| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #62)
Description: providing slapd.inf having the DS static info for the setup/config
|
| |
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Advanced install loops at install sample entries
Reviewed by: nhosoi (Thanks!)
Fix Description: There were a couple of problems. The first problem is that askPopulate is not
a YesNo dialog, it is just a general Input dialog. The second problem is that
askPopulateSetup sets the input buffer size greater than the static buffer used
to hold the input in the Dialog class, which is defined as char _buf[MED_BUF].
So the solution is to set the InputLen to be MED_BUF-1, which allows for the
trailing null as well.
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: upgrade install of ssl enabled servers changes file/dir permisssions from nobody to root
Reviewed by: nhosoi (Thanks!)
Fix Description: The ssloff and sslon operations change several files, by grep/sed to temp
files, then moving the temp files over the original ones. When done as root,
this changes the file ownership to root from the original nobody. In order to
preserve the file/directory ownership, we first figure out the instance, then
use the ownership of that dse.ldif file to determine the server user:group. We
have to do this before the call to SSLOff because SSLOff needs the user:group
to chown the files. Then, every time we create a new file and replace an
existing one, we do a chown $user:$group to preserve the existing file
ownership.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: parameterizing the hardcoded paths (phase 3. installed binaries, change log, setup)
Comment #23
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Can't update scripts (e.g., start-slapd) in the instance directory
Reviewed by: ???
Fix Description: ns-update needs to run ds_create -r for each instance in the server root because the start-slapd et. al. scripts that it needs to recreate are per-instance. The install.inf passed in from setup only contains the information in the [General] and [admin] section. We need to supply the missing information for the [slapd] section to make both create_scripts() and reconfigure_instance() happy.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Description: Enable core DS build
Fix Description:
1) Need to package lib/ldaputil/certmap.conf into shared/config/certmap.conf
in DS build if not using admin server
2) We create shell script wrappers for the sectools (certutil, etc.). This
was being done in the setuputil related code in ldap/cm/newinst. This has
been moved to the more generic ldap/admin/src directory where other similar
scripts live.
Tested on: RHEL4 64
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) picked up the latest components including Cyrus SASL, Perldap, SetupUtil,
and AdminServer
2) fixed the java paths for the internal build.
3) added an option -AA to HP-UX C++ compiler to adjust to SetupUtil build (use
libstd 2)
4) replaced <iostream.h>, <strstream.h> and <fstream.h> with <iostream>,
<strstream>, <fstream> respectively in ldap/cm/newinst/ux-dialog.cc
5) package svrcore and perldap, which were dropped in the current
ldap/cm/Makefile
6) added a perl script genPerlDAPInf.pl to generate perldap.inf file
|
| |
|
|
|
|
|
|
|
| |
. removed the dependency on DBM
. Updated components' RELDATEs.
. Console jar file name adjustment: <brand>-<comp>-<dotversion>.jar
. Fix for HP-UX IPF
. Use non-branded SetupUtil; add resource file to change branding
. Updated the code to call createSIE so that the right brand is passed to SetupUtil.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly. The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib. This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc. I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RHEL4_x86_64_gcc3_OPT.OBJ
The makefiles were assuming that if the string 86 was found in uname -m
it should use x86 for the arch. However, it should only do this if
uname -m is not x86_64. Also, for RHEL/Linux, we do not have to add the
NS64TAG just before the _OPT (or _DBG) since it's already in the arch.
Other platforms continue to use the other naming convention. The
default naming convention for the mozilla components is
Linux2.6_x86_64_glibc_PTH_64_OPT.OBJ. I considered using Wan-Teh's
instructions about source builds, but that would cause many changes to
be made to our makefiles, so I just changed the way we calculate the
mozilla OBJDIR name from the regular OBJDIR name. These changes are
pretty much the same for adminutil, setuputil, adminserver, and ldapserver.
For ldapserver, I had to change nsarch (adminserver changed nsarch in a
different way). I also got rid of the 32 bit specific setup stuff. I
assume this was due to 32 bit NES admin server, so we can get rid of
this for the future, because we will have all native 64 bit apps. I also
went ahead and rolled in the gcc4 changes since they are safe for gcc3
as well.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bug Description: The dsgw cookie directory needs to be writable by the admin server uid
Reviewed by: Nathan (Thanks!)
Fix Description: DS Gateway authentication breaks because the admin server uid cannot write to the bin/slapd/authck directory. This fix makes sure that directory is owned by the correct uid. I've also put a similar fix into the ds spec file %post section to fix this when upgrading from fds10 to fds101.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Fixed to get the adminid from the right place: adminpw
|
| |
|
|
|
| |
1) setup was not using the correct value for the config admin ID during reconfig. The fix is to get the correct uid from the admpw file.
2) It is often difficult to figure out the correct id/url for the admin server when running it for the first time. The fix is for setup to print out the correct command to use so the user can copy/paste it into the terminal. The commands are also saved to setup.log in case they close the terminal window.
|
| |
|
|
| |
tab. The solution is to chown the alias directory to the admin server uid so that the security CGI can create the key/cert dbs in that directory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Fix internal component versions and formats for initial
FDS 1.0 build
Reviewed by: Noriko (Thanks!)
Fix Description: Some of the naming conventions needed to change e.g.
/s/b/c/ldapconsole10ext became /fedora/components/directoryconsole/1.0.
Made the ds onlinehelp docs available to build externally. Perldap has
no zip file anymore, just the dirs we copy over. Adminserver includes
the unzipped directories - we need to fix that eventually, but in the
meantime, I made tar skip those unzipped directories. I also merged
Noriko's fix for the assecure.txt problem in setup into Fedora DS. Noriko also pointed out an unused Makefile variable.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Change ldapserver version to 1.0
Reviewed by: Noriko (Thanks!)
Fix Description: This also fixes some lingering build issues involving
perldap, which is no longer a separate setup package, but just gets
included into DS in a similar manner to nspr, nss, etc.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Reporting the patch generation code to the trunk.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Get rid of nsperl; use perldap with system perl
Reviewed by: Noriko, Rob, Nathan (Thanks!)
Branch: HEAD
Fix Description: All perl scripts are made executable by using the
#!/usr/bin/env perl *nix trick. This means that the correct version of
perl must be in the user's PATH e.g. 5.6.1 or later. This version is
either shipped with the OS or available on all platforms. On HP/ux, it
is available as a depot which is installed in /opt/perl. For CGI perl
scripts, the PATH can be set in the admserv.conf, so we may have to do
that for HP/ux. To make perldap work, some ugly hacks are involved.
Each perl script that uses perldap has a BEGIN section that figures out
where it is in the server root, sets a server root variable, and sets
LD_LIBRARY_PATH and SHLIB_PATH to point to serverroot/shared/lib.
Perldap will be installed under serverroot/lib/perl. This directory
will have 3 subdirectories: arch - containing the binary files; auto -
containing autoloaded perl modules; and Mozilla - containing the base
perldap .pm files. The BEGIN section also sets the perl INC path to
find those modules. The directory gets rid of nsperl plus a lot of old
crufty perl building code that we do not use anymore. Those are the
removed files. The admin server code also gets rid of the perl.c wrapper.
Noriko pointed out that this does not take care of upgrade install, so I
added several more files and diffs to take care of that case.
Basically, go through the tasks in o=netscaperoot and replace
perl?scriptname with just scriptname. Also, go through all of the
template generated scripts and replace the shebang line with
#!/usr/bin/env perl, and make sure they are chmod +x. I also found a
few more places that referenced nsperl and removed them.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Ported the patch making code from Directory71RtmBranch to the trunk.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Build Cleanup - open source AS, other components;
remove Fortezza; etc.
Reviewed by: Noriko, Nathan, Rob C. (Thanks!)
Fix Description: This allows us to build DS entirely outside of the
firewall with entirely open source components, including setuputil,
adminutil, adminserver, and java components. I still need to address
some issues around nsperl, perldap, dsmlgw, xmltools, and general ease
of build. This also gets rid of the crufty Fortezza build stuff and
addresses some other minor build issues.
Platforms tested: RHEL4
Flag Day: yes, but the internal builds should not be affected
Doc impact: wiki
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Ported the patch making code to the trunk.
|
| |
|
|
| |
if the instance dir exists, run ns-config with "-r".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Use all open source components
Reviewed by: Noriko (Thanks!)
Fix Description: This changes the DS 72 build to pick up the new Admin
Server open source candidate (using Apache, modules, etc), and the new
adminutil and setuputil components. The code has been changed to
reflect the new naming (adminsdk -> adminutil, setupsdk -> setuputil)
and new versions of these components (7.1) and new /s/b/c disk layout
where applicable. We don't really get very much from the admin server
anymore, just the admin and base packages. All of the other setup stuff
(setup, setup.inf, svrcore, etc.) come directly from the setuputil package.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
FIX: cd to the SERVER ROOT, first.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: RPM install: A suffix must be a valid DN
Reviewed by: Noriko (Thanks!)
Fix Description: Rob found that the setup script did not work on his box. It seems that there is no canonical way to get the FQDN. So, this fix uses various different ways - hostname, hostname -f, hostname -a, and host `hostname` - and just uses the longest one, assuming it is the FQDN.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Security package requests from Cert Team
Reviewed by: Nathan (Thanks!)
Fix Description: Exclude the nssckbi file from shared32/lib; Create the shell script wrappers for shlibsign and shared32 modutil.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: RPM setup should prompt for install mode
Reviewed by: Nathan (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Added a new shell function ask123 to ask the user for the install mode. Use the -m mode argument to ns-config.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
path
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: RPM install: A suffix must be a valid DN
Reviewed by: Nathan (Thanks!)
Fix Description: Try to get the FQDN for the default. If nothing else, use localhost.localdomain
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: New setup script displays wrong location if installing in non-default path
Reviewed by: Nathan (Thanks!)
Fix Description: Matt showed me a better way to get the prefix. These diffs also allow setup to be run from any directory so you don't have to cd serverroot to run it. I added uninstall support. uninstall is run in a preun script. I added initial support for doing multi platform builds in the same root.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
2) make sure the .chk files are there
3) fix secmod.db on 64 bit platforms to have the 32 bit nssckbi in there
|
| |
|
|
|
|
|
|
|
|
| |
1) Brandx -> Fedora
2) Pick up new internal component set (Admin SDK, Setup SDK, Admin Server)
3) Use JRE from the Admin Server package
4) Docs
a) Componentize Docs
b) Rebrand Docs
c) Drop packaging Administration Guide in the external version
|
| | |
|
| |
|
|
| |
strlen, removing some dead code, other odds and ends.
|
| |
|
|
| |
warnings on Linux; remove pam_passthru from DS 7.1
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
MCOM_ROOT and NSROOT; BUILD_ROOT is now the ldapserver directory rather than its parent
|
|
|
(foxworth)
|
