From rmeggins at redhat.com Wed Jun 6 23:05:17 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 06 Jun 2007 17:05:17 -0600 Subject: [Fedora-directory-devel] New setup code Message-ID: <46673DAD.9080108@redhat.com> We've decided to scrap the setuputil code because it's just too old and crufty to maintain. We are going to replace the existing functionality with perl scripts (yes, you perl haters out there, not my first choice either, but modern versions of perl are readily available on all of the platforms we plan to support). The upside is that the setup code will be considerably simpler and easier to change/maintain. You can find the details here - http://directory.fedoraproject.org/wiki/New_Setup_Design -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Thu Jun 7 00:18:00 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 07 Jun 2007 10:18:00 +1000 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <46673DAD.9080108@redhat.com> References: <46673DAD.9080108@redhat.com> Message-ID: <1181175480.18882.84.camel@localhost.localdomain> On Wed, 2007-06-06 at 17:05 -0600, Richard Megginson wrote: > We've decided to scrap the setuputil code because it's just too old and > crufty to maintain. We are going to replace the existing functionality > with perl scripts (yes, you perl haters out there, not my first choice > either, but modern versions of perl are readily available on all of the > platforms we plan to support). The upside is that the setup code will > be considerably simpler and easier to change/maintain. You can find the > details here - http://directory.fedoraproject.org/wiki/New_Setup_Design Any chance of killing ds_newinst while you are at it? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Thu Jun 7 01:04:18 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 06 Jun 2007 19:04:18 -0600 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <1181175480.18882.84.camel@localhost.localdomain> References: <46673DAD.9080108@redhat.com> <1181175480.18882.84.camel@localhost.localdomain> Message-ID: <46675992.80000@redhat.com> Andrew Bartlett wrote: > On Wed, 2007-06-06 at 17:05 -0600, Richard Megginson wrote: > >> We've decided to scrap the setuputil code because it's just too old and >> crufty to maintain. We are going to replace the existing functionality >> with perl scripts (yes, you perl haters out there, not my first choice >> either, but modern versions of perl are readily available on all of the >> platforms we plan to support). The upside is that the setup code will >> be considerably simpler and easier to change/maintain. You can find the >> details here - http://directory.fedoraproject.org/wiki/New_Setup_Design >> > > Any chance of killing ds_newinst while you are at it? > Well - what do you have in mind to replace it? > Andrew Bartlett > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From abartlet at samba.org Thu Jun 7 01:23:30 2007 From: abartlet at samba.org (Andrew Bartlett) Date: Thu, 07 Jun 2007 11:23:30 +1000 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <46675992.80000@redhat.com> References: <46673DAD.9080108@redhat.com> <1181175480.18882.84.camel@localhost.localdomain> <46675992.80000@redhat.com> Message-ID: <1181179410.18882.89.camel@localhost.localdomain> On Wed, 2007-06-06 at 19:04 -0600, Richard Megginson wrote: > Andrew Bartlett wrote: > > On Wed, 2007-06-06 at 17:05 -0600, Richard Megginson wrote: > > > >> We've decided to scrap the setuputil code because it's just too old and > >> crufty to maintain. We are going to replace the existing functionality > >> with perl scripts (yes, you perl haters out there, not my first choice > >> either, but modern versions of perl are readily available on all of the > >> platforms we plan to support). The upside is that the setup code will > >> be considerably simpler and easier to change/maintain. You can find the > >> details here - http://directory.fedoraproject.org/wiki/New_Setup_Design > >> > > > > Any chance of killing ds_newinst while you are at it? > > > Well - what do you have in mind to replace it? It just seemed that the C code in create_instance.c desperately wanted to be rewritten in a scripting language, perhaps with something more easily adapted to being both a web app and a command-line binary. I don't have any more plans or thoughts than that. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rmeggins at redhat.com Thu Jun 7 01:35:41 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 06 Jun 2007 19:35:41 -0600 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <1181179410.18882.89.camel@localhost.localdomain> References: <46673DAD.9080108@redhat.com> <1181175480.18882.84.camel@localhost.localdomain> <46675992.80000@redhat.com> <1181179410.18882.89.camel@localhost.localdomain> Message-ID: <466760ED.5020902@redhat.com> Andrew Bartlett wrote: > On Wed, 2007-06-06 at 19:04 -0600, Richard Megginson wrote: > >> Andrew Bartlett wrote: >> >>> On Wed, 2007-06-06 at 17:05 -0600, Richard Megginson wrote: >>> >>> >>>> We've decided to scrap the setuputil code because it's just too old and >>>> crufty to maintain. We are going to replace the existing functionality >>>> with perl scripts (yes, you perl haters out there, not my first choice >>>> either, but modern versions of perl are readily available on all of the >>>> platforms we plan to support). The upside is that the setup code will >>>> be considerably simpler and easier to change/maintain. You can find the >>>> details here - http://directory.fedoraproject.org/wiki/New_Setup_Design >>>> >>>> >>> Any chance of killing ds_newinst while you are at it? >>> >>> >> Well - what do you have in mind to replace it? >> > > It just seemed that the C code in create_instance.c desperately wanted > to be rewritten in a scripting language, perhaps with something more > easily adapted to being both a web app and a command-line binary. > Yeah, that would be nice. We'll see what we can do. But in the meantime, the new work we are doing wraps ds_newinst with a much more user friendly interface, and ds_newinst can already be used as a CGI. > I don't have any more plans or thoughts than that. > > Andrew Bartlett > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From kmacmill at redhat.com Thu Jun 7 14:09:19 2007 From: kmacmill at redhat.com (Karl MacMillan) Date: Thu, 07 Jun 2007 10:09:19 -0400 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <466760ED.5020902@redhat.com> References: <46673DAD.9080108@redhat.com> <1181175480.18882.84.camel@localhost.localdomain> <46675992.80000@redhat.com> <1181179410.18882.89.camel@localhost.localdomain> <466760ED.5020902@redhat.com> Message-ID: <1181225359.7049.10.camel@localhost.localdomain> On Wed, 2007-06-06 at 19:35 -0600, Richard Megginson wrote: > Andrew Bartlett wrote: > > On Wed, 2007-06-06 at 19:04 -0600, Richard Megginson wrote: > > > >> Andrew Bartlett wrote: > >> > >>> On Wed, 2007-06-06 at 17:05 -0600, Richard Megginson wrote: > >>> > >>> > >>>> We've decided to scrap the setuputil code because it's just too old and > >>>> crufty to maintain. We are going to replace the existing functionality > >>>> with perl scripts (yes, you perl haters out there, not my first choice > >>>> either, but modern versions of perl are readily available on all of the > >>>> platforms we plan to support). The upside is that the setup code will > >>>> be considerably simpler and easier to change/maintain. You can find the > >>>> details here - http://directory.fedoraproject.org/wiki/New_Setup_Design > >>>> > >>>> > >>> Any chance of killing ds_newinst while you are at it? > >>> > >>> > >> Well - what do you have in mind to replace it? > >> > > > > It just seemed that the C code in create_instance.c desperately wanted > > to be rewritten in a scripting language, perhaps with something more > > easily adapted to being both a web app and a command-line binary. > > > Yeah, that would be nice. We'll see what we can do. But in the > meantime, the new work we are doing wraps ds_newinst with a much more > user friendly interface, and ds_newinst can already be used as a CGI. The most important thing to me - kill required .inf files in favor of commandline options. Those .inf files make scripting the setup a pain - especially since they want unencrypted passwords. Karl From kmacmill at redhat.com Thu Jun 7 14:10:05 2007 From: kmacmill at redhat.com (Karl MacMillan) Date: Thu, 07 Jun 2007 10:10:05 -0400 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <46673DAD.9080108@redhat.com> References: <46673DAD.9080108@redhat.com> Message-ID: <1181225405.7049.12.camel@localhost.localdomain> On Wed, 2007-06-06 at 17:05 -0600, Richard Megginson wrote: > We've decided to scrap the setuputil code because it's just too old and > crufty to maintain. We are going to replace the existing functionality > with perl scripts (yes, you perl haters out there, not my first choice > either, but modern versions of perl are readily available on all of the > platforms we plan to support). The upside is that the setup code will > be considerably simpler and easier to change/maintain. You can find the > details here - http://directory.fedoraproject.org/wiki/New_Setup_Design What's the timeframe here? For what release? Karl From rmeggins at redhat.com Thu Jun 7 21:53:13 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 07 Jun 2007 15:53:13 -0600 Subject: [Fedora-directory-devel] Please review: Bug 243205: allow instance creation with no .inf file; allow pre-hashed RootDNPwd Message-ID: <46687E49.4090708@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243205 Resolves: bug 243205 Bug Description: allow instance creation with no .inf file; allow pre-hashed RootDNPwd Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: You can now use ds_newinst.pl without (or with) a .inf file like this: ds_newinst.pl General.SuiteSpotUserID=nobody slapd.ServerPort=3890 .... The parameters can be supplied via the command line. The format of the parameter is section.param=value. Normal shell quoting rules apply, so you still have to do something like this: ds_newinst.pl "slapd.Suffix=dc=example, dc=com" for embedded spaces and the like. If you supply a filename (or '-'), it must be the first argument after ds_newinst.pl. If you then supply additional arguments after the filename, these will override the settings in the given inf file. So, for example, you could reuse the same .inf file, except provide a different hostname: ds_newinst.pl basefile.inf General.FullMachineName=bar.example.com This allows you to use the same base .inf file for several machines, and only change certain parameters on a per-machine basis. ds_newinst.pl will now fill in some default values - it will use Net::Domain::hostfqdn for FullMachineName, and your login ID for SuiteSpotUserID (however, not if running ds_newinst.pl as root), and will construct the Suffix and ServerIdentifier based on the FullMachineName. RootDN will default to cn=Directory Manager. ServerRoot is no longer required. Another enhancement is the ability to provide a pre-hashed password for the RootDNPwd parameter, to avoid having to pass around the clear text directory manager password. However, some caveats apply. If the password begins with one of the well known hash algorithms (e.g. {SHA, {SSHA, etc.), ds_newinst will assume it is already hashed. This may cause problems if users expect to be able to provide a clear text password such as {SSHA}text, but I seriously doubt anyone does that (famous last words . . .). Another problem is that the code as it currently stands uses the clear text password to bind to the server after starting the server to add some additional entries and ACIs. This cannot be done if a pre-hashed password is provided (but we're working on a solution to that problem too). write_ldap_info() is no longer needed. Finally, a couple of minor bug fixes. Platforms tested: RHEL4 Flag Day: no Doc impact: Yes. There will be some documentation changes required. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156518&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Jun 7 22:43:27 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 07 Jun 2007 16:43:27 -0600 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <1181225359.7049.10.camel@localhost.localdomain> References: <46673DAD.9080108@redhat.com> <1181175480.18882.84.camel@localhost.localdomain> <46675992.80000@redhat.com> <1181179410.18882.89.camel@localhost.localdomain> <466760ED.5020902@redhat.com> <1181225359.7049.10.camel@localhost.localdomain> Message-ID: <46688A0F.7060900@redhat.com> Karl MacMillan wrote: > > The most important thing to me - kill required .inf files in favor of > commandline options. Those .inf files make scripting the setup a pain - > especially since they want unencrypted passwords. > Done. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243205 > Karl > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Jun 7 22:44:23 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 07 Jun 2007 16:44:23 -0600 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <1181225405.7049.12.camel@localhost.localdomain> References: <46673DAD.9080108@redhat.com> <1181225405.7049.12.camel@localhost.localdomain> Message-ID: <46688A47.2000909@redhat.com> Karl MacMillan wrote: > On Wed, 2007-06-06 at 17:05 -0600, Richard Megginson wrote: > >> We've decided to scrap the setuputil code because it's just too old and >> crufty to maintain. We are going to replace the existing functionality >> with perl scripts (yes, you perl haters out there, not my first choice >> either, but modern versions of perl are readily available on all of the >> platforms we plan to support). The upside is that the setup code will >> be considerably simpler and easier to change/maintain. You can find the >> details here - http://directory.fedoraproject.org/wiki/New_Setup_Design >> > > What's the timeframe here? For what release? > We're targeting this for the Fedora DS 1.1 release. I think we should have something for folks to try out by the end of the month. > Karl > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Jun 7 23:03:44 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 07 Jun 2007 17:03:44 -0600 Subject: [Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server Message-ID: <46688ED0.7040608@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 Resolves: bug 237356 Bug Description: Move DS Admin Code into Admin Server Reviewed by: ??? Files: in addition to the diff ldapserver/ldap/admin/src/scripts/DSDialogs.pm ldapserver/ldap/admin/src/scripts/Dialog.pm ldapserver/ldap/admin/src/scripts/DialogManager.pm ldapserver/ldap/admin/src/scripts/Inf.pm ldapserver/ldap/admin/src/scripts/Resource.pm ldapserver/ldap/admin/src/scripts/Setup.pm.in ldapserver/ldap/admin/src/scripts/SetupDialogs.pm ldapserver/ldap/admin/src/scripts/SetupLog.pm ldapserver/ldap/admin/src/scripts/Util.pm ldapserver/ldap/admin/src/scripts/setup-ds.pl.in ldapserver/ldap/admin/src/scripts/setup-ds.res.in Branch: HEAD Fix Description: This adds the setup related perl modules, scripts, and resource files to the DS base code. This will allow a user to interactively setup (create an instance of) a directory server. This will also form the base of the work to add the console and admin server related setup code. New files/directories: $libdir/fedora-ds/perl - this is where the perl modules (Setup.pm, etc.) will be installed. $bindir/setup-ds.pl - the script to use to interactively create an instance of directory server. This has use lib '$libdir/fedora-ds/perl' hard coded into it at build time, in order to find the "private" setup perl modules. If you invoke this script in silent mode (setup-ds.pl -s) then it is exactly the same as just using ds_newinst.pl. $sysconfdir/fedora-ds/property/setup-ds.res - Resources for setup-ds.pl and the associated modules. I also fixed a problem with the libns-dshttpd linkage. Platforms tested: RHEL4 Flag Day: no Doc impact: Yes. All of these new items will need to be documented. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156525&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From kmacmill at redhat.com Fri Jun 8 14:23:28 2007 From: kmacmill at redhat.com (Karl MacMillan) Date: Fri, 08 Jun 2007 10:23:28 -0400 Subject: [Fedora-directory-devel] New setup code In-Reply-To: <46688A0F.7060900@redhat.com> References: <46673DAD.9080108@redhat.com> <1181175480.18882.84.camel@localhost.localdomain> <46675992.80000@redhat.com> <1181179410.18882.89.camel@localhost.localdomain> <466760ED.5020902@redhat.com> <1181225359.7049.10.camel@localhost.localdomain> <46688A0F.7060900@redhat.com> Message-ID: <1181312608.13633.2.camel@localhost.localdomain> On Thu, 2007-06-07 at 16:43 -0600, Richard Megginson wrote: > Karl MacMillan wrote: > > > > The most important thing to me - kill required .inf files in favor of > > commandline options. Those .inf files make scripting the setup a pain - > > especially since they want unencrypted passwords. > > > Done. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243205 Thanks - when will this hit Fedora? Karl From rmeggins at redhat.com Fri Jun 8 20:49:58 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 08 Jun 2007 14:49:58 -0600 Subject: [Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server Message-ID: <4669C0F6.8060105@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 Resolves: bug 237356 Bug Description: Move DS Admin Code into Admin Server Reviewed by: ??? Files: see diff + new files: adminserver/admserv/newinst/src/ASDialogs.pm.in adminserver/admserv/newinst/src/setup-ds-admin.pl.in adminserver/admserv/newinst/src/setup-ds-admin.res.in Branch: HEAD Fix Description: This adds the admin server specific setup "ui" and main script driver. Some of the values are currently missing because they don't yet have ui support. These are commented out in setup-ds-admin.pl. But at least this gives us the framework to add support for config DS creation, server registration, and other post config stuff. Platforms tested: RHEL4 Flag Day: no Doc impact: Yes, along with the rest of the new setup stuff. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156614&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Tue Jun 12 23:48:35 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Tue, 12 Jun 2007 16:48:35 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 237356] Move DS Admin Code into Admin Server (server registration script) In-Reply-To: <200706122340.l5CNeBGU007967@bugzilla.redhat.com> References: <200706122340.l5CNeBGU007967@bugzilla.redhat.com> Message-ID: <466F30D3.3080507@redhat.com> Summary: Move DS Admin Code into Admin Server https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 The script register_server.pl and its ldif template files / map file are going to be used by the new Setup module to register the servers to the Configuration Directory Server. ------- Additional Comments From nhosoi at redhat.com 2007-06-12 19:40 EST ------- Created an attachment (id=156834) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156834&action=view) cvs diff Makefile.am and new files (including server registration script) Enhanced the proposal in the Comment #37. (attached at the bottom) [New functionalities] 1. support registering multiple DSes -i "setup0000.inf setup0001.inf setup0002.inf ..." 2. added a fresh registeration option "-F" by default, addition mode 3. tighter error checking and better error reporting # Usage: register_server.pl [ -h ] [ -p ] [ -D ] \ # -w [ -d ] \ # -i -m ... # # Description: Store server info stored in the ldiffiles to the Configuration # Directory Server replacing the macros with the defined values # in the map file. # # -h : configuration server host (localhost, by default) # -p : configuration server port (389) # -D : configuration server's rootdn ("cn=Directory Manager") # -w : configuration server's rootdn password # -d : the directory where static .inf files are located # ("/usr/share/fedora-ds/inf") # -i : dynamic .inf file(s) # -m : map file name # ...: ldif file(s) or template ldif file(s) to be stored in # the Configuration Directory Server Comment #37 From Noriko Hosoi (nhosoi at redhat.com ) on 2007-06-06 16:11 EST [reply ] Private Created an attachment (id=156389) [edit ] cvs diff Makefile.am and new files Modifiled File: Makefile.am Change description: - Added following new files to install - Added PACKAGE_BASE_NAME and helpdir to the fixupcmd to substitute in the build New Files: admserv/newinst/src/register_param.map.in --- parameter map file used by register_server.pl to resolve the %...% format parameters in the template ldif files. admserv/newinst/src/register_server.pl.in --- script to resolve the parameters in the template ldif files and add the server info entries to the Configuration Directory Server. This script is supposed to be called after the server instance creation. admserv/schema/ldif/00nsroot_backend.ldif admserv/schema/ldif/01nsroot.ldif.tmpl admserv/schema/ldif/02globalpreferences.ldif.tmpl admserv/schema/ldif/10dsdata.ldif.tmpl admserv/schema/ldif/11dstasks.ldif.tmpl admserv/schema/ldif/20asdata.ldif.tmpl admserv/schema/ldif/21astasks.ldif.tmpl admserv/schema/ldif/22ascommands.ldif.tmpl --- (template) ldif files -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Wed Jun 13 18:18:42 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 13 Jun 2007 11:18:42 -0700 Subject: [Fedora-directory-devel] Commit: [Bug 237356] Move DS Admin Code into Admin Server (server registration script) In-Reply-To: <466F30D3.3080507@redhat.com> References: <200706122340.l5CNeBGU007967@bugzilla.redhat.com> <466F30D3.3080507@redhat.com> Message-ID: <46703502.1060603@redhat.com> Summary: Move DS Admin Code into Admin Server https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 ------- Additional Comments From nhosoi at redhat.com 2007-06-13 13:50 EST ------- Created an attachment (id=156895) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156895&action=view) cvs commit message (comment #58) Reviewed by Rich (Thank you!!) Checked in into HEAD. > Summary: Move DS Admin Code into Admin Server > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 > > The script register_server.pl and its ldif template files / map file > are going > to be used by the new Setup module to register the servers to the > Configuration > Directory Server. > > ------- Additional Comments From nhosoi at redhat.com 2007-06-12 19:40 > EST ------- > Created an attachment (id=156834) > --> > (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156834&action=view) > > cvs diff Makefile.am and new files (including server registration script) > > Enhanced the proposal in the Comment #37. (attached at the bottom) > > [New functionalities] > 1. support registering multiple DSes > -i "setup0000.inf setup0001.inf setup0002.inf ..." > 2. added a fresh registeration option "-F" > by default, addition mode > 3. tighter error checking and better error reporting > > # Usage: register_server.pl [ -h ] [ -p ] [ -D ] \ > # -w [ -d ] \ > # -i -m ... > # > # Description: Store server info stored in the ldiffiles to the > Configuration > # Directory Server replacing the macros with the defined values > # in the map file. > # > # -h : configuration server host (localhost, by default) > # -p : configuration server port (389) > # -D : configuration server's rootdn ("cn=Directory Manager") > # -w : configuration server's rootdn password > # -d : the directory where static .inf files are located > # ("/usr/share/fedora-ds/inf") > # -i : dynamic .inf file(s) > # -m : map file name > # ...: ldif file(s) or template ldif file(s) to be stored in > # the Configuration Directory Server > > > > Comment #37 > From > Noriko Hosoi (nhosoi at redhat.com ) > > > > on 2007-06-06 16:11 EST > > > > [reply > ] > > > > > Private > > Created an attachment (id=156389) > [edit > ] > > cvs diff Makefile.am and new files > > Modifiled File: > Makefile.am > Change description: > - Added following new files to install > - Added PACKAGE_BASE_NAME and helpdir to the fixupcmd to substitute > in the build > > New Files: > admserv/newinst/src/register_param.map.in > --- parameter map file used by register_server.pl to resolve the %...% > format parameters in the template ldif files. > admserv/newinst/src/register_server.pl.in > --- script to resolve the parameters in the template ldif files and > add > the server info entries to the Configuration Directory Server. > This script is supposed to be called after the server instance > creation. > admserv/schema/ldif/00nsroot_backend.ldif > admserv/schema/ldif/01nsroot.ldif.tmpl > admserv/schema/ldif/02globalpreferences.ldif.tmpl > admserv/schema/ldif/10dsdata.ldif.tmpl > admserv/schema/ldif/11dstasks.ldif.tmpl > admserv/schema/ldif/20asdata.ldif.tmpl > admserv/schema/ldif/21astasks.ldif.tmpl > admserv/schema/ldif/22ascommands.ldif.tmpl > --- (template) ldif files > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Fri Jun 15 01:28:17 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Thu, 14 Jun 2007 18:28:17 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 244325] init script for the Admin Server In-Reply-To: References: Message-ID: <4671EB31.5020700@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244325 Summary: init script for the Admin Server Product: Fedora Directory Server Version: 1.0.4 Platform: All OS/Version: Linux Status: NEW Severity: low Priority: low Component: Admin AssignedTo: nhosoi at redhat.com ReportedBy: nhosoi at redhat.com QAContact: ohegarty at redhat.com Estimated Hours: 0.0 Description of problem: Adding init script (fedora-ds-admin). ------- Additional Comments From nhosoi at redhat.com 2007-06-14 21:22 EST ------- Created an attachment (id=157057) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157057&action=view) cvs diff configure.ac Makefile.am + new wrappers/initscript.in ------- Additional Comments From nhosoi at redhat.com 2007-06-14 21:25 EST ------- test results: $ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin condrestart Shutting down fedora-ds-admin: [ OK ] Starting fedora-ds-admin: [ OK ] $ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin stop Shutting down fedora-ds-admin: [ OK ] $ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin start Starting fedora-ds-admin: [ OK ] $ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin restart Shutting down fedora-ds-admin: [ OK ] Starting fedora-ds-admin: [ OK ] $ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin status fedora-ds-admin (pid 31215) is running... Note: sorry, the Makefile.am diff contains the fix for "Bug 237356 : Move DS Admin Code into Admin Server" as well, which is also waiting for the review... Thanks, --noriko -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Mon Jun 18 22:01:49 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Mon, 18 Jun 2007 15:01:49 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth In-Reply-To: References: Message-ID: <467700CD.5060701@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749 Summary: Configure Pass Thru Auth Product: Fedora Directory Server Version: 1.0.4 Platform: All OS/Version: Linux Status: NEW Severity: low Priority: low Component: Admin AssignedTo: nhosoi at redhat.com ReportedBy: nhosoi at redhat.com QAContact: ohegarty at redhat.com Estimated Hours: 0.0 Description of problem: Rich gave me this clue> Configure Pass Thru Auth should really be called "set up ds instance to be managed by the console". This includes setting up pass through auth to o=NetscapeRoot, and some additional acis added to cn=schema, cn=config and cn=monitor to allow the console admin access to those subtrees (i.e. the aci stuff from cfg_sspt.c and configure_instance.cpp). ------- Additional Comments From nhosoi at redhat.com 2007-06-18 17:56 EST ------- Created an attachment (id=157336) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157336&action=view) cvs diff 01nsroot.ldif.tmpl 20asdata.ldif.tmpl Files: adminserver/admserv/schema/ldif/ 01nsroot.ldif.tmpl 20asdata.ldif.tmpl Changes: Adding ACIs to allow the Admin users to access substrees under the o=NetscapeRoot -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Jun 19 15:49:58 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 19 Jun 2007 09:49:58 -0600 Subject: [Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server - ldif templates, pwdhash Message-ID: <4677FB26.1090900@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 Resolves: bug 237356 Bug Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash Reviewed by: ??? Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157381 Branch: HEAD Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code. 1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2). 2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum. 3) Added defaultuser and defaultgroup. 4) Added support for continuation lines in Inf files. 5) All user visible messages during setup should be localizable Platforms tested: RHEL4 Flag Day: Yes, autotool file changes. Doc impact: Yes, along with the previous fixes for this bug. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157378&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Jun 19 16:05:52 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 19 Jun 2007 10:05:52 -0600 Subject: [Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server - admin server setup Message-ID: <4677FEE0.1080709@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 Resolves: bug 237356 Bug Description: Move DS Admin Code into Admin Server - admin server setup Reviewed by: ??? Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157390 Branch: HEAD Fix Description: This implements support for admin server configuration and reconfiguration, so that we can remove setuputil related code from admserv/newinst/src. The basic flow is this: Ask user basic information. Ask user if they want to either use an existing config ds or setup a new one. If the user selects No, the code will gather information, create the directory server, and set it up to be the configuration DS. Otherwise, it will just create the directory server and register it with the existing config DS. The code will also create and setup and start the admin server, or reconfigure it and restart it as needed. Note that setup-ds-admin.pl assumes that a config DS is to be used. If you want to setup a directory server instance without using a config ds, use setup-ds.pl instead. Platforms tested: RHEL4 Flag Day: Yes - autotool changes Doc impact: Yes. https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157388&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Tue Jun 19 23:12:59 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Tue, 19 Jun 2007 17:12:59 -0600 Subject: [Fedora-directory-devel] Please review: Bug 244937: mod_admserv: Should do client TLS/SSL init even if mod_nss not used Message-ID: <467862FB.6070102@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244937 Resolves: bug 244937 Bug Description: mod_admserv: Should do client TLS/SSL init even if mod_nss not used Reviewed by: ??? Files: mod_admserv.c Branch: HEAD Fix Description: The way the code currently works is that mod_admserv let's mod_nss do all of the NSS initialization. But mod_nss is only used when the admin server is also a TLS/SSL server. mod_admserv still needs to do NSS initialization when it is a TLS/SSL client (e.g. of the config DS using LDAPS). This fix allows mod_admserv to do the client side TLS/SSL init. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157430&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Wed Jun 20 15:14:16 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 20 Jun 2007 09:14:16 -0600 Subject: [Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server - support cacert for configds, fix permissions Message-ID: <46794448.2070500@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356 Resolves: bug 237356 Bug Description: Move DS Admin Code into Admin Server - support cacert for configds, fix permissions. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: If the Config DS is set up to use TLS/SSL, we should allow the admin to setup a new admin server to use TLS/SSL with the Config DS. The user may supply either a cacert file in ascii/pem format, or just set the CACertificate param in the .inf file to the actual ascii value. This latter option allows you to have a single .inf file that you can carry around to all of your servers that you want to set up, instead of having to have an additional file for the cacert. However, it only works for the initial setup. It should probably detect if the cacert already exists and just use it if so. File permissions need to be set correctly. The code that deals with file and directory creation should ensure that permissions are set properly. This mostly applies to the configdir, so that the config files needed to be read and written by the admin server have the correct permissions and ownership. Also fixed a minor bug about changing the admin server port, and with detecting if there is an existing config ds to use or not. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157471&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Wed Jun 20 21:36:10 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 20 Jun 2007 14:36:10 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth In-Reply-To: <200706202123.l5KLNYn7001676@bugzilla.redhat.com> References: <200706202123.l5KLNYn7001676@bugzilla.redhat.com> Message-ID: <46799DCA.4060808@redhat.com> Summary: Configure Pass Thru Auth https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749 Adding ACIs to allow the Admin CGIs and Console to access the server info. ------- Additional Comments From nhosoi at redhat.com 2007-06-20 17:23 EST ------- Created an attachment (id=157497) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157497&action=view) cvs diffs Modified Files: ldapserver/ldap/admin/src/scripts/Util.pm.in adminserver/admserv/schema/ldif/00nsroot_backend.ldif.tmpl 01nsroot.ldif.tmpl 20asdata.ldif.tmpl New Files: adminserver/admserv/schema/ldif/12dsconfig.mod.tmpl 13dsschema.mod.tmpl Description: 1) updated check_and_add_entry to support ldifmodify format. plus added minor fixes for comparing entries 2) adding ACIs to o=netscaperoot, cn=config, and cn=schema to allow the Admin CGIs/Console to access the server configuration info. Note: it still gives the access right to the SIE Group on o=netscaperoot, cn=config, and cn=schema: aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";) Can we just remove the ACI? Could it occur any problems to the Admin CGIs/Console? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Thu Jun 21 01:57:15 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 20 Jun 2007 18:57:15 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth In-Reply-To: <200706210151.l5L1p6dk017990@bugzilla.redhat.com> References: <200706210151.l5L1p6dk017990@bugzilla.redhat.com> Message-ID: <4679DAFB.4060202@redhat.com> Summary: Configure Pass Thru Auth https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749 ------- Additional Comments From nhosoi at redhat.com 2007-06-20 21:51 EST ------- Created an attachment (id=157508) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157508&action=view) cvs diffs Files: adminserver Makefile.am configure.ac admserv/newinst/src/admin.inf.in admserv/newinst/src/adminserver.map.in admserv/newinst/src/configdsroot.map.in admserv/newinst/src/dirserver.map.in admserv/newinst/src/register_param.map.in admserv/newinst/src/setup.inf.in ldapserver Makefile.am configure.ac ldap/admin/src/slapd.inf.in Description: Introducing BaseVersion (*.inf files) to store #.# format version number. It's generated from PACKAGE_VERSION (#.#.# format) in configure.ac. The #.# format version number is used in the jar file names: e.g., nsClassname: com.netscape.admin.dirserv.roledit.ResEditorRoleInfo at fedora-ds-1.1.jar nsClassname: com.netscape.management.admserv.task.Restart at fedora-admserv-1.1.jar@cn=admin-serv-laputa, cn=Fedora Administration Server, cn=Server Group, cn=laputa.sfbay.redhat.com, ou=sfbay.redhat.com, o=NetscapeRoot Nathan; do you think we should use the Base Version (1.1) for this ou value, too? dn: ou=1.1.0, ou=Admin, ou=Global Preferences, ou=sfbay.redhat.com, o=NetscapeRoot objectClass: top objectClass: organizationalunit objectClass: extensibleObject nsmerge: ADD_IF_EMPTY ou: 1.1.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Jun 21 02:19:34 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Wed, 20 Jun 2007 20:19:34 -0600 Subject: [Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth In-Reply-To: <4679DAFB.4060202@redhat.com> References: <200706210151.l5L1p6dk017990@bugzilla.redhat.com> <4679DAFB.4060202@redhat.com> Message-ID: <4679E036.5000307@redhat.com> Noriko Hosoi wrote: > Summary: Configure Pass Thru Auth > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749 > > > ------- Additional Comments From nhosoi at redhat.com 2007-06-20 21:51 > EST ------- > Created an attachment (id=157508) > --> > (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157508&action=view) > > cvs diffs > > Files: > adminserver > Makefile.am > configure.ac > admserv/newinst/src/admin.inf.in > admserv/newinst/src/adminserver.map.in > admserv/newinst/src/configdsroot.map.in > admserv/newinst/src/dirserver.map.in > admserv/newinst/src/register_param.map.in > admserv/newinst/src/setup.inf.in > > ldapserver > Makefile.am > configure.ac > ldap/admin/src/slapd.inf.in > > Description: Introducing BaseVersion (*.inf files) to store #.# format > version number. > It's generated from PACKAGE_VERSION (#.#.# format) in configure.ac. > The #.# > format version number is used in the jar file names: e.g., > nsClassname: > com.netscape.admin.dirserv.roledit.ResEditorRoleInfo at fedora-ds-1.1.jar > nsClassname: > com.netscape.management.admserv.task.Restart at fedora-admserv-1.1.jar@cn=admin-serv-laputa, > cn=Fedora Administration Server, cn=Server Group, > cn=laputa.sfbay.redhat.com, ou=sfbay.redhat.com, o=NetscapeRoot > > Nathan; do you think we should use the Base Version (1.1) for this ou > value, > too? Yes. > dn: ou=1.1.0, ou=Admin, ou=Global Preferences, ou=sfbay.redhat.com, > o=NetscapeRoot > objectClass: top > objectClass: organizationalunit > objectClass: extensibleObject > nsmerge: ADD_IF_EMPTY > ou: 1.1.0 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Jun 21 15:33:42 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 21 Jun 2007 08:33:42 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth In-Reply-To: <4679E036.5000307@redhat.com> References: <200706210151.l5L1p6dk017990@bugzilla.redhat.com> <4679DAFB.4060202@redhat.com> <4679E036.5000307@redhat.com> Message-ID: <467A9A56.4020705@redhat.com> Richard Megginson wrote: > Noriko Hosoi wrote: >> Summary: Configure Pass Thru Auth >> >> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749 >> >> >> ------- Additional Comments From nhosoi at redhat.com 2007-06-20 21:51 >> EST ------- >> Created an attachment (id=157508) >> --> >> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157508&action=view) >> >> cvs diffs >> >> Files: >> adminserver >> Makefile.am >> configure.ac >> admserv/newinst/src/admin.inf.in >> admserv/newinst/src/adminserver.map.in >> admserv/newinst/src/configdsroot.map.in >> admserv/newinst/src/dirserver.map.in >> admserv/newinst/src/register_param.map.in >> admserv/newinst/src/setup.inf.in >> >> ldapserver >> Makefile.am >> configure.ac >> ldap/admin/src/slapd.inf.in >> >> Description: Introducing BaseVersion (*.inf files) to store #.# >> format version number. >> It's generated from PACKAGE_VERSION (#.#.# format) in configure.ac. >> The #.# >> format version number is used in the jar file names: e.g., >> nsClassname: >> com.netscape.admin.dirserv.roledit.ResEditorRoleInfo at fedora-ds-1.1.jar >> nsClassname: >> com.netscape.management.admserv.task.Restart at fedora-admserv-1.1.jar@cn=admin-serv-laputa, >> cn=Fedora Administration Server, cn=Server Group, >> cn=laputa.sfbay.redhat.com, ou=sfbay.redhat.com, o=NetscapeRoot >> >> Nathan; do you think we should use the Base Version (1.1) for this ou >> value, >> too? > Yes. Yes. The console currently expects the 2 digit number. -NGK >> dn: ou=1.1.0, ou=Admin, ou=Global Preferences, ou=sfbay.redhat.com, >> o=NetscapeRoot >> objectClass: top >> objectClass: organizationalunit >> objectClass: extensibleObject >> nsmerge: ADD_IF_EMPTY >> ou: 1.1.0 >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-devel mailing list >> Fedora-directory-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-devel >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Jun 21 17:47:22 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 21 Jun 2007 11:47:22 -0600 Subject: [Fedora-directory-devel] Please review: Bug 245208: adminutil: Solaris port for 1.1 Message-ID: <467AB9AA.7050002@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245208 Resolves: bug 245208 Bug Description: adminutil: Solaris port for 1.1 Reviewed by: ??? Files: see diff - new file dummy.cpp Branch: HEAD Fix Description: There are several problems with building/running adminutil on Solaris. The biggest is that ICU introduces a dependency on C++. Solaris requires linking with the C++ libraries and that also requires using C++ to link as well. This means using the CXXLINK macro. However, automake will only generate this macro if it detects a C++ source file in Makefile.am. So, we have to introduce a dummy.cpp file to force automake to generate the CXXLINK macro, then use that to link the shared libraries. Accept automake version 1.10 or later. Look for mozldap6 first, then mozldap. Platforms tested: Solaris 9 64bit Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157558&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Jun 21 17:56:25 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 21 Jun 2007 11:56:25 -0600 Subject: [Fedora-directory-devel] Please review: Bug 245212: mod_admserv: Solaris port for 1.1 Message-ID: <467ABBC9.40708@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245212 Resolves: bug 245212 Bug Description: mod_admserv: Solaris port for 1.1 Reviewed by: ??? Files: see diff - new file dummy.cpp Branch: HEAD Fix Description: There are several problems with building/running mod_admserv on Solaris. The biggest is that ICU introduces a dependency on C++. Solaris requires linking with the C++ libraries and that also requires using C++ to link as well. This means using the CXXLINK macro. However, automake will only generate this macro if it detects a C++ source file in Makefile.am. So, we have to introduce a dummy.cpp file to force automake to generate the CXXLINK macro, then use that to link the module. I also added some support for Fortitude, although this will be handled by adminserver when building mod_admserv as part of adminserver. Platforms tested: Solaris 9 64bit Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157560&action=diff -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: file:///tmp/nsmail-1.tmp URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Thu Jun 21 18:12:23 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Thu, 21 Jun 2007 12:12:23 -0600 Subject: [Fedora-directory-devel] Please review: Bug 245214: adminserver: Solaris port for 1.1 Message-ID: <467ABF87.1090501@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245214 Resolves: bug 245214 Bug Description: adminserver: Solaris port for 1.1 Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Fortitude can supply different components, depending on the operating system. On Fedora, mod_nss and Apache are already there, so we don't use Fortitude. On RHEL4, we use Fortitude for mod_nss. On Solaris, we use Fortitude for Apache and mod_nss. I've created a fortitude.m4 that can handle all of these cases, and changed the existing httpd.m4 and mod_nss.m4 to first see if fortitude.m4 has found the component. configure will also pass the proper --with flags to mod_admserv and mod_restartd. ICU introduces a dependency on C++. Solaris requires linking with the C++ libraries and that also requires using C++ to link as well. This means using the CXXLINK macro. There were a few other minor porting issues which required the additional compiler defines and use of config.h. We need to set the libpath before using the @cgibindir@/config program. LIBPATH was not being set correctly on Solaris because I was using the extended sort flags instead of the standard ones. Platforms tested: Solaris 9 64bit Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157561&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From rmeggins at redhat.com Fri Jun 22 21:12:46 2007 From: rmeggins at redhat.com (Richard Megginson) Date: Fri, 22 Jun 2007 15:12:46 -0600 Subject: [Fedora-directory-devel] Please review: Bug 245369: mod_admserv: Task cache refresh uses wrong credentials Message-ID: <467C3B4E.5080606@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245369 Resolves: bug 245369 Bug Description: mod_admserv: Task cache refresh uses wrong credentials Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: When the user requests a Task url, the admin server first figures out which server instance (or product) the request is for, then checks to see if it has seen that server or product before. If not, it uses the function sync_task_sie_data() to read the task data from the SIEs and ISIEs. However, it needs to use the credentials of the currently authenticated user to do so, because the tasks are protected by ACIs, and the user should only be allowed to read those tasks the user has access to. The interface to read these tasks is not great. It expects the SIE is a user with a password, and it attempts to bind as that user, instead of the currently authenticated user. I had to hack it to force it to use the current userdn and password instead of the SIE DN and SIE password. The SIE DN and password are now deprecated for binding. There were a couple of places where the SIE was used for both the bind DN and the SIE DN. I've created another structure member for the admservSieDN for use as the SIE (the configuration base DN) instead of as a bind DN, and deprecated the use of the SIE as the bind DN elsewhere in the code. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157632&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Mon Jun 25 23:12:32 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Mon, 25 Jun 2007 16:12:32 -0700 Subject: [Fedora-directory-devel] Please Review: (245665) dsalib still relies on server root Message-ID: <46804BE0.3080401@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245665 Resolves: bug 245665 Bug Description: The dsa library in Admin Server still heavily relies on the concept of a server root. This library is used by the Directory Server cgi tasks. The dsa library should try to get paths dynamically from the Directory Server config when possible. Other paths that are not in the config, such as the location of command-line utilities, should be passed in as a define at compilation time. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: This is a first pass at cleaning up the paths in dsalib. These changes make the path getter functions use the Directory Server config values where possible. The next step is to pass the proper paths to the command-line utilities at compile time. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157833&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Tue Jun 26 17:54:12 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Tue, 26 Jun 2007 10:54:12 -0700 Subject: [Fedora-directory-devel] Please Review: (245665) dsalib still relies on server root Message-ID: <468152C4.1050103@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245665 Resolves: bug 245665 Bug Description: The dsa library in Admin Server still heavily relies on the concept of a server root. This library is used by the Directory Server cgi tasks. The dsa library should try to get paths dynamically from the Directory Server config when possible. Other paths that are not in the config, such as the location of command-line utilities, should be passed in as a define at compilation time. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: This pass eliminated the usage of a "server root" in the dsa library. I also refactored some of the code that was referring to the "install root" as it did not seem to really represent the directory that it refers to. I renamed it to "instance dir" and adjusted the getter function and variables accordingly. I needed to pass in the DS libdir as a define for being able to find the instance dir in the code. I also found that I was incorrectly using the lockdir config attribute to set the rundir, which was causing problems for the start, stop, and restart CGIs. We don't have the rundir in cn=config by default, but we already have it set as a PIDDIR define, so I opted to use that instead. The start, stop, and restart CGIs now work properly. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157923&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Wed Jun 27 21:51:04 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 27 Jun 2007 14:51:04 -0700 Subject: [Fedora-directory-devel] Please Review: (246020) Viewlog CGI needs to be modified to work with Console Message-ID: <4682DBC8.8000709@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246020 Resolves: bug 246020 Bug Description: The current viewlog CGI needs to be modified to be able to work properly with the Console. The CGI currently only supports the GET request method. This works for Admin Express, but Console expects it to support the POST request method. The output of the CGI currently includes a log selection combo box as well as other HTML elements that make for a nice useful log viewer page in Admin Express. The Console needs to be able to get get the raw log content that it requests. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The attached diffs address the above issues. With these changes, the CGI will work with both the GET and POST request methods. I've added a new CGI parameter called "nohtml". This optional parameter is a flag that allows the caller to ask for only the raw content to be sent back. This satisfies the needs of the Console while keeping the behavior the same for Admin Express. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158068&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Thu Jun 28 01:34:04 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 27 Jun 2007 18:34:04 -0700 Subject: [Fedora-directory-devel] Re: [Bug 244749] Configure Pass Thru Auth In-Reply-To: <200706272157.l5RLvY8E017468@bugzilla.redhat.com> References: <200706272157.l5RLvY8E017468@bugzilla.redhat.com> Message-ID: <4683100C.1070809@redhat.com> Summary: Configure Pass Thru Auth https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749 The first diff is for the Admin Server setup and is almost identical to the proposal in comment #20, which is reviewed by Rich (Thank you!) The second one is for the Directory Server ds_newinst; proposing to remove the dependency on the Configuration Directory from the DS code and moving them to the Admin Server code. Thanks, --noriko ------- Additional Comments From nhosoi at redhat.com 2007-06-27 17:57 EST ------- Created an attachment (id=158070) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158070&action=view) cvs diffs (adminserver) Files: Makefile.am admserv/newinst/src/AdminUtil.pm.in admserv/newinst/src/dirserver.map.in admserv/newinst/src/register_param.map.in admserv/newinst/src/setup-ds-admin.pl.in admserv/schema/ldif/15dspta.ldif.tmpl.in Description: resurrected the code adding cn=Pass Through Authentication for o=netscape. In addition to the one in comment #20, adding the calling code to admserv/newinst/src/setup-ds-admin.pl.in in case the new server is non-configuration DS. ------- Additional Comments From nhosoi at redhat.com 2007-06-27 18:01 EST ------- Created an attachment (id=158071) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158071&action=view) cvs diff (ldapserver) Files: ldap/admin/src/create_instance.[ch] Description: 1) removing the dependency on the config_ds 2) ds_newinst always adds "cn=Pass Through Authentication" with the nsslapd-pluginEnabled value off. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nhosoi at redhat.com Thu Jun 28 01:35:30 2007 From: nhosoi at redhat.com (Noriko Hosoi) Date: Wed, 27 Jun 2007 18:35:30 -0700 Subject: [Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth In-Reply-To: <4683100C.1070809@redhat.com> References: <200706272157.l5RLvY8E017468@bugzilla.redhat.com> <4683100C.1070809@redhat.com> Message-ID: <46831062.5090009@redhat.com> Sorry, I'm resending the same message changing the Subject to "Please review: ..." > Summary: Configure Pass Thru Auth > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749 > > > The first diff is for the Admin Server setup and is almost identical > to the proposal in comment #20, which is reviewed by Rich (Thank you!) > The second one is for the Directory Server ds_newinst; proposing to > remove the dependency on the Configuration Directory from the DS code > and moving them to the Admin Server code. > > Thanks, > --noriko > > ------- Additional Comments From nhosoi at redhat.com 2007-06-27 17:57 > EST ------- > Created an attachment (id=158070) > --> > (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158070&action=view) > > cvs diffs (adminserver) > > Files: > Makefile.am > admserv/newinst/src/AdminUtil.pm.in > admserv/newinst/src/dirserver.map.in > admserv/newinst/src/register_param.map.in > admserv/newinst/src/setup-ds-admin.pl.in > admserv/schema/ldif/15dspta.ldif.tmpl.in > > Description: resurrected the code adding cn=Pass Through > Authentication for > o=netscape. In addition to the one in comment #20, adding the calling > code to > admserv/newinst/src/setup-ds-admin.pl.in in case the new server is > non-configuration DS. > > ------- Additional Comments From nhosoi at redhat.com 2007-06-27 18:01 > EST ------- > Created an attachment (id=158071) > --> > (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158071&action=view) > > cvs diff (ldapserver) > > Files: > ldap/admin/src/create_instance.[ch] > > Description: 1) removing the dependency on the config_ds > 2) ds_newinst always adds "cn=Pass Through Authentication" with the > nsslapd-pluginEnabled value off. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Thu Jun 28 18:01:17 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 28 Jun 2007 11:01:17 -0700 Subject: [Fedora-directory-devel] Please Review: (246124) adminutil: findSIEDNByIDSSL() uses wrong credentials Message-ID: <4683F76D.7010603@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246124 Resolves: bug 246124 Bug Description: The findSIEDNByIDSSL() function in adminutil needs to use the credentials used to authenticate to the webserver instead of the siedn when calling getServerDNListSSL(). Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The attached diffs save the siedn off before calling getServerDNListSSL() and set the userdn and password in the AdmLDAPInfo to the credentials supplied by the password pipe. There's also an unrelated change in the code that parses admpw. On my machine (FC6 i386), the parsing of admpw was giving incorrect results as viewed in gdb. For some reason, the pointer was being incremented before assignment. Noriko did not observe this on her RHEL4 machine, but we agreed that the changes I made are more safe as we will always get the intended results. Platforms tested: FC6 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158146&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: From nkinder at redhat.com Fri Jun 29 18:32:05 2007 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 29 Jun 2007 11:32:05 -0700 Subject: [Fedora-directory-devel] Please Review: (246270) Remove serverroot concept from Console Message-ID: <46855025.9050208@redhat.com> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246270 Resolves: bug 246270 Bug Description: The notion of a "Server Root" has gone away in Admin Server, so the Console needs to adjust for this. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The server root was mainly used for a deprecated merge config capability in the Console. The attached changes remove all traces of the server root. I've also bumped the version up to 1.1.0, improved the build system, turned the startconsole script into a template, fixed some theme bugs, and worked on the RPM packaging. Platforms tested: FC6 & RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=158240&action=diff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature URL: