[Fedora-directory-users] DS 1.1 silent install
Rich Megginson
rmeggins at redhat.com
Mon Jan 7 17:11:24 UTC 2008
Gordon Messmer wrote:
> I noticed that what looks like the final release of 1.1 is available
> while I was working on a new directory setup today. I decided to
> update my configuration templates, and set up the new directory.
Yeah, I'm just waiting for the Fedora bits to be pushed to the mirrors
before making the official announcement.
>
> I had a couple of notes...
>
> http://directory.fedoraproject.org/wiki/Release_Notes
>
> The release notes indicate that ldapjdk from FC6 should be installed,
> however, no URL is given, and the package from 5.1 (I'm using CentOS
> 5.1, so this may be different) seems to work fine.
I didn't know it was included with CentOS 5.1, that's good to know.
> Should that package name be moved to the list of packages in the
> previous list item?
Yes, or we should just say "check your system first - if you can't find
it anywhere, grab it from jpackage.org".
>
> After importing the GPG key indicated, I downloaded the adminutil and
> jss packages indicated, and tried to use "yum localinstall" to install
> them. Yum complained that the GPG key was not available. I think
> that the URL listed should be changed to:
> rpm --import
> http://download.fedora.redhat.com/pub/fedora/linux/extras/RPM-GPG-KEY-Fedora-Extras
>
Ok.
>
>
> http://www.redhat.com/docs/manuals/dir-server/install/8.0/Installation_Guide-Advanced_Configuration-Silent-Install.html
>
>
> In the example provided for the "admin section, SysUser is specified
> as "root". If I attempt a silent install with a user other than the
> one specified for SuiteSpotUserID in the General section, including
> "root", the setup script complains that the pid directory is not
> writable by that user. I believe that this is a bug in the
> dirsrv-admin init script. On the other hand, I don't have any problem
> running admin server after using "ldap" as a user, so perhaps the
> documentation should simply reflect that the admin user must be the
> same as SuitSpotUserID (or the option should be dropped, and the same
> uid should be used).
Looks like at least 2 bugs here
1) The docs should not have SysUser= root - we want to strongly
discourage people from running daemons as root
2) However, it should work to have SysUser = root
The intention is that you may want to run your admin server and
directory servers as different users. The admin server still needs
access to all of the directory servers files and dirs in order to manage
it, but the directory server needs no access to admin server specific
files/dirs. So both the admin server user and the directory server user
must belong to the same group (SuiteSpotGroup and SysGroup). If admin
server is running as root, that shouldn't matter.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080107/473ae513/attachment.bin>
More information about the Fedora-directory-users
mailing list