From rmeggins at redhat.com Tue May 8 17:56:22 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 May 2007 11:56:22 -0600 Subject: [Fedora-directory-devel] Please review: Bug 239475: adminutil: Several admin server related bugs Message-ID: <4640B9C6.4080600@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239475 Resolves: bug 239475 Bug Description: adminutil: Several admin server related bugs Reviewed by: ??? Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154347 Branch: HEAD Fix Description: 1) Create non-ssl and ssl function to find the SIE DN given the SIE ID. Change pset code to use these new functions 2) Change the ADMSSL_Init* routines to accept a force parameter. If this parameter is true, force NSS_Initialize even if the adminutil is not configured for SSL. Changed code that uses ADMSSL_Init* to use this new parameter. 3) The pset node removal code needed to set the node->left or ->right to NULL only after freeing it. Fortunately this function is hardly used at all. 4) free memory after use 5) Make sure the buffer is correctly null terminated. Also, clean up a small memory leak. 6) Fixed memory leaks. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154348&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue May 8 20:58:55 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 08 May 2007 14:58:55 -0600 Subject: [Fedora-directory-devel] Please review: Bug 239494: setuputil: use adm.conf instead of dbswitch.conf, ldap.conf, etc Message-ID: <4640E48F.6080307@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239494 Resolves: bug 239494 Bug Description: setuputil: use adm.conf instead of dbswitch.conf, ldap.conf, etc Reviewed by: ??? Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154360 Branch: HEAD Fix Description: Just use adm.conf for the information we used to get from dbswitch.conf, ldap.conf, and so on. We will need to change admin server installation to update the correct information in those files. I also changed many of the functions that accept a server root parameter to accept instead the full path of the directory containing the configuration file. Platforms tested: RHEL4 Flag Day: no Doc impact: Yes. We will have to doc that those other files are no longer used. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154361&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Wed May 9 13:47:54 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Wed, 09 May 2007 23:47:54 +1000 Subject: [Fedora-directory-devel] [PATCH] Allow replication in 00core.ldif In-Reply-To: <1177687456.10493.45.camel@localhost.localdomain> References: <1177687456.10493.45.camel@localhost.localdomain> Message-ID: <1178718474.13537.45.camel@localhost.localdomain> On Fri, 2007-04-27 at 17:24 +0200, Andrew Bartlett wrote: > I've been playing with Fedora DS replication and Samba, and have been > making good progress. > > See http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS for > the evolving set of instructions (should get better over the next week). > > I need this patch applied (and possibly the bitwise patch too) to get > the replication working. > > I also had to hack up mmr.pl to take a port, and not assume 389 I've updated the wiki, and I would like some feedback. I've not yet retested the procedure here, but I wondered if (at a glance) this could be made simpler? Is there anything I can cut out? Can parts of the Fedora DS configuration itself be replicated across the replication protocol, or at least can I use the initial_ldif to set things up? It didn't seem to apply to dse.ldif. Should we have a way to specify to ds_newinst.pl that only the very base schema is to be loaded? Then I think I could add the Samba schema directly with LDAP, and avoid having to copy that too. Thoughts? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From kmacmill at redhat.com Wed May 9 18:11:24 2007 From: kmacmill at redhat.com (Karl MacMillan) Date: Wed, 09 May 2007 14:11:24 -0400 Subject: [Fedora-directory-devel] SELinux and directory server Message-ID: <1178734284.19377.46.camel@localhost.localdomain> The page http://directory.fedoraproject.org/wiki/Install_Guide suggests putting selinux into permissive mode. Why? I've not seen any problems running the directory server under enforcing (either fedora-ds-base from extras or the full install). It's not a great idea for on Fedora security technology to suggest disabling another . . . Karl From rcritten at redhat.com Wed May 9 18:16:06 2007 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 09 May 2007 14:16:06 -0400 Subject: [Fedora-directory-devel] SELinux and directory server In-Reply-To: <1178734284.19377.46.camel@localhost.localdomain> References: <1178734284.19377.46.camel@localhost.localdomain> Message-ID: <46420FE6.4010804@redhat.com> Karl MacMillan wrote: > The page http://directory.fedoraproject.org/wiki/Install_Guide suggests > putting selinux into permissive mode. Why? I've not seen any problems > running the directory server under enforcing (either fedora-ds-base from > extras or the full install). Without looking I suspect it is because the newer packages fit into the filesystem better so are probably covered by existing SELinux rules. When it was installed in /opt/fedora-ds alone there was no security context covering it. It probably heavily depends on which release you're installing it onto as well. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From kmacmill at redhat.com Wed May 9 18:20:14 2007 From: kmacmill at redhat.com (Karl MacMillan) Date: Wed, 09 May 2007 14:20:14 -0400 Subject: [Fedora-directory-devel] SELinux and directory server In-Reply-To: <46420FE6.4010804@redhat.com> References: <1178734284.19377.46.camel@localhost.localdomain> <46420FE6.4010804@redhat.com> Message-ID: <1178734814.19377.51.camel@localhost.localdomain> On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote: > Karl MacMillan wrote: > > The page http://directory.fedoraproject.org/wiki/Install_Guide suggests > > putting selinux into permissive mode. Why? I've not seen any problems > > running the directory server under enforcing (either fedora-ds-base from > > extras or the full install). > > Without looking I suspect it is because the newer packages fit into the > filesystem better so are probably covered by existing SELinux rules. > When it was installed in /opt/fedora-ds alone there was no security > context covering it. > Installing into /opt of a recent rawhide showed no problems. Even if it was a problem it would have been a _very_ easy fix either in the policy package or the directory server packages. > It probably heavily depends on which release you're installing it onto > as well. > I think that we need to work to resolve any issues and remove that suggestion. At the very least it needs to specify specific OS and directory server releases. That blanket statement is very harmful and unnecessary. I'll be happy to help you resolve any issues - just give me the specific problems that you are seeing. Karl From rmeggins at redhat.com Wed May 9 18:39:11 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 May 2007 12:39:11 -0600 Subject: [Fedora-directory-devel] SELinux and directory server In-Reply-To: <1178734814.19377.51.camel@localhost.localdomain> References: <1178734284.19377.46.camel@localhost.localdomain> <46420FE6.4010804@redhat.com> <1178734814.19377.51.camel@localhost.localdomain> Message-ID: <4642154F.10808@redhat.com> Karl MacMillan wrote: > On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote: > >> Karl MacMillan wrote: >> >>> The page http://directory.fedoraproject.org/wiki/Install_Guide suggests >>> putting selinux into permissive mode. Why? I've not seen any problems >>> running the directory server under enforcing (either fedora-ds-base from >>> extras or the full install). >>> >> Without looking I suspect it is because the newer packages fit into the >> filesystem better so are probably covered by existing SELinux rules. >> When it was installed in /opt/fedora-ds alone there was no security >> context covering it. >> >> > > Installing into /opt of a recent rawhide showed no problems. Even if it > was a problem it would have been a _very_ easy fix either in the policy > package or the directory server packages. > Try RHEL4. I know Dan Walsh did a lot of work to write SELinux policies for DS in FC5 or 6, which are also in rawhide. > >> It probably heavily depends on which release you're installing it onto >> as well. >> >> > > I think that we need to work to resolve any issues and remove that > suggestion. At the very least it needs to specify specific OS and > directory server releases. > Definitely. > That blanket statement is very harmful and unnecessary. > > I'll be happy to help you resolve any issues - just give me the specific > problems that you are seeing. > > Karl > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From kmacmill at redhat.com Wed May 9 19:50:44 2007 From: kmacmill at redhat.com (Karl MacMillan) Date: Wed, 09 May 2007 15:50:44 -0400 Subject: [Fedora-directory-devel] SELinux and directory server In-Reply-To: <4642154F.10808@redhat.com> References: <1178734284.19377.46.camel@localhost.localdomain> <46420FE6.4010804@redhat.com> <1178734814.19377.51.camel@localhost.localdomain> <4642154F.10808@redhat.com> Message-ID: <1178740244.2951.22.camel@localhost.localdomain> On Wed, 2007-05-09 at 12:39 -0600, Richard Megginson wrote: > Karl MacMillan wrote: > > On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote: > > > >> Karl MacMillan wrote: > >> > >>> The page http://directory.fedoraproject.org/wiki/Install_Guide suggests > >>> putting selinux into permissive mode. Why? I've not seen any problems > >>> running the directory server under enforcing (either fedora-ds-base from > >>> extras or the full install). > >>> > >> Without looking I suspect it is because the newer packages fit into the > >> filesystem better so are probably covered by existing SELinux rules. > >> When it was installed in /opt/fedora-ds alone there was no security > >> context covering it. > >> > >> > > > > Installing into /opt of a recent rawhide showed no problems. Even if it > > was a problem it would have been a _very_ easy fix either in the policy > > package or the directory server packages. > > > Try RHEL4. I know Dan Walsh did a lot of work to write SELinux policies > for DS in FC5 or 6, which are also in rawhide. Do you have a test environment on RHEL 4 I can access - I don't have one quickly available. Thanks - Karl > > > >> It probably heavily depends on which release you're installing it onto > >> as well. > >> > >> > > > > I think that we need to work to resolve any issues and remove that > > suggestion. At the very least it needs to specify specific OS and > > directory server releases. > > > Definitely. > > That blanket statement is very harmful and unnecessary. > > > > I'll be happy to help you resolve any issues - just give me the specific > > problems that you are seeing. > > > > Karl > > > > -- > > Fedora-directory-devel mailing list > > Fedora-directory-devel at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel From rmeggins at redhat.com Wed May 9 22:02:33 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 09 May 2007 16:02:33 -0600 Subject: [Fedora-directory-devel] [PATCH] Allow replication in 00core.ldif In-Reply-To: <1178718474.13537.45.camel@localhost.localdomain> References: <1177687456.10493.45.camel@localhost.localdomain> <1178718474.13537.45.camel@localhost.localdomain> Message-ID: <464244F9.60001@redhat.com> Andrew Bartlett wrote: > On Fri, 2007-04-27 at 17:24 +0200, Andrew Bartlett wrote: > >> I've been playing with Fedora DS replication and Samba, and have been >> making good progress. >> >> See http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS for >> the evolving set of instructions (should get better over the next week). >> >> I need this patch applied (and possibly the bitwise patch too) to get >> the replication working. >> >> I also had to hack up mmr.pl to take a port, and not assume 389 >> > > I've updated the wiki, and I would like some feedback. I've not yet > retested the procedure here, but I wondered if (at a glance) this could > be made simpler? Is there anything I can cut out? > The list of packages on FC7 - you also need svrcore-devel, mozldap-devel, and posssibly perl-Mozilla-LDAP and mozldap-tools For the bitwise patch - is there a bug for this already? Maybe we should just commit the bitwise plugin to fedora ds. For the schema - you could just remove all unnecessary schema files from $prefix/etc/fedora-ds/schema. ds_newinst.pl copies all of those files to the new instance directory, so if you don't want them, you could just remove them from there. > Can parts of the Fedora DS configuration itself be replicated across the > replication protocol, No. Only schema added over LDAP. > or at least can I use the initial_ldif to set > things up? I'm not sure what you mean. Do you mean fds-extra.ldif? > It didn't seem to apply to dse.ldif. > I'm not sure what you mean. > Should we have a way to specify to ds_newinst.pl that only the very base > schema is to be loaded? Then I think I could add the Samba schema > directly with LDAP, and avoid having to copy that too. > Sure. It would probably be a nice option to have. > Thoughts? > > Andrew Bartlett > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Thu May 10 01:40:24 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 10 May 2007 11:40:24 +1000 Subject: [Fedora-directory-devel] Can we have 'devel' and 1.1beta versions in bugzilla? Message-ID: <1178761224.3408.4.camel@localhost.localdomain> I seem to have to file bugs against 1.0.x versions of Fedora DS, when they apply to current CVS. There isn't a great flood of bugs, but perhaps someone with appropriate rights add some versions. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From eugeniacandida at gmail.com Thu May 10 16:02:51 2007 From: eugeniacandida at gmail.com (Eugenia Candida Oliveira de Moura) Date: Thu, 10 May 2007 13:02:51 -0300 Subject: [Fedora-directory-devel] [Fedora Directory Server] Replacing an attributeTypes in cn: schema Message-ID: <4503404b0705100902u4497d660u3876ff441c75192c@mail.gmail.com> Hi, I need to make a replace of one objectClasses in schema, but he is giving error trying to add ldif below: dn: cn=schema changetype: modify replace: objectclasses objectclasses: (2.16.840.1.113730.3.2.10006 "objectoTeste" NAME DESC "first test" SUP top MUST cn MAY) Error: ldap_modify: additional info: objectClasses: Replace is not allowed on the subschema subentry How correct this error? Replace in an objectClasses of cn:schema is possivel really to make one. Thanks, Eug?nia. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Thu May 10 16:20:55 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 May 2007 10:20:55 -0600 Subject: [Fedora-directory-devel] [Fedora Directory Server] Replacing an attributeTypes in cn: schema In-Reply-To: <4503404b0705100902u4497d660u3876ff441c75192c@mail.gmail.com> References: <4503404b0705100902u4497d660u3876ff441c75192c@mail.gmail.com> Message-ID: <46434667.7090003@redhat.com> Eugenia Candida Oliveira de Moura wrote: > Hi, > > I need to make a replace of one objectClasses in schema, but he is > giving error trying to add ldif below: > dn: cn=schema > changetype: modify > replace: objectclasses > objectclasses: (2.16.840.1.113730.3.2.10006 "objectoTeste" NAME DESC > "first test" SUP top MUST cn MAY) This command means that you want to replace all objectclasses in the server with this one value. The server will now allow that. You need to use add instead of replace. > > Error: ldap_modify: additional info: objectClasses: Replace is not > allowed on the subschema subentry > > How correct this error? Replace in an objectClasses of cn:schema is > possivel really to make one. > > Thanks, > Eug?nia. > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu May 10 16:23:47 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 May 2007 10:23:47 -0600 Subject: [Fedora-directory-devel] [Fedora Directory Server] Replacing an attributeTypes in cn: schema In-Reply-To: <46434667.7090003@redhat.com> References: <4503404b0705100902u4497d660u3876ff441c75192c@mail.gmail.com> <46434667.7090003@redhat.com> Message-ID: <46434713.7030904@redhat.com> Richard Megginson wrote: > Eugenia Candida Oliveira de Moura wrote: >> Hi, >> >> I need to make a replace of one objectClasses in schema, but he is >> giving error trying to add ldif below: >> dn: cn=schema >> changetype: modify >> replace: objectclasses >> objectclasses: (2.16.840.1.113730.3.2.10006 "objectoTeste" NAME DESC >> "first test" SUP top MUST cn MAY) > This command means that you want to replace all objectclasses in the > server with this one value. The server will now s/now/not/ - "the server will not allow that" > allow that. You need to use add instead of replace. >> >> Error: ldap_modify: additional info: objectClasses: Replace is not >> allowed on the subschema subentry >> >> How correct this error? Replace in an objectClasses of cn:schema is >> possivel really to make one. >> >> Thanks, >> Eug?nia. >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-devel mailing list >> Fedora-directory-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu May 10 17:56:41 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 10 May 2007 11:56:41 -0600 Subject: [Fedora-directory-devel] Can we have 'devel' and 1.1beta versions in bugzilla? In-Reply-To: <1178761224.3408.4.camel@localhost.localdomain> References: <1178761224.3408.4.camel@localhost.localdomain> Message-ID: <46435CD9.7050001@redhat.com> Andrew Bartlett wrote: > I seem to have to file bugs against 1.0.x versions of Fedora DS, when > they apply to current CVS. There isn't a great flood of bugs, but > perhaps someone with appropriate rights add some versions. > Done. I added both 1.1.0beta (which is the current 'devel' version) and 1.1.0. > Andrew Bartlett > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Fri May 11 07:03:08 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Fri, 11 May 2007 17:03:08 +1000 Subject: [Fedora-directory-devel] [PATCH] Allow replication in 00core.ldif In-Reply-To: <464244F9.60001@redhat.com> References: <1177687456.10493.45.camel@localhost.localdomain> <1178718474.13537.45.camel@localhost.localdomain> <464244F9.60001@redhat.com> Message-ID: <1178866989.3408.60.camel@localhost.localdomain> On Wed, 2007-05-09 at 16:02 -0600, Richard Megginson wrote: > Andrew Bartlett wrote: > > On Fri, 2007-04-27 at 17:24 +0200, Andrew Bartlett wrote: > > > >> I've been playing with Fedora DS replication and Samba, and have been > >> making good progress. > >> > >> See http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS for > >> the evolving set of instructions (should get better over the next week). > >> > >> I need this patch applied (and possibly the bitwise patch too) to get > >> the replication working. > >> > >> I also had to hack up mmr.pl to take a port, and not assume 389 > >> > > > > I've updated the wiki, and I would like some feedback. I've not yet > > retested the procedure here, but I wondered if (at a glance) this could > > be made simpler? Is there anything I can cut out? > > > The list of packages on FC7 - you also need svrcore-devel, > mozldap-devel, and posssibly perl-Mozilla-LDAP and mozldap-tools Thanks, I'll update the list. > For the bitwise patch - is there a bug for this already? Maybe we > should just commit the bitwise plugin to fedora ds. I've just filed a bug for you, #239764. > For the schema - you could just remove all unnecessary schema files from > $prefix/etc/fedora-ds/schema. ds_newinst.pl copies all of those files > to the new instance directory, so if you don't want them, you could just > remove them from there. I would rather not do that. > > Can parts of the Fedora DS configuration itself be replicated across the > > replication protocol, > No. Only schema added over LDAP. > > or at least can I use the initial_ldif to set > > things up? > I'm not sure what you mean. Do you mean fds-extra.ldif? > > It didn't seem to apply to dse.ldif. > > > I'm not sure what you mean. I re-read the docs, and the InstallLdif command only applies to the data partition, not any configuration. > > Should we have a way to specify to ds_newinst.pl that only the very base > > schema is to be loaded? Then I think I could add the Samba schema > > directly with LDAP, and avoid having to copy that too. > > > Sure. It would probably be a nice option to have. Filed as #239765 Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From abartlet at samba.org Mon May 14 06:02:21 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Mon, 14 May 2007 16:02:21 +1000 Subject: [Fedora-directory-devel] Please review: Bug #239764: bitwise plugin for FDS Message-ID: <1179122541.3997.17.camel@thinker> (I hope I'm getting this right...) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239764 Resolves: bug #239764 Bug Description: bitwise plugin for FDS Reviewed by: nhosoi Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154518&action=view Branch: HEAD Fix Description: Implement bitwise extended match operations, as required by Samba4 (to match AD expectations). Platforms tested: Fedora Core 5/6 (with Samba4 as testing client) Flag Day: no Doc impact: no Many thanks to Pete for digging up this plugin interface and example in the first place, and to Rich for cleaning my plugin up into a working state. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From abartlet at samba.org Mon May 21 02:46:43 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Mon, 21 May 2007 12:46:43 +1000 Subject: [Fedora-directory-devel] cleaning up FILE_PATHSEP? Message-ID: <1179715603.12583.61.camel@localhost.localdomain> I recently began work on bug 239765, and came across the wonder of FILE_PATHSEP: #ifdef XP_UNIX #define FILE_PATHSEP '/' #define FILE_PATHSEPP "/" #define FILE_PARENT "../" #define WSACleanup() #elif defined(XP_WIN32) #define FILE_PATHSEP '/' #define FILE_PATHSEPP "\\\\" #define FILE_PARENT "..\\" #endif /* XP_WIN32 */ Firstly, what little I knew about windows file handling told me that we could, at least on the supply side, use a unix /. Indeed, I noted that much of create_instance does exactly that *and* passes in FILE_PATHSEP via %c. If we needed FILE_PATHSEP, then this would already be a problem: /* generate /slapd-collations.conf */ PR_snprintf(src, sizeof(src), "%s%c%s%c/config/%s-collations.conf", cf->sysconfdir, FILE_PATHSEP, cf->package_name, FILE_PATHSEP, PRODUCT_NAME); PR_snprintf(dest, sizeof(dest), "%s%c%s-collations.conf", cf->config_dir, FILE_PATHSEP, PRODUCT_NAME); Even more priceless is the use of FILE_PATHSEP in ldap/admin/src/configure_instance.cpp:create_console_script(). (is there a /bin/sh that doesn't accept / as a path?). Anyway, for my own amusement, I'll post a patch (probably untested on win32) to make this a little easier on the eyes, and perhaps even easier on new programmers to the codebase. Thoughts? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From abartlet at samba.org Mon May 21 04:16:14 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Mon, 21 May 2007 14:16:14 +1000 Subject: [Fedora-directory-devel] Please review: Bug #239765: Allow mimimum schema in ds_newinst.pl Message-ID: <1179720974.12583.67.camel@localhost.localdomain> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239765 Resolves: bug #239765 Bug Description: Allow mimimum schema in ds_newinst.pl Reviewed by: ??? Files:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=155069 Branch: HEAD Fix Description: Patch to add an option for installing partial/full schema This patch implements a new configuration option [slapd] install_full_schema= 1 Setting this to 0 will only install 00core.ldif Platforms tested: Fedora Core 5 (with Samba4 as testing client) Flag Day: no Doc impact: yes - wiki on install inf settings needs update Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rcritten at redhat.com Mon May 21 13:50:19 2007 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 21 May 2007 09:50:19 -0400 Subject: [Fedora-directory-devel] cleaning up FILE_PATHSEP? In-Reply-To: <1179715603.12583.61.camel@localhost.localdomain> References: <1179715603.12583.61.camel@localhost.localdomain> Message-ID: <4651A39B.8070007@redhat.com> Andrew Bartlett wrote: > I recently began work on bug 239765, and came across the wonder of > FILE_PATHSEP: > > #ifdef XP_UNIX > > #define FILE_PATHSEP '/' > #define FILE_PATHSEPP "/" > #define FILE_PARENT "../" > #define WSACleanup() > > #elif defined(XP_WIN32) > > #define FILE_PATHSEP '/' > #define FILE_PATHSEPP "\\\\" > #define FILE_PARENT "..\\" > > #endif /* XP_WIN32 */ > > Firstly, what little I knew about windows file handling told me that we > could, at least on the supply side, use a unix /. > > Indeed, I noted that much of create_instance does exactly that *and* > passes in FILE_PATHSEP via %c. If we needed FILE_PATHSEP, then this > would already be a problem: > > /* generate /slapd-collations.conf */ > PR_snprintf(src, sizeof(src), "%s%c%s%c/config/%s-collations.conf", > cf->sysconfdir, FILE_PATHSEP, cf->package_name, > FILE_PATHSEP, PRODUCT_NAME); > PR_snprintf(dest, sizeof(dest), "%s%c%s-collations.conf", > cf->config_dir, FILE_PATHSEP, PRODUCT_NAME); > > Even more priceless is the use of FILE_PATHSEP in > ldap/admin/src/configure_instance.cpp:create_console_script(). (is > there a /bin/sh that doesn't accept / as a path?). > > Anyway, for my own amusement, I'll post a patch (probably untested on > win32) to make this a little easier on the eyes, and perhaps even easier > on new programmers to the codebase. > > Thoughts? > > Andrew Bartlett DS used to include a significant portion Netscape Enterprise Server (NES) 3.0. Prior to open sourcing I removed several hundred unused files and hundreds more lines of unnecessary code. I suspect that this is NES-specific code that found its way into DS in a viral sort of way. In any case, it is only the 2 P version that is really a problem, right? The code you included would do single-character replacements AFAICT. Prior to open sourcing I spent more time than I'd like to admit on getting it to at least compile on win32. On top of this there are separate re-definitions of this code, in configure_instance.cpp for example. That can probably be removed. Now certainly one shouldn't mix FILE_PATHSEP with an explicit "/" in the same PR_snprintf. I think that there is less effort these days to support win32. As for create_console_script(), I have a fairly old source tree but in mine the whole function is #if 0'd out and even then is only meant to run on unix-like systems. Its important to remember that portitions of the DS code supported versions of Solaris back to 2.4, OSF1, Irix, HP/ux, AIX, Linux and Windows (and perhaps one or two more that have slipped my mine). You haven't lived until you've broken the build on 6 platforms :-) On my team the unlucky developer got the attached plungers displayed on top of their cube. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: plungers.jpg Type: image/jpeg Size: 84681 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon May 21 13:49:22 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 May 2007 07:49:22 -0600 Subject: [Fedora-directory-devel] cleaning up FILE_PATHSEP? In-Reply-To: <1179715603.12583.61.camel@localhost.localdomain> References: <1179715603.12583.61.camel@localhost.localdomain> Message-ID: <4651A362.8090309@redhat.com> Andrew Bartlett wrote: > I recently began work on bug 239765, and came across the wonder of > FILE_PATHSEP: > > #ifdef XP_UNIX > > #define FILE_PATHSEP '/' > #define FILE_PATHSEPP "/" > #define FILE_PARENT "../" > #define WSACleanup() > > #elif defined(XP_WIN32) > > #define FILE_PATHSEP '/' > #define FILE_PATHSEPP "\\\\" > #define FILE_PARENT "..\\" > > #endif /* XP_WIN32 */ > > Firstly, what little I knew about windows file handling told me that we > could, at least on the supply side, use a unix /. > Yes. For modern versions of Windows. This may have been an artifact of Win95/98/NT, or perhaps cases where these paths were passed to a command interpreter (e.g. in a system() call). > Indeed, I noted that much of create_instance does exactly that *and* > passes in FILE_PATHSEP via %c. If we needed FILE_PATHSEP, then this > would already be a problem: > > /* generate /slapd-collations.conf */ > PR_snprintf(src, sizeof(src), "%s%c%s%c/config/%s-collations.conf", > cf->sysconfdir, FILE_PATHSEP, cf->package_name, > FILE_PATHSEP, PRODUCT_NAME); > PR_snprintf(dest, sizeof(dest), "%s%c%s-collations.conf", > cf->config_dir, FILE_PATHSEP, PRODUCT_NAME); > It probably doesn't matter anymore now that modern versions of Windows support both \ and /. > Even more priceless is the use of FILE_PATHSEP in > ldap/admin/src/configure_instance.cpp:create_console_script(). (is > there a /bin/sh that doesn't accept / as a path?). > Probably not anymore, if there ever was one that had a problem. > Anyway, for my own amusement, I'll post a patch (probably untested on > win32) to make this a little easier on the eyes, and perhaps even easier > on new programmers to the codebase. > > Thoughts? > FILE_PATHSEP is used throughout fedora ds code . . . > Andrew Bartlett > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Mon May 21 17:43:46 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Mon, 21 May 2007 10:43:46 -0700 Subject: [Fedora-directory-devel] Please review: Bug #239765: Allow mimimum schema in ds_newinst.pl In-Reply-To: <1179720974.12583.67.camel@localhost.localdomain> References: <1179720974.12583.67.camel@localhost.localdomain> Message-ID: <4651DA52.8060706@redhat.com> An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon May 21 18:34:57 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 21 May 2007 12:34:57 -0600 Subject: [Fedora-directory-devel] Please review: Bug #239765: Allow mimimum schema in ds_newinst.pl In-Reply-To: <4651DA52.8060706@redhat.com> References: <1179720974.12583.67.camel@localhost.localdomain> <4651DA52.8060706@redhat.com> Message-ID: <4651E651.8060004@redhat.com> Noriko Hosoi wrote: > Your fix looks good. > > It'd be taken care in the ds_newinst script or setuputil (I mean, not > in create_instance.c, thus it won't affect your proposal), but > following the current info file format: e.g., > SecurityOn= Yes > DisableSchemaChecking= No > it'd be better supporting the same value set. > install_full_schema= Yes / No > > And by default, the value should be Yes? Looking at this coding, if > InstallFullSchema does not exist in the info file, it's set NULL > (install_full_schema=NULL). > @@ -4490,6 +4504,7 @@ > return 1; > } > cf->start_server = ds_a_get_cgi_var("start_server", NULL, NULL); > + cf->install_full_schema = ds_a_get_cgi_var("install_full_schema", NULL, NULL); > cf->secserv = ds_a_get_cgi_var("secserv", NULL, NULL); > As being done for start_server, we could force to set 1 in the install > script by default (as follows in ds_newinst.pl), but it'd be > straightforward for the front-end scripts and the back-end program > (create_instance.c) to agree on the default value, I think. > > # if for some reason you do not want the server started after > instance creation > # the following line can be commented out - NOTE that if you are > creating the > # Configuration DS, it will be started anyway > if (defined($table{"slapd"}->{"start_server"})) { > $cgiargs{start_server} = $table{"slapd"}->{"start_server"}; > } else { # default is on > $cgiargs{start_server} = 1; > } > Or just put the logic into create_instance.c to make the default behavior to install the full schema: if ((temp = ds_a_get_cgi_var("install_full_schema", NULL, NULL))) { cf->install_full_schema = atoi(temp); } else { cf->install_full_schema = 1; /* default - install all schema */ } This means you have to set install_full_schema = 0 to get only 00core.ldif. If install_full_schema is missing from the install.inf file, the full schema will be installed by default. > > Thanks, > --noriko > > Andrew Bartlett wrote: >> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239765 >> Resolves: bug #239765 >> Bug Description: Allow mimimum schema in ds_newinst.pl >> Reviewed by: ??? >> Files:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=155069 >> >> Branch: HEAD >> Fix Description: Patch to add an option for installing partial/full schema >> >> This patch implements a new configuration option >> [slapd] >> install_full_schema= 1 >> >> Setting this to 0 will only install 00core.ldif >> >> Platforms tested: Fedora Core 5 (with Samba4 as testing client) >> Flag Day: no >> Doc impact: yes - wiki on install inf settings needs update >> >> Thanks, >> >> Andrew Bartlett >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-devel mailing list >> Fedora-directory-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Mon May 21 18:42:54 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Mon, 21 May 2007 11:42:54 -0700 Subject: [Fedora-directory-devel] Please review: Bug #239765: Allow mimimum schema in ds_newinst.pl In-Reply-To: <4651E651.8060004@redhat.com> References: <1179720974.12583.67.camel@localhost.localdomain> <4651DA52.8060706@redhat.com> <4651E651.8060004@redhat.com> Message-ID: <4651E82E.8090700@redhat.com> Richard Megginson wrote: > Noriko Hosoi wrote: > >> Your fix looks good. >> It'd be taken care in the ds_newinst script or setuputil (I mean, not >> in create_instance.c, thus it won't affect your proposal), but >> following the current info file format: e.g., >> SecurityOn= Yes >> DisableSchemaChecking= No >> it'd be better supporting the same value set. >> install_full_schema= Yes / No >> >> And by default, the value should be Yes? Looking at this coding, if >> InstallFullSchema does not exist in the info file, it's set NULL >> (install_full_schema=NULL). >> @@ -4490,6 +4504,7 @@ >> return 1; >> } >> cf->start_server = ds_a_get_cgi_var("start_server", NULL, NULL); >> + cf->install_full_schema = >> ds_a_get_cgi_var("install_full_schema", NULL, NULL); >> cf->secserv = ds_a_get_cgi_var("secserv", NULL, NULL); >> As being done for start_server, we could force to set 1 in the >> install script by default (as follows in ds_newinst.pl), but it'd be >> straightforward for the front-end scripts and the back-end program >> (create_instance.c) to agree on the default value, I think. >> >> # if for some reason you do not want the server started after >> instance creation >> # the following line can be commented out - NOTE that if you are >> creating the >> # Configuration DS, it will be started anyway >> if (defined($table{"slapd"}->{"start_server"})) { >> $cgiargs{start_server} = $table{"slapd"}->{"start_server"}; >> } else { # default is on >> $cgiargs{start_server} = 1; >> } >> > Or just put the logic into create_instance.c to make the default > behavior to install the full schema: > if ((temp = ds_a_get_cgi_var("install_full_schema", NULL, NULL))) { > cf->install_full_schema = atoi(temp); > } else { > cf->install_full_schema = 1; /* default - install all schema */ > } Yep, I prefer this way. Thanks, Rich. --noriko > > This means you have to set install_full_schema = 0 to get only > 00core.ldif. If install_full_schema is missing from the install.inf > file, the full schema will be installed by default. > >> >> Thanks, >> --noriko >> >> Andrew Bartlett wrote: >> >>> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239765 >>> Resolves: bug #239765 >>> Bug Description: Allow mimimum schema in ds_newinst.pl >>> Reviewed by: ??? >>> Files:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=155069 >>> >>> Branch: HEAD >>> Fix Description: Patch to add an option for installing partial/full >>> schema >>> >>> This patch implements a new configuration option >>> [slapd] >>> install_full_schema= 1 >>> >>> Setting this to 0 will only install 00core.ldif >>> >>> Platforms tested: Fedora Core 5 (with Samba4 as testing client) >>> Flag Day: no >>> Doc impact: yes - wiki on install inf settings needs update >>> >>> Thanks, >>> >>> Andrew Bartlett >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-devel mailing list >>> Fedora-directory-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >>> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-devel mailing list >> Fedora-directory-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > >------------------------------------------------------------------------ > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Tue May 22 00:48:13 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Tue, 22 May 2007 10:48:13 +1000 Subject: [Fedora-directory-devel] cleaning up FILE_PATHSEP? In-Reply-To: <4651A39B.8070007@redhat.com> References: <1179715603.12583.61.camel@localhost.localdomain> <4651A39B.8070007@redhat.com> Message-ID: <1179794894.4055.4.camel@thinker> On Mon, 2007-05-21 at 09:50 -0400, Rob Crittenden wrote: > Its important to remember that portitions of the DS code supported > versions of Solaris back to 2.4, OSF1, Irix, HP/ux, AIX, Linux and > Windows (and perhaps one or two more that have slipped my mine). You > haven't lived until you've broken the build on 6 platforms :-) On my > team the unlucky developer got the attached plungers displayed on top of > their cube. Yeah, this is why I put a lot of time and effort into Samba's automated testing, and the real-time results on the build farm. We get a lot of value from that resource. Any news/plans for a public build farm for Fedora DS? Sadly for samba, the postage on the plungers would be prohibitive ;-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Tue May 22 14:49:33 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 22 May 2007 08:49:33 -0600 Subject: [Fedora-directory-devel] cleaning up FILE_PATHSEP? In-Reply-To: <1179794894.4055.4.camel@thinker> References: <1179715603.12583.61.camel@localhost.localdomain> <4651A39B.8070007@redhat.com> <1179794894.4055.4.camel@thinker> Message-ID: <465302FD.7000303@redhat.com> Andrew Bartlett wrote: > On Mon, 2007-05-21 at 09:50 -0400, Rob Crittenden wrote: > > >> Its important to remember that portitions of the DS code supported >> versions of Solaris back to 2.4, OSF1, Irix, HP/ux, AIX, Linux and >> Windows (and perhaps one or two more that have slipped my mine). You >> haven't lived until you've broken the build on 6 platforms :-) On my >> team the unlucky developer got the attached plungers displayed on top of >> their cube. >> > > Yeah, this is why I put a lot of time and effort into Samba's automated > testing, and the real-time results on the build farm. We get a lot of > value from that resource. > > Any news/plans for a public build farm for Fedora DS? > Yes, there are plans for a tinderbox-style environment (probably using buildbot instead of tinderbox, though). I'll defer to those folks working on it for an update of the progress. > Sadly for samba, the postage on the plungers would be prohibitive ;-) > > Andrew Bartlett > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From martinez_brain at hotmail.com Wed May 23 19:56:43 2007 From: martinez_brain at hotmail.com (Brian Martinez) Date: Wed, 23 May 2007 14:56:43 -0500 Subject: [Fedora-directory-devel] shadowLastChange not updating Message-ID: All, My system is suffering from shadowLastChange not updating on the FDS server when a user updates their password from the unix command-line. Anyone ever seen this behavior and have a fix? Respectfully, Brian _________________________________________________________________ Change is good. See what?s different about Windows Live Hotmail. http://www.windowslive-hotmail.com/learnmore/default.html?locale=en-us&ocid=RMT_TAGLM_HMWL_reten_changegood_0507 From abartlet at samba.org Wed May 23 23:16:12 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 24 May 2007 09:16:12 +1000 Subject: [Fedora-directory-devel] cleaning up FILE_PATHSEP? In-Reply-To: <4651A362.8090309@redhat.com> References: <1179715603.12583.61.camel@localhost.localdomain> <4651A362.8090309@redhat.com> Message-ID: <1179962172.3276.48.camel@localhost.localdomain> On Mon, 2007-05-21 at 07:49 -0600, Richard Megginson wrote: > Andrew Bartlett wrote: > > Anyway, for my own amusement, I'll post a patch (probably untested on > > win32) to make this a little easier on the eyes, and perhaps even easier > > on new programmers to the codebase. > > > > Thoughts? > > > FILE_PATHSEP is used throughout fedora ds code . . . Yes and no. It seems confined mainly to the admin code (I presume the rest is isolated by NSPR?). Attached is the patch I made up, for create_instance at least. For the moment, It includes the schema work (because the two overlap), but I'll redo this once the schema work is in the tree. Some feedback from a windows system would be useful. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: file-pathsep.patch Type: text/x-patch Size: 30383 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From abartlet at samba.org Sun May 27 23:55:39 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Mon, 28 May 2007 09:55:39 +1000 Subject: [Fedora-directory-devel] Please review: Bug #239765: Allow mimimum schema in ds_newinst.pl In-Reply-To: <4651E82E.8090700@redhat.com> References: <1179720974.12583.67.camel@localhost.localdomain> <4651DA52.8060706@redhat.com> <4651E651.8060004@redhat.com> <4651E82E.8090700@redhat.com> Message-ID: <1180310139.3276.99.camel@localhost.localdomain> On Mon, 2007-05-21 at 11:42 -0700, Noriko Hosoi wrote: > Richard Megginson wrote: > > > Noriko Hosoi wrote: > > > >> Your fix looks good. > >> It'd be taken care in the ds_newinst script or setuputil (I mean, not > >> in create_instance.c, thus it won't affect your proposal), but > >> following the current info file format: e.g., > > Or just put the logic into create_instance.c to make the default > > behavior to install the full schema: > > if ((temp = ds_a_get_cgi_var("install_full_schema", NULL, NULL))) { > > cf->install_full_schema = atoi(temp); > > } else { > > cf->install_full_schema = 1; /* default - install all schema */ > > } > > Yep, I prefer this way. Thanks, Rich. > --noriko The logic is there now. Can you take a look at https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=155526&action=edit Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: