Author: nkinder
Update of /cvs/dirsec/adminserver/admserv/schema/ldif In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30030/admserv/schema/ldif
Added Files: 15dspta.mod.tmpl.in Removed Files: 15dspta.ldif.tmpl.in Log Message: Resolves: bug 486402 Bug Description: Using setup-ds.pl and then registering the instance with an admin server using register-ds-admin.pl does not add the proper ACI's to allow admin to manage the instance. Reviewed by: rmeggins (thanks!) Files: see diff Branch: HEAD Fix Description: Add the appropriate aci's when running register-ds-admin.pl. There were a few other issues to deal with in addition to the missing ACIs.
The PTA plug-in was not being configured since the LDIF template that was used was an entire new PTA plug-in entry, which never gets added since it already exists. I changed this to a LDIF mod template. We also only want to configure PTA if it is not already configured, or if we are switching the config DS. This will prevent overwriting any custom tweaks to the PTA plug-in, such as using LDAPS to communicate with the config DS.
I found another issue during testing with the ldapStart parameter in adm.conf getting set incorrectly after running register-ds-admin.pl. This parameter is supposed to point to the start-slapd script of the config DS, but register-ds-admin.pl was always changing this to the last instance that it registered (which will never be the config DS if you have more than one instance). We need to ensure that the slapd info in the inf is the config DS before updating the Admin Server config files. Platforms tested: F9 Flag Day: no Doc impact: no
--- NEW FILE 15dspta.mod.tmpl.in --- # BEGIN COPYRIGHT BLOCK # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # END COPYRIGHT BLOCK dn: cn=Pass Through Authentication,cn=plugins,cn=config changetype: mod replace: nsslapd-pluginarg0 nsslapd-pluginarg0: %config_ds_url%
dn: cn=Pass Through Authentication,cn=plugins,cn=config changetype: mod replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on
--- 15dspta.ldif.tmpl.in DELETED ---
389-commits@lists.fedoraproject.org