| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: RFE: include RFC4876 schema - Autofs does not include
LDAP schema for Fedora Directory Server
Reviewed by: nkinder (Thanks!)
Fix Description: Pieter D.J. Krul has contributed many schema files that
have been tested in production environments. They are divided into two
groups - those that conflict with existing schema in DS, CertSys, and
IPA, and those which do not. The latter are installed in the default
schema directory to be available for new instances - the former are
installed in the data directory just as the rfc2307bis schema. The
schema provided cover autofs and rfc4876, as in the bug reports, and
more. Here is the full list of new files:
60trust.ldif 60pureftpd.ldif 60sudo.ldif 60nis.ldif 60samba.ldif
60mozilla.ldif
60samba3.ldif 60krb5kdc.ldif 60sabayon.ldif 60kerberos.ldif
60rfc4876.ldif 60inetmail.ldif 60rfc3712.ldif 60eduperson.ldif
60rfc2739.ldif 60changelog.ldif 60radius.ldif 60autofs.ldif 60qmail.ldif
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - document the new schema
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Lack of manpages
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: This adds man pages for the command line utilities. The configure.ac diffs were a little bit tricky - apparently, mandir is not set to a correct default value, so we have to make sure we set a reasonable default value it if the user has not set it (e.g. rpmbuild will override it with --mandir=something).
Platforms tested: Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Add CLI for dynamic reload schema file task
|
|
|
|
| |
Summary: Make memberOf plug-in attributes configurable.
|
|
|
|
| |
Summary: Added CLI for creating memberOf fix-up task entry.
|
|
|
|
|
|
| |
Summary: Dynamically reload schema via task interface
Description: implemented task based schema file reloading
(see also http://directory.fedoraproject.org/wiki/Dynamically_Reload_Schema)
|
|
|
|
|
|
| |
Summary: LDAPI: introduce --enable-autobind to support AUTOBIND
Description: --enable-autobind is supported. Unless it's set, the auto-bind
code is not compiled in.
|
|
|
|
| |
640:9c57bd91b32f if ipa-memberof.c).
|
|
|
|
|
| |
Description: Need to support mail server schema
Fix Description: There are customers who are using the mail schema, so we need to keep it in the product.
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
|
|
|
|
|
| |
Added rfc2307bis schema, but in the data directory. It is not compatible with the older rfc2307 schema included with the directory server.
Users will need to upgrade their database to fix posixGroup entries in order
to use this schema
|
|
|
|
| |
Summary: Install SNMP subagent mibs.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: init script modification needed for kerberos auth
Reviewed by: nhosoi (Thanks!)
Fix Description: I just took Simo's initial patch and ran with it. The initconfigdir parameter is the directory containing the config file for the init script. configure will first try to use $(sysconfdir)/sysconfig, then $(sysconfdir)/default (Solaris and Debian, among others), then the package config directory (the default on HP-UX), for this parameter. The init script and startup script will look in the initconfigdir to find the init config file to source. For directory server, an instance specific file can be used, named e.g. dirsrv-localhost which will apply to the slapd-localhost instance only.
A default init config file is provided for dirsrv and dirsrv-admin, with some examples of how it could be used.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file changes
Doc impact: Yes. We will need to document how the user can supply environment to the servers at startup time without having to edit the init scripts or the startup scripts.
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
|
|
|
| |
Summary: Set SASL_PATH in ldclt wrapper script.
|
|
|
|
|
| |
Summary: Installation failed. template files not found.
Description: Added template-sasl.ldif to Makefile.am
|
|
|
|
|
|
|
|
| |
Summary: verify-db.pl (db_verify) does not work on a little endian machine
(comment #1-#4)
Description: 1) introducing dbverify mode to ns-slapd.
2) providing new script dbverify to call "ns-slapd dbverify"
3) fixing verify-db.pl to call dbverify instead of db_verify from BDB
|
| |
|
|
|
|
| |
those first in the link line, so that the build finds the dirsec versions of those components and not the mozilla/seamonkey ones in libdir
|
|
|
|
| |
Summary: Changed ldap-agent to find location of stats file dynamically.
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: improve perldap script execution ability on bundled platforms
Reviewed by: nkinder (Thanks!)
Fix Description: Most platforms will just use perl from PATH. However, on Solaris and HP-UX, we have to use special 64 bit versions to execute perldap, since perldap is 64 bit on those platforms. Also, if bundling all of the dependent components into the single package, we need to make sure the perl library path is set correctly to find perldap.
The last step will be to build our version of perldap on the bundled platforms to use rpath to point to the correct runtime library location.
Platforms tested: RHEL4, HP-UX 11.23 IPF 64 bit
Flag Day: no
Doc impact: no
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script - remove dead code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is my favorite part - removing all of the now dead code. I also had to fix the exit code so that you could use $? to test for the success or failure of the new setup scripts.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script
Reviewed by: nhosoi (Thanks!)
Fix Description: The time has come. We can finally get rid of the instance creation C code
once and for all. I've created a DSCreate module that has all of the functionality of the old
create_instance.c code, along with a few items from ldap/admin/lib. The way it works is
this: it first creates the dse.ldif file using template-dse.ldif and the suffix-db template to
create the initial db and suffix. It then adds additional optional configuration depending
on what optional features have been enabled. It creates other config files and copies in
the schema. It then initializes the database. It uses a template file based on the type of
entry implied by the suffix, then adds the default ACIs. If the user chose to do so, it
will also create the ou=people, ou=groups, etc. entries. The user can also supply an LDIF
file which will be used to populate the initial database, in which case none of the default
entries or ACIs will be used. It then starts the server (if desired).
I had to create a function makePaths that works like mkdir -p except that it will chown,
chgrp, and chmod all paths created.
I had to change the other places where instance creation was called to use the new
calling semantics. ds_create changed quite a bit, since it can just use an Inf to pass in the
information instead of calling ds_newinst as a CGI program.
I had to change FileConn to add support for namingContexts (i.e. entries with no parent),
and to have it write each change each time, and to return copies of entries when searching,
to avoid modifying the tree in place. This makes it act much more like LDAP.
I found and fixed a few bugs in Migration along the way that were revealed while integrating
the new DSCreate code.
Platforms tested: RHEL4, FC6
Flag Day: Yes. New instance creation code and autotool changes.
Doc impact: no
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Reimplement ds_create without setuputil code
Reviewed by: nhosoi (Thanks!)
Fix Description: ds_create was a CGI program that would create a new instance, set it up to be managed by console, and register it with the config ds. The new ds_create CGI perl script does just that. One tricky part was that, rather than enabling the pass through auth plugin and having to restart the server, the new server is created without being started, then the modification is done to the new server dse.ldif file directly, using the new FileConn.pm module, which simulates a Mozilla::LDAP::Conn on an LDIF file. This also allows us to create a new instance with a pre-hashed rootdn password, rather than having to send the cleartext password.
I had to move around some code in AdminServer and AdminUtil so that I could use it from ds_create. I also implemented support for the admin server PASSWORD_PIPE in perl so we could use it in other CGI perl scripts.
Finally, the error handling was not consistent in our code, so I made explicit the passing of error messages up and down the stack. Oh how I wish we could just do this in python and use exception handling . . .
I added a test for ds_create.
Platforms tested: RHEL4
Flag Day: Yes - autotool changes
Doc impact: No. Should work the same way as the old ds_create.
|
|
|
|
|
|
|
|
|
|
|
| |
Description: DS Admin Migration framework
Reviewed by: nhosoi (Thanks!)
Fix Description: Created a Migration class that is very similar to the Setup class - to act as a sort of global context for the migration process. Moved most of the guts of migrateTo11 into the new DSMigration class and the new migrate-ds.pl - we should deprecate migrateTo11 in favor of migrate-ds.pl. I had to enhance the check_and_add_entry function to handle pseudo-LDIF change records - pseudo because mozilla perldap LDIF has no real LDIF change record support.
Fixed a bug in create_instance.c - creating an instance without starting it was not working if the port number of an existing directory server was supplied.
Added a new method createDSInstance to Util - this just wraps ds_newinst.pl for now.
Platforms tested: RHEL4
Doc: Yes. We will need to document the migration procedures.
Flag day: Yes. Autotool file changes.
|
|
|
|
|
|
|
|
| |
Summary: Configure Pass Thru Auth (comment #8, #9)
Description: 1) Introducing BaseVersion (*.inf files) via PACKAGE_BASE_VERSION
(configure.ac) to generate #.# format version number from #.#.#. The #.#
format version number is used in the jar file names
2) Updated Util.pm.in to include ACIs to the search result.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #62)
Description: providing slapd.inf having the DS static info for the setup/config
|
|
|
|
| |
Summary: Added SASL support to ldclt as well as some thread-safety fixes for ns-slapd when using SASL.
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: The Resource class needs to support more than 1 resource file e.g. for ds-base and ds-admin.
The property dir should be under $datadir. Property files are data files, not really config files.
Added a shared_lib_suffix token
Fixed some wording errors in the resource file.
Platforms tested: RHEL4
Flag Day: no
Doc impact: No new doc impact from previous commits for this bug.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: This adds the setup related perl modules, scripts, and resource files to the DS base code. This will allow a user to interactively setup (create an instance of) a directory server. This will also form the base of the work to add the console and admin server related setup code.
New files/directories:
$libdir/fedora-ds/perl - this is where the perl modules (Setup.pm, etc.) will be installed.
$bindir/setup-ds.pl - the script to use to interactively create an instance of directory server. This has use lib '$libdir/fedora-ds/perl' hard coded into it at build time, in order to find the "private" setup perl modules. If you invoke this script in silent mode (setup-ds.pl -s) then it is exactly the same as just using ds_newinst.pl.
$sysconfdir/fedora-ds/property/setup-ds.res - Resources for setup-ds.pl and the associated modules.
I also fixed a problem with the libns-dshttpd linkage.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. All of these new items will need to be documented.
|
|
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
|
|
|
| |
Summary: Fixed linker problems when linking with ldap c sdk.
|
|
|
|
|
|
|
| |
Summary: Change the name and location of template-cl-dump.pl and template-repl-monitor.pl
Description: 1) Removed "template-" from the script name
2) added shell script wrappers cl-dump and repl-monitor
3) moved them to bindir
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #8)
Description: acclanglist.c has been moved to AdminUtil
|
|
|
|
|
| |
Description: version 1.1.0: bugs in build system (linking)
Fix Description: libds_admin needs to link with LDAPSDK_LINK and the server needs to link with SVRCORE
|
|
|
|
|
| |
Description: need initscripts for Solaris
Fix Description: I messed up the linux init script - turns out linux echo doesn't like \c, so I created a echo_n() function which is stolen from configure. I had to add @ECHO_N@ and @ECHO_C@ to Makefile.am and have them replaced in initscript.in.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration: Migrate from 1.0.x to 1.1
Reviewed by: nhosoi (Thanks!)
Fix Description: The basic strategy is
1) shutdown the old servers - databases should be quiescent
2) run the migration script - this will copy all of the files (under /opt/fedora-ds/slapd-* by default) to their new FHS style locations, and fix up any entries and attributes that are obsolete or have changed (e.g. values that refer to paths)
3) service fedora-ds start
The migration script does not need to do anything to the database files - the new database code added by Noriko will handle the database upgrade automagically, but I'm leaving the database upgrade code in the script, commented out, in case we need it in the future.
This also fixes an annoying problem with automake - it would build ds_newinst.pl from ds_newinst.pl.in in the source ldap/admin/src directory, and use that version. This is really a problem with multi platform builds, where you want to share the ldapserver source code among multiple platforms. With the fix, built/ldap/admin/src/ds_newinst.pl is generated from srcdir/ldap/admin/src/ds_newinst.pl.in, and srcdir/ldap/admin/src/ds_newinst.pl is not written.
Platforms tested: FC6
Flag Day: no
Doc impact: Yes - we need to document migration
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Split core schema
Reviewed by: prowley (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Moved all schema not required to start the server from
00core.ldif into a new file called 01common.ldif. Andrew and Satish
already did the work to determine which schema are required to start the
server, which is the schema needed to be in 00core.ldif.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Add enable switches for optional/experimental features
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: Added --enable-pam-passthru, --enable-dna, and --enable-ldapi. They are all on by default and must be explicitly disabled (--disable-pam-passthru). These all cause ENABLE_xxx to be defined for C code so that we can enclose the code in #ifdef ENABLE_PAM_PASSTHRU blocks, for example. For the first two, these also cause the plugins to be built - so that if you specify --disable-pam-passthru, the plugin code will not be built at all. I discovered a nifty autoconf macro called AS_HELP_STRING - this nicely formats the help messages output by configure --help. I don't know if it's worth going through all of our m4 code to use this, but I went ahead and fixed configure.ac. Create instance will now add plugin configuration entries (but disabled) for pam passthru and dna if the corresponding ENABLE_ macros are defined. I also fixed a bug with passthru (not pam passthru) - the plugin configuration entry was not being added.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Fixed issue with specifying linker to use for ns-slapd.
|
|
|
|
| |
Summary: ns-slapd needs to be linked with the C++ compiler on HP-UX.
|
|
|
|
|
|
|
|
|
| |
Bug Description: Solaris build: link shared libs correctly with libtool
Reviewed by: nkinder, prowley (Thanks!)
Fix Description: We have to use the $(CXXLINK) Makefile macro to build shared libs that use C++ code or link with C++ libs. In addition, Sun C++ link needs -lCstd and -lCrun. I added AC_DISABLE_STATIC so that we wouldn't generate all the .a libs we don't use. Lastly, but not leastly, libtool on rhel/fedora has a "feature" that adds several gcc-isms to the libtool script generated by configure. At best, these cause builds with non-gcc compilers to complain quite a bit, and at worst, cause the build to fail. I've added a sed command in configure to remove these gcc-isms from libtool on non-gcc platforms.
Platforms tested: RHEL4, FC6, Solaris 9
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Fixed build flags for compiling with pthread on HP-UX.
|
|
|
|
|
|
|
|
|
| |
Bug Description: FHS: use sysconfdir (/etc) as config file location - allow builders to set dynamic config directory location at configure time
Reviewed by: nhosoi, nkinder, prowley (Thanks!)
Fix Description: I've added a new configure switch: --with-instconfigdir. This switch will allow the user to specify a different location to store the dynamic instance specific config files rather than the default $sysconfdir/$package_name (e.g. /etc/fedora-ds). This is the directory which will contain the slapd-instance directories which contain the instance specific config, schema, and security files. Even though the user could override this with ds_newinst.pl ([slapd] section config_dir), we needed to be able to set the default so that the user would not have to remember to do this every time, and so that packagers could set a reasonable default value for their platform.
Platforms tested: FC6, RHEL4
Flag Day: no
Doc impact: no
|
|
|
|
| |
Summary: Added --enable-bundle option for legacy builds.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Add support for /etc/init scripts
Reviewed by: nkinder (Thanks!)
Fix Description: Add the new initscript. The initscript is called $PACKAGE_NAME which by
default is fedora-ds. This script is created from wrappers/initscript.in,
sed'd by the fixupcmd in Makefile.am during make install. The way it works is
this: service fedora-ds cmd will execute the cmd on all instances (found in
/etc/fedora-ds by default). service fedora-ds cmd instance will execute cmd on
only that instance. So if you have
/etc/fedora-ds/slapd-foo
/etc/fedora-ds/slapd-bar
and you do
service start fedora-ds
it will start up both slapd-foo and slapd-bar. If you do
service start fedora-ds bar
it will start up only slapd-bar. If you do
service start fedora-ds biff
you will get an error message. The initdir is platform specific (e.g.
/etc/rc.d/init.d on linux, /etc/init.d on Solaris) so the
definition was added to the platform dependent section of configure.ac.
The init script is explicitly branded, including the filename. I needed to add
support to the autotool files so that we could change the name of the file.
Since package_name is defined when you use the AC_INIT macro in configure.ac,
we don't need to define it elsewhere (e.g. #define BRAND_DS). So I added the
branding and other information to the autotool files, and changed
create_instance to use package_name instead of brand_ds to be consistent.
Having the package_name defined in much fewer places should make it much easier
to change in the future if necessary.
I also fixed a compiler warning in ldaprot.h.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: Yes. We need to document how to use the initscript, and how to enable startup on boot - chkconfig fedora-ds on
|