https://bugzilla.redhat.com/show_bug.cgi?id=486402 Resolves: bug 486402 Bug Description: Using setup-ds.pl and then registering the instance with an admin server using register-ds-admin.pl does not add the proper ACI's to allow admin to manage the instance. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Add the appropriate aci's when running register-ds-admin.pl. There were a few other issues to deal with in addition to the missing ACIs.
The PTA plug-in was not being configured since the LDIF template that was used was an entire new PTA plug-in entry, which never gets added since it already exists. I changed this to a LDIF mod template. We also only want to configure PTA if it is not already configured, or if we are switching the config DS. This will prevent overwriting any custom tweaks to the PTA plug-in, such as using LDAPS to communicate with the config DS.
I found another issue during testing with the ldapStart parameter in adm.conf getting set incorrectly after running register-ds-admin.pl. This parameter is supposed to point to the start-slapd script of the config DS, but register-ds-admin.pl was always changing this to the last instance that it registered (which will never be the config DS if you have more than one instance). We need to ensure that the slapd info in the inf is the config DS before updating the Admin Server config files. Platforms tested: F9 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333508&action=diff https://bugzilla.redhat.com/attachment.cgi?id=333503
389-devel@lists.fedoraproject.org