[Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth
by Noriko Hosoi
Summary: Configure Pass Thru Auth
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749
------- Additional Comments From nhosoi(a)redhat.com 2007-06-20 21:51 EST -------
Created an attachment (id=157508)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157508&action=view)
cvs diffs
Files:
adminserver
Makefile.am
configure.ac
admserv/newinst/src/admin.inf.in
admserv/newinst/src/adminserver.map.in
admserv/newinst/src/configdsroot.map.in
admserv/newinst/src/dirserver.map.in
admserv/newinst/src/register_param.map.in
admserv/newinst/src/setup.inf.in
ldapserver
Makefile.am
configure.ac
ldap/admin/src/slapd.inf.in
Description: Introducing BaseVersion (*.inf files) to store #.# format version number.
It's generated from PACKAGE_VERSION (#.#.# format) in configure.ac. The #.#
format version number is used in the jar file names: e.g.,
nsClassname: com.netscape.admin.dirserv.roledit.ResEditorRoleInfo(a)fedora-ds-1.1.jar
nsClassname: com.netscape.management.admserv.task.Restart@fedora-admserv-1.1.jar(a)cn=admin-serv-laputa, cn=Fedora Administration Server, cn=Server Group, cn=laputa.sfbay.redhat.com, ou=sfbay.redhat.com, o=NetscapeRoot
Nathan; do you think we should use the Base Version (1.1) for this ou value,
too?
dn: ou=1.1.0, ou=Admin, ou=Global Preferences, ou=sfbay.redhat.com, o=NetscapeRoot
objectClass: top
objectClass: organizationalunit
objectClass: extensibleObject
nsmerge: ADD_IF_EMPTY
ou: 1.1.0
16 years, 10 months
[Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth
by Noriko Hosoi
Summary: Configure Pass Thru Auth
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749
Adding ACIs to allow the Admin CGIs and Console to access the server info.
------- Additional Comments From nhosoi(a)redhat.com 2007-06-20 17:23 EST -------
Created an attachment (id=157497)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157497&action=view)
cvs diffs
Modified Files:
ldapserver/ldap/admin/src/scripts/Util.pm.in
adminserver/admserv/schema/ldif/00nsroot_backend.ldif.tmpl
01nsroot.ldif.tmpl
20asdata.ldif.tmpl
New Files:
adminserver/admserv/schema/ldif/12dsconfig.mod.tmpl
13dsschema.mod.tmpl
Description:
1) updated check_and_add_entry to support ldifmodify format.
plus added minor fixes for comparing entries
2) adding ACIs to o=netscaperoot, cn=config, and cn=schema to allow the Admin
CGIs/Console to access the server configuration info.
Note: it still gives the access right to the SIE Group on o=netscaperoot,
cn=config, and cn=schema:
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn =
"ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group,
cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Can we just remove the ACI? Could it occur any problems to the Admin
CGIs/Console?
16 years, 10 months
[Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server - support cacert for configds, fix permissions
by Rich Megginson
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356
Resolves: bug 237356
Bug Description: Move DS Admin Code into Admin Server - support cacert
for configds, fix permissions.
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: If the Config DS is set up to use TLS/SSL, we should
allow the admin to setup a new admin server to use TLS/SSL with the
Config DS. The user may supply either a cacert file in ascii/pem
format, or just set the CACertificate param in the .inf file to the
actual ascii value. This latter option allows you to have a single .inf
file that you can carry around to all of your servers that you want to
set up, instead of having to have an additional file for the cacert.
However, it only works for the initial setup. It should probably detect
if the cacert already exists and just use it if so.
File permissions need to be set correctly. The code that deals with
file and directory creation should ensure that permissions are set
properly. This mostly applies to the configdir, so that the config
files needed to be read and written by the admin server have the correct
permissions and ownership.
Also fixed a minor bug about changing the admin server port, and with
detecting if there is an existing config ds to use or not.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157471&action=diff
16 years, 10 months
[Fedora-directory-devel] Please review: Bug 237356: Move DS Admin Code into Admin Server - ldif templates, pwdhash
by Rich Megginson
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356
Resolves: bug 237356
Bug Description: Move DS Admin Code into Admin Server - ldif templates,
pwdhash
Reviewed by: ???
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157381
Branch: HEAD
Fix Description: These changes are primarily to allow the admin server
setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core
minimal directory server configuration. Values can be replaced with
parameters in the same style as used with register_server.pl - %token%.
For the plugin entries, the plugin shared library name is now just a
name. There is no more full path. The code in dynalib.c handles this
case by using the compiled in PLUGINDIR. The NSPR function
PR_GetLibraryName knows the correct shared lib suffix for the
platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no
configuration is given, it uses the template-dse.ldif above. And
instead of having to worry about where the plugins are installed and the
shared lib suffix, it just depends on the above changes. This allows us
to generate password hashes during setup before the directory server
instance is created, and also to keep clear text password usage to a
minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157378&action=diff
16 years, 10 months
[Fedora-directory-devel] Please review: [Bug 244749] Configure Pass Thru Auth
by Noriko Hosoi
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244749
Summary: Configure Pass Thru Auth
Product: Fedora Directory Server
Version: 1.0.4
Platform: All
OS/Version: Linux
Status: NEW
Severity: low
Priority: low
Component: Admin
AssignedTo: nhosoi(a)redhat.com
ReportedBy: nhosoi(a)redhat.com
QAContact: ohegarty(a)redhat.com
Estimated Hours: 0.0
Description of problem:
Rich gave me this clue>
Configure Pass Thru Auth should really be called "set up ds instance to be
managed by the console". This includes setting up pass through auth to
o=NetscapeRoot, and some additional acis added to cn=schema, cn=config and
cn=monitor to allow the console admin access to those subtrees (i.e. the aci
stuff from cfg_sspt.c and configure_instance.cpp).
------- Additional Comments From nhosoi(a)redhat.com 2007-06-18 17:56 EST -------
Created an attachment (id=157336)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157336&action=view)
cvs diff 01nsroot.ldif.tmpl 20asdata.ldif.tmpl
Files:
adminserver/admserv/schema/ldif/
01nsroot.ldif.tmpl
20asdata.ldif.tmpl
Changes:
Adding ACIs to allow the Admin users to access substrees under the
o=NetscapeRoot
16 years, 10 months
[Fedora-directory-devel] Please review: [Bug 244325] init script for the Admin Server
by Noriko Hosoi
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244325
Summary: init script for the Admin Server
Product: Fedora Directory Server
Version: 1.0.4
Platform: All
OS/Version: Linux
Status: NEW
Severity: low
Priority: low
Component: Admin
AssignedTo: nhosoi(a)redhat.com
ReportedBy: nhosoi(a)redhat.com
QAContact: ohegarty(a)redhat.com
Estimated Hours: 0.0
Description of problem:
Adding init script (fedora-ds-admin).
------- Additional Comments From nhosoi(a)redhat.com 2007-06-14 21:22 EST -------
Created an attachment (id=157057)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157057&action=view)
cvs diff configure.ac Makefile.am + new wrappers/initscript.in
------- Additional Comments From nhosoi(a)redhat.com 2007-06-14 21:25 EST -------
test results:
$ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin condrestart
Shutting down fedora-ds-admin:
[ OK ]
Starting fedora-ds-admin:
[ OK ]
$ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin stop
Shutting down fedora-ds-admin:
[ OK ]
$ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin start
Starting fedora-ds-admin:
[ OK ]
$ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin restart
Shutting down fedora-ds-admin:
[ OK ]
Starting fedora-ds-admin:
[ OK ]
$ /export/servers/ds72/etc/rc.d/init.d/fedora-ds-admin status
fedora-ds-admin (pid 31215) is running...
Note: sorry, the Makefile.am diff contains the fix for "Bug 237356 <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356>: Move DS Admin Code into Admin Server" as well, which is also waiting for the review...
Thanks,
--noriko
16 years, 10 months
[Fedora-directory-devel] Please review: [Bug 237356] Move DS Admin Code into Admin Server (server registration script)
by Noriko Hosoi
Summary: Move DS Admin Code into Admin Server
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356
The script register_server.pl and its ldif template files / map file are going
to be used by the new Setup module to register the servers to the Configuration
Directory Server.
------- Additional Comments From nhosoi(a)redhat.com 2007-06-12 19:40 EST -------
Created an attachment (id=156834)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156834&action=view)
cvs diff Makefile.am and new files (including server registration script)
Enhanced the proposal in the Comment #37. (attached at the bottom)
[New functionalities]
1. support registering multiple DSes
-i "setup0000.inf setup0001.inf setup0002.inf ..."
2. added a fresh registeration option "-F"
by default, addition mode
3. tighter error checking and better error reporting
# Usage: register_server.pl [ -h <host> ] [ -p <port> ] [ -D <rootdn> ] \
# -w <rootdnpw> [ -d <default_infdir> ] \
# -i <inffile(s)> -m <mapfile> <ldiffile> ...
#
# Description: Store server info stored in the ldiffiles to the Configuration
# Directory Server replacing the macros with the defined values
# in the map file.
#
# -h <host>: configuration server host (localhost, by default)
# -p <port>: configuration server port (389)
# -D <rootdn>: configuration server's rootdn ("cn=Directory Manager")
# -w <rootdnpw>: configuration server's rootdn password
# -d <default_infdir>: the directory where static .inf files are located
# ("/usr/share/fedora-ds/inf")
# -i <inffile(s)>: dynamic .inf file(s)
# -m <mapfile>: map file name
# <ldiffile> ...: ldif file(s) or template ldif file(s) to be stored in
# the Configuration Directory Server
Comment #37 <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356#c37> From Noriko Hosoi
(nhosoi(a)redhat.com <mailto:nhosoi@redhat.com>)
on 2007-06-06 16:11 EST
[reply <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237356#add_comment>]
Private
Created an attachment (id=156389) <https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156389> [edit <https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=156389&action=edit>]
cvs diff Makefile.am and new files
Modifiled File:
Makefile.am
Change description:
- Added following new files to install
- Added PACKAGE_BASE_NAME and helpdir to the fixupcmd to substitute
in the build
New Files:
admserv/newinst/src/register_param.map.in
--- parameter map file used by register_server.pl to resolve the %...%
format parameters in the template ldif files.
admserv/newinst/src/register_server.pl.in
--- script to resolve the parameters in the template ldif files and add
the server info entries to the Configuration Directory Server.
This script is supposed to be called after the server instance
creation.
admserv/schema/ldif/00nsroot_backend.ldif
admserv/schema/ldif/01nsroot.ldif.tmpl
admserv/schema/ldif/02globalpreferences.ldif.tmpl
admserv/schema/ldif/10dsdata.ldif.tmpl
admserv/schema/ldif/11dstasks.ldif.tmpl
admserv/schema/ldif/20asdata.ldif.tmpl
admserv/schema/ldif/21astasks.ldif.tmpl
admserv/schema/ldif/22ascommands.ldif.tmpl
--- (template) ldif files
16 years, 10 months