Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2070/adminserver/admserv/newinst/src
Modified Files:
AdminUtil.pm.in
Log Message:
Resolves: bug 468474
Bug Description: migration results in incomplete admin server sie
Reviewed by: nkinder (Thanks!)
Fix Description: This is a redesign of one of the core pieces of the setup/migration code
- the code that adds the LDAP entries in various places. For starters, I removed the code
that would implicitly delete existing trees. This is the root cause of this bug, and
other similar problems with setup/instance creation that have been reported. We should
never implicitly delete entries. Instead, we should explicitly delete entries by using
the changetype: delete in an LDIF template file.
Another source of problems was that to update an entry, we would delete it and add it
back. This caused some configuration settings to be wiped out (e.g. encryption settings).
We cannot do this any more. The LDIF template entries have been modified to have two
sets of information for each entry that requires update - the entry to add if no entry
exists (the full entry) or the changes to make to the entry if it does exist. The code in
Util.pm has been changed to ignore duplicate entries and to ignore changes made to entries
that do not exist.
Another source of problems with migration is that the error checking was not adequate,
especially with FileConn and dse.ldif reading. The fix is to add better error checking
and reporting in these areas of code, including error messages.
Yet another problem is the run_dir handling. On many platforms the run_dir is shared
among all DS instances and the admin server. Older versions of the software allowed you
to run the servers as root. We have to make sure run_dir is usable by the least
privileged user of all of the servers.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: AdminUtil.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- AdminUtil.pm.in 24 Jul 2008 16:00:20 -0000 1.19
+++ AdminUtil.pm.in 24 Feb 2009 14:25:42 -0000 1.20
@@ -128,7 +128,11 @@
sub getCertDir {
my $configdir = shift;
- # for now, same as admin server config dir
+ # if configdir already ends in admin-serv, just use it
+ if ($configdir =~ /admin-serv$/) {
+ return $configdir;
+ }
+ # otherwise, assume configdir is the directory containing admin-serv
return "$configdir/admin-serv";
}
@@ -169,6 +173,7 @@
# first try anon bind
# 3 is LDAPv3 - 1 means use nspr
+ debug(3, "Attempting connection to " . $h->{host} . ":" .
$h->{port} . " certdir $certdir configdir $configdir\n");
my $conn = new Mozilla::LDAP::Conn($h->{host}, $h->{port}, "",
"",
$certdir);
@@ -363,6 +368,10 @@
my $dseldif = "$dsconfdir/dse.ldif";
my $conn = new FileConn($dseldif);
+ if (!$conn) {
+ @{$errs} = ('error_opening_dseldif', $dseldif, $!);
+ return 0;
+ }
return internalCreateSubDS($conn, $inf, $errs);
}
Show replies by date