[Fedora-directory-commits] ldapserver/ldap/admin/src upgradeServer, 1.5.2.1, 1.5.2.2

Noriko Hosoi (nhosoi) fedora-directory-commits at redhat.com
Fri Feb 22 01:12:59 UTC 2008


Author: nhosoi

Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28687

Modified Files:
      Tag: Directory71RtmBranch
	upgradeServer 
Log Message:
Resolves: #429071
Summary: RHDS7.1SP4: Don't Allow * To Be Inserted Into SASL Mapping Search
Problem description: when upgrade from existing 7.1 to 7.1 sp4, the server
instances loses the default sasl mapping, which used be hardcoded and now
defined in the config file.
Fix description: upgradeServer scripts adds the basic set of sasl mapping
entries.



Index: upgradeServer
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/upgradeServer,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- upgradeServer	7 Sep 2005 00:51:53 -0000	1.5.2.1
+++ upgradeServer	22 Feb 2008 01:12:57 -0000	1.5.2.2
@@ -149,15 +149,37 @@
   my $isOID = 0;
   my $isJPEG = 0;
   my $isSpInSt = 0;
-    my $reqNameChange = 0;
+  my $reqNameChange = 0;
+
+  my $kerberosUidMapping = 0;
+  my $rfc2829dn = 0;
+  my $rfc2829u = 0;
+  my $uidMapping = 0;
+
+  my $userroot = 0;
+  my $suffix = "";
 
   open( DSE, "$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n";  
-    my $new_filename = "$dse_ldiffile"."_new";
+  my $new_filename = "$dse_ldiffile"."_new";
   open( OUTFILE, "> $new_filename" );
   while($line = <DSE>) {
     $isOID = 1 if ( $line =~ /^dn:\s*cn=OID Syntax,\s*cn=plugins,\s*cn=config/i);
     $isJPEG = 1 if ( $line =~ /^dn:\s*cn=JPEG Syntax,\s*cn=plugins,\s*cn=config/i);
     $isSpInSt = 1 if ( $line =~ /^dn:\s*cn=Space Insensitive String Syntax,\s*cn=plugins,\s*cn=config/i);
+
+    $kerberosUidMapping = 1 if ( $line =~ /^dn:\s*cn=Kerberos uid mapping,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+    $rfc2829dn = 1 if ( $line =~ /^dn:\s*cn=rfc 2829 dn syntax,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+    $rfc2829u = 1 if ( $line =~ /^dn:\s*cn=rfc 2829 u syntax,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+    $uidMapping = 1 if ( $line =~ /^dn:\s*cn=uid mapping,\s*cn=mapping,\s*cn=sasl,\s*cn=config/i);
+
+    $userroot = 1 if ( $line =~ /^dn:\scn=userRoot,\s*cn=ldbm database,\s*cn=plugins,\s*cn=config/i);
+
+    if ( $userroot && $line =~ /^nsslapd-suffix: /i ) {
+      (my $attr, $suffix) = split(' ', $line, 2);
+      chomp($suffix);
+      $userroot = 0;
+    }
+
     if( ($line =~ s/uid uniqueness/attribute uniqueness/) ||
       ($line =~ s/uid-plugin/attr-unique-plugin/) ){
         # the plugin name has changed 
@@ -169,9 +191,10 @@
 
   }
   close( DSE );
-  close(OUTFILE);
+  close( OUTFILE );
 
-  if ($isOID && $isJPEG && $isSpInSt && !$reqNameChange) {
+  if ( $isOID && $isJPEG && $isSpInSt && !$reqNameChange &&
+       $kerberosUidMapping && $rfc2829dn && $rfc2829u && $uidMapping ) {
     # nothing to be done - just return
     unlink($new_filename);
     return;
@@ -187,7 +210,7 @@
     close( DSE );
     close(OUTFILE);
   }
-    unlink($new_filename) or die "Cannot unlink $new_filename \n";
+  unlink($new_filename) or die "Cannot unlink $new_filename \n";
 
 
   open( DSE, ">>$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n";  
@@ -246,6 +269,50 @@
     print DSE "\n";
   }
 
+  unless ($kerberosUidMapping) {
+    print DSE "dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config\n";
+    print DSE "objectClass: top\n";
+    print DSE "objectClass: nsSaslMapping\n";
+    print DSE "cn: Kerberos uid mapping\n";
+    print DSE "nsSaslMapRegexString: \\(.*\\)@\\(.*\\)\\.\\(.*\\)\n";
+    print DSE "nsSaslMapBaseDNTemplate: dc=\\2,dc=\\3\n";
+    print DSE "nsSaslMapFilterTemplate: (uid=\\1)\n";
+    print DSE "\n";
+  }
+
+  unless ($rfc2829dn) {
+    print DSE "dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config\n";
+    print DSE "objectClass: top\n";
+    print DSE "objectClass: nsSaslMapping\n";
+    print DSE "cn: rfc 2829 dn syntax\n";
+    print DSE "nsSaslMapRegexString: ^dn:\\(.*\\)\n";
+    print DSE "nsSaslMapBaseDNTemplate: \\1\n";
+    print DSE "nsSaslMapFilterTemplate: (objectclass=*)\n";
+    print DSE "\n";
+  }
+
+  unless ($rfc2829u) {
+    print DSE "dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config\n";
+    print DSE "objectClass: top\n";
+    print DSE "objectClass: nsSaslMapping\n";
+    print DSE "cn: rfc 2829 u syntax\n";
+    print DSE "nsSaslMapRegexString: ^u:\\(.*\\)\n";
+    print DSE "nsSaslMapBaseDNTemplate: $suffix\n";
+    print DSE "nsSaslMapFilterTemplate: (uid=\\1)\n";
+    print DSE "\n";
+  }
+
+  unless ($uidMapping) {
+    print DSE "dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config\n";
+    print DSE "objectClass: top\n";
+    print DSE "objectClass: nsSaslMapping\n";
+    print DSE "cn: uid mapping\n";
+    print DSE "nsSaslMapRegexString: ^[^:@]+\$\n";
+    print DSE "nsSaslMapBaseDNTemplate: $suffix\n";
+    print DSE "nsSaslMapFilterTemplate: (uid=&)\n";
+    print DSE "\n";
+  }
+
   close( DSE );
 }
 




More information about the Fedora-directory-commits mailing list