| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #62)
Description: providing slapd.inf having the DS static info for the setup/config
|
| |
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
| | |
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro NS_DS (Comment #2, #3)
|
| |
|
|
|
|
| |
FC 6 does not have /usr/include/linux/sys.h. The two files in the diff below include it, but I'm not sure why. If you look at the file on an earlier system, it appears that there is nothing in it. All it seems to do is define NR_syscalls, which is not used anywhere in any include file that I can find, nor in any ds code. So I propose changing the code not to include this file.
2) Change version to 1.0.4
I already got the other files, except for ldap/cm/Makefile
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Advanced install loops at install sample entries
Reviewed by: nhosoi (Thanks!)
Fix Description: There were a couple of problems. The first problem is that askPopulate is not
a YesNo dialog, it is just a general Input dialog. The second problem is that
askPopulateSetup sets the input buffer size greater than the static buffer used
to hold the input in the Dialog class, which is defined as char _buf[MED_BUF].
So the solution is to set the InputLen to be MED_BUF-1, which allows for the
trailing null as well.
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: upgrade install of ssl enabled servers changes file/dir permisssions from nobody to root
Reviewed by: nhosoi (Thanks!)
Fix Description: The ssloff and sslon operations change several files, by grep/sed to temp
files, then moving the temp files over the original ones. When done as root,
this changes the file ownership to root from the original nobody. In order to
preserve the file/directory ownership, we first figure out the instance, then
use the ownership of that dse.ldif file to determine the server user:group. We
have to do this before the call to SSLOff because SSLOff needs the user:group
to chown the files. Then, every time we create a new file and replace an
existing one, we do a chown $user:$group to preserve the existing file
ownership.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
ld.so.1: ns-slapd: fatal: libns-dshttpd72.so: open failed: No such file or directory
|
| | |
|
| |
|
|
|
| |
Summary: parameterizing the hardcoded paths (phase 3. installed binaries, change log, setup)
Comment #23
|
| |
|
|
|
|
|
| |
enable rpmbuild,
I inadvertantly removed the packaging for ds-nshttpd from the gateway. This adds it back
for USE_DSGW=1 builds.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Can't update scripts (e.g., start-slapd) in the instance directory
Reviewed by: ???
Fix Description: ns-update needs to run ds_create -r for each instance in the server root because the start-slapd et. al. scripts that it needs to recreate are per-instance. The install.inf passed in from setup only contains the information in the [General] and [admin] section. We need to supply the missing information for the [slapd] section to make both create_scripts() and reconfigure_instance() happy.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Change version to 1.0.3
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: Update version strings and etc. to 1.0.3
Platforms tested: FC5
Flag Day: no
Doc impact: no
|
| |
|
|
| |
phase 1. parameterizing config, schema and ldif directory
|
| |
|
|
|
|
|
|
| |
Description: Enable rpmbuild of directory server
Fix Description: RELDIR is not defined in lib/ldaputil/Makefile, so just
remove the certmap.conf packaging from there and add it to ldap/cm/Makefile
The perldap packaging has changed for internal builds as well.
Tested on: Solaris
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Enable rpmbuild of directory server
Fix Description: You can set env. vars. to override all of the LIB and INCLUDE paths with the
make -e flag. I moved all of the external component packaging stuff into the
packageDirectory target of ldap/cm/Makefile, and moved the "packaging" of the
internal files into the releaseDirectory target. So the releaseDirectory
target will now copy all of the ldapserver binaries and runtime files into
their correct places under RELDIR, which is then used to create the rpm. There
were a couple of other places that needed to change the way a particular file
was packaged in order ot make sure it was packaged in the core ds and not as an
external component.
Tested on: RHEL4
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Description: Enable core DS build
Fix Description:
1) Need to package lib/ldaputil/certmap.conf into shared/config/certmap.conf
in DS build if not using admin server
2) We create shell script wrappers for the sectools (certutil, etc.). This
was being done in the setuputil related code in ldap/cm/newinst. This has
been moved to the more generic ldap/admin/src directory where other similar
scripts live.
Tested on: RHEL4 64
|
| | |
|
| |
|
|
|
| |
Description: Enable DS Core build/install on Solaris
Fix Description: Make BUILD_JAVA_CODE default to 0; use CGI::Util::escape instead of URI::Escape because the former is available on all of our platforms
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Enable core DS build
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: I turned off all of the other components in the build,
such as adminserver, setuputil, clients, etc. and enabled the packaging
step when building just the core DS. Now, when you build just the core
DS, you get a slapd.tar.gz which you unpack in the server root you
create e.g. mkdir /opt/rhds ; cd /opt/rhds ; tar xfz slapd.tar.gz
In order to create an instance, you have to use the ds_newinst.pl script
as described here -
http://directory.fedora.redhat.com/wiki/Install_Guide#Installing_just_the_core_directory_server
I also got rid of several references to adminutil that are not needed
anymore.
Platforms tested: RHEL4 64
Flag Day: Yes. In order to build the full setuputil/adminserver
package, you must specify USE_SETUPUTIL=1 USE_ADMINSERVER=1 etc. on the
make/gmake command line.
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: I need to change the acceptance tests to
be able to test just the core DS package.
|
| | |
|
| |
|
|
| |
Package 32-bit LDAPSDK, NSPR, and NSS libraries in shared32/lib for perldap (Solaris and PA-RISC only).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) picked up the latest components including Cyrus SASL, Perldap, SetupUtil,
and AdminServer
2) fixed the java paths for the internal build.
3) added an option -AA to HP-UX C++ compiler to adjust to SetupUtil build (use
libstd 2)
4) replaced <iostream.h>, <strstream.h> and <fstream.h> with <iostream>,
<strstream>, <fstream> respectively in ldap/cm/newinst/ux-dialog.cc
5) package svrcore and perldap, which were dropped in the current
ldap/cm/Makefile
6) added a perl script genPerlDAPInf.pl to generate perldap.inf file
|
| |
|
|
| |
were missing from the tar-gz package file.
|
| |
|
|
|
|
|
|
|
| |
. removed the dependency on DBM
. Updated components' RELDATEs.
. Console jar file name adjustment: <brand>-<comp>-<dotversion>.jar
. Fix for HP-UX IPF
. Use non-branded SetupUtil; add resource file to change branding
. Updated the code to call createSIE so that the right brand is passed to SetupUtil.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly. The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib. This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc. I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
| |
RPM post install adds a new patch to fix the httpd module load order, removes
the console patch
Tell the user to run setup/setup after upgrade installation.
|
| |
|
|
| |
NSS 3.11 introduces a new library (libfreebl3.so) that is loaded as part of NSS initialization. With Fedora DS 1.0, we moved NSS initialization to occur after the setuid from root to the runtime uid so that the files created during NSS init would have the correct ownership. However, the bin/slapd/server directory is set to 0700 meaning no execute permission for the runtime uid. The OS requires this directory to be 711 to allow the slapd process to load in the shared libraries needed by NSS. We use 711 to disallow reading in this directory because if slapd crashes shortly after startup, a core file may go in this directory which may contain secret information.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RHEL4_x86_64_gcc3_OPT.OBJ
The makefiles were assuming that if the string 86 was found in uname -m
it should use x86 for the arch. However, it should only do this if
uname -m is not x86_64. Also, for RHEL/Linux, we do not have to add the
NS64TAG just before the _OPT (or _DBG) since it's already in the arch.
Other platforms continue to use the other naming convention. The
default naming convention for the mozilla components is
Linux2.6_x86_64_glibc_PTH_64_OPT.OBJ. I considered using Wan-Teh's
instructions about source builds, but that would cause many changes to
be made to our makefiles, so I just changed the way we calculate the
mozilla OBJDIR name from the regular OBJDIR name. These changes are
pretty much the same for adminutil, setuputil, adminserver, and ldapserver.
For ldapserver, I had to change nsarch (adminserver changed nsarch in a
different way). I also got rid of the 32 bit specific setup stuff. I
assume this was due to 32 bit NES admin server, so we can get rid of
this for the future, because we will have all native 64 bit apps. I also
went ahead and rolled in the gcc4 changes since they are safe for gcc3
as well.
|
| |
|
|
|
| |
and more on Solaris and HP-UX.
Use setup.inf from admin server, and make sure the admin component is in there.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: DSMLGW code uses non-standard sun.misc.Base64Encoder
Reviewed by: The team (Thanks!)
Fix Description: Added jakarta-commons-codec.jar to the DS build and
packaging. We will need to add this file to the bundle of dsmlgw jar
files on /share/builds/components.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bug Description: The dsgw cookie directory needs to be writable by the admin server uid
Reviewed by: Nathan (Thanks!)
Fix Description: DS Gateway authentication breaks because the admin server uid cannot write to the bin/slapd/authck directory. This fix makes sure that directory is owned by the correct uid. I've also put a similar fix into the ds spec file %post section to fix this when upgrading from fds10 to fds101.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
| |
Fixed to get the adminid from the right place: adminpw
|
| |
|
|
|
| |
1) setup was not using the correct value for the config admin ID during reconfig. The fix is to get the correct uid from the admpw file.
2) It is often difficult to figure out the correct id/url for the admin server when running it for the first time. The fix is for setup to print out the correct command to use so the user can copy/paste it into the terminal. The commands are also saved to setup.log in case they close the terminal window.
|
| |
|
|
| |
tab. The solution is to chown the alias directory to the admin server uid so that the security CGI can create the key/cert dbs in that directory.
|
| |
|
|
| |
generally compatible, they are compatible for this specific case
|
| |
|
|
|
|
| |
Fix: Put the dsml gateway and command line jar files in a package called
extjava.tar.gz so that users can choose to deploy these separately if they
want dsml functionality.
|
| |
|
|
|
|
|
| |
i1) For non-RHEL platforms, package cyrus sasl library and the supported plugins.
2) by default, cyrus sasl expects to see the plugins in /usr/lib/sasl2.
Instead, tell sasl to search "../../../lib/sasl2" (relative path from ns-slapd)
for the plugins.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Allow ldapserver rpm to be made externally
Reviewed by: Noriko (Thanks!)
Fix Description: Just use a simple sed command to replace the tokens in
the spec.tmpl file. Just assume Fedora branding for this. For some
reason, on FC4, the setup -b step does not work unless I added a second
echo yes to the command. The tar command used by the rpmbuild step must
have all of the command line arguments before the directory to tar. I
moved some things around to make the rpm build process more dsbuild
friendly.
Platforms tested: FC4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Fix internal component versions and formats for initial
FDS 1.0 build
Reviewed by: Noriko (Thanks!)
Fix Description: Some of the naming conventions needed to change e.g.
/s/b/c/ldapconsole10ext became /fedora/components/directoryconsole/1.0.
Made the ds onlinehelp docs available to build externally. Perldap has
no zip file anymore, just the dirs we copy over. Adminserver includes
the unzipped directories - we need to fix that eventually, but in the
meantime, I made tar skip those unzipped directories. I also merged
Noriko's fix for the assecure.txt problem in setup into Fedora DS. Noriko also pointed out an unused Makefile variable.
Platforms tested: RHEL3
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Change ldapserver version to 1.0
Reviewed by: Noriko (Thanks!)
Fix Description: This also fixes some lingering build issues involving
perldap, which is no longer a separate setup package, but just gets
included into DS in a similar manner to nspr, nss, etc.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: parameterize ldapjdk and crimson jar locations
Reviewed by: Noriko, Nathan (Thanks!)
Fix Description: This is also needed for GAR. The xmltools also
ldapjdk.jar, and needs crimson.jar. DSMLGW does not need crimson.jar.
It makes sense to separate these out of the dsmlgw jars. I changed the
dsmlgw build.xml to be able to pickup ldapjdk.jar from a different
location - defaults to the usual dist/classes.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Bug(s) fixed: 172005
Bug Description: Change ldapserver version to 1.0
Reviewed by: Noriko (Thanks!)
Fix Description: This also fixes some lingering build issues involving
perldap, which is no longer a separate setup package, but just gets
included into DS in a similar manner to nspr, nss, etc.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Allow DSMLGW to build with GAR build scripts
Reviewed by: nhosoi@redhat.com (Thanks!)
Fix Description: Add a new macro DSMLGWJARS_BUILD_DIR which defaults to
dist/classes for internal builds. For external builds, the developer
can grab these jars from their respective locations, or grab the bundle
from the fds download site, which is what the GAR builds will do. The
location is then passed in on the make command line as
DSMLGWJARS_BUILD_DIR=/path/to/dsmlgwjars. Regular internal builds
should continue to work as always.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Reporting the patch generation code to the trunk.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Get rid of nsperl; use perldap with system perl
Reviewed by: Noriko, Rob, Nathan (Thanks!)
Branch: HEAD
Fix Description: All perl scripts are made executable by using the
#!/usr/bin/env perl *nix trick. This means that the correct version of
perl must be in the user's PATH e.g. 5.6.1 or later. This version is
either shipped with the OS or available on all platforms. On HP/ux, it
is available as a depot which is installed in /opt/perl. For CGI perl
scripts, the PATH can be set in the admserv.conf, so we may have to do
that for HP/ux. To make perldap work, some ugly hacks are involved.
Each perl script that uses perldap has a BEGIN section that figures out
where it is in the server root, sets a server root variable, and sets
LD_LIBRARY_PATH and SHLIB_PATH to point to serverroot/shared/lib.
Perldap will be installed under serverroot/lib/perl. This directory
will have 3 subdirectories: arch - containing the binary files; auto -
containing autoloaded perl modules; and Mozilla - containing the base
perldap .pm files. The BEGIN section also sets the perl INC path to
find those modules. The directory gets rid of nsperl plus a lot of old
crufty perl building code that we do not use anymore. Those are the
removed files. The admin server code also gets rid of the perl.c wrapper.
Noriko pointed out that this does not take care of upgrade install, so I
added several more files and diffs to take care of that case.
Basically, go through the tasks in o=netscaperoot and replace
perl?scriptname with just scriptname. Also, go through all of the
template generated scripts and replace the shebang line with
#!/usr/bin/env perl, and make sure they are chmod +x. I also found a
few more places that referenced nsperl and removed them.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
