[Fedora-directory-commits] ldapserver/ldap/admin/src upgradeServer, 1.5.2.1, 1.5.2.2
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Fri Feb 22 01:12:59 UTC 2008
- Previous message (by thread): [Fedora-directory-commits] dsgw/tests/domodify testpost.10, NONE, 1.1 testpost.11, NONE, 1.1 testpost.12, NONE, 1.1 testpost.13, NONE, 1.1 testpost.14, NONE, 1.1 testpost.15, NONE, 1.1 testpost.16, NONE, 1.1 testpost.17, NONE, 1.1
- Next message (by thread): [Fedora-directory-commits] dsgw/tests/newentry - New directory
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28687
Modified Files:
Tag: Directory71RtmBranch
upgradeServer
Log Message:
Resolves: #429071
Summary: RHDS7.1SP4: Don't Allow * To Be Inserted Into SASL Mapping Search
Problem description: when upgrade from existing 7.1 to 7.1 sp4, the server
instances loses the default sasl mapping, which used be hardcoded and now
defined in the config file.
Fix description: upgradeServer scripts adds the basic set of sasl mapping
entries.
Index: upgradeServer
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/upgradeServer,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- upgradeServer 7 Sep 2005 00:51:53 -0000 1.5.2.1
+++ upgradeServer 22 Feb 2008 01:12:57 -0000 1.5.2.2
@@ -149,15 +149,37 @@
my $isOID = 0;
my $isJPEG = 0;
my $isSpInSt = 0;
- my $reqNameChange = 0;
+ my $reqNameChange = 0;
+
+ my $kerberosUidMapping = 0;
+ my $rfc2829dn = 0;
+ my $rfc2829u = 0;
+ my $uidMapping = 0;
+
+ my $userroot = 0;
+ my $suffix = "";
open( DSE, "$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n";
- my $new_filename = "$dse_ldiffile"."_new";
+ my $new_filename = "$dse_ldiffile"."_new";
open( OUTFILE, "> $new_filename" );
while($line = <DSE>) {
$isOID = 1 if ( $line =~ /^dn:\s*cn=OID Syntax,\s*cn=plugins,\s*cn=config/i);
$isJPEG = 1 if ( $line =~ /^dn:\s*cn=JPEG Syntax,\s*cn=plugins,\s*cn=config/i);
$isSpInSt = 1 if ( $line =~ /^dn:\s*cn=Space Insensitive String Syntax,\s*cn=plugins,\s*cn=config/i);
+
+ $kerberosUidMapping = 1 if ( $line =~ /^dn:\s*cn=Kerberos uid mapping,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+ $rfc2829dn = 1 if ( $line =~ /^dn:\s*cn=rfc 2829 dn syntax,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+ $rfc2829u = 1 if ( $line =~ /^dn:\s*cn=rfc 2829 u syntax,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+ $uidMapping = 1 if ( $line =~ /^dn:\s*cn=uid mapping,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+
+ $userroot = 1 if ( $line =~ /^dn:\scn=userRoot,\s*cn=ldbm database,\s*cn=plugins,\s*cn=config/i);
+
+ if ( $userroot && $line =~ /^nsslapd-suffix: /i ) {
+ (my $attr, $suffix) = split(' ', $line, 2);
+ chomp($suffix);
+ $userroot = 0;
+ }
+
if( ($line =~ s/uid uniqueness/attribute uniqueness/) ||
($line =~ s/uid-plugin/attr-unique-plugin/) ){
# the plugin name has changed
@@ -169,9 +191,10 @@
}
close( DSE );
- close(OUTFILE);
+ close( OUTFILE );
- if ($isOID && $isJPEG && $isSpInSt && !$reqNameChange) {
+ if ( $isOID && $isJPEG && $isSpInSt && !$reqNameChange &&
+ $kerberosUidMapping && $rfc2829dn && $rfc2829u && $uidMapping ) {
# nothing to be done - just return
unlink($new_filename);
return;
@@ -187,7 +210,7 @@
close( DSE );
close(OUTFILE);
}
- unlink($new_filename) or die "Cannot unlink $new_filename \n";
+ unlink($new_filename) or die "Cannot unlink $new_filename \n";
open( DSE, ">>$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n";
@@ -246,6 +269,50 @@
print DSE "\n";
}
+ unless ($kerberosUidMapping) {
+ print DSE "dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: Kerberos uid mapping\n";
+ print DSE "nsSaslMapRegexString: \\(.*\\)@\\(.*\\)\\.\\(.*\\)\n";
+ print DSE "nsSaslMapBaseDNTemplate: dc=\\2,dc=\\3\n";
+ print DSE "nsSaslMapFilterTemplate: (uid=\\1)\n";
+ print DSE "\n";
+ }
+
+ unless ($rfc2829dn) {
+ print DSE "dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: rfc 2829 dn syntax\n";
+ print DSE "nsSaslMapRegexString: ^dn:\\(.*\\)\n";
+ print DSE "nsSaslMapBaseDNTemplate: \\1\n";
+ print DSE "nsSaslMapFilterTemplate: (objectclass=*)\n";
+ print DSE "\n";
+ }
+
+ unless ($rfc2829u) {
+ print DSE "dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: rfc 2829 u syntax\n";
+ print DSE "nsSaslMapRegexString: ^u:\\(.*\\)\n";
+ print DSE "nsSaslMapBaseDNTemplate: $suffix\n";
+ print DSE "nsSaslMapFilterTemplate: (uid=\\1)\n";
+ print DSE "\n";
+ }
+
+ unless ($uidMapping) {
+ print DSE "dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config\n";
+ print DSE "objectClass: top\n";
+ print DSE "objectClass: nsSaslMapping\n";
+ print DSE "cn: uid mapping\n";
+ print DSE "nsSaslMapRegexString: ^[^:@]+\$\n";
+ print DSE "nsSaslMapBaseDNTemplate: $suffix\n";
+ print DSE "nsSaslMapFilterTemplate: (uid=&)\n";
+ print DSE "\n";
+ }
+
close( DSE );
}
- Previous message (by thread): [Fedora-directory-commits] dsgw/tests/domodify testpost.10, NONE, 1.1 testpost.11, NONE, 1.1 testpost.12, NONE, 1.1 testpost.13, NONE, 1.1 testpost.14, NONE, 1.1 testpost.15, NONE, 1.1 testpost.16, NONE, 1.1 testpost.17, NONE, 1.1
- Next message (by thread): [Fedora-directory-commits] dsgw/tests/newentry - New directory
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list