Hey guys, I had been working on several scripts for fds to configure and monitor replication and encryption across several servers. Well I decided to move the guts of those scripts into a perl module called fdstools. What started as a NET::ldap/perl learning experience, evolved into this module. It's not near feature complete, but does work for setting up replication and configuring and enabling TLS/SSL on fds. And it's my first attempt at a perl module, so take it easy on me :) The TLS/SSL setup is just basically a glorified wrapper for certutil and pk12util, perl-ified. The replication setup is all done using ldap calls to the appropriate servers. There are 3 config files (2 that you need to edit). Default locations for all 3 are /etc/fdstools/ fdstools.conf - system wide defaults, file locations etc. repman.conf - root DN specifics options for replication serial - file to keep track of certs handed out, serial numbers on certs etc. (generally don't touch this file, you could break the serial number sequence when creating certs) Just put the fdstools.pm module and the 2 helper scripts (repman.pl and setup_ssl) in the same directory. You can do a perldoc fdstools from the same directory as the module to get some rudimentary docs. I like to think I'm comment heavy, so have a look at the code aswell for any details. My perldoc-fu is lacking. There are alot of options for the setup_ssl, so try running with -h to get help and -e for a list of examples. Hopefully it doesn't break any systems, but if it does make sure you have backups of your security databases and directory server aswell as dse.ldif. I used it to create a 2 server mmr setup with UserRoot and NetscapeRoot being replicated over SSL. If you want to replicate NetscapeRoot, you need to create the root suffex on the target server first. I've included an ldif to help with that. so just run ldapadd -x -h TARGETSERVER -D "cn=directory manager" -W -f ldif/ns.ldif Then run the repman.pl script but tell it to use an alternate config like so. my $blah = fdstools->new( prompt_bindpw => "1", config => /etc/fdstools/repman-ns.conf" ); Remember, if you are replicating NetscapeRoot, you need to install the second server using setup-ds.pl FIRST, then setup the replication agreements (and encryption if you want the agreement to be encrypted), initialize them, then run register-ds-admin.pl. Any questions/comments/complaints please let me know. md5sum fdstools.tar.bz2 39b18c773578d58ac75be65c3efaca48 fdstools.tar.bz2 Ryan Braun Informatics Operations Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: (204) 833-2500x2625 CSN: 257-2625 FAX: (204) 833-2524 E-Mail: Ryan.Braun at ec.gc.ca -------------- next part -------------- A non-text attachment was scrubbed... Name: fdstools.tar.bz2 Type: application/x-bzip-compressed-tar Size: 15574 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090224/141ff4ab/attachment.bin
