Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20143/adminserver/admserv/newinst/src
Modified Files: AdminUtil.pm.in dirserver.map.in Added Files: dssuffixadmin.map.in Log Message: Resolves: bug 425861 Bug Description: Instance creation through console is broken Reviewed by: nhosoi (Thanks!) Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started. Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified. Another problem was that instance creation was leaving temp ldif files around. I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change in adminserver Doc impact: no
--- NEW FILE dssuffixadmin.map.in --- # BEGIN COPYRIGHT BLOCK # This Program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; version 2 of the License. # # This Program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA. # # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK # # register_param.map: # This file is used by the register_server.pl script to register the server # info to the Configuration Directory Server. The server info is stored in # the (template) ldif files located in @ldifdir@. In case a server entry has # %...% format parameters, this map table is used to resolve it and replace # the parameter with the value defined in this file. # # [Parameter resolution rules] # * If the right-hand value is in ` (backquote), the value is eval'ed by perl. # The output should be stored in $returnvalue to pass to the internal hash. # * If the right-hand value is in " (doublequote), the value is passed as is. # * If the right-hand value is not in any quote, the value should be found # in either of the setup inf file (static) or the install inf file (dynamic). # * The right-hand value could have the format Key:"default_value". # In this case, Key is searched in the inf files first. # If the Key is not found, the default_value is set. # * Variables surrounded by @ (e.g., @configdir@) are replaced with the # system path at the compile time. # * The right-hand value can contain variables surrounded by % (e.g., %asid%) # which refers the right-hand value (key) of this map file. # fqdn = FullMachineName domain = AdminDomain brand = Brand dsid = ServerIdentifier ds_suffix = Suffix as_uid = ServerAdminID
Index: AdminUtil.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- AdminUtil.pm.in 12 Dec 2007 00:45:39 -0000 1.17 +++ AdminUtil.pm.in 17 Dec 2007 20:10:04 -0000 1.18 @@ -24,13 +24,13 @@ getLocalConfigDS getPset registerDSWithConfigDS registerManyDSWithConfigDS createSubDSNoConn registerScatteredDSWithConfigDS - unregisterDSWithConfigDS isConfigDS); + unregisterDSWithConfigDS isConfigDS addConfigACIsToSubDS); @EXPORT_OK = qw(getAdmConf getConfigDSConn createConfigDS createSubDS updateAdmConf updateAdmpw updateLocalConf importCACert getLocalConfigDS getPset registerDSWithConfigDS registerManyDSWithConfigDS createSubDSNoConn registerScatteredDSWithConfigDS - unregisterDSWithConfigDS isConfigDS); + unregisterDSWithConfigDS isConfigDS addConfigACIsToSubDS);
# load perldap use Mozilla::LDAP::Conn; @@ -298,14 +298,15 @@ my $conn = shift; my $inf = shift; my $errs = shift; + my @additionalLdifFiles = @_;
# add the o=NetscapeRoot tree using the mapper and ldif templates my @ldiffiles = ('@ldifdir@/12dsconfig.mod.tmpl', '@ldifdir@/13dsschema.mod.tmpl', '@ldifdir@/14dsmonitor.mod.tmpl', - '@ldifdir@/15dspta.ldif.tmpl', - '@ldifdir@/16dssuffixadmin.mod.tmpl' + '@ldifdir@/15dspta.ldif.tmpl' ); + push @ldiffiles, @additionalLdifFiles; my $setupinf = new Inf("@infdir@/setup.inf"); my $admininf = new Inf("@infdir@/admin.inf"); my $dsinf = new Inf("@infdir@/slapd.inf"); @@ -347,7 +348,7 @@ return 0; }
- return internalCreateSubDS($conn, $inf, $errs); + return internalCreateSubDS($conn, $inf, $errs, '@ldifdir@/16dssuffixadmin.mod.tmpl'); }
# same as createSubDS but works directly on the dse.ldif file itself @@ -363,6 +364,45 @@ return internalCreateSubDS($conn, $inf, $errs); }
+sub addConfigACIsToSubDS { + my $inf = shift; + my $errs = shift; + + # open a connection to the directory server + my $conn = new Mozilla::LDAP::Conn($inf->{General}->{FullMachineName}, + $inf->{slapd}->{ServerPort}, + $inf->{slapd}->{RootDN}, + $inf->{slapd}->{RootDNPwd}, + $inf->{General}->{certdir}); + if (!$conn) { + @{$errs} = ('error_connection_failed', $inf->{General}->{FullMachineName}, + $inf->{slapd}->{ServerPort}, $inf->{slapd}->{RootDN}, + $conn->getErrorString()); + return 0; + } + + my @ldiffiles = ('@ldifdir@/16dssuffixadmin.mod.tmpl'); + my $setupinf = new Inf("@infdir@/setup.inf"); + my $admininf = new Inf("@infdir@/admin.inf"); + my $dsinf = new Inf("@infdir@/slapd.inf"); + my $mapper = new Inf("@infdir@/dssuffixadmin.map"); + + $mapper = process_maptbl($mapper, $errs, $inf, $dsinf, $admininf, $setupinf); + if (!$mapper or @{$errs}) { + $conn->close(); + if (!@{$errs}) { + @{$errs} = ('error_creating_configds_maptbl'); + } + return 0; + } + + getMappedEntries($mapper, @ldiffiles, $errs, &check_and_add_entry, + [$conn]); + + $conn->close(); + return @{$errs} ? 0 : 1; +} + sub updateAdmConf { my $params = shift; # hashref my $configdir = shift || "@configdir@"; @@ -756,6 +796,12 @@ return 0; }
+ # need to get the admin uid + if (!$inf->{admin}->{ServerAdminID}) { + my @rdns = ldap_explode_dn($inf->{General}->{ConfigDirectoryAdminID}, 1); + $inf->{admin}->{ServerAdminID} = $rdns[0]; + } + my $instinf; # setup will usually supply everything, but ds_create will not if (!$inf->{slapd}->{RootDNPwd}) {
Index: dirserver.map.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/dirserver.map.in,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- dirserver.map.in 15 Aug 2007 22:08:14 -0000 1.8 +++ dirserver.map.in 17 Dec 2007 20:10:04 -0000 1.9 @@ -44,6 +44,7 @@ timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/..*$//;` +as_uid = ServerAdminID as_sie = "cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot" ds_version = Version ds_baseversion = BaseVersion
389-commits@lists.fedoraproject.org