[Fedora-directory-commits] adminserver/admserv/cgi-src40 ds_remove.in, 1.7, 1.8
Richard Allen Megginson
rmeggins at fedoraproject.org
Tue Feb 24 14:25:44 UTC 2009
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSCreate.pm.in, 1.15, 1.16 DSMigration.pm.in, 1.26, 1.27 FileConn.pm, 1.4, 1.5 Util.pm.in, 1.18, 1.19 remove-ds.pl.in, 1.1, 1.2 setup-ds.res.in, 1.14, 1.15
- Next message (by thread): [Fedora-directory-commits] adminserver/admserv/newinst/src AdminUtil.pm.in, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2070/adminserver/admserv/cgi-src40
Modified Files:
ds_remove.in
Log Message:
Resolves: bug 468474
Bug Description: migration results in incomplete admin server sie
Reviewed by: nkinder (Thanks!)
Fix Description: This is a redesign of one of the core pieces of the setup/migration code - the code that adds the LDAP entries in various places. For starters, I removed the code that would implicitly delete existing trees. This is the root cause of this bug, and other similar problems with setup/instance creation that have been reported. We should never implicitly delete entries. Instead, we should explicitly delete entries by using the changetype: delete in an LDIF template file.
Another source of problems was that to update an entry, we would delete it and add it back. This caused some configuration settings to be wiped out (e.g. encryption settings). We cannot do this any more. The LDIF template entries have been modified to have two sets of information for each entry that requires update - the entry to add if no entry exists (the full entry) or the changes to make to the entry if it does exist. The code in Util.pm has been changed to ignore duplicate entries and to ignore changes made to entries that do not exist.
Another source of problems with migration is that the error checking was not adequate, especially with FileConn and dse.ldif reading. The fix is to add better error checking and reporting in these areas of code, including error messages.
Yet another problem is the run_dir handling. On many platforms the run_dir is shared among all DS instances and the admin server. Older versions of the software allowed you to run the servers as root. We have to make sure run_dir is usable by the least privileged user of all of the servers.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: ds_remove.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ds_remove.in,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ds_remove.in 14 Jul 2008 20:27:02 -0000 1.7
+++ ds_remove.in 24 Feb 2009 14:25:42 -0000 1.8
@@ -172,6 +172,13 @@
# read the config file to find out the paths
my $dseldif = "@instconfigdir@/$instname/dse.ldif";
my $conn = new FileConn($dseldif);
+if (!$conn) {
+ print "Content-type: text/plain\n\n";
+ print "NMC_ErrInfo: Could not open $dseldif: Error: $!\n";
+ print "NMC_Status: 1\n";
+ print STDERR "Error: Could not open $dseldif: Error: $!\n";
+ exit 1;
+}
my $dn = "cn=config";
my $entry = $conn->search($dn, "base", "(cn=*)", 0);
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSCreate.pm.in, 1.15, 1.16 DSMigration.pm.in, 1.26, 1.27 FileConn.pm, 1.4, 1.5 Util.pm.in, 1.18, 1.19 remove-ds.pl.in, 1.1, 1.2 setup-ds.res.in, 1.14, 1.15
- Next message (by thread): [Fedora-directory-commits] adminserver/admserv/newinst/src AdminUtil.pm.in, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list