| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
Description: Bug 480869 - DS console: Can not delete DS instance
Fix Description: Create instance was broken, so no instances could be created for purposes of deletion. Create instance was printing the following error:
Unable to find Pass Through Authentication Plug-In config entry.
This is because the search for this entry in AdminUtil.pm was getting an incorrect error message - something other than "Success"
This is because the FileConn->getErrorString() method was returning "0" instead of "Success".
Platforms tested: RHEL4
|
| |
|
|
| |
Summary: Use backend name from inf when importing during setup.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: overriding arguments to setup causes setup to fail
Reviewed by: ulf.weltman, nkinder (Thanks!)
Fix Description: Parameters specified on the command line should override and replace (not add to) any parameters specified in a given .inf file. I refactored the code a little too - I moved the argv processing into the Inf module out of the Setup and Migration modules. The code will first process the args and store the values in a temporary hash ref. Then it will process the temp hash ref, replacing the values in the main inf with the values from the hash.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration results in incomplete admin server sie
Reviewed by: nkinder (Thanks!)
Fix Description: This is a redesign of one of the core pieces of the setup/migration code - the code that adds the LDAP entries in various places. For starters, I removed the code that would implicitly delete existing trees. This is the root cause of this bug, and other similar problems with setup/instance creation that have been reported. We should never implicitly delete entries. Instead, we should explicitly delete entries by using the changetype: delete in an LDIF template file.
Another source of problems was that to update an entry, we would delete it and add it back. This caused some configuration settings to be wiped out (e.g. encryption settings). We cannot do this any more. The LDIF template entries have been modified to have two sets of information for each entry that requires update - the entry to add if no entry exists (the full entry) or the changes to make to the entry if it does exist. The code in Util.pm has been changed to ignore duplicate entries and to ignore changes made to entries that do not exist.
Another source of problems with migration is that the error checking was not adequate, especially with FileConn and dse.ldif reading. The fix is to add better error checking and reporting in these areas of code, including error messages.
Yet another problem is the run_dir handling. On many platforms the run_dir is shared among all DS instances and the admin server. Older versions of the software allowed you to run the servers as root. We have to make sure run_dir is usable by the least privileged user of all of the servers.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Cross Platform Migration Fails with: Unable to access
nsslapd-rundir: Bad address
Reviewed by: nkinder (Thanks!)
Fix Description: Need to add any new attributes added in 8.0 and 8.1 to
the ignoreOld hash table in the migration script. The way migration
works, it assumes an attribute is supported in both the old version and
the new version. So if the attribute is absent in the old entry and
present in the new entry, it assumes the user removed the attribute in
the old entry, so removes it in the new entry. The ignoreOld hash table
holds the list of attributes that we should ignore for the purposes of
attribute comparison. These are the attributes we just want to pass
through.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Description: RFE change default place for kerberos keytabs
Fix Description: changed to
# KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
Where @instconfigdir@ will usually expand to /etc/dirsrv
|
| |
|
|
| |
Summary: Added new remove-ds.pl script and manpage.
|
| |
|
|
| |
Summary: Remove dependency on Term::ReadKey for password prompting in Perl scripts.
|
| |
|
|
| |
Summary: Make "back" reponse in setup code work correctly.
|
| |
|
|
| |
Summary: Fix undefined subroutine error when trying to display usage message in setup scripts.
|
| |
|
|
| |
Summary: Ensure directories created by installer get the requested mode applied.
|
| |
|
|
| |
Summary: Make repl-monitor.pl a template to pass in correct perl environment.
|
| |
|
|
|
|
|
| |
Summary: LDAPI: when nsslapd-ldapiautodnsuffix doesn't exist - Bind is incorrect
Description:
- introducing --enable-auto-dn-suffix option to configure (disabled by default)
- building the auto-dn-suffix code only when the option is set
|
| |
|
|
| |
debugging tools
|
| |
|
|
|
|
|
|
| |
Branch: HEAD
Fix Description: Set SO_REUSEADDR to make sure the port is really available.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: setup-ds.pl password prompt loops in Confirm prompt
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Just make sure the prompt tells the user that they can hit Control-B Enter at any time to go back if they need to re-enter the password.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Unhandled error during setup: Could not import LDIF file
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This doesn't allow you to re-prompt for the file, but this will at least cause setup to output a sensible error message if it detects that the given LDIF file is not readable.
Platforms tested: Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: rhds80 console - create new instance fails (only) after admin server restart
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The problem was that the temp LDIF file used to init the new database was not created with the proper mode and ownership, so slapd could not load it. The fix is to make sure the ownership and mode is correct.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Cannot setup ds with remote config DS
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This fix has two main parts. The first part is to fix setup. I took parts out of the 01nsroot template and put them into the templates that set up the directory server and admin server. So when those servers are registered, they will create those common entries if not present, or otherwise modify them to add the necessary information. I had to add uname_m and uname_a and some other items to the mapping files. I fixed a typo in one of the template files. I changed setup to create new directory server instances shutdown, so that when they are configured for the passthrough auth plugin, it will be working when started. Otherwise, directory servers you create with setup will not be manageable in the console until after they are restarted. This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs. I added a -u (update) option to setup. This will scan for exsiting installations are re-register all servers found. The dialog flow is pretty simple - it just confirms that you want to run update mode, then asks for the config ds information, then re-registers all servers with the config ds, updating any information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.
|
| |
|
|
| |
Summary: Add CLI for dynamic reload schema file task
|
| |
|
|
| |
Summary: Added CLI for creating memberOf fix-up task entry.
|
| |
|
|
|
|
| |
Summary: LDAPI: cleaning up template-ldapi-default.ldif.in and DSCreate.pm.in
Description: Separated auto-bind attributes from the ldapi attributes. Fixed
to store auto-bind attributes in dsel.dif only when auto-bind is enabled.
|
| |
|
|
| |
Summary: LDAPI: move default LDAPI UNIX socket from /var/run/dirsrv/slapd-ID.socket to /var/run/slapd-ID.socket
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migrate-ds-admin.pl spins at 100% cpu
Reviewed by: nkinder (Thanks!)
Fix Description: It was spinning because inst_dir was not being set, so it kept trying to find the parent directory of a non-existent directory. In migration, the old instance has no instance dir - we will fill that in during instance creation, so just skip it if not set. I also found and fixed another bug in migration with the usage of file_name_is_absolute - have to use the full module name and function name.
Platforms tested: RHEL4 32bit and 64bit
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Instance creation through console is broken
Reviewed by: nhosoi (Thanks!)
Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started.
Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified.
Another problem was that instance creation was leaving temp ldif files around.
I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file change in adminserver
Doc impact: no
|
| |
|
|
|
| |
Description: migrate-ds-admin.pl script - not working
Fix Description: Was getting this output - GLOB(0x9d908d8)inst_dir = - forgot a comma
|
| |
|
|
|
| |
Description: migrate-ds-admin.pl script - not working
Fix Description: Broken while fixing bug 400421 - Need to use $mig->{inf} instead of $inf
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: unable to restart configDS via console
Reviewed by: nhosoi (Thanks!)
Fix Description: We were using the old format for the ldapStart directive, which assumed everything was under a serverroot, so it just stored the relative path. We need the absolute path. During regular setup, we can get this from the directory server instance. During migration, we need to update the ldapStart directive to use the absolute path, so we need to get that information from the directory server code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Summary: command line scripts fine tuning (Comment #2)
Description: removed words "6.x" and "iWS" from the output messages.
|
| |
|
|
|
| |
Summary: command line scripts fine tuning (Comment #1)
Description: dded "-T vlvAttributeName: ..." to the usage
|
| |
|
|
|
|
|
|
|
|
| |
Summary: clean up template-scriptname which is derived from template-scriptname.in (comment #3,4)
Description: removing obsolete scripts:
ds_viewlog.pl scripts/template-dsml-activate.pl
scripts/template-migrateInstance5 scripts/template-migrateTo6
scripts/template-migrate50to51
scripts/template-migrateInstance6 scripts/template-migrate5to6
scripts/template-migrateTo5
|
| |
|
|
| |
Summary: verify-db.pl : can't find dbverify
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: '.' (dot) in the server ID
Reviewed by: nkinder (Thanks!)
Fix Description: Remove . and , from the characters allowed in the server ID. Also use the more descriptive error message.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Have to assign the values directly to the array ref - not to a temp array ref
|
| |
|
|
|
| |
Summary: verify-db.pl : can't find dbverify (comment #5)
Fix: added the inst_dir to PATH to tell verify-db.pl where dbverify is located.
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Fix the error message
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Fix the error message
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration : ignore idl switch value in 6.21 and earlier
Reviewed by: nhosoi (Thanks!)
Fix Description: If we are migrating a 6.21 or older database, we must not preserve the old idl switch setting, we must use the new default. We also have to use LDIF files for database migration as we cannot reuse the old binary database files.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: obsolete values migrated to target instance
Reviewed by: nhosoi (Thanks!)
Fix Description: When fixing the attributes in the old entry, remove any obsolete attributes.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Description: tmpwatch whacks stats
Fix Description: Move the default nsslapd-tmpdir to /tmp.
|
| |
|
|
|
|
|
| |
Description: tmpwatch whacks stats
Reviewed by: nkinder (Thanks!)
Fix Description: move the snmp slapd.stats file to run_dir (/var/run/dirsrv) and rename to slapd-instance.stats. Had to add nsslapd-rundir to cn=config in order for ldap-agent to be able to get it.
Doc: Yes, we need to document the new attribute nsslapd-rundir.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Do not allow direct migration if the source db index has old IDL format
Reviewed by: nkinder (Thanks!)
Fix Description: Just before the attempt to copy the database directories, look at the DBVERSION file from the source. If it is determined that the source version is too old, just exit migration and output a helpful error message.
Platforms tested: RHEL4 i386
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Description: Clean up setup dialog text
Fix Description: Fixed usage of setup as a noun and set up as a verb. Also a few other items.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Link DS with libumem on Solaris 9 and later
Reviewed by: nkinder (Thanks!)
Fix Description: See if libumem.so exists, and set the appropriate LD_PRELOAD env. var. if so.
Platforms tested: Solaris 9 64-bit
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: init script modification needed for kerberos auth
Reviewed by: nhosoi (Thanks!)
Fix Description: I just took Simo's initial patch and ran with it. The initconfigdir parameter is the directory containing the config file for the init script. configure will first try to use $(sysconfdir)/sysconfig, then $(sysconfdir)/default (Solaris and Debian, among others), then the package config directory (the default on HP-UX), for this parameter. The init script and startup script will look in the initconfigdir to find the init config file to source. For directory server, an instance specific file can be used, named e.g. dirsrv-localhost which will apply to the slapd-localhost instance only.
A default init config file is provided for dirsrv and dirsrv-admin, with some examples of how it could be used.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file changes
Doc impact: Yes. We will need to document how the user can supply environment to the servers at startup time without having to edit the init scripts or the startup scripts.
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 - search filters returns too many entries on interger attributes value greater than 2 to the 31
Reviewed by: nhosoi, nkinder (Thanks!)
Fix Description: This handles the migration part. The first part is when migrating the schema. Look for all integer syntax attributes. This can be tricky if there are SUP attribute types derived from integer syntax attributes. numSubordinates and hasSubordinates are skipped because they are handled specially by the db code. The next step is to scan all of the index files in the new db directory. If any integer indexes are found, they will be removed and recreated.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: Yes. Will need to document that this happens during migration if not cross platform.
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: Will need to create some integer indexes and do same platform migration to see if this works
|
| |
|
|
| |
Summary: Remove hard-coded SASL mappings and use config based regex mappings instead.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nkinder (Thanks!)
Fix Description: 7.1 and earlier chaining and replication credentials were stored incorrectly on little endian machines (x86 and itanium). They were "accidentally" stored correctly on big endian machines (sparc, pa-risc) because val == ntohl(val) on those platforms. When migrating from a little endian machine, we need to decode the password using the broken algorithm and re-encode it using the good method. We determine if the password is encode incorrectly by the following method: we use migratecred to decode and encode using the old path. If the values are equal, this means the password was already encoded correctly and we don't need to fix it. Otherwise, we set the flag that tells migratecred to fix it. In order to decode the broken password correctly on big endian machines, we have to swap the byte order to convert the values to little endian.
Platforms tested: RHEL5 x86_64, RHEL5 i386, Solaris 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
