From nkinder at redhat.com Wed Aug 1 20:34:30 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 01 Aug 2007 13:34:30 -0700 Subject: [Fedora-directory-devel] Please Review: (250481) Console - Make framework brand agnostic Message-ID: <46B0EE56.3040808@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250481 Resolves: bug 250481 Bug Description: We should make the console framework completely brand agnostic. This means that the theme should be completely separated in the source code. We should also make the package name brand agnostic as well. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The proposed changes remove the theme files and the build logic for the theme. The theme will exist in it's own cvs repo that is separate from the framework. The package name is also being changed to "idm-console-framework" as well as some matching naming changes to the actual jar files. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160459 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Aug 2 01:07:31 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 01 Aug 2007 19:07:31 -0600 Subject: [Fedora-directory-devel] Please review: Bug 250526: adminutil: should not link against libplds or libsoftokn Message-ID: <46B12E53.7090309@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250526 Resolves: bug 250526 Bug Description: adminutil: should not link against libplds or libsoftokn Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: This causes problems for apps that link against adminutil. adminutil does not need these libraries. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160485&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Aug 2 03:51:04 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 01 Aug 2007 21:51:04 -0600 Subject: [Fedora-directory-devel] Please review: Bug 250535: improve perldap script execution ability on bundled platforms Message-ID: <46B154A8.8050407@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250535 Resolves: bug 250535 Bug Description: improve perldap script execution ability on bundled platforms Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Most platforms will just use perl from PATH. However, on Solaris and HP-UX, we have to use special 64 bit versions to execute perldap, since perldap is 64 bit on those platforms. Also, if bundling all of the dependent components into the single package, we need to make sure the perl library path is set correctly to find perldap. The last step will be to build our version of perldap on the bundled platforms to use rpath to point to the correct runtime library location. Platforms tested: RHEL4, HP-UX 11.23 IPF 64 bit Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160494&action=diff https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160495&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Aug 2 16:32:14 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 02 Aug 2007 09:32:14 -0700 Subject: [Fedora-directory-devel] Please Review: (250636) Update Directory Console dependency on console framework Message-ID: <46B2070E.50901@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250636 Resolves: bug 250636 Bug Description: The console framework jarfiles and package name have changed, so the Directory Console needs to be updated to use the new names. We also need to update the install location of the jarfiles so that they get installed into the proper area to be served up by the Admin Server. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The proposed fix changes the install location as well as updates the framework naming. I did some basic cleanup on the spec file as well. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160535&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Aug 2 22:55:10 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 02 Aug 2007 15:55:10 -0700 Subject: [Fedora-directory-devel] Please Review: (250699) Admin Console: Update console framework dependency Message-ID: <46B260CE.7040906@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250699 Resolves: bug 250699 Bug Description: The console framework jarfile names and package name have changed. This means the admin console build system and specfile need to be changed to match. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The propopsed fix updates the naming for the console framework. I also changed the admin console package name to fedora-admin-console as well as some general specfile cleanup. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160560&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Fri Aug 3 01:58:35 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Thu, 02 Aug 2007 18:58:35 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 250702] not all the addresses associated with listenhost are bound to listen sockets In-Reply-To: <200708030137.l731bE0g019847@bugzilla.redhat.com> References: <200708030137.l731bE0g019847@bugzilla.redhat.com> Message-ID: <46B28BCB.4010607@redhat.com> Summary: not all the addresses associated with listenhost are bound to listen sockets https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250702 Description of problem: When listenhost is set, the host could be associated with multiple net addresses in the IPv6 enabled environment. Directory Server calls PR_GetAddrInfoByName (which internally calls getaddrinfo) to get the addresses from the listenhost name, which could be more than one. The server should listen on all the sockets bound to the addresses returned by PR_GetAddrInfoByName. ------- Additional Comments From nhosoi at redhat.com 2007-08-02 21:37 EST ------- Created an attachment (id=160570) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160570&action=view) cvs diff message Files: ldapserver/ldap/servers/slapd/fe.h slap.h daemon.c main.c Description: listen socket used to be prepared one for the ordinary port, one for ssl, and one for UNIX socket. The first 4 slots of the connection table were used for the listen sockets (one out of 4 is SIGNAL PIPE). We need to extend the hardcoded slot to dynamic depending upon the returned addresses from PR_GetAddrInfoByName. ------- Additional Comments From nhosoi at redhat.com 2007-08-02 21:56 EST ------- Created an attachment (id=160571) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160571&action=view) listenhost test cases and results -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Fri Aug 3 21:13:44 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Fri, 03 Aug 2007 14:13:44 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 214276] "rpm -e fedora-ds" uninstall doesn't remove server from configuration directory In-Reply-To: <200708032055.l73KtSae006408@bugzilla.redhat.com> References: <200708032055.l73KtSae006408@bugzilla.redhat.com> Message-ID: <46B39A88.2010407@redhat.com> Summary: "rpm -e fedora-ds" uninstall doesn't remove server from configuration directory https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214276 Actually, this is a review request for the administration tool ds_unregister, which removes the server info from the Configuration Directory Server. Regarding the original bug, I think what we can do is making sure the servers are shutdown in "rpm -e"... Can we have your comments on that, too? Thanks, --noriko ------- Additional Comments From nhosoi at redhat.com 2007-08-03 17:09 EST ------- Per discussion on the Fedora-directory-users mailing list, we decided "rpm -e" removes files and directories which are installed by "rpm -i | -U". Generated files won't be removed. I.e., after running "rpm -e", binaries including ns-slapd shoud have been removed, while the server information in the Configuration DS db are. It sounds the original problem is "rpm -e" does not shutdown the servers? Once they are shutdown, since ns-slapd is removed, there is no way to bring it up and see the instances? That's said, ds_unregsiter may not be needed in this scenario, but it'd be a useful tool for the administrators. ------- Additional Comments From nhosoi at redhat.com 2007-08-03 16:55 EST ------- Created an attachment (id=160660) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160660&action=view) New file: admserv/cgi-src40/ds_unregister.in Unregister CGI script, that removes the server info from the Configuration DS. The server is specified by InstanceName=slapd-ID in QUERY_STRING. ------- Additional Comments From nhosoi at redhat.com 2007-08-03 16:57 EST ------- Created an attachment (id=160661) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160661&action=view) New file: admserv/cfgstuff/ds_unregister.in Shell script which calls the CGI script ds_unregister. Usage: sbin/ds_unregister -s server_id -w admin_password server_id: Directory server identifier; slapd- admin_password: Administration user password ------- Additional Comments From nhosoi at redhat.com 2007-08-03 17:00 EST ------- Created an attachment (id=160662) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160662&action=view) cvs diff Makefile.am File: Makefile.am Change: adding admserv/cgi-src40/ds_unregister and admserv/cfgstuff/ds_unregister to the makefile. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Mon Aug 6 19:15:09 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 06 Aug 2007 13:15:09 -0600 Subject: [Fedora-directory-devel] Please review: Bug 250324: adminserver: port to HP-UX Message-ID: <46B7733D.6000406@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250324 Resolves: bug 250324 Bug Description: adminserver: port to HP-UX - adminutil Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: On HP-UX and the other bundled platforms, adminutil needs to know where to find its property files. We have to set the env. var. ADMINUTIL_CONF_DIR to the parent directory of the property directory. Platforms tested: HP-UX 11.23 IPF 64bit Flag Day: Yes, autotool file changes. Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160765&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Tue Aug 7 18:27:13 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Tue, 07 Aug 2007 11:27:13 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 251090] ds_remove cannot remove/rename directories In-Reply-To: <200708070122.l771Mo5l002743@bugzilla.redhat.com> References: <200708070122.l771Mo5l002743@bugzilla.redhat.com> Message-ID: <46B8B981.1050004@redhat.com> Summary: ds_remove cannot remove/rename directories https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251090 Description of problem: ds_remove is supposed to remove all the specified slapd-ID directories except etc/brand-ds/slapd-ID. The config dir name is renamed to slapd-ID.removed and keep the cert/key DBs. But if installing the server as root and set (nobody, nobody) to the server's unix uid and gid, the instance dir and the config dir are left as is. Attaching the email discussion with Rich. ------- Additional Comments From nhosoi at redhat.com 2007-08-06 21:21 EST ------- Created an attachment (id=160789) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160789&action=view) email discussion with Rich ------- Additional Comments From nhosoi at redhat.com 2007-08-07 14:15 EST ------- Created an attachment (id=160834) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160834&action=view) cvs diff DSCreate.pm.in Files: ldapserver/ldap/admin/src/scripts/DSCreate.pm.in Changes: when creating inst_dir and config_dir, make sure the parent dirs (lib/-ds and etc/-ds) have the specified gid. ------- Additional Comments From nhosoi at redhat.com 2007-08-07 14:20 EST ------- Created an attachment (id=160835) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160835&action=view) cvs diff (adminserver) Files: adminserver/admserv/cgi-src40/ds_remove.in newinst/src/AdminUtil.pm.in newinst/src/register-ds-admin.pl.in Description: ds_remove.in: fixing a syntax error AdminUtil.pm.in: return an error when connection fails register-ds-admin.pl: fixing the error checking ------- Additional Comments From nhosoi at redhat.com 2007-08-07 14:22 EST ------- How bo verify the bug: A. creating server instances # become root and run the setup scripts as follows # choose nobody, nobody for the UNIX user and group 1. sbin/setup-ds-admin.pl # create a config server 2. sbin/setup-ds-admin.pl # create a sub server sub1 3. startconsole # create a sub server sub2 4. sbin/setup-ds.pl; sbin/register-ds-admin.pl # create a sub server sub3 B. removing server instances Console: remove a sub server (sub3) Expected result: # du -a | egrep sub3 20 ./etc/fedora-ds/slapd-sub3.removed/key3.db 20 ./etc/fedora-ds/slapd-sub3.removed/secmod.db 72 ./etc/fedora-ds/slapd-sub3.removed/cert8.db 120 ./etc/fedora-ds/slapd-sub3.removed Command line: sbin/ds_removal -s sub2 -w Expected result: # du -a | egrep sub2 20 ./etc/fedora-ds/slapd-sub2.removed/key3.db 20 ./etc/fedora-ds/slapd-sub2.removed/secmod.db 72 ./etc/fedora-ds/slapd-sub2.removed/cert8.db 120 ./etc/fedora-ds/slapd-sub2.removed -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Aug 7 22:48:16 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 07 Aug 2007 15:48:16 -0700 Subject: [Fedora-directory-devel] Please Review: (251262) ldap-agent needs to find slapd.stats file dynamically Message-ID: <46B8F6B0.5010602@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251262 Resolves: bug 251262 Bug Description: Our SNMP subagent (ldap-agent) currently requires a full path to a DS instance in it's config file. It is hardcoded to look in the log subdirectory for the slapd.stats file. It also uses expects a config subdirectory to find the dse.ldif. This will no longer work now that DS has been restructured to follow FHS standards. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The proposed fix changes the ldap-agent config to simply expect the instance name (i.e - slapd-foo). The subagent will then use this instance name to load the dse.ldif from the proper location in $SYSCONFDIR/$PACKAGE_NAME. The subagent will look up the value of nsslapd-tmpdir to find out where the slapd.stats file is for that particular instance. I also improved the error checking around processing the ldap-agent config file. Platforms tested: FC6 Flag Day: no Doc impact: Yes. A bug will be opened to change the documentation of the ldap-agent "server" config parameter. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160867&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Wed Aug 8 06:26:39 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 07 Aug 2007 23:26:39 -0700 Subject: [Fedora-directory-devel] Please Review: (251262) ldap-agent needs to find slapd.stats file dynamically In-Reply-To: <46B8F6B0.5010602@redhat.com> References: <46B8F6B0.5010602@redhat.com> Message-ID: <46B9621F.9010806@redhat.com> Rich brought up a good point in the bug report about the need to handle wrapped lines in the dse.ldif. This new set of diffs addresses this concern by using the ldif parsing functions from the libldif library that is part of the Mozilla LDAP C SDK. I also did some error checking cleanup, particularly ensuring that we close any files that we opened if we encounter an error condition while processing the config. I have also tested that these changes work when there is a wrapped line for one of the attributes that we read in dse.ldif. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160880&action=diff Nathan Kinder wrote: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251262 > Resolves: bug 251262 > Bug Description: Our SNMP subagent (ldap-agent) currently requires a > full path to > a DS instance in it's config file. It is hardcoded to look in the > log subdirectory > for the slapd.stats file. It also uses expects a config subdirectory > to find the > dse.ldif. This will no longer work now that DS has been restructured > to follow > FHS standards. > Reviewed by: ??? > Files: see diff > Branch: HEAD > Fix Description: The proposed fix changes the ldap-agent config to > simply expect > the instance name (i.e - slapd-foo). The subagent will then use this > instance > name to load the dse.ldif from the proper location in > $SYSCONFDIR/$PACKAGE_NAME. > The subagent will look up the value of nsslapd-tmpdir to find out > where the > slapd.stats file is for that particular instance. I also improved > the error > checking around processing the ldap-agent config file. > Platforms tested: FC6 > Flag Day: no > Doc impact: Yes. A bug will be opened to change the documentation of > the ldap-agent "server" config parameter. > https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160867&action=diff > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From chewie007 at gmail.com Wed Aug 8 20:13:28 2007 From: chewie007 at gmail.com (Nate Huddleson) Date: Wed, 8 Aug 2007 15:13:28 -0500 Subject: [Fedora-directory-devel] DB Corruption Message-ID: How do you run the database recovery? And is there any way to determine what caused the problem? thanks! [07/Aug/2007:11:12:52 -0500] - Fedora-Directory/1.0.3 B2006.320.1956starting up [07/Aug/2007:11:12:52 -0500] - libdb: PANIC: fatal region error detected; run recovery [07/Aug/2007:11:12:52 -0500] - Opening database environment (/opt/fedora-ds/slapd-grid-identity/db) failed. err=-30978: DB_RUNRECOVERY: Fatal error, run database recovery [07/Aug/2007:11:12:52 -0500] - start: Failed to init database, err=-30978 DB_RUNRECOVERY: Fatal error, run database recovery [07/Aug/2007:11:12:52 -0500] - Failed to start database plugin ldbm database -------------- next part -------------- An HTML attachment was scrubbed... URL: From nkinder at redhat.com Wed Aug 8 21:21:00 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 08 Aug 2007 14:21:00 -0700 Subject: [Fedora-directory-devel] Please Review: (251418) Add header and footer support to help.cgi Message-ID: <46BA33BC.1010009@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251418 Resolves: bug 251418 Bug Description: The current help.cgi in Admin Server simply looks up tokens in a map file and returns the contents of the html file that the mapping points to. This works ok, but the online help for a product may have 100+ different help html files. Each of these files contains the same html header and footer (or at least they should for a consistent look). It would be much better to have separate header and footer html files that are always prepended and appended to the help html that the user requested. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The proposed fix expects the online help directory for each product to have a header.htm and footer.htm alongside it's token.map file. These files will be combined with the requested help topic and returned to the client via the help.cgi. This will allow us to simplify our many online help html files so we only have to worry about the actual content. Platforms tested: FC6 Flag Day: no Doc impact: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160940&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Wed Aug 8 23:44:16 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 08 Aug 2007 16:44:16 -0700 Subject: [Fedora-directory-devel] Please Review: (251427) Admin Console: Add online help to package Message-ID: <46BA5550.6060700@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251427 Resolves: bug 251427 Bug Description: We need to add the Admin Console online help to the fedora-admin-console package. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The fix adds a bunch of new files to the source tree and updates the spec file to add them to the package. They get installed into the proper location in the Admin Server. Platforms tested: FC6 Flag Day: no Doc impact: no Diffs - https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160943&action=diff New Files - https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160944 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Thu Aug 9 01:17:07 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 09 Aug 2007 11:17:07 +1000 Subject: [Fedora-directory-devel] Please Review: (251262) ldap-agent needs to find slapd.stats file dynamically In-Reply-To: <46B9621F.9010806@redhat.com> References: <46B8F6B0.5010602@redhat.com> <46B9621F.9010806@redhat.com> Message-ID: <1186622228.6819.84.camel@localhost.localdomain> On Tue, 2007-08-07 at 23:26 -0700, Nathan Kinder wrote: > Rich brought up a good point in the bug report about the need to handle > wrapped lines in the dse.ldif. > > This new set of diffs addresses this concern by using the ldif parsing > functions from the libldif library that is part of the Mozilla LDAP C > SDK. I > also did some error checking cleanup, particularly ensuring that we > close any > files that we opened if we encounter an error condition while processing the > config. > > I have also tested that these changes work when there is a wrapped line for > one of the attributes that we read in dse.ldif. > > https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160880&action=diff This may well fix my bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239754 Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Thu Aug 9 02:25:19 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 08 Aug 2007 20:25:19 -0600 Subject: [Fedora-directory-devel] Please Review: (251262) ldap-agent needs to find slapd.stats file dynamically In-Reply-To: <1186622228.6819.84.camel@localhost.localdomain> References: <46B8F6B0.5010602@redhat.com> <46B9621F.9010806@redhat.com> <1186622228.6819.84.camel@localhost.localdomain> Message-ID: <46BA7B0F.3020908@redhat.com> Andrew Bartlett wrote: > On Tue, 2007-08-07 at 23:26 -0700, Nathan Kinder wrote: > >> Rich brought up a good point in the bug report about the need to handle >> wrapped lines in the dse.ldif. >> >> This new set of diffs addresses this concern by using the ldif parsing >> functions from the libldif library that is part of the Mozilla LDAP C >> SDK. I >> also did some error checking cleanup, particularly ensuring that we >> close any >> files that we opened if we encounter an error condition while processing the >> config. >> >> I have also tested that these changes work when there is a wrapped line for >> one of the attributes that we read in dse.ldif. >> >> https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160880&action=diff >> > > This may well fix my bug > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239754 > I don't think so. I think the crash you reported was in slapd? Nathan's fix is for the snmp subagent. > Andrew Bartlett > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Thu Aug 9 05:57:57 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 09 Aug 2007 15:57:57 +1000 Subject: [Fedora-directory-devel] Please Review: (251262) ldap-agent needs to find slapd.stats file dynamically In-Reply-To: <46BA7B0F.3020908@redhat.com> References: <46B8F6B0.5010602@redhat.com> <46B9621F.9010806@redhat.com> <1186622228.6819.84.camel@localhost.localdomain> <46BA7B0F.3020908@redhat.com> Message-ID: <1186639077.6819.99.camel@localhost.localdomain> On Wed, 2007-08-08 at 20:25 -0600, Richard Megginson wrote: > Andrew Bartlett wrote: > > On Tue, 2007-08-07 at 23:26 -0700, Nathan Kinder wrote: > > > >> Rich brought up a good point in the bug report about the need to handle > >> wrapped lines in the dse.ldif. > >> > >> This new set of diffs addresses this concern by using the ldif parsing > >> functions from the libldif library that is part of the Mozilla LDAP C > >> SDK. I > >> also did some error checking cleanup, particularly ensuring that we > >> close any > >> files that we opened if we encounter an error condition while processing the > >> config. > >> > >> I have also tested that these changes work when there is a wrapped line for > >> one of the attributes that we read in dse.ldif. > >> > >> https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160880&action=diff > >> > > > > This may well fix my bug > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239754 > > > I don't think so. I think the crash you reported was in slapd? > Nathan's fix is for the snmp subagent. Sure, but the issue starts because we could feed in invalid ldif in the dse.ldif. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Mon Aug 13 15:10:09 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Mon, 13 Aug 2007 09:10:09 -0600 Subject: [Fedora-directory-devel] Please review: Bug 251549: Change filesystem path naming from "fedora-ds" to "dirsrv" Message-ID: <46C07451.9070203@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251549 Resolves: bug 251549 Bug Description: Change filesystem path naming from "fedora-ds" to "dirsrv" Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Mostly just changing the package name in configure.ac, and making sure we consistently use that in path naming (e.g. /etc/@PACKAGE_NAME@ or /etc/@PACKAGE_NAME_BASE@ for adminserver). Platforms tested: RHEL4, FC6 Flag Day: no Doc impact: Oh yes. QA impact: Any existing tests that depend on /path/brand-ds will need to change to use dirsrv. It is highly encouraged to use a macro or variable for the package name in any scripts to minimize the impact of future package name changes. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=161180&action=diff https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=160997&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Mon Aug 13 20:44:48 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Mon, 13 Aug 2007 13:44:48 -0700 Subject: [Fedora-directory-devel] Please Review: (252036) Message-ID: <46C0C2C0.1080502@redhat.com> Resolves: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=252036 Bug Description: The context-sensitive online help needs to be added to the fedora-ds-console package. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The proposed fix adds the online help files into the source tree as well as including the files in the fedora-ds-console package. Platforms tested: FC6 Flag Day: no Doc impact: no Diffs - https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=161231&action=diff New Files - https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=161232 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From clahti at gmail.com Wed Aug 15 01:10:05 2007 From: clahti at gmail.com (Christian Lahti) Date: Tue, 14 Aug 2007 18:10:05 -0700 Subject: [Fedora-directory-devel] Fedora Directory Server Toolkit Message-ID: Announcing developer release of FDS Tookit http://fdstools.sourceforge.net fdstools is a suite of management tools for Fedora Directory Server (FDS) licensed under the GPL. This includes a perl module which provides and API for managing all aspects of posix, samba, aix, and computer accounts as well as automount maps. Additionally command line tools and a Webmin module are provided that use the API to accomplish all these management tasks. This project was born mainly because most of the available tools out there are geared toward managing these objects in OpenLDAP, and there are subtle differences with FDS. Additionally the (excellent) java console provided with FDS does not manage shadow, samba, or AIX attributes, and there are people who do not wish to or cannot run Java on their systems. The design goals (which most other tools seem to be lacking in one form or another) are: - Provide a rich API of functions with very few external dependencies - Consistent function naming and parameter formats where applicable - Use and enforce Password Policies if they are specified - Use and enforce account lockout parameters - Properly handle error states (i.e. don't DIE in the API, set an error and return to the client for further handling) - Provide optional logging of client operations - Provide command line utilities that use the API to perform user/group/computer management tasks - Provide Webmin module that uses the API to perform user/group/computer management tasks - Long term goal of providing a lightweight alternative to the java console for server administrative tasks Project Status - The command line portion is feature complete (alpha quality) and we are seeking testers - The GUI portion coding is underway Please see the project page for more information /Christian -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhosoi at redhat.com Wed Aug 22 02:31:35 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Tue, 21 Aug 2007 19:31:35 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 253811] RFE: registration tool (register-ds-admin.pl) In-Reply-To: References: Message-ID: <46CBA007.4000905@redhat.com> Summary: RFE: registration tool (register-ds-admin.pl) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253811 Description of problem: 1. if ldap servers are installed at the non-standard location using .inf file (as quickinstall does), register-ds-admin.pl cannot find them. 2. there should be some way to select ldap servers not to register on the Configuration Directory Server. ------- Additional Comments From nhosoi at redhat.com 2007-08-21 22:09 EST ------- Created an attachment (id=162024) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=162024&action=view) cvs diff (adminserver) Files: admserv/newinst/src/AdminUtil.pm.in admserv/newinst/src/RegDSDialogs.pm admserv/newinst/src/register-ds-admin.pl.in admserv/newinst/src/register-ds-admin.res.in Change description: 1. Added a question if there is DS located at a non-standard place; if any ask for the path. The question is repeated till empty input (return) is given. 2. Changed the instances data structure to hash to make the comparison easy to check whether the path and server instance name pair is already in the hash or not. 3. When registering the sub DSes, it prompts for the Directory Manager password. If empty password (return) is given, the server is not registered. ------- Additional Comments From nhosoi at redhat.com 2007-08-21 22:27 EST ------- Created an attachment (id=162025) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=162025&action=view) sample usage Thanks, --noriko -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Aug 23 20:38:08 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 23 Aug 2007 13:38:08 -0700 Subject: [Fedora-directory-devel] Please Review: (243221) AD Directory sync fails if attribute 'initials' has too many characters in one of the entries Message-ID: <46CDF030.9090206@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243221 Resolves: bug 243221 Bug Description: The directory synchronization between DS and Active Directory fails if an entry has an initials attribute containing too many characters. There is no constraint on the DS side, so the sync should handle this better than failing. It should ignore the attribute or truncate it and flag a warning, or skip the invalid entry. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: These diffs address the attribute length constraint of the "initials" attribute by trimming attribute values larger than the 6 character limit imposed by AD. This trimming occurs in the DS -> AD direction only. What this means is that you can store an initials attribute value of "longname" in DS, but the value will be trimmed to "longna" when sent to AD. This trimmed attribute will not be synch'd back to DS on the next Dirsync operation. This case is handled by only comparing the first 6 characters of the initials attribute value when changes go in the AD -> DS direction. Platforms tested: FC6 Flag Day: no Doc impact: Yes. We should document the trimming behavior of the initials attribute. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=172375&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Fri Aug 24 22:22:24 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 24 Aug 2007 15:22:24 -0700 Subject: [Fedora-directory-devel] Please Review: (207893) importing users with crypted passwords results in a AD->DS sync loop Message-ID: <46CF5A20.7090504@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207893 Resolves: bug 207893 Bug Description: Adding a pre-hashed password to DS when using Windows Password Syncronization will trigger a loop condition of password updates. The DS will send the hashed password to AD, which thinks it's clear-text. AD stores the password, attempts to bind to DS using the hash (which of course fails), so it sends the hashed password back to DS. This goes round and round. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: This fix first checks if there is a password storage scheme at the beginning of the userpassword attribute value before syncing it. If there is a storage scheme present, a message is logged at the replication logging level that this hashed password is being skipped instead of just trying to sync it. If someone adds a password with the clear prefix on it to DS (such as "{clear}secret"), we will detect that and strip off the "{clear}" prefix before sending it to AD. All other passwords that start with the "{" character and contain the "}" character somewhere else in the password will be considered to be already hashed. Platforms tested: FC6 & Windows 2003 Server Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=172462&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From peter.djalaliev at gmail.com Tue Aug 28 17:54:06 2007 From: peter.djalaliev at gmail.com (Peter Djalaliev) Date: Tue, 28 Aug 2007 13:54:06 -0400 Subject: [Fedora-directory-devel] problems with VirtualHosts using Apache/mod_nss Message-ID: <3032cfcd0708281054w5d28e296md852ae7e4ceac6f6@mail.gmail.com> Hello, We have Apache configured with a number of virtual hosts, each of them with a different TLS certificate (all stored in the same NSS database). There is one VirtualHost named with the IP address of the server (W.X.Y.Z). The other VirtualHosts were configured for domain names that resolve to IP address W.X.Y.Z. Now, if we connect to Apache from a browser using W.X.Y.Z, we get the right certificate - the one that I specified for the W.X.Y.Z VirtualHost. However, if we connect using any of the domain names (which all resolve to W.X.Y.Z), we still get the W.X.Y.Z certificate, instead of the one specified for that domain's VirtualHost. Each certificate is created using the IP address or domain name as the common name. For example, the W.X.Y.Z certificate has W.X.Y.Z as common name; the certificates for each domain name use the corresponding domain name as common name. Can anybody hint me into what we might be doing wrong? I can post configuration file details, if needed. Thanks, Peter -------------- next part -------------- An HTML attachment was scrubbed... URL: