Bug 431103 - Cannot setup ds with remote config DS
Summary: Cannot setup ds with remote config DS
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: 389
Classification: Retired
Component: Install/Uninstall
Version: 1.1.0
Hardware: All
OS: Linux
high
low
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 249650 FDS112
TreeView+ depends on / blocked
 
Reported: 2008-01-31 19:57 UTC by Rich Megginson
Modified: 2018-10-19 20:09 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-08-27 20:38:39 UTC
Embargoed:


Attachments (Terms of Use)
admin server diffs (30.99 KB, patch)
2008-07-14 17:32 UTC, Rich Megginson
no flags Details | Diff
diffs (2.07 KB, patch)
2008-07-14 17:33 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (2.17 KB, text/plain)
2008-07-14 18:44 UTC, Rich Megginson
no flags Details
cvs commit log for 8.0 branch (2.21 KB, text/plain)
2008-07-14 19:31 UTC, Rich Megginson
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0602 0 normal SHIPPED_LIVE Moderate: redhat-ds-base and redhat-ds-admin security and bug fix update 2008-08-27 20:38:30 UTC

Description Rich Megginson 2008-01-31 19:57:09 UTC
If you attempt to run setup-ds-admin.pl and use a configuration DS running on a
different machine, you will get an error like this:

Creating the configuration directory server . . .
dn: cn=Fedora Directory Server, cn=Server Group, cn=host.example.com,
ou=example.com, 
 o=NetscapeRoot
objectclass: nsApplication
objectclass: groupOfUniqueNames
objectclass: top
cn: Fedora Directory Server
nsproductname: Fedora Directory Server
nsproductversion: 1.1.0
nsnickname: slapd
nsbuildnumber: 2008.03.27
nsvendor: Fedora Project
installationtimestamp: 20080131195003Z
nsexpirationdate: 0
nsbuildsecurity: domestic
uniquemember: cn=slapd-host, cn=Fedora Directory Server, cn=Server Group, 
 cn=vhost.example.com, ou=example.com, o=NetscapeRoot
... more of entry ...
Error adding entry 'cn=Fedora Directory Server, cn=Server Group,
cn=host.example.com, ou=example.com, o=NetscapeRoot'.  Error: No such object
Could not register the directory server with the configuration directory server.

Comment 1 Rich Megginson 2008-01-31 20:20:14 UTC
There is a workaround - if the fqdn is host.example.com, you just have to create
the following entries:

dn: cn=host.example.com, ou=example.com, o=NetscapeRoot
objectclass: top
objectclass: nsHost
objectclass: groupOfUniqueNames
cn: host.example.com
nsosversion: output of uname -a on the machine
nshardwareplatform: arch e.g. i386 or x86_64 or ...
serverHostName: host.example.com

dn: cn=Server Group, cn=host.example.com, ou=example.com, o=NetscapeRoot
objectclass: top
objectclass: nsAdminGroup
objectclass: nsDirectoryInfo
objectclass: groupOfUniqueNames
nsAdminGroupName: Server Group
nsDirectoryInfoRef: cn=User Directory, ou=Global Preferences, ou=example.com,
o=NetscapeRoot


Comment 2 Rich Megginson 2008-01-31 20:24:52 UTC
(In reply to comment #1)
> There is a workaround - if the fqdn is host.example.com, you just have to create
> the following entries:
> 

The entries should be created on the configuration DS - be sure to replace
example.com with the real domain and host.example.com with the real hostname.

Comment 3 Yvo van Doorn 2008-01-31 23:18:16 UTC
In order for the admin server to show up as well for "host.example.com" I had to
add this under 

bsadminsiedn: cn=admin-serv-host, cn=Fedora Administration Server, cn=Server
Group, cn=host.example.com, ou=example.com, o=NetscapeRoot



Comment 4 Yvo van Doorn 2008-01-31 23:25:18 UTC
spelling correction:
s/bsadminsiedn/nsadminsiedn/

Comment 6 Thomas Blanchin 2008-06-11 15:18:02 UTC
With newer version of fds-1.1, it seems necessary to add what Yvo mentionned,
which is finally, and also a "UserPreference" entry. So put that in an ldif
file, and import it on the configuration DS :

dn: ou=UserPreferences, ou=example.com, o=NetscapeRoot
aci: (targetattr = "*")(version 3.0; acl "Allow saving of User Preferences";
allow (add) userdn = "ldap:///all";)
ou: UserPreferences
objectClass: top
objectClass: organizationalUnit

dn: cn=host.example.com, ou=example.com, o=NetscapeRoot
objectclass: top
objectclass: nsHost
objectclass: groupOfUniqueNames
cn: host.example.com
nsosversion: output of uname -a on the machine
nshardwareplatform: arch e.g. i386 or x86_64 or ...
serverHostName: host.example.com

dn: cn=Server Group, cn=host.example.com, ou=example.com, o=NetscapeRoot
objectclass: top
objectclass: nsAdminGroup
objectclass: nsDirectoryInfo
objectclass: groupOfUniqueNames
nsAdminGroupName: Server Group
nsDirectoryInfoRef: cn=User Directory, ou=Global Preferences, ou=example.com,
o=NetscapeRoot
nsadminsiedn: cn=admin-serv-host, cn=Fedora Administration Server, cn=Server
Group, cn=host.example.com, ou=example.com, o=NetscapeRoot


Comment 7 Rich Megginson 2008-07-14 17:32:06 UTC
Created attachment 311740 [details]
admin server diffs

Comment 8 Rich Megginson 2008-07-14 17:33:32 UTC
Created attachment 311741 [details]
diffs

Comment 9 Rich Megginson 2008-07-14 18:44:22 UTC
Created attachment 311748 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This fix has two main parts.  The first part is to fix setup. 
I took parts out of the 01nsroot template and put them into the templates that
set up the directory server and admin server.  So when those servers are
registered, they will create those common entries if not present, or otherwise
modify them to add the necessary information.  I had to add uname_m and uname_a
and some other items to the mapping files.  I fixed a typo in one of the
template files.  I changed setup to create new directory server instances
shutdown, so that when they are configured for the passthrough auth plugin, it
will be working when started.  Otherwise, directory servers you create with
setup will not be manageable in the console until after they are restarted. 
This is the same way that ds_create works.
The second part of the fix is to allow people to fix "broken" installs.  I
added a -u (update) option to setup.  This will scan for exsiting installations
are re-register all servers found.  The dialog flow is pretty simple - it just
confirms that you want to run update mode, then asks for the config ds
information, then re-registers all servers with the config ds, updating any
information that is missing or outdated.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: Yes - need to document the new -u option.

Comment 10 Rich Megginson 2008-07-14 19:31:13 UTC
Created attachment 311760 [details]
cvs commit log for 8.0 branch

Comment 12 Rich Megginson 2008-07-24 15:42:47 UTC
Current code fails to create new instance if using a custom config dir (e.g.
other than /etc/dirsrv) - that is, if using slapd.config_dir set to another
directory.  This patch uses DS_CONFIG_DIR for the location of the directory
server config.  DS_CONFIG_DIR is set in DSCreate.pm to the value of
slapd.config_dir if set, or the default compiled in value (e.g. /etc/dirsrv)
otherwise.

12-17 11:48:11.000000000 -0700
--- AdminUtil.pm.in	2008-07-24 07:43:26.000000000 -0600
***************
*** 357,364 ****
  sub createSubDSNoConn {
      my $inf = shift;
      my $errs = shift;
  
!     my $dseldif = "@instconfigdir@/slapd-" . $inf->{slapd}->{ServerIdentifier}
. "/dse.ldif";
      my $conn = new FileConn($dseldif);
  
      return internalCreateSubDS($conn, $inf, $errs);
--- 357,367 ----
  sub createSubDSNoConn {
      my $inf = shift;
      my $errs = shift;
+     # $ENV{DS_CONFIG_DIR} is set in ds instance creation
+     my $dsconfdir = $ENV{DS_CONFIG_DIR} ||
+         "@instconfigdir@/slapd-" . $inf->{slapd}->{ServerIdentifier};
  
!     my $dseldif = "$dsconfdir/dse.ldif";
      my $conn = new FileConn($dseldif);
  
      return internalCreateSubDS($conn, $inf, $errs);


Comment 13 Rich Megginson 2008-07-24 16:04:52 UTC
Reviewed by: nhosoi (Thanks!)
Branch: HEAD and Directory_Server_8_0_Branch
Fix Description: If using a non-standard config dir for the directory server,
creating additional instances with setup-ds-admin.pl fails, because it doesn't
take into consideration the location.  DS_CONFIG_DIR is set in DSCreate.pm to
the real location of the new directory server instance config directory.
Platforms tested: Fedora 8
Flag Day: no
Doc impact: no 

Commit to HEAD:
Checking in AdminUtil.pm.in;
/cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v  <--  AdminUtil.pm.in
new revision: 1.19; previous revision: 1.18
done

Commit to Directory_Server_8_0_Branch:
Checking in AdminUtil.pm.in;
/cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v  <--  AdminUtil.pm.in
new revision: 1.18.2.1; previous revision: 1.18
done


Comment 17 errata-xmlrpc 2008-08-27 20:38:39 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0602.html

Comment 18 Fedora Update System 2008-09-04 19:47:14 UTC
fedora-ds-admin-1.1.6-1.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/fedora-ds-admin-1.1.6-1.fc8

Comment 19 Fedora Update System 2008-09-04 19:48:38 UTC
fedora-ds-admin-1.1.6-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/fedora-ds-admin-1.1.6-1.fc9

Comment 21 Fedora Update System 2008-09-11 16:55:56 UTC
fedora-ds-admin-1.1.6-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2008-09-11 17:16:12 UTC
fedora-ds-admin-1.1.6-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.