diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2007-07-13 18:35:33 +0000 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2007-07-13 18:35:33 +0000 |
| commit | cd0220f611d38f47c6414a3a976c85800eddce52 (patch) | |
| tree | e82b94785469c6dfbb269fdb4a4d05c8a04ea7bc /ldap/ldif | |
| parent | 44ee32bb2f39712b8c0f5628d5c17109c48772d7 (diff) | |
| download | ds-cd0220f611d38f47c6414a3a976c85800eddce52.tar.gz ds-cd0220f611d38f47c6414a3a976c85800eddce52.tar.xz ds-cd0220f611d38f47c6414a3a976c85800eddce52.zip | |
Resolves: bug 248145
Bug Description: Replace ds_newinst binary with perl script
Reviewed by: nhosoi (Thanks!)
Fix Description: The time has come. We can finally get rid of the instance creation C code
once and for all. I've created a DSCreate module that has all of the functionality of the old
create_instance.c code, along with a few items from ldap/admin/lib. The way it works is
this: it first creates the dse.ldif file using template-dse.ldif and the suffix-db template to
create the initial db and suffix. It then adds additional optional configuration depending
on what optional features have been enabled. It creates other config files and copies in
the schema. It then initializes the database. It uses a template file based on the type of
entry implied by the suffix, then adds the default ACIs. If the user chose to do so, it
will also create the ou=people, ou=groups, etc. entries. The user can also supply an LDIF
file which will be used to populate the initial database, in which case none of the default
entries or ACIs will be used. It then starts the server (if desired).
I had to create a function makePaths that works like mkdir -p except that it will chown,
chgrp, and chmod all paths created.
I had to change the other places where instance creation was called to use the new
calling semantics. ds_create changed quite a bit, since it can just use an Inf to pass in the
information instead of calling ds_newinst as a CGI program.
I had to change FileConn to add support for namingContexts (i.e. entries with no parent),
and to have it write each change each time, and to return copies of entries when searching,
to avoid modifying the tree in place. This makes it act much more like LDAP.
I found and fixed a few bugs in Migration along the way that were revealed while integrating
the new DSCreate code.
Platforms tested: RHEL4, FC6
Flag Day: Yes. New instance creation code and autotool changes.
Doc impact: no
Diffstat (limited to 'ldap/ldif')
| -rw-r--r-- | ldap/ldif/template-baseacis.ldif.in | 5 | ||||
| -rw-r--r-- | ldap/ldif/template-country.ldif.in | 4 | ||||
| -rw-r--r-- | ldap/ldif/template-domain.ldif.in | 4 | ||||
| -rw-r--r-- | ldap/ldif/template-dse.ldif.in | 6 | ||||
| -rw-r--r-- | ldap/ldif/template-locality.ldif.in | 4 | ||||
| -rw-r--r-- | ldap/ldif/template-org.ldif.in | 4 | ||||
| -rw-r--r-- | ldap/ldif/template-orgunit.ldif.in | 4 | ||||
| -rw-r--r-- | ldap/ldif/template-state.ldif.in | 4 | ||||
| -rw-r--r-- | ldap/ldif/template.ldif | 34 |
9 files changed, 48 insertions, 21 deletions
diff --git a/ldap/ldif/template-baseacis.ldif.in b/ldap/ldif/template-baseacis.ldif.in new file mode 100644 index 00000000..7eb8c40c --- /dev/null +++ b/ldap/ldif/template-baseacis.ldif.in @@ -0,0 +1,5 @@ +dn: %ds_suffix% +changetype: modify +add: aci +aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare) userdn="ldap:///anyone";) +aci: (targetattr="carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURL || mail || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier")(version 3.0; acl "Enable self write for common attributes"; allow (write) userdn="ldap:///self";) diff --git a/ldap/ldif/template-country.ldif.in b/ldap/ldif/template-country.ldif.in new file mode 100644 index 00000000..cc37997e --- /dev/null +++ b/ldap/ldif/template-country.ldif.in @@ -0,0 +1,4 @@ +dn: %ds_suffix% +objectclass: top +objectclass: country +c: %naming_value% diff --git a/ldap/ldif/template-domain.ldif.in b/ldap/ldif/template-domain.ldif.in new file mode 100644 index 00000000..4085c50e --- /dev/null +++ b/ldap/ldif/template-domain.ldif.in @@ -0,0 +1,4 @@ +dn: %ds_suffix% +objectclass: top +objectclass: domain +dc: %naming_value% diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in index 805bcb8b..5d9aec85 100644 --- a/ldap/ldif/template-dse.ldif.in +++ b/ldap/ldif/template-dse.ldif.in @@ -9,7 +9,7 @@ nsslapd-tmpdir: %tmp_dir% nsslapd-certdir: %cert_dir% nsslapd-ldifdir: %ldif_dir% nsslapd-bakdir: %bak_dir% -nsslapd-saslpath: %sasl_path% +nsslapd-instancedir: %inst_dir% nsslapd-accesslog-logging-enabled: on nsslapd-accesslog-maxlogsperdir: 10 nsslapd-accesslog-mode: 600 @@ -22,7 +22,7 @@ nsslapd-accesslog-logrotationsyncmin: 0 nsslapd-accesslog: %log_dir%/access nsslapd-enquote-sup-oc: off nsslapd-localhost: %fqdn% -nsslapd-schemacheck: 1 +nsslapd-schemacheck: on nsslapd-rewrite-rfc1274: off nsslapd-return-exact-case: on nsslapd-ssl-check-hostname: on @@ -493,7 +493,7 @@ nsslapd-pluginpath: libcollation-plugin nsslapd-plugininitfunc: orderingRule_init nsslapd-plugintype: matchingRule nsslapd-pluginenabled: on -nsslapd-pluginarg0: @configdir@/slapd-collations.conf +nsslapd-pluginarg0: %config_dir%/slapd-collations.conf dn: cn=HTTP Client,cn=plugins,cn=config objectclass: top diff --git a/ldap/ldif/template-locality.ldif.in b/ldap/ldif/template-locality.ldif.in new file mode 100644 index 00000000..c7185269 --- /dev/null +++ b/ldap/ldif/template-locality.ldif.in @@ -0,0 +1,4 @@ +dn: %ds_suffix% +objectclass: top +objectclass: locality +l: %naming_value% diff --git a/ldap/ldif/template-org.ldif.in b/ldap/ldif/template-org.ldif.in new file mode 100644 index 00000000..e649c323 --- /dev/null +++ b/ldap/ldif/template-org.ldif.in @@ -0,0 +1,4 @@ +dn: %ds_suffix% +objectclass: top +objectclass: organization +o: %naming_value% diff --git a/ldap/ldif/template-orgunit.ldif.in b/ldap/ldif/template-orgunit.ldif.in new file mode 100644 index 00000000..97982e57 --- /dev/null +++ b/ldap/ldif/template-orgunit.ldif.in @@ -0,0 +1,4 @@ +dn: %ds_suffix% +objectclass: top +objectclass: organizationalUnit +ou: %naming_value% diff --git a/ldap/ldif/template-state.ldif.in b/ldap/ldif/template-state.ldif.in new file mode 100644 index 00000000..f4fdfe7e --- /dev/null +++ b/ldap/ldif/template-state.ldif.in @@ -0,0 +1,4 @@ +dn: %ds_suffix% +objectclass: top +objectclass: locality +st: %naming_value% diff --git a/ldap/ldif/template.ldif b/ldap/ldif/template.ldif index a0ab7914..6c083449 100644 --- a/ldap/ldif/template.ldif +++ b/ldap/ldif/template.ldif @@ -37,26 +37,24 @@ # All rights reserved. # END COPYRIGHT BLOCK # -dn: %%%SUFFIX%%% -objectclass: top -aci: (targetattr ="*")(version 3.0; - acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:/// - cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");) +dn: %ds_suffix% +changetype: modify +add: aci aci: (targetattr ="*")(version 3.0; acl "Directory Administrators Group";allow (all) (groupdn = "ldap:/// - cn=Directory Administrators, %%%SUFFIX%%%");) + cn=Directory Administrators, %ds_suffix%");) -dn: cn=Directory Administrators, %%%SUFFIX%%% +dn: cn=Directory Administrators, %ds_suffix% objectClass: top objectClass: groupofuniquenames cn: Directory Administrators -dn: ou=Groups, %%%SUFFIX%%% +dn: ou=Groups, %ds_suffix% objectclass: top objectclass: organizationalunit ou: Groups -dn: ou=People, %%%SUFFIX%%% +dn: ou=People, %ds_suffix% objectclass: top objectclass: organizationalunit ou: People @@ -66,48 +64,48 @@ aci: (targetattr ="userpassword || te aci: (targetattr !="cn || sn || uid")(t argetfilter ="(ou=Accounting)")(version 3.0;acl "Accounting Managers G roup Permissions";allow (write)(groupdn = "ldap:///cn=Accounting Managers,ou - =groups,%%%SUFFIX%%%");) + =groups,%ds_suffix%");) aci: (targetattr !="cn || sn || uid")(t argetfilter ="(ou=Human Resources)")(version 3.0;acl "HR Group Permiss - ions";allow (write)(groupdn = "ldap:///cn=HR Managers,ou=groups,%%%SUFFIX%%% + ions";allow (write)(groupdn = "ldap:///cn=HR Managers,ou=groups,%ds_suffix% ");) aci: (targetattr !="cn ||sn || uid")(t argetfilter ="(ou=Product Testing)")(version 3.0;acl "QA Group Permiss - ions";allow (write)(groupdn = "ldap:///cn=QA Managers,ou=groups,%%%SUFFIX%%% + ions";allow (write)(groupdn = "ldap:///cn=QA Managers,ou=groups,%ds_suffix% ");) aci: (targetattr !="cn || sn || uid")(t argetfilter ="(ou=Product Development)")(version 3.0;acl "Engineering Group Permissions";allow (write)(groupdn = "ldap:///cn=PD Managers,ou=groups - ,%%%SUFFIX%%%");) + ,%ds_suffix%");) -dn: ou=Special Users,%%%SUFFIX%%% +dn: ou=Special Users,%ds_suffix% objectclass: top objectclass: organizationalUnit ou: Special Users description: Special Administrative Accounts -dn: cn=Accounting Managers,ou=groups,%%%SUFFIX%%% +dn: cn=Accounting Managers,ou=groups,%ds_suffix% objectclass: top objectclass: groupOfUniqueNames cn: Accounting Managers ou: groups description: People who can manage accounting entries -dn: cn=HR Managers,ou=groups,%%%SUFFIX%%% +dn: cn=HR Managers,ou=groups,%ds_suffix% objectclass: top objectclass: groupOfUniqueNames cn: HR Managers ou: groups description: People who can manage HR entries -dn: cn=QA Managers,ou=groups,%%%SUFFIX%%% +dn: cn=QA Managers,ou=groups,%ds_suffix% objectclass: top objectclass: groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries -dn: cn=PD Managers,ou=groups,%%%SUFFIX%%% +dn: cn=PD Managers,ou=groups,%ds_suffix% objectclass: top objectclass: groupOfUniqueNames cn: PD Managers |