| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Description: Show-Stopper - Migration path rhel21_ds621_TO_rhel4_32bit
Fix Description: not actually a fix, but with -dd this will print out the entries that were ignored during migration, which should be the presence plugin config entries and possibly others
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: We still need to be able to decrypt passwords using the broken method. I guess it works on Solaris and HP because the values are already in network byte order. But when the values were encrypted on x86, they were encrypted the wrong way. It is safe to use MIGRATE_BROKEN_PWD on Solaris and HP because it is essentially a no-op. But this allows us to decrypt x86 passwords and store them correctly.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Show-Stopper - Migration from HP-PARISC DS 6.21 to DS80 on HP-Itaninum
Reviewed by: nhosoi (Thanks!)
Fix Description: These are additional fixes for various and sundry problems:
1) If doing cross platform migration, just use the default db and changelog db dirs
2) If doing same platform migration, try to keep the db dir if the user has changed it. It will usually be changed for a good reason, like moving to a separate device for performance reasons. In order to see if the directory has changed, we need to "normalize" the path in the attribute so that we can compare it correctly.
3) Do not migrate the attributes nsslapd-db-private-import-mem and nsslapd-import-cache-autosize - just use the new default values for these
4) Do not migrate nsslapd-allidsthreshold - this has been removed
5) Add additional error checking and handling when migrating the local.conf information.
6) Change the brand in the sie and isie when migrating.
7) Update the Group in console.conf during migration.
Platforms tested: HP-UX 11.23 IPF64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Description: Show-Stopper - Migration from HP-PARISC DS 6.21 to DS80 on HP-Itaninum
Fix Description: Cannot start servers until after the data and config has been migrated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Show-Stopper - Migration from HP-PARISC DS 6.21 to DS80 on HP-Itaninum
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) The temp file created to fix nsroot was not owned by the server user, and ldif2db could not open it.
2) The perldap LDIF parser/writer did not correctly handle the version: 1 line in the LDIF file. It outputs dn\nversion: 1 which causes ldif2db to crash.
3) The migrate script could not start the server because it wasn't looking in the fhs-opt location. The real solution is to just have migration start the servers after it migrates them. This assumes the old servers are all shutdown first, which they must be, in order to have a consistent database for migration.
These last two were found and fixed by nhosoi
4) If we transform an attribute to an empty value, this means we want to remove it from the migrated entry. We use the remove method to remove the attribute.
5) The remove method in FileConn was not working. We have to make a clone of the entry that we have removed the attribute from. The process of iterating over the attributes skips deleted ones because of the way the Tie::Hash functions in the Entry class work.
Platforms tested: HP-UX 11.23 IPF64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Show-Stopper - Migration from DS 6.21 to DS80
Reviewed by: nhosoi (Thanks!)
Fix Description: Added a new function migrateNetscapeRoot which will create a temporary LDIF file from the given NetscapeRoot.ldif file. The function will look for all \bNetscape\b occurances and convert them to @capbrand@ where that is defined as the capitalized brand name in configure. It will then import this temporary LDIF file and delete it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
| |
Summary: verify-db.pl (db_verify) does not work on a little endian machine
(comment #1-#4)
Description: 1) introducing dbverify mode to ns-slapd.
2) providing new script dbverify to call "ns-slapd dbverify"
3) fixing verify-db.pl to call dbverify instead of db_verify from BDB
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Pass in schema and config LDIF files to setup
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) Allow multi-valued parameters in .inf files and command line. These values will be represented internally as an array ref. No existing parameters allow being multi-valued (e.g. you can't use Suffix=o=foo and Suffix=o=bar)
2) Add two new .inf parameters - SchemaFile and ConfigFile. The files listed in SchemaFile will be copied into the schema subdirectory of the new instance, so they must already be named appropriately (e.g. 60foo.ldif). The files listed in ConfigFile must be LDIF files with one or more whole entries to be added to the initial dse.ldif. These could be additional suffixes/databases to create, plugin configuration, replication configuration, or anything else.
Right now, if you have an LDIF file that relies on custom schema, you cannot use the InstallLdifFile directive during setup. SchemaFile allows you to do that.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Will need to document the two additional parameters.
|
| |
|
|
|
|
| |
Summary: Replication monitor CGI seems misconfigured (comment #1)
1) get_replica: missing return value for the success case
2) support the case "shadowport" is not passed
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: 'Operation Error' encountered during DS6.21 to DS80 cross-platform migration
Reviewed by: nhosoi (Thanks!)
Fix Description: For cross platform migration, we should not migrate the nsslapd-idl-switch setting, we should just use the new default value which is "new".
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Summary: Migration script references a non-existing directory (comment #22)
Description: introduced ignoreOldEntries not to migrate obsolete config entries.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script references a non-existing directory
Reviewed by: nhosoi (Thanks!)
Fix Description: This fixes a couple of problems.
1) Use the inst_dir from the directory server as the instance dir where the ldif2db script is found.
2) The password for migratecred should be quoted before being passed to the shell, in case there are shell meta chars in there
3) If using cross platform migration, and no LDIF files were found to migrate, this will cause an error message to be printed and migration will be aborted.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Summary: Migration script references a non-existing directory (comment #5,#7)
Description: 3 more fixes for the with-fhs-opt case
|
| |
|
|
|
| |
Summary: Migration script references a non-existing directory
Description: added an if clause for the with_fhs_opt case
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: 7.1 to 8.0 Migration Bug
Reviewed by: nhosoi (Thanks!)
Fix Description: Lots of issues
1) Instead of using Net::Domain::hostname() for the hostname to use for server identifiers, we must use the leftmost component of the FullMachineName specified by the user. One of the reasons is that hostname() and hostfqdn() can give different results such that hostname() is not the leftmost component of hostfqdn(). And we should just use whatever the user specifies. This required several changes to the mapfiles, and a change to the maptable processing, to process the perl code to eval last, so that we can use token substitutions from the inf file and from hard coded strings.
2) We need to add the global preferences stuff, during migration, in order for the console to function. We cannot rely on the migrated o=NetscapeRoot data because we have to make sure we specify the new jar files to use. In addition, we need to migrate over any customizations that the user has made to these preferences. This is handled by the new updateConsoleInfo function called during admin server migration.
3) There were several resources for messages missing. These have been added.
4) With the new perl only ds instance creation code, there will actually be data in the database even though the server is not started. This is what I believe was causing the error_removing_temp_db_files error. So now, the code will only attempt to remove plain files, not directories that could be globbed.
5) Use /opt/brand-ds for the old server root instead of /opt/pkgname.
6) The migration log should use [Migration} not [Setup]
7) migration should not report a fatal error upon success
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: 7.1 to 8.0 Migration Bug
Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Although the directory server always creates key/cert databases, the admin server does not. So, just log a message and skip if they do not exist. Also was missing some message resources for various errors.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
| |
Summary: ds_remove cannot remove/rename directories (Comment #2)
Description: when creating inst_dir and config_dir, make sure the parent dirs
(lib/<brand>-ds and etc/<brand>-ds) have the specified gid.
|
| |
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - dsktune
Fix Description: This adds the dsktune dialog to the initial list of setup dialogs.
Platforms tested: RHEL4
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: improve perldap script execution ability on bundled platforms
Reviewed by: nkinder (Thanks!)
Fix Description: Most platforms will just use perl from PATH. However, on Solaris and HP-UX, we have to use special 64 bit versions to execute perldap, since perldap is 64 bit on those platforms. Also, if bundling all of the dependent components into the single package, we need to make sure the perl library path is set correctly to find perldap.
The last step will be to build our version of perldap on the bundled platforms to use rpath to point to the correct runtime library location.
Platforms tested: RHEL4, HP-UX 11.23 IPF 64 bit
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Implement a script registering DS to the Configuration DS (comment#5)
|
| |
|
|
|
| |
Summary: restart-slapd has an unreplaced token {{INST-DIR}}
Description: hash key, value: INST-DIR => $inf->{slapd}->{inst_dir} is added
|
| |
|
|
|
| |
Description: setup-ds.pl should create default org entries
Fix Description: Make the default in interactive mode to be to add those entries.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: quick install failed when login userid doesn't match install user's id
Reviewed by: me
Fix Description: getlogin returns the _login_ ID which is the initial login id (from utmp). We want the username of the effective user ID, so I just needed to change getLogin to do that.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script - remove dead code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is my favorite part - removing all of the now dead code. I also had to fix the exit code so that you could use $? to test for the success or failure of the new setup scripts.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) Inf needs to be able to read the .inf file from stdin. This is what ds_newinst.pl does currently.
2) getlogin seems not to work in all cases, so add a more robust replacement.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script
Reviewed by: nhosoi (Thanks!)
Fix Description: The time has come. We can finally get rid of the instance creation C code
once and for all. I've created a DSCreate module that has all of the functionality of the old
create_instance.c code, along with a few items from ldap/admin/lib. The way it works is
this: it first creates the dse.ldif file using template-dse.ldif and the suffix-db template to
create the initial db and suffix. It then adds additional optional configuration depending
on what optional features have been enabled. It creates other config files and copies in
the schema. It then initializes the database. It uses a template file based on the type of
entry implied by the suffix, then adds the default ACIs. If the user chose to do so, it
will also create the ou=people, ou=groups, etc. entries. The user can also supply an LDIF
file which will be used to populate the initial database, in which case none of the default
entries or ACIs will be used. It then starts the server (if desired).
I had to create a function makePaths that works like mkdir -p except that it will chown,
chgrp, and chmod all paths created.
I had to change the other places where instance creation was called to use the new
calling semantics. ds_create changed quite a bit, since it can just use an Inf to pass in the
information instead of calling ds_newinst as a CGI program.
I had to change FileConn to add support for namingContexts (i.e. entries with no parent),
and to have it write each change each time, and to return copies of entries when searching,
to avoid modifying the tree in place. This makes it act much more like LDAP.
I found and fixed a few bugs in Migration along the way that were revealed while integrating
the new DSCreate code.
Platforms tested: RHEL4, FC6
Flag Day: Yes. New instance creation code and autotool changes.
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: DS Admin Migration framework - cross platform support
Reviewed by: nhosoi (Thanks!)
Fix Description: There are basically three parts to cross platform support
1) Allow a different physical server root than the logical server root. This allows you to copy the old server root directory to the target machine, either by making a tarball or by a network mount. Then you can migrate from e.g. /mnt/opt/fedora-ds, and specify that the real old server root was /opt/fedora-ds. This is the distinction between the --oldsroot and --actualsroot parameters.
2) Cross platform database migration requires the old data is converted to LDIF first. Migration makes the simplifying assumption that the database LDIF file is in the old db directory and has the name of <old backend name>.ldif e.g. userRoot.ldif
3) Cross platform replication migration doesn't preserve the state, so the changelog nor other associated state information can be migrated.
I rewrote the old migration script to use the FileConn - this theoretically will allow us to support migration using an LDAP::Conn as well.
I had to make some fixes to FileConn, primarily to support the root DSE.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes, along with the rest of the new migration framework.
|
| |
|
|
|
|
| |
Summary: Reimplement ds_remove without setuputil code (comment #6)
Description: adding nsslapd-instancedir to dse.ldif for ds_remove to find out
the instance dir path.
|
| |
|
|
|
|
| |
Summary: Reimplement ds_remove without setuputil code (comment #1)
Description: 1) introduced delete entry operation.
2) cleaned up check_and_add code
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Reimplement ds_create without setuputil code
Reviewed by: nhosoi (Thanks!)
Fix Description: ds_create was a CGI program that would create a new instance, set it up to be managed by console, and register it with the config ds. The new ds_create CGI perl script does just that. One tricky part was that, rather than enabling the pass through auth plugin and having to restart the server, the new server is created without being started, then the modification is done to the new server dse.ldif file directly, using the new FileConn.pm module, which simulates a Mozilla::LDAP::Conn on an LDIF file. This also allows us to create a new instance with a pre-hashed rootdn password, rather than having to send the cleartext password.
I had to move around some code in AdminServer and AdminUtil so that I could use it from ds_create. I also implemented support for the admin server PASSWORD_PIPE in perl so we could use it in other CGI perl scripts.
Finally, the error handling was not consistent in our code, so I made explicit the passing of error messages up and down the stack. Oh how I wish we could just do this in python and use exception handling . . .
I added a test for ds_create.
Platforms tested: RHEL4
Flag Day: Yes - autotool changes
Doc impact: No. Should work the same way as the old ds_create.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: DS Admin Migration framework
Reviewed by: nhosoi (Thanks!)
Fix Description: Created a Migration class that is very similar to the Setup class - to act as a sort of global context for the migration process. Moved most of the guts of migrateTo11 into the new DSMigration class and the new migrate-ds.pl - we should deprecate migrateTo11 in favor of migrate-ds.pl. I had to enhance the check_and_add_entry function to handle pseudo-LDIF change records - pseudo because mozilla perldap LDIF has no real LDIF change record support.
Fixed a bug in create_instance.c - creating an instance without starting it was not working if the port number of an existing directory server was supplied.
Added a new method createDSInstance to Util - this just wraps ds_newinst.pl for now.
Platforms tested: RHEL4
Doc: Yes. We will need to document the migration procedures.
Flag day: Yes. Autotool file changes.
|
| |
|
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #28)
Descri[tion: 1) removing the dependency on the config_ds
2) ds_newinst always adds "cn=Pass Through Authentication" with the
nsslapd-pluginEnabled value off.
|
| |
|
|
|
|
| |
Summary: Add config attributes to cn=config to support Console (comment #1)
Description: Console needs to know the default paths for ldif_dir and bak_dir.
Adding the paths to cn=config.
|
| |
|
|
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #8, #9)
Description: 1) Introducing BaseVersion (*.inf files) via PACKAGE_BASE_VERSION
(configure.ac) to generate #.# format version number from #.#.#. The #.#
format version number is used in the jar file names
2) Updated Util.pm.in to include ACIs to the search result.
|
| |
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #4)
Description: modifying check_and_add_entry to support ldifmodify format.
plus added minor fixes for comparing entries
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - navigation
Fix Description: Some minor cleanup:
1) Fixed navigation. Now you can go back through several dialogs.
2) Need to create a new Inf even if no file given
Platforms tested: RHEL4
Flag Day: No.
Doc impact: No.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - Inf, ds_newinst.pl
Fix Description: Some minor cleanup:
1) Setup must not write to the user supplied inf file. Setup uses the user supplied inf to initialize its cache, but creates a tempfile for writing.
2) When writing an Inf, preserve the continuation lines.
3) Added Noriko's fix for suffix generation to ds_newinst.pl
Platforms tested: RHEL4
Flag Day: No.
Doc impact: No.
|
| |
|
|
|
|
|
|
| |
Bug Description: Move DS Admin Code into Admin Server - admin server setup
Fix Description: Allow the use of '-' and '_' in section and parameter names when passing in inf parameters via the command line.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server
Description: fixing the default suffix: dc=<host>, dc=<dc1>, dc=<dc2>, dc=<dc3> ===> dc=<dc1>, dc=<dc2>, dc=<dc3>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) Since we moved the o=NetscapeRoot code out of cfg_sspt.c, we no longer need to create the suffix and backend in create_instance.c
2) Added code to enable/disable dialogs e.g. for dialogs that can change the flow conditionally
3) Added code to allow the user to backup to the first prompt on a dialog, for dialogs with many prompts
4) Allow continuation lines in Resource files, instead of having to have embedded \n chars. This allows easier editing and layout.
5) Added an addSuffix function
6) Moved the register_servers.pl code from admin server into DS Util.pm and made it a little more general purpose.
Platforms tested: RHEL4
|
| |
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #54)
Description:
1) eliminated the code adding o=netscaperoot related entries from cfg_sspt.c.
2) moving DS task CGIs to the adminserver.
|
| |
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: 1) Need to have $SILENT be greater than $CUSTOM so that dialog hiding works properly.
2) Need to have the ability to hide or show individual prompts in a dialog e.g. if using TLS/SSL, need to ask for the CA certificate filename, otherwise, not.
3) Need the ability to call a function to get the default yes or no answer for DialogYesNo
4) DialogYesNo should match answer case insensitively
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: The Resource class needs to support more than 1 resource file e.g. for ds-base and ds-admin.
The property dir should be under $datadir. Property files are data files, not really config files.
Added a shared_lib_suffix token
Fixed some wording errors in the resource file.
Platforms tested: RHEL4
Flag Day: no
Doc impact: No new doc impact from previous commits for this bug.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: This adds the setup related perl modules, scripts, and resource files to the DS base code. This will allow a user to interactively setup (create an instance of) a directory server. This will also form the base of the work to add the console and admin server related setup code.
New files/directories:
$libdir/fedora-ds/perl - this is where the perl modules (Setup.pm, etc.) will be installed.
$bindir/setup-ds.pl - the script to use to interactively create an instance of directory server. This has use lib '$libdir/fedora-ds/perl' hard coded into it at build time, in order to find the "private" setup perl modules. If you invoke this script in silent mode (setup-ds.pl -s) then it is exactly the same as just using ds_newinst.pl.
$sysconfdir/fedora-ds/property/setup-ds.res - Resources for setup-ds.pl and the associated modules.
I also fixed a problem with the libns-dshttpd linkage.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. All of these new items will need to be documented.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: allow instance creation with no .inf file; allow pre-hashed RootDNPwd
Reviewed by: nhosoi (Thanks!)
Fix Description: You can now use ds_newinst.pl without (or with) a .inf file like this:
ds_newinst.pl General.SuiteSpotUserID=nobody slapd.ServerPort=3890 ....
The parameters can be supplied via the command line. The format of the parameter is section.param=value. Normal shell quoting rules apply, so you still have to do something like this:
ds_newinst.pl "slapd.Suffix=dc=example, dc=com"
for embedded spaces and the like. If you supply a filename (or '-'), it must be the first argument after ds_newinst.pl. If you then supply additional arguments after the filename, these will override the settings in the given inf file. So, for example, you could reuse the same .inf file, except provide a different hostname:
ds_newinst.pl basefile.inf General.FullMachineName=bar.example.com
This allows you to use the same base .inf file for several machines, and only change certain parameters on a per-machine basis.
ds_newinst.pl will now fill in some default values - it will use Net::Domain::hostfqdn for FullMachineName, and your login ID for SuiteSpotUserID (however, not if running ds_newinst.pl as root), and will construct the Suffix and ServerIdentifier based on the FullMachineName. RootDN will default to cn=Directory Manager. ServerRoot is no longer required.
Another enhancement is the ability to provide a pre-hashed password for the RootDNPwd parameter, to avoid having to pass around the clear text directory manager password. However, some caveats apply. If the password begins with one of the well known hash algorithms (e.g. {SHA, {SSHA, etc.), ds_newinst will assume it is already hashed. This may cause problems if users expect to be able to provide a clear text password such as {SSHA}text, but I seriously doubt anyone does that (famous last words . . .). Another problem is that the code as it currently stands uses the clear text password to bind to the server after starting the server to add some additional entries and ACIs. This cannot be done if a pre-hashed password is provided (but we're working on a solution to that problem too).
write_ldap_info() is no longer needed.
Finally, a couple of minor bug fixes.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. There will be some documentation changes required.
|
| |
|
|
|
|
| |
Description: Allow mimimum schema in ds_newinst.pl
Fix Description: Fixed by abartlet. Add a new configuration param to create_instance - install_full_schema. By default this is 1, meaning the traditional behavior of installing all of the schema. If set to 0, this will only install the 00core.ldif schema file. This also required enhancements to ds_newinst.pl as well as a bug fix to allow passing in a 0 value.
Reviewed by: nhosoi, rmeggins
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
| |
|
|
|
|
|
| |
Summary: Change the name and location of template-cl-dump.pl and template-repl-monitor.pl
Description: 1) Removed "template-" from the script name
2) added shell script wrappers cl-dump and repl-monitor
3) moved them to bindir
|
