfigDSDialogs.pm 27 Jul 2007 01:42:46 -0000 1.6
+++ ConfigDSDialogs.pm 14 Jul 2008 18:43:02 -0000 1.7
@@ -409,6 +409,23 @@
['dialog_useconfigds_prompt'],
);
+my $updatedialog = new DialogYesNo (
+ $EXPRESS,
+ 'dialog_update_text',
+ 1,
+ sub {
+ my $self = shift;
+ my $ans = shift;
+ my $res = $self->handleResponse($ans);
+ if ($res == $DialogManager::NEXT) {
+ $res = $DialogManager::ERR if (!$self->isYes());
+ }
+ return $res;
+ },
+ ['dialog_update_prompt'],
+);
+
+
sub getDialogs {
return ($useconfigds, $configdsinfo, $configdsadmin, $configdsadmindomain);
}
@@ -417,4 +434,8 @@
return ($regconfigdsinfo, $configdsadmindomain);
}
+sub getUpdateDialogs {
+ return ($updatedialog, $configdsinfo);
+}
+
1;
Index: adminserver.map.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/adminserver.map.in,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- adminserver.map.in 15 Aug 2007 22:08:14 -0000 1.9
+++ adminserver.map.in 14 Jul 2008 18:43:02 -0000 1.10
@@ -44,6 +44,8 @@
vendor = Vendor
timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
+uname_a = `open(UNAMEA, "uname -a |"); $returnvalue = <UNAMEA>; chomp $returnvalue; close(UNAMEA);`
+uname_m = `open(UNAMEM, "uname -m |"); $returnvalue = <UNAMEM>; chomp $returnvalue; close(UNAMEM);`
asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
as_port = Port
admpw = "@configdir@/admpw"
Index: dirserver.map.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/dirserver.map.in,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- dirserver.map.in 17 Dec 2007 20:10:04 -0000 1.9
+++ dirserver.map.in 14 Jul 2008 18:43:02 -0000 1.10
@@ -43,6 +43,8 @@
vendor = Vendor
timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
+uname_a = `open(UNAMEA, "uname -a |"); $returnvalue = <UNAMEA>; chomp $returnvalue; close(UNAMEA);`
+uname_m = `open(UNAMEM, "uname -m |"); $returnvalue = <UNAMEM>; chomp $returnvalue; close(UNAMEM);`
asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
as_uid = ServerAdminID
as_sie = "cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot"
Index: migrate-ds-admin.res.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/migrate-ds-admin.res.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- migrate-ds-admin.res.in 15 Aug 2007 22:08:14 -0000 1.2
+++ migrate-ds-admin.res.in 14 Jul 2008 18:43:02 -0000 1.3
@@ -18,7 +18,6 @@
error_opening_nssconf = Error: could not open NSS config file %s. Error: %s\n
error_writing_nssconf = Error: could not write NSS config file %s. Error: %s\n
-registering_dirserver_instances = Registering the migrated directory server instances with the configuration directory server . . .\n
error_creating_asmigration_maptbl = Error: could not create maptable for use in admin server migration.\n
error_creating_updateconsole_maptbl = Error: could not create maptable for use in admin server console migration.\n
error_migrating_console_entries = Error: Could not find the console customization entries under '%s'. Error: %s\n
Index: setup-ds-admin.pl.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.pl.in,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- setup-ds-admin.pl.in 2 Aug 2007 14:44:10 -0000 1.11
+++ setup-ds-admin.pl.in 14 Jul 2008 18:43:02 -0000 1.12
@@ -54,6 +54,7 @@
$setup->{inf}->{admin}->{Port} = $pset->{"configuration.nsserverport"};
$setup->{asorigport} = $pset->{"configuration.nsserverport"}; # save orig. port
$setup->{inf}->{admin}->{ServerIpAddress} = $pset->{"configuration.nsserveraddress"};
+ $setup->{inf}->{General}->{FullMachineName} = $pset->{"serverhostname"};
}
my $admpw = AdminUtil::getAdmpw($admConf);
if ($admpw && %{$admpw}) {
@@ -67,6 +68,11 @@
$setup->{reconfigas} = 1; # allow AS reconfig
}
+# do not allow reconfig (setup -r) if no setup has been done
+if (! $setup->{reconfigas}) {
+ delete $setup->{update};
+}
+
if (!$setup->{silent}) {
my $dialogmgr = new DialogManager($setup, $res, $TYPICAL);
@@ -75,10 +81,15 @@
require ConfigDSDialogs;
require ASDialogs;
- my @dialogs = SetupDialogs->getDialogs();
- push @dialogs, ConfigDSDialogs->getDialogs();
- push @dialogs, DSDialogs->getDialogs();
- push @dialogs, ASDialogs->getDialogs();
+ my @dialogs;
+ if ($setup->{update}) {
+ push @dialogs, ConfigDSDialogs->getUpdateDialogs();
+ } else {
+ push @dialogs, SetupDialogs->getDialogs();
+ push @dialogs, ConfigDSDialogs->getDialogs();
+ push @dialogs, DSDialogs->getDialogs();
+ push @dialogs, ASDialogs->getDialogs();
+ }
my $readytoproceed = new DialogYesNo (
$EXPRESS,
@@ -123,46 +134,85 @@
$setup->{inf}->write();
-$setup->msg('create_dirserver');
+my @errs;
-# create a directory server instance
-my @errs = createDSInstance($setup->{inf});
-if (@errs) {
- $setup->msg(@errs);
- $setup->msg($FATAL, 'error_creating_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
- $setup->doExit(1);
-} else {
- $setup->msg('created_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
-}
+if (!$setup->{update}) {
+ $setup->msg('create_dirserver');
-# setup directory server instance to be the configuration DS
-if ($createconfigds) {
- $setup->msg('create_configds');
- if (!createConfigDS($setup->{inf}, \@errs)) {
- $setup->msg($FATAL, @errs);
- $setup->msg($FATAL, 'error_create_configds');
+ # create a directory server instance
+ # if we are not creating the config DS instance,
+ # create but do not start the server - start
+ # after createSubDS so the pta plugin will take effect
+ my $start_server_after_reg = 1; # default - start server after registration
+ if (!$createconfigds) {
+ if (exists($setup->{inf}->{slapd}->{start_server}) &&
+ defined($setup->{inf}->{slapd}->{start_server})) {
+ # user explicitly set this value
+ $start_server_after_reg = $setup->{inf}->{slapd}->{start_server};
+ }
+ $setup->{inf}->{slapd}->{start_server} = 0; # create server un-started
+ }
+
+ @errs = createDSInstance($setup->{inf});
+ if (@errs) {
+ $setup->msg(@errs);
+ $setup->msg($FATAL, 'error_creating_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
$setup->doExit(1);
+ } else {
+ $setup->msg('created_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
+ }
+
+ # setup directory server instance to be the configuration DS
+ if ($createconfigds) {
+ $setup->msg('create_configds');
+ if (!createConfigDS($setup->{inf}, \@errs)) {
+ $setup->msg($FATAL, @errs);
+ $setup->msg($FATAL, 'error_create_configds');
+ $setup->doExit(1);
+ }
+ } else {
+ # set up directory server instance to be managed by the console/adminserver
+ $setup->msg('create_subds');
+ if (!createSubDSNoConn($setup->{inf}, \@errs)) {
+ $setup->msg($FATAL, @errs);
+ $setup->msg($FATAL, 'error_create_configds');
+ $setup->doExit(1);
+ }
+ if ($start_server_after_reg) {
+ delete $setup->{inf}->{slapd}->{start_server}; # remove to start server
+ if (@errs = DSCreate::startServer($setup->{inf})) {
+ $setup->msg(@errs);
+ $setup->doExit(1);
+ }
+ # add the aci that allows the admin user to administer the server
+ if (!addConfigACIsToSubDS($setup->{inf}, \@errs)) {
+ $setup->msg(@errs);
+ $setup->doExit(1);
+ }
+ }
}
}
-else
-{
- $setup->msg('create_configds');
- if (!createSubDS($setup->{inf}, \@errs)) {
+
+if (!$setup->{update}) {
+ # register ds instances with config DS
+ if (!registerDSWithConfigDS($setup->{inf}->{slapd}->{ServerIdentifier},
+ \@errs,
+ $setup->{inf})) {
+ $setup->msg(@errs);
+ $setup->msg($FATAL, 'error_register_dirserver');
+ $setup->doExit(1);
+ }
+} else {
+ # register all instances
+ $setup->msg('registering_dirserver_instances');
+ if (!registerManyDSWithConfigDS($setup->{inf}, \@errs,
+ $setup->{configdir},
+ $setup->getDirServers())) {
$setup->msg($FATAL, @errs);
- $setup->msg($FATAL, 'error_create_configds');
$setup->doExit(1);
}
}
-# register ds instances with config DS
-if (!registerDSWithConfigDS($setup->{inf}->{slapd}->{ServerIdentifier},
- \@errs,
- $setup->{inf})) {
- $setup->msg(@errs);
- $setup->msg($FATAL, 'error_register_dirserver');
- $setup->doExit(1);
-}
-
# configure and register the admin server instance
if (!$setup->{reconfigas}) {
Index: setup-ds-admin.res.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.res.in,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- setup-ds-admin.res.in 11 Oct 2007 14:07:03 -0000 1.9
+++ setup-ds-admin.res.in 14 Jul 2008 18:43:02 -0000 1.10
@@ -63,6 +63,12 @@
dialog_configdsadmin_invalid = The password contains invalid characters. Please choose another one.\n\n
dialog_configdsadmin_nomatch = The passwords do not match. Please try again.\n\n
+# ----------- Update Intro Dialog Resource ----------------
+dialog_update_text = The update option will allow you to re-register your servers with the\
+configuration directory server and update the information about your\
+servers that the console and admin server uses. You will need your\
+configuration directory server admin ID and password to continue.\n\n
+dialog_update_prompt = Continue?
# ----------- Config DS admin domain Dialog Resource ----------------
dialog_configdsadmindomain_text = The information stored in the configuration directory server can be\nseparated into different Administration Domains. If you are managing\nmultiple software releases at the same time, or managing information\nabout multiple domains, you may use the Administration Domain to keep\nthem separate.\n\nIf you are not using administrative domains, press Enter to select the\ndefault. Otherwise, enter some descriptive, unique name for the\nadministration domain, such as the name of the organization\nresponsible for managing the domain.\n\n
@@ -115,6 +121,7 @@
end_reconfig_adminserver = Admin server was successfully reconfigured and started.\n
create_dirserver = Creating directory server . . .\n
create_configds = Creating the configuration directory server . . .\n
+create_subds = Creating the new directory server . . .\n
setup_complete = Setup is complete.\n\n
error_register_dirserver = Could not register the directory server with the configuration directory server.\n
registering_dirserver = Registering directory server with the configuration directory server . . .\n
@@ -129,3 +136,4 @@
error_return2_certutil = The certutil program returned error code '%s' from attempting to add the CA certificate. Error: %s\nHere is the output of the command: %s
cacert_already_exists = The certificate database in '%s' already contains a CA certificate. Please remove it first, or use the certutil program to add the CA certificate with a different name.\n
error_connection_failed = Error: failed to open an LDAP connection to host '%s' port '%s' as user '%s'. Error: %s.\n
+registering_dirserver_instances = Registering the directory server instances with the configuration directory server . . .\n
15 years, 10 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldbm_search.c, 1.12, 1.12.2.1
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8956/servers/slapd/back-ldbm
Modified Files:
Tag: Directory_Server_8_0_Branch
ldbm_search.c
Log Message:
Resolves: 448831
Summary: Make regex code obey search timelimit.
Index: ldbm_search.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_search.c,v
retrieving revision 1.12
retrieving revision 1.12.2.1
diff -u -r1.12 -r1.12.2.1
--- ldbm_search.c 12 Oct 2007 18:03:42 -0000 1.12
+++ ldbm_search.c 11 Jul 2008 17:18:43 -0000 1.12.2.1
@@ -1296,6 +1296,10 @@
"Failed the filter test", 0, NULL );
rc = SLAPI_FAIL_GENERAL;
goto bail;
+ } else if (LDAP_TIMELIMIT_EXCEEDED == filter_test) {
+ slapi_send_ldap_result( pb, LDAP_TIMELIMIT_EXCEEDED, NULL, NULL, nentries, urls );
+ rc = SLAPI_FAIL_GENERAL;
+ goto bail;
}
}
}
15 years, 10 months