If you run ds_newinst.pl with a bare minimum .inf file, you will see the following aci created in cn=config: aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=,ou=Administrators, ou=TopologyManagement, o=Netscap eRoot";) We should not create this aci, as we do not have a configuration DS if we are creating a minimal fedora-ds-base.
Created attachment 148686 [details] diffs
Reviewed by: nhosoi (Thanks!) Fix Description: Unknown to me until just now, PL_strdup(NULL) will return "" - the empty string. The code in config_suitespot() expects that empty or unused fields are NULL. The solution is to create a create_instance_strdup() wrapper around PL_strdup() and use that in cases where the argument may be NULL. I checked create_instance.c. Every other place where PL_strdup is used, the argument is checked for NULL first. So these are the only places affected. Instance creation works fine after this change and does not create the offending aci. Platforms tested: RHEL4 Flag Day: no Doc impact: no ldapserver/ldap/admin/src/create_instance.c Revision 1.47
Created attachment 273451 [details] minimum setup inf file this is setup inf file used to customize the installation of DS
verified. PASS Test machine: neo.dsdev.sjc.redhat.com (RHEL5 32bit) Test steps: 1. remove all previously installed DS instance 2. do yum install a fresh copy of DS 3. use setup.ini file (see attachment) to customizer the installation 4. do db2ldap to dump all records under userRoot 5. verify there is no "ldap:///uid=," records anymore Actual test output: [root@neo dirsrv]# /usr/sbin/setup-ds-admin.pl -s -f ./setup.ini Creating directory server . . . Your new DS instance 'neo.dsdev.sjc.redhat.com' was successfully created. Creating the configuration directory server . . . The server 'ldap://neo.dsdev.sjc.redhat.com:389/o=NetscapeRoot' is not reachable. Error: unknown error Could not register the directory server with the configuration directory server. Exiting . . . Log file is '/tmp/setupX7XjoF.log' [root@neo dirsrv]# ps -elf | grep slapd 1 S nobody 5305 1 1 75 0 - 110793 stext 16:15 ? 00:00:00 ./ns-slapd -D /tmp/ds80/server/slapd-neo -i /tmp/ds80/server/slapd-neo/logs/slapd-neo.dsdev.sjc.redhat.com.pid -w /tmp/ds80/server/slapd-neo/logs/slapd-neo.dsdev.sjc.redhat.com.startpid [root@neo slapd-neo]# ./db2ldif -n UserRoot Exported ldif file: /tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif ldiffile: /tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif [29/Nov/2007:16:16:03 -0800] - export userRoot: Processed 9 entries (100%). [29/Nov/2007:16:16:03 -0800] - All database threads now stopped [root@neo slapd-neo]# vi /tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif [root@neo slapd-neo]# grep "uid=" /tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif [root@neo slapd-neo]# grep "ldap:///" /tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif allow (read, search, compare) userdn="ldap:///anyone";) common attributes"; allow (write) userdn="ldap:///self";) (all) (groupdn = "ldap:///cn=Directory Administrators, o=my.com");) rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA M