Hi David, hi Alan,
I've the nearly same approach, well done for these scripts ;) (I did about the same).
But don't you think it would be far easier to do this kind of things:
* remove-ds-admin.pl -y -f -y
* yum remove -y 389-ds-base-base-libs
* yum install 389-ds 389-admin 389-adminutil
* setup-ds-admin.pl -s -f /tmp/ldap.inf
* stuff...
But that would be a 389-ds task
Regards,
2016-01-10 18:54 GMT+01:00 David Barr <dafydd@xxxxxxxxxx>:
I have a straight up bash script at https://github.com/dafydd2277/systemAdmin/blob/master/ldap/99_389dsCleanInstall.sh that exactly this. You're welcome to use as a starting point.DavidOn Jan 10, 2016, at 08:43, Charlie Mordant <cmordant1@xxxxxxxxx> wrote:--Hi census experts!At first, I wanted to thank you for that wonderful technology, providing secure (tls ready, acl ready, clusterable) product: you're the only one driving annuary (directory) as mature as this.I'm encountering an untraditional issue: I'm trying to make a kind of cloud service all ldap centric: all my services are consuming ldap to give user credentials (jenkins, webmail, nexus, etc...).I'm able to make a first-time ldap installation that fits all my needs but not able to makes it repeatable.The issues are that:* docker image are really difficult to tackle:mains parts are on the same db: netscaperoot things, ssl configuration, maxbersize, as well as the users db (dc=mydn, dc=people), so splitting concerns are difficult.* remove-ds.pl then setup-ds.pl does not make admin-ds recognizable within the new ldap.* remove-ds-admin.pl removes some rpm mandatory files, so yum erase (389-ds-base, 389-admin, 389-adminutil), yum install is mandatory (but it looks like its not sufficient, and can cause some side effect: removing other deps).So how can I make a repeatable 389 install?What I want to achieve:* Install a 389 server importing a personal CA and certs* Securizing access (my cloud has prices depending on the number of users) so my cloud adds users to 'dc=mycompany,ou=people, ou=company' but company can add users to 'dc=mycompany,ou=people, ou=webmail,ou=contacts'* Making it repeatable (exporting contacts data, yum erase 389-ds, yum install 389-ds then configure stuff and importing contacts data should lead to the same result as before), and I'm not able to do that after 3 month of work.I've a sample Opscode Chef recipe mounting all this stuff, but re-provisioning machine leads to errors, I can give access to one of your dev if wanted.Can 389 can be improved to uninstall ds then reinstall an installation (without the admin things) and being as complete as before?Best regards--Charlie Mordant
Full OSGI/EE stack made with Karaf: https://github.com/OsgiliathEnterprise/net.osgiliath.parent
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx--
David - Offbeat
dafydd - Online http://pgp.mit.edu/
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
The most dangerous phrase is, 'We've always done it this way.' –RADM Grace Hopper
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Charlie Mordant
Full OSGI/EE stack made with Karaf: https://github.com/OsgiliathEnterprise/net.osgiliath.parent
Full OSGI/EE stack made with Karaf: https://github.com/OsgiliathEnterprise/net.osgiliath.parent
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx