Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/schema/ldif
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22641/adminserver/admserv/schema/ldif
Modified Files:
Tag: Directory_Server_8_0_Branch
01nsroot.ldif.tmpl 10dsdata.ldif.tmpl 20asdata.ldif.tmpl
Log Message:
Resolves: bug 431103
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: Directory_Server_8_0_Branch
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
Index: 01nsroot.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- 01nsroot.ldif.tmpl 25 Jun 2007 18:23:53 -0000 1.6
+++ 01nsroot.ldif.tmpl 14 Jul 2008 19:30:17 -0000 1.6.2.1
@@ -91,33 +91,3 @@
objectClass: organizationalUnit
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
ou: uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
-
-dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
-objectClass: top
-objectClass: organizationalUnit
-aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
-ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
-
-dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-objectClass: top
-objectClass: nsHost
-objectClass: groupOfUniqueNames
-cn: %fqdn%
-serverHostName: %fqdn%
-nsOsVersion: %uname_a%
-nsHardwarePlatform: %uname_m%
-uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-
-dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-objectClass: nsAdminGroup
-objectClass: groupOfUniqueNames
-objectClass: nsDirectoryInfo
-objectClass: top
-nsAdminGroupName: Server Group
-nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
-nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-cn: Server Group
-uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
-aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 10dsdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- 10dsdata.ldif.tmpl 27 Sep 2007 16:54:31 -0000 1.9
+++ 10dsdata.ldif.tmpl 14 Jul 2008 19:30:17 -0000 1.9.2.1
@@ -22,6 +22,27 @@
add: aci
aci: (targetattr = "*")(version 3.0; acl "SIE Group (%dsid%)"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: nsHost
+objectClass: groupOfUniqueNames
+cn: %fqdn%
+serverHostName: %fqdn%
+nsOsVersion: %uname_a%
+nsHardwarePlatform: %uname_m%
+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: nsAdminGroup
+objectClass: groupOfUniqueNames
+objectClass: nsDirectoryInfo
+objectClass: top
+nsAdminGroupName: Server Group
+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
+cn: Server Group
+aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+
dn: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: nsApplication
objectClass: groupOfUniqueNames
@@ -39,6 +60,11 @@
nsServerMigrationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
nsServerCreationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+changetype: modify
+add: uniqueMember
+uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
dn: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: netscapeServer
objectClass: nsDirectoryServer
@@ -70,7 +96,7 @@
objectClass: top
cn: configuration
nsClassname: com.netscape.admin.dirserv.DSAdmin@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
-nsJarfilename: @ds_console_jar@
+nsJarfilename: %ds_console_jar%
nsDirectoryInfoRef: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 20asdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/20asdata.ldif.tmpl,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- 20asdata.ldif.tmpl 25 Jun 2007 18:23:53 -0000 1.5
+++ 20asdata.ldif.tmpl 14 Jul 2008 19:30:17 -0000 1.5.2.1
@@ -17,6 +17,27 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# END COPYRIGHT BLOCK
+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: nsHost
+objectClass: groupOfUniqueNames
+cn: %fqdn%
+serverHostName: %fqdn%
+nsOsVersion: %uname_a%
+nsHardwarePlatform: %uname_m%
+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+objectClass: nsAdminGroup
+objectClass: groupOfUniqueNames
+objectClass: nsDirectoryInfo
+objectClass: top
+nsAdminGroupName: Server Group
+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+cn: Server Group
+uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+
dn: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: nsApplication
@@ -73,3 +94,14 @@
nsClassname: com.netscape.management.admserv.AdminServer@%as_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable delegated admin to access configuration"; allow (read, search) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+
+dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
+objectClass: top
+objectClass: organizationalUnit
+aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
+ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
+
+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+changetype: modify
+add: aci
+aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)