| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Summary: Reimplement ds_remove without setuputil code (comment #6)
Description: adding nsslapd-instancedir to dse.ldif for ds_remove to find out
the instance dir path.
|
| |
|
|
|
|
| |
Summary: Reimplement ds_remove without setuputil code (comment #1)
Description: 1) introduced delete entry operation.
2) cleaned up check_and_add code
|
| |
|
|
|
| |
Summary: feature request for ldclt: add randomauthid for testing
Description: Adding randomauthid options: -e "randomauthid" -e "randomauthidlow=<low>" -e "randomauthidhigh=<high>"
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Reimplement ds_create without setuputil code
Reviewed by: nhosoi (Thanks!)
Fix Description: ds_create was a CGI program that would create a new instance, set it up to be managed by console, and register it with the config ds. The new ds_create CGI perl script does just that. One tricky part was that, rather than enabling the pass through auth plugin and having to restart the server, the new server is created without being started, then the modification is done to the new server dse.ldif file directly, using the new FileConn.pm module, which simulates a Mozilla::LDAP::Conn on an LDIF file. This also allows us to create a new instance with a pre-hashed rootdn password, rather than having to send the cleartext password.
I had to move around some code in AdminServer and AdminUtil so that I could use it from ds_create. I also implemented support for the admin server PASSWORD_PIPE in perl so we could use it in other CGI perl scripts.
Finally, the error handling was not consistent in our code, so I made explicit the passing of error messages up and down the stack. Oh how I wish we could just do this in python and use exception handling . . .
I added a test for ds_create.
Platforms tested: RHEL4
Flag Day: Yes - autotool changes
Doc impact: No. Should work the same way as the old ds_create.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: DS Admin Migration framework
Reviewed by: nhosoi (Thanks!)
Fix Description: Created a Migration class that is very similar to the Setup class - to act as a sort of global context for the migration process. Moved most of the guts of migrateTo11 into the new DSMigration class and the new migrate-ds.pl - we should deprecate migrateTo11 in favor of migrate-ds.pl. I had to enhance the check_and_add_entry function to handle pseudo-LDIF change records - pseudo because mozilla perldap LDIF has no real LDIF change record support.
Fixed a bug in create_instance.c - creating an instance without starting it was not working if the port number of an existing directory server was supplied.
Added a new method createDSInstance to Util - this just wraps ds_newinst.pl for now.
Platforms tested: RHEL4
Doc: Yes. We will need to document the migration procedures.
Flag day: Yes. Autotool file changes.
|
| |
|
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #28)
Descri[tion: 1) removing the dependency on the config_ds
2) ds_newinst always adds "cn=Pass Through Authentication" with the
nsslapd-pluginEnabled value off.
|
| |
|
|
|
|
| |
Summary: Add config attributes to cn=config to support Console (comment #1)
Description: Console needs to know the default paths for ldif_dir and bak_dir.
Adding the paths to cn=config.
|
| |
|
|
|
|
| |
Summary: Add config attributes to cn=config to support Console (comment #1)
Description: Console needs to know the default paths for ldif_dir and bak_dir.
Adding the paths to cn=config.
|
| |
|
|
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #8, #9)
Description: 1) Introducing BaseVersion (*.inf files) via PACKAGE_BASE_VERSION
(configure.ac) to generate #.# format version number from #.#.#. The #.#
format version number is used in the jar file names
2) Updated Util.pm.in to include ACIs to the search result.
|
| |
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #4)
Description: modifying check_and_add_entry to support ldifmodify format.
plus added minor fixes for comparing entries
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - navigation
Fix Description: Some minor cleanup:
1) Fixed navigation. Now you can go back through several dialogs.
2) Need to create a new Inf even if no file given
Platforms tested: RHEL4
Flag Day: No.
Doc impact: No.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - Inf, ds_newinst.pl
Fix Description: Some minor cleanup:
1) Setup must not write to the user supplied inf file. Setup uses the user supplied inf to initialize its cache, but creates a tempfile for writing.
2) When writing an Inf, preserve the continuation lines.
3) Added Noriko's fix for suffix generation to ds_newinst.pl
Platforms tested: RHEL4
Flag Day: No.
Doc impact: No.
|
| |
|
|
|
|
|
|
| |
Bug Description: Move DS Admin Code into Admin Server - admin server setup
Fix Description: Allow the use of '-' and '_' in section and parameter names when passing in inf parameters via the command line.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server
Description: fixing the default suffix: dc=<host>, dc=<dc1>, dc=<dc2>, dc=<dc3> ===> dc=<dc1>, dc=<dc2>, dc=<dc3>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) Since we moved the o=NetscapeRoot code out of cfg_sspt.c, we no longer need to create the suffix and backend in create_instance.c
2) Added code to enable/disable dialogs e.g. for dialogs that can change the flow conditionally
3) Added code to allow the user to backup to the first prompt on a dialog, for dialogs with many prompts
4) Allow continuation lines in Resource files, instead of having to have embedded \n chars. This allows easier editing and layout.
5) Added an addSuffix function
6) Moved the register_servers.pl code from admin server into DS Util.pm and made it a little more general purpose.
Platforms tested: RHEL4
|
| |
|
|
| |
Description: providing slapd.inf having the DS static info for the setup/config
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #62)
Description: providing slapd.inf having the DS static info for the setup/config
|
| |
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #54)
Description:
1) eliminated the code adding o=netscaperoot related entries from cfg_sspt.c.
2) moving DS task CGIs to the adminserver.
|
| | |
|
| |
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: 1) Need to have $SILENT be greater than $CUSTOM so that dialog hiding works properly.
2) Need to have the ability to hide or show individual prompts in a dialog e.g. if using TLS/SSL, need to ask for the CA certificate filename, otherwise, not.
3) Need the ability to call a function to get the default yes or no answer for DialogYesNo
4) DialogYesNo should match answer case insensitively
|
| |
|
|
|
|
|
|
| |
Summary: Use mozldap6 ldif_parse_line API
Changes:
1) Removed ldif.h from the DS tree.
2) Eliminated the 5-th arg of ldif_parse_line (errmsg) and the errmsg related
code.
|
| |
|
|
|
|
|
|
|
| |
Description: --with-ldapsdk-bin required for configure argument
Fix Description:
In m4/mozldap.m4, there is a code to check whether ldapsdk_bindir is specified,
but you can't specify it except for --with-ldapsdk argument or using pkg-config.
So using --with-ldapsdk-lib and --with-ldapsdk-inc requires the additional
argument '--with-ldapsdk-bin'.
|
| |
|
|
| |
Summary: Added SASL support to ldclt as well as some thread-safety fixes for ns-slapd when using SASL.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: The Resource class needs to support more than 1 resource file e.g. for ds-base and ds-admin.
The property dir should be under $datadir. Property files are data files, not really config files.
Added a shared_lib_suffix token
Fixed some wording errors in the resource file.
Platforms tested: RHEL4
Flag Day: no
Doc impact: No new doc impact from previous commits for this bug.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: This adds the setup related perl modules, scripts, and resource files to the DS base code. This will allow a user to interactively setup (create an instance of) a directory server. This will also form the base of the work to add the console and admin server related setup code.
New files/directories:
$libdir/fedora-ds/perl - this is where the perl modules (Setup.pm, etc.) will be installed.
$bindir/setup-ds.pl - the script to use to interactively create an instance of directory server. This has use lib '$libdir/fedora-ds/perl' hard coded into it at build time, in order to find the "private" setup perl modules. If you invoke this script in silent mode (setup-ds.pl -s) then it is exactly the same as just using ds_newinst.pl.
$sysconfdir/fedora-ds/property/setup-ds.res - Resources for setup-ds.pl and the associated modules.
I also fixed a problem with the libns-dshttpd linkage.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. All of these new items will need to be documented.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: allow instance creation with no .inf file; allow pre-hashed RootDNPwd
Reviewed by: nhosoi (Thanks!)
Fix Description: You can now use ds_newinst.pl without (or with) a .inf file like this:
ds_newinst.pl General.SuiteSpotUserID=nobody slapd.ServerPort=3890 ....
The parameters can be supplied via the command line. The format of the parameter is section.param=value. Normal shell quoting rules apply, so you still have to do something like this:
ds_newinst.pl "slapd.Suffix=dc=example, dc=com"
for embedded spaces and the like. If you supply a filename (or '-'), it must be the first argument after ds_newinst.pl. If you then supply additional arguments after the filename, these will override the settings in the given inf file. So, for example, you could reuse the same .inf file, except provide a different hostname:
ds_newinst.pl basefile.inf General.FullMachineName=bar.example.com
This allows you to use the same base .inf file for several machines, and only change certain parameters on a per-machine basis.
ds_newinst.pl will now fill in some default values - it will use Net::Domain::hostfqdn for FullMachineName, and your login ID for SuiteSpotUserID (however, not if running ds_newinst.pl as root), and will construct the Suffix and ServerIdentifier based on the FullMachineName. RootDN will default to cn=Directory Manager. ServerRoot is no longer required.
Another enhancement is the ability to provide a pre-hashed password for the RootDNPwd parameter, to avoid having to pass around the clear text directory manager password. However, some caveats apply. If the password begins with one of the well known hash algorithms (e.g. {SHA, {SSHA, etc.), ds_newinst will assume it is already hashed. This may cause problems if users expect to be able to provide a clear text password such as {SSHA}text, but I seriously doubt anyone does that (famous last words . . .). Another problem is that the code as it currently stands uses the clear text password to bind to the server after starting the server to add some additional entries and ACIs. This cannot be done if a pre-hashed password is provided (but we're working on a solution to that problem too).
write_ldap_info() is no longer needed.
Finally, a couple of minor bug fixes.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. There will be some documentation changes required.
|
| |
|
|
|
|
| |
Description: Allow mimimum schema in ds_newinst.pl
Fix Description: Fixed by abartlet. Add a new configuration param to create_instance - install_full_schema. By default this is 1, meaning the traditional behavior of installing all of the schema. If set to 0, this will only install the 00core.ldif schema file. This also required enhancements to ds_newinst.pl as well as a bug fix to allow passing in a 0 value.
Reviewed by: nhosoi, rmeggins
|
| |
|
|
|
| |
Description: Add replication schema to core DS schema
Fix Description: We need to move some of the schema from 01common to 00core in order to allow the directory server to use replication with minimal schema.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
| |
|
|
| |
Summary: Fixed linker problems when linking with ldap c sdk.
|
| |
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #9)
|
| |
|
|
|
|
|
| |
Summary: Change the name and location of template-cl-dump.pl and template-repl-monitor.pl
Description: 1) Removed "template-" from the script name
2) added shell script wrappers cl-dump and repl-monitor
3) moved them to bindir
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #9)
Description: Cleaning up unused code
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #8)
Description: acclanglist.c has been moved to AdminUtil
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #5)
Description: DSMLGW and ORGCHART are moved out; removing from ldapserver
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #5)
Description: DSMLGW and ORGCHART are moved out; removing from ldapserver
|
| |
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #4,#6)
Description:
.DSGW is already a separated module "dsgw"; Removing from ldapserver.
.Removing the independency from lib/libsi18n/gsslapd.h
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #3)
Description: Cleaning up NT code
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #2)
Description: Cleaning up unused code
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #2)
Description: Cleaning up unused code
|
| |
|
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #7)
Changes: If PR_Recv in sasl_recv_connection gets EAGAIN (== errno 11),
check whether it should be retried as being done for "a temporary
non-blocking I/O error".
|
| |
|
|
| |
Summary: Modified the with-fhs and with-fhs-opt configure options
|
| |
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot
Description: As mentioned in the comment just above of the code: "we now must
read more data off the wire until we have the complete packet", we read more.
|
| |
|
|
| |
Summary: Added a configure option for FHS optional software layout style.
|
| |
|
|
| |
Summary: Remove obsolete makefiles
|
| |
|
|
| |
Summary: Remove obsolete makefiles
|
| |
|
|
| |
Summary: Remove obsolete makefiles
|
