Attachment 311740 Details for Bug 431103 – admin server diffs

[patch] admin server diffs

diffs.bug431103 (text/plain), 30.99 KB, created by Rich Megginson on 2008-07-14 17:32:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Rich Megginson

Created: 2008-07-14 17:32:05 UTC

Size: 30.99 KB

patch

obsolete

>Index: adminserver/admserv/newinst/src/AdminServer.pm.in
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminServer.pm.in,v
>retrieving revision 1.12
>diff -u -8 -r1.12 AdminServer.pm.in
>--- adminserver/admserv/newinst/src/AdminServer.pm.in	7 Dec 2007 00:09:36 -0000	1.12
>+++ adminserver/admserv/newinst/src/AdminServer.pm.in	14 Jul 2008 17:26:38 -0000
>@@ -181,22 +190,47 @@
>     if (!$rc) {
>         $setup->msg($FATAL, 'error_updating_admpw');
>         return 0;
>     }
> 
>     return 1;
> }
> 
>+# sub addDefaultSecurityInfo {
>+#     my $setup = shift;
>+#     my $inf = $setup->{inf};
>+#     my $configdir = shift;
>+#     my $reconfig = shift;
>+#     my @errs;
>+
>+#     my $admConf = getAdmConf($configdir);
>+#     my $localconf = "$configdir/local.conf";
>+#     if (!open(LOCALCONF, ">$localconf")) {
>+#         $setup->msg($FATAL, 'error_updating_localconf', $localconf, $!);
>+#         return 0;
>+#     }
>+
>+#     if (!open(CONSOLECONF, "$admConf->{configdir}/console.conf")) {
>+#         debug(0, "Error opening $admConf->{configdir}/console.conf: $!");
>+#         return 0;
>+#     }
>+
>+#     print LOCALCONF "configuration.Encryption\n";
>+
>+#     close(LOCALCONF);
>+#     return 1;
>+# }
>+
> # This is how we extract the sie and isie as the as entries are
> # being added
> sub registercb {
>     my ($context, $entry, $errs) = @_;
> 
>-    my $rc = check_and_add_entry([$context->{conn}, $context->{reconfig}], $entry, $errs);
>+    my $rc = check_and_add_entry([$context->{conn}], $entry, $errs);
>     my $setup = $context->{setup};
>     if ($rc) {
>         if ($entry->hasValue('objectclass', 'nsApplication', 1)) {
>             $context->{isie} = $entry->getDN();
>         } elsif ($entry->hasValue('objectclass', 'nsAdminServer', 1)) {
>             $context->{sie} = $entry->getDN();
>         }
> 
>@@ -213,17 +247,16 @@
> 
>     return $rc;
> }
> 
> sub registerASWithConfigDS {
>     my $setup = shift;
>     my $inf = $setup->{inf};
>     my $configdir = shift;
>-    my $reconfig = shift;
>     my @errs;
> 
>     $setup->msg('registering_adminserver');
>     # open a connection to the configuration directory server
>     my $conn = getConfigDSConn($inf->{General}->{ConfigDirectoryLdapURL},
>                                $inf->{General}->{ConfigDirectoryAdminID},
>                                $inf->{General}->{ConfigDirectoryAdminPwd},
>                                $configdir, \@errs);
>@@ -256,17 +289,17 @@
>     my $isnew;
>     if (! -f $localconf) {
>         $isnew = 1;
>     }
>     if (!open(LOCALCONF, ">$localconf")) {
>         $setup->msg($FATAL, 'error_updating_localconf', $localconf, $!);
>         return 0;
>     }
>-    my $context = {conn => $conn, localfh => \*LOCALCONF, setup => $setup, reconfig => $reconfig};
>+    my $context = {conn => $conn, localfh => \*LOCALCONF, setup => $setup};
>     getMappedEntries($mapper, \@ldiffiles, \@errs, \&registercb, $context);
>     close(LOCALCONF);
> 
>     if ($isnew) {
>         my $admConf = getAdmConf($configdir);
>         my $uid = getpwnam $admConf->{sysuser};
>         chmod 0600, "$localconf";
>         chown $uid, -1, "$localconf";        
>@@ -413,25 +446,33 @@
>     my $logdir = $setup->{inf}->{admin}->{log_dir} ||
>         $ENV{ADMSERV_LOG_DIR} ||
>         "@logdir@";
> 
>     my $rundir = $setup->{inf}->{admin}->{run_dir} ||
>         $ENV{ADMSERV_PID_DIR} ||
>         "@piddir@";
> 
>+    # if we're just doing the update, just register and return
>+    if ($setup->{update}) {
>+        if (!registerASWithConfigDS($setup, $configdir)) {
>+            return 0;
>+        }
>+        return 1;
>+    }
>+
>     if (!createASFilesAndDirs($setup, $configdir, $securitydir, $logdir, $rundir)) {
>         return 0;
>     }
> 
>     if (!makeConfFiles($setup, $configdir)) {
>         return 0;
>     }
> 
>-    if (!registerASWithConfigDS($setup, $configdir, $reconfig)) {
>+    if (!registerASWithConfigDS($setup, $configdir)) {
>         return 0;
>     }
> 
>     $setup->msg('updating_httpconf');
>     if (!updateHttpConfFiles($setup->{inf}->{admin}->{ServerIpAddress},
>                              $setup->{inf}->{admin}->{Port},
>                              $configdir, $setup->{asorigport})) {
>         $setup->msg($FATAL, 'error_updating_httpconf');
>Index: adminserver/admserv/newinst/src/ConfigDSDialogs.pm
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ConfigDSDialogs.pm,v
>retrieving revision 1.6
>diff -u -8 -r1.6 ConfigDSDialogs.pm
>--- adminserver/admserv/newinst/src/ConfigDSDialogs.pm	27 Jul 2007 01:42:46 -0000	1.6
>+++ adminserver/admserv/newinst/src/ConfigDSDialogs.pm	14 Jul 2008 17:26:38 -0000
>@@ -404,17 +404,38 @@
>                 $configdsadmindomain->enable();
>             }
>         }
>         return $res;
>     },
>     ['dialog_useconfigds_prompt'],
> );
> 
>+my $updatedialog = new DialogYesNo (
>+    $EXPRESS,
>+    'dialog_update_text',
>+    1,
>+    sub {
>+        my $self = shift;
>+        my $ans = shift;
>+        my $res = $self->handleResponse($ans);
>+        if ($res == $DialogManager::NEXT) {
>+            $res = $DialogManager::ERR if (!$self->isYes());
>+        }
>+        return $res;
>+    },
>+    ['dialog_update_prompt'],
>+);
>+
>+
> sub getDialogs {
>     return ($useconfigds, $configdsinfo, $configdsadmin, $configdsadmindomain);
> }
> 
> sub getRegDialogs {
>     return ($regconfigdsinfo, $configdsadmindomain);
> }
> 
>+sub getUpdateDialogs {
>+    return ($updatedialog, $configdsinfo);
>+}
>+
> 1;
>Index: adminserver/admserv/newinst/src/adminserver.map.in
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/adminserver.map.in,v
>retrieving revision 1.9
>diff -u -8 -r1.9 adminserver.map.in
>--- adminserver/admserv/newinst/src/adminserver.map.in	15 Aug 2007 22:08:14 -0000	1.9
>+++ adminserver/admserv/newinst/src/adminserver.map.in	14 Jul 2008 17:26:38 -0000
>@@ -39,16 +39,18 @@
> fqdn =			FullMachineName
> domain =		AdminDomain
> brand =			Brand
> normbrand =			NormBrand
> hostname =		`$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
> vendor =		Vendor
> timestamp = 	`use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
> 
>+uname_a =        `open(UNAMEA, "uname -a |"); $returnvalue = <UNAMEA>; chomp $returnvalue; close(UNAMEA);`
>+uname_m =        `open(UNAMEM, "uname -m |"); $returnvalue = <UNAMEM>; chomp $returnvalue; close(UNAMEM);`
> asid =			`$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
> as_port =		Port
> admpw =			"@configdir@/admpw"
> as_error =		"@logdir@/error"
> as_access =		"@logdir@/access"
> as_pid =		"@pidfile@"
> as_console_jar =	"%normbrand%-admin-%as_baseversion%.jar"
> as_help_path =	"@helpdir@"
>Index: adminserver/admserv/newinst/src/dirserver.map.in
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/dirserver.map.in,v
>retrieving revision 1.9
>diff -u -8 -r1.9 dirserver.map.in
>--- adminserver/admserv/newinst/src/dirserver.map.in	17 Dec 2007 20:10:04 -0000	1.9
>+++ adminserver/admserv/newinst/src/dirserver.map.in	14 Jul 2008 17:26:38 -0000
>@@ -38,16 +38,18 @@
> # 
> fqdn =			FullMachineName
> domain =		AdminDomain
> brand =			Brand
> normbrand =			NormBrand
> vendor =		Vendor
> timestamp = 	`use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
> 
>+uname_a =        `open(UNAMEA, "uname -a |"); $returnvalue = <UNAMEA>; chomp $returnvalue; close(UNAMEA);`
>+uname_m =        `open(UNAMEM, "uname -m |"); $returnvalue = <UNAMEM>; chomp $returnvalue; close(UNAMEM);`
> asid =		    `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
> as_uid =        ServerAdminID
> as_sie =		"cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot"
> ds_version =	Version
> ds_baseversion =	BaseVersion
> dsid =			ServerIdentifier
> ds_user =		SuiteSpotUserID
> ds_port =		ServerPort
>Index: adminserver/admserv/newinst/src/migrate-ds-admin.res.in
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/migrate-ds-admin.res.in,v
>retrieving revision 1.2
>diff -u -8 -r1.2 migrate-ds-admin.res.in
>--- adminserver/admserv/newinst/src/migrate-ds-admin.res.in	15 Aug 2007 22:08:14 -0000	1.2
>+++ adminserver/admserv/newinst/src/migrate-ds-admin.res.in	14 Jul 2008 17:26:38 -0000
>@@ -13,13 +13,12 @@
>  ...\
> then run migration with -f yourfile.inf
> \
> On the command line like so:\
>  command .... General.ConfigDirectoryAdminPwd=thepasswordvalue\n
> 
> error_opening_nssconf = Error: could not open NSS config file %s.  Error: %s\n
> error_writing_nssconf = Error: could not write NSS config file %s.  Error: %s\n
>-registering_dirserver_instances = Registering the migrated directory server instances with the configuration directory server . . .\n
> error_creating_asmigration_maptbl = Error: could not create maptable for use in admin server migration.\n
> error_creating_updateconsole_maptbl = Error: could not create maptable for use in admin server console migration.\n
> error_migrating_console_entries = Error: Could not find the console customization entries under '%s'. Error: %s\n
> error_adding_console_entries = Error: Could not add console customization entry '%s'.  Error: %s\n
>Index: adminserver/admserv/newinst/src/setup-ds-admin.pl.in
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.pl.in,v
>retrieving revision 1.11
>diff -u -8 -r1.11 setup-ds-admin.pl.in
>--- adminserver/admserv/newinst/src/setup-ds-admin.pl.in	2 Aug 2007 14:44:10 -0000	1.11
>+++ adminserver/admserv/newinst/src/setup-ds-admin.pl.in	14 Jul 2008 17:26:38 -0000
>@@ -49,41 +49,52 @@
> 
>     $setup->{inf}->{admin}->{SysUser} = $admConf->{sysuser};
>     # read additional config from config DS
>     my $pset = AdminUtil::getPset($admConf);
>     if ($pset && %{$pset}) {
>         $setup->{inf}->{admin}->{Port} = $pset->{"configuration.nsserverport"};
>         $setup->{asorigport} = $pset->{"configuration.nsserverport"}; # save orig. port
>         $setup->{inf}->{admin}->{ServerIpAddress} = $pset->{"configuration.nsserveraddress"};
>+        $setup->{inf}->{General}->{FullMachineName} = $pset->{"serverhostname"};
>     }
>     my $admpw = AdminUtil::getAdmpw($admConf);
>     if ($admpw && %{$admpw}) {
>         $setup->{inf}->{admin}->{ServerAdminID} = $admpw->{ServerAdminID};
>         $setup->{inf}->{admin}->{ServerAdminPwd} = $admpw->{ServerAdminPwd};
>     }
> 
>     # default to using the existing config DS
>     $setup->{inf}->{slapd}->{UseExistingMC} = 1;
>     $setup->{inf}->{slapd}->{SlapdConfigForMC} = 0;
>     $setup->{reconfigas} = 1; # allow AS reconfig
> }
> 
>+# do not allow reconfig (setup -r) if no setup has been done
>+if (! $setup->{reconfigas}) {
>+    delete $setup->{update};
>+}
>+
> if (!$setup->{silent}) {
>     my $dialogmgr = new DialogManager($setup, $res, $TYPICAL);
> 
>     require SetupDialogs;
>     require DSDialogs;
>     require ConfigDSDialogs;
>     require ASDialogs;
> 
>-    my @dialogs = SetupDialogs->getDialogs();
>-    push @dialogs, ConfigDSDialogs->getDialogs();
>-    push @dialogs, DSDialogs->getDialogs();
>-    push @dialogs, ASDialogs->getDialogs();
>+    my @dialogs;
>+    if ($setup->{update}) {
>+        push @dialogs, ConfigDSDialogs->getUpdateDialogs();
>+    } else {
>+        push @dialogs, SetupDialogs->getDialogs();
>+        push @dialogs, ConfigDSDialogs->getDialogs();
>+        push @dialogs, DSDialogs->getDialogs();
>+        push @dialogs, ASDialogs->getDialogs();
>+    }
> 
>     my $readytoproceed = new DialogYesNo (
>         $EXPRESS,
>         'dialog_readytoproceed_text',
>         1,
>         sub {
>             my $self = shift;
>             my $ans = shift;
>@@ -118,56 +129,95 @@
>         "ldap://" . $setup->{inf}->{General}->{FullMachineName} .
>         ":" . $setup->{inf}->{slapd}->{ServerPort} .
>         "/o=NetscapeRoot";
>     $createconfigds = 1;
> }
> 
> $setup->{inf}->write();
> 
>-$setup->msg('create_dirserver');
>+my @errs;
> 
>-# create a directory server instance
>-my @errs = createDSInstance($setup->{inf});
>-if (@errs) {
>-    $setup->msg(@errs);
>-    $setup->msg($FATAL, 'error_creating_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
>-    $setup->doExit(1);
>-} else {
>-    $setup->msg('created_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
>-}
>+if (!$setup->{update}) {
>+    $setup->msg('create_dirserver');
> 
>-# setup directory server instance to be the configuration DS
>-if ($createconfigds) {
>-    $setup->msg('create_configds');
>-    if (!createConfigDS($setup->{inf}, \@errs)) {
>-        $setup->msg($FATAL, @errs);
>-        $setup->msg($FATAL, 'error_create_configds');
>+    # create a directory server instance
>+    # if we are not creating the config DS instance, 
>+    # create but do not start the server - start
>+    # after createSubDS so the pta plugin will take effect
>+    my $start_server_after_reg = 1; # default - start server after registration
>+    if (!$createconfigds) {
>+        if (exists($setup->{inf}->{slapd}->{start_server}) &&
>+            defined($setup->{inf}->{slapd}->{start_server})) {
>+            # user explicitly set this value
>+            $start_server_after_reg = $setup->{inf}->{slapd}->{start_server};
>+        }
>+        $setup->{inf}->{slapd}->{start_server} = 0; # create server un-started
>+    }
>+
>+    @errs = createDSInstance($setup->{inf});
>+    if (@errs) {
>+        $setup->msg(@errs);
>+        $setup->msg($FATAL, 'error_creating_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
>         $setup->doExit(1);
>+    } else {
>+        $setup->msg('created_dsinstance', $setup->{inf}->{slapd}->{ServerIdentifier});
>+    }
>+
>+    # setup directory server instance to be the configuration DS
>+    if ($createconfigds) {
>+        $setup->msg('create_configds');
>+        if (!createConfigDS($setup->{inf}, \@errs)) {
>+            $setup->msg($FATAL, @errs);
>+            $setup->msg($FATAL, 'error_create_configds');
>+            $setup->doExit(1);
>+        }
>+    } else {
>+        # set up directory server instance to be managed by the console/adminserver
>+        $setup->msg('create_subds');
>+        if (!createSubDSNoConn($setup->{inf}, \@errs)) {
>+            $setup->msg($FATAL, @errs);
>+            $setup->msg($FATAL, 'error_create_configds');
>+            $setup->doExit(1);
>+        }
>+        if ($start_server_after_reg) {
>+            delete $setup->{inf}->{slapd}->{start_server}; # remove to start server
>+            if (@errs = DSCreate::startServer($setup->{inf})) {
>+                $setup->msg(@errs);
>+                $setup->doExit(1);
>+            }
>+            # add the aci that allows the admin user to administer the server
>+            if (!addConfigACIsToSubDS($setup->{inf}, \@errs)) {
>+                $setup->msg(@errs);
>+                $setup->doExit(1);
>+            }
>+        }
>     }
> }
>-else
>-{
>-    $setup->msg('create_configds');
>-    if (!createSubDS($setup->{inf}, \@errs)) {
>+
>+if (!$setup->{update}) {
>+    # register ds instances with config DS
>+    if (!registerDSWithConfigDS($setup->{inf}->{slapd}->{ServerIdentifier},
>+                                \@errs,
>+                                $setup->{inf})) {
>+        $setup->msg(@errs);
>+        $setup->msg($FATAL, 'error_register_dirserver');
>+        $setup->doExit(1);
>+    }
>+} else {
>+    # register all instances
>+    $setup->msg('registering_dirserver_instances');
>+    if (!registerManyDSWithConfigDS($setup->{inf}, \@errs,
>+                                    $setup->{configdir},
>+                                    $setup->getDirServers())) {
>         $setup->msg($FATAL, @errs);
>-        $setup->msg($FATAL, 'error_create_configds');
>         $setup->doExit(1);
>     }
> }
> 
>-# register ds instances with config DS
>-if (!registerDSWithConfigDS($setup->{inf}->{slapd}->{ServerIdentifier},
>-                            \@errs,
>-                            $setup->{inf})) {
>-    $setup->msg(@errs);
>-    $setup->msg($FATAL, 'error_register_dirserver');
>-    $setup->doExit(1);
>-}
>-
> 
> # configure and register the admin server instance
> if (!$setup->{reconfigas}) {
>     if (!createAdminServer($setup)) {
>         $setup->msg($FATAL, 'error_create_adminserver');
>         $setup->doExit(1);
>     }
> } else {
>Index: adminserver/admserv/newinst/src/setup-ds-admin.res.in
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.res.in,v
>retrieving revision 1.9
>diff -u -8 -r1.9 setup-ds-admin.res.in
>--- adminserver/admserv/newinst/src/setup-ds-admin.res.in	11 Oct 2007 14:07:03 -0000	1.9
>+++ adminserver/admserv/newinst/src/setup-ds-admin.res.in	14 Jul 2008 17:26:38 -0000
>@@ -58,16 +58,22 @@
> dialog_configdsadmin_text = Please enter the administrator ID for the configuration directory\nserver.  This is the ID typically used to log in to the console.  You\nwill also be prompted for the password.\n\n
> dialog_configdsadmin_prompt = Configuration directory server\nadministrator ID
> dialog_configdsadmin_pw1_prompt = Password
> dialog_configdsadmin_pw2_prompt = Password (confirm)
> dialog_configdsadmin_error = The input '%s' is not a valid ID.  Please choose another one.\n\n
> dialog_configdsadmin_invalid = The password contains invalid characters.  Please choose another one.\n\n
> dialog_configdsadmin_nomatch = The passwords do not match.  Please try again.\n\n
> 
>+# ----------- Update Intro Dialog Resource  ----------------
>+dialog_update_text = The update option will allow you to re-register your servers with the\
>+configuration directory server and update the information about your\
>+servers that the console and admin server uses.  You will need your\
>+configuration directory server admin ID and password to continue.\n\n
>+dialog_update_prompt = Continue?
> 
> # ----------- Config DS admin domain Dialog Resource  ----------------
> dialog_configdsadmindomain_text = The information stored in the configuration directory server can be\nseparated into different Administration Domains.  If you are managing\nmultiple software releases at the same time, or managing information\nabout multiple domains, you may use the Administration Domain to keep\nthem separate.\n\nIf you are not using administrative domains, press Enter to select the\ndefault.  Otherwise, enter some descriptive, unique name for the\nadministration domain, such as the name of the organization\nresponsible for managing the domain.\n\n
> 
> dialog_configdsadmindomain_prompt = Administration Domain
> dialog_configdsadmindomain_error = The string '%s' is not a valid administration domain.  Please choose another one.\n\n
> dialog_configdsadmindomain_notadn = The administration domain must not be a DN.  The string '%s' looks like a DN.  Please choose another one.\n\n
> 
>@@ -110,22 +116,24 @@
> restarting_adminserver = Restarting admin server . . .\n
> starting_adminserver = Starting admin server . . .\n
> adminserver_startup_output = output: %s
> success_starting_adminserver = The admin server was successfully started.\n
> end_create_adminserver = Admin server was successfully created, configured, and started.\n
> end_reconfig_adminserver = Admin server was successfully reconfigured and started.\n
> create_dirserver = Creating directory server . . .\n
> create_configds = Creating the configuration directory server . . .\n
>+create_subds = Creating the new directory server . . .\n
> setup_complete = Setup is complete.\n\n
> error_register_dirserver = Could not register the directory server with the configuration directory server.\n
> registering_dirserver = Registering directory server with the configuration directory server . . .\n
> error_creating_dirserver_maptbl = Could not create the map table for registering the directory server with the configuration directory server.\n
> error_reconfig_adminserver = Could not reconfigure the admin server.\n
> 
> securitydir_not_exist = The security file directory '%s' does not exist.\n
> securitydir_not_writable = The security file directory '%s' is not writable.\n
> cacertfile_not_found = The CA certificate file '%s' was not found.\n
> error_running_certutil = Could not run the certutil program to add the CA certificate.  Error: %s\n
> error_return_certutil = The certutil program returned error code '%s' from attempting to add the CA certificate.  Error: %s
> error_return2_certutil = The certutil program returned error code '%s' from attempting to add the CA certificate.  Error: %s\nHere is the output of the command: %s
> cacert_already_exists = The certificate database in '%s' already contains a CA certificate.  Please remove it first, or use the certutil program to add the CA certificate with a different name.\n
> error_connection_failed = Error: failed to open an LDAP connection to host '%s' port '%s' as user '%s'.  Error: %s.\n
>+registering_dirserver_instances = Registering the directory server instances with the configuration directory server . . .\n
>Index: adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl,v
>retrieving revision 1.6
>diff -u -8 -r1.6 01nsroot.ldif.tmpl
>--- adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl	25 Jun 2007 18:23:53 -0000	1.6
>+++ adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl	14 Jul 2008 17:26:38 -0000
>@@ -86,38 +86,8 @@
> ou: UserPreferences
> aci: (targetattr = "*")(version 3.0; acl "Allow saving of User Preferences"; allow (add) userdn = "ldap:///all";)
> 
> dn: ou="uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
> objectClass: top
> objectClass: organizationalUnit
> aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
> ou: uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
>-
>-dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
>-objectClass: top
>-objectClass: organizationalUnit
>-aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
>-ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
>-
>-dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>-objectClass: top
>-objectClass: nsHost
>-objectClass: groupOfUniqueNames
>-cn: %fqdn%
>-serverHostName: %fqdn%
>-nsOsVersion: %uname_a%
>-nsHardwarePlatform: %uname_m%
>-uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>-
>-dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>-objectClass: nsAdminGroup
>-objectClass: groupOfUniqueNames
>-objectClass: nsDirectoryInfo
>-objectClass: top
>-nsAdminGroupName: Server Group
>-nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
>-nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>-cn: Server Group
>-uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>-uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>-aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
>-aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
>Index: adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl,v
>retrieving revision 1.9
>diff -u -8 -r1.9 10dsdata.ldif.tmpl
>--- adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl	27 Sep 2007 16:54:31 -0000	1.9
>+++ adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl	14 Jul 2008 17:26:38 -0000
>@@ -17,16 +17,37 @@
> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
> #
> # END COPYRIGHT BLOCK
> dn: o=NetscapeRoot
> changetype: modify
> add: aci
> aci: (targetattr = "*")(version 3.0; acl "SIE Group (%dsid%)"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
> 
>+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+objectClass: top
>+objectClass: nsHost
>+objectClass: groupOfUniqueNames
>+cn: %fqdn%
>+serverHostName: %fqdn%
>+nsOsVersion: %uname_a%
>+nsHardwarePlatform: %uname_m%
>+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+
>+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+objectClass: nsAdminGroup
>+objectClass: groupOfUniqueNames
>+objectClass: nsDirectoryInfo
>+objectClass: top
>+nsAdminGroupName: Server Group
>+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
>+cn: Server Group
>+aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
>+
> dn: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> objectClass: nsApplication
> objectClass: groupOfUniqueNames
> objectClass: top
> cn: %brand% Directory Server
> nsProductName: %brand% Directory Server
> nsProductVersion: %ds_version%
> nsNickName: slapd
>@@ -34,16 +55,21 @@
> nsVendor: %vendor%
> installationTimeStamp: %timestamp%
> nsExpirationDate: 0
> nsBuildSecurity: domestic
> uniqueMember: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> nsServerMigrationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> nsServerCreationClassname: com.netscape.admin.dirserv.task.MigrateCreate@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> 
>+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+changetype: modify
>+add: uniqueMember
>+uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+
> dn: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> objectClass: netscapeServer
> objectClass: nsDirectoryServer
> objectClass: nsResourceRef
> objectClass: nsConfig
> objectClass: groupOfUniqueNames
> objectClass: top
> nsServerSecurity: off
>@@ -65,17 +91,17 @@
> 
> dn: cn=configuration,cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> objectClass: nsResourceRef
> objectClass: nsAdminObject
> objectClass: nsDirectoryInfo
> objectClass: top
> cn: configuration
> nsClassname: com.netscape.admin.dirserv.DSAdmin@%ds_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>-nsJarfilename: @ds_console_jar@
>+nsJarfilename: %ds_console_jar%
> nsDirectoryInfoRef: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
> 
> dn: ou="cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
> objectClass: top
> objectClass: organizationalUnit
> aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
> ou: cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>Index: adminserver/admserv/schema/ldif/20asdata.ldif.tmpl
>===================================================================
>RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/20asdata.ldif.tmpl,v
>retrieving revision 1.5
>diff -u -8 -r1.5 20asdata.ldif.tmpl
>--- adminserver/admserv/schema/ldif/20asdata.ldif.tmpl	25 Jun 2007 18:23:53 -0000	1.5
>+++ adminserver/admserv/schema/ldif/20asdata.ldif.tmpl	14 Jul 2008 17:26:38 -0000
>@@ -12,16 +12,37 @@
> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> # GNU General Public License for more details.
> #
> # You should have received a copy of the GNU General Public License
> # along with this program; if not, write to the Free Software
> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
> #
> # END COPYRIGHT BLOCK
>+dn: cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+objectClass: top
>+objectClass: nsHost
>+objectClass: groupOfUniqueNames
>+cn: %fqdn%
>+serverHostName: %fqdn%
>+nsOsVersion: %uname_a%
>+nsHardwarePlatform: %uname_m%
>+uniqueMember: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+
>+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+objectClass: nsAdminGroup
>+objectClass: groupOfUniqueNames
>+objectClass: nsDirectoryInfo
>+objectClass: top
>+nsAdminGroupName: Server Group
>+nsDirectoryInfoRef: cn=UserDirectory, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
>+nsAdminSIEDN: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+cn: Server Group
>+uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+
> dn: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> objectClass: top
> objectClass: nsApplication
> objectClass: groupOfUniqueNames
> cn: %brand% Administration Server
> nsVendor: %vendor%
> nsProductName: %brand% Administration Server
> nsNickName: admin
>@@ -68,8 +89,19 @@
> nsAdminCacheLifetime: 600
> nsAdminAccessHosts: *.%domain%
> nsAdminAccessAddresses: *
> nsAdminOneACLDir: adminacl
> nsDefaultAcceptLanguage: en
> nsClassname: com.netscape.management.admserv.AdminServer@%as_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
> aci: (targetattr=*)(version 3.0; acl "Enable delegated admin to access configuration"; allow (read, search) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
> aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
>+
>+dn: ou="cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
>+objectClass: top
>+objectClass: organizationalUnit
>+aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all) userdnattr="creatorsname";)
>+ou: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=netscaperoot
>+
>+dn: cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
>+changetype: modify
>+add: aci
>+aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)

Actions: View | Diff

Attachments on bug 431103: 311740 | 311741 | 311748 | 311760