| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script - remove dead code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is my favorite part - removing all of the now dead code. I also had to fix the exit code so that you could use $? to test for the success or failure of the new setup scripts.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #54)
Description:
1) eliminated the code adding o=netscaperoot related entries from cfg_sspt.c.
2) moving DS task CGIs to the adminserver.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: allow instance creation with no .inf file; allow pre-hashed RootDNPwd
Reviewed by: nhosoi (Thanks!)
Fix Description: You can now use ds_newinst.pl without (or with) a .inf file like this:
ds_newinst.pl General.SuiteSpotUserID=nobody slapd.ServerPort=3890 ....
The parameters can be supplied via the command line. The format of the parameter is section.param=value. Normal shell quoting rules apply, so you still have to do something like this:
ds_newinst.pl "slapd.Suffix=dc=example, dc=com"
for embedded spaces and the like. If you supply a filename (or '-'), it must be the first argument after ds_newinst.pl. If you then supply additional arguments after the filename, these will override the settings in the given inf file. So, for example, you could reuse the same .inf file, except provide a different hostname:
ds_newinst.pl basefile.inf General.FullMachineName=bar.example.com
This allows you to use the same base .inf file for several machines, and only change certain parameters on a per-machine basis.
ds_newinst.pl will now fill in some default values - it will use Net::Domain::hostfqdn for FullMachineName, and your login ID for SuiteSpotUserID (however, not if running ds_newinst.pl as root), and will construct the Suffix and ServerIdentifier based on the FullMachineName. RootDN will default to cn=Directory Manager. ServerRoot is no longer required.
Another enhancement is the ability to provide a pre-hashed password for the RootDNPwd parameter, to avoid having to pass around the clear text directory manager password. However, some caveats apply. If the password begins with one of the well known hash algorithms (e.g. {SHA, {SSHA, etc.), ds_newinst will assume it is already hashed. This may cause problems if users expect to be able to provide a clear text password such as {SSHA}text, but I seriously doubt anyone does that (famous last words . . .). Another problem is that the code as it currently stands uses the clear text password to bind to the server after starting the server to add some additional entries and ACIs. This cannot be done if a pre-hashed password is provided (but we're working on a solution to that problem too).
write_ldap_info() is no longer needed.
Finally, a couple of minor bug fixes.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. There will be some documentation changes required.
|
| |
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
| |
|
|
| |
phase 1. parameterizing config, schema and ldif directory
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: ldapserver: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan, Noriko, and Pete (Thanks!)
Fix Description: Clean up usage of sprintf, strcpy, fgets instead of
gets, fixed buffer usage, etc., mostly in the CGI code and other user
facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick
to force it to check printf style varargs functions, to check the format
string against the argument string, for type mismatches, missing
arguments, and too many arguments.
In the CGI form argument parsing code, we needed to be more careful
about checking for bad input - good input is supposed to look like this:
name=value&name=value&.....
&name=value. I don't think the original code
was checking properly for something like name&name=value.
There was another place where we were not checking to see if a buffer
had enough room before appending a string to it.
I had to change a couple of functions to allow passing in the size of
the buffer.
Fixed some issues raised by Noriko and Nathan.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: 64bit issues with normalize_path(), make_dn(), and
add_aci_v()
Reviewed by: Nathan and Noriko (Thanks!)
Fix Description: 1) use sizeof(char *) as the elemsize to pass to
slapi_ch_calloc(). 2) create a variable const char *NULLSTR = 0 to pass
as the last argument to the varargs functions.
Platforms tested: RHEL4 64
Flag Day: no
Doc impact: no
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: 1) The full Admin DN was being put into the RDN 2) It was creating ACIs for the directory manager
Reviewed by: Noriko (Thanks!)
Fix Description: Always check to see if the given Admin ID is the full DN. Check if the DN is the root DN before creating an ACI.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly install and manual console testing
New Tests integrated into TET: none
|
| | |
|
| |
|
|
| |
warnings on Linux; remove pam_passthru from DS 7.1
|
| | |
|
|
|
(foxworth)
|
