Listbox wrote:
Got our first user created! I have an idea on why the setup-ds-admin.pl may not have worked completely.If you abort setup before it finishes asking you questions, you should be able to run it again, no problem. If you abort it after the dialog section during its configuration section, then you will have to do some clean up.When doing the first install, I ran the install script, then aborted it ( within the first few steps ).
That really doesn't do anything - the fedora-ds package is now completely empty and just Requires (for yum) the "real" packages fedora-ds-base, fedora-ds-admin, etc.I thought I was paranoid enough by running "rpm -erase fedora-ds-1.1.0-3",
It shouldn't be necessary, but if you really want to remove everything, you should do something like
yum erase svrcore idm-console-framework
and deleting the contents of : /etc/dirsrv /usr/lib/dirsrv
/usr/lib64/dirsrv on 64bit systems
/usr/share/dirsrv /var/lock/dirsrv /var/lib/dirsrv /var/run/dirsrv /var/log/dirsrv
Yep. rm -rf all of those
/usr/lib/mozldap /usr/share/doc/mozldap-6.0.5
No, not these.
Before I reinstalled, and re-ran the install script. But I know I ran into a slapd startup problem because I made a typo, and I only erased the contents of "/var/run/dirsrv", and left the dir itself.
Untill I tried to create users, that was the only problem due to a previous install attempt. Maybe this was another. Thanks again! -----Original Message-----From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx] Sent: Wednesday, January 23, 2008 12:33 PMTo: listbox@xxxxxxxxxxxxxx Cc: fedora-directory-users@xxxxxxxxxx Subject: Re: NetscapeRootRe: Can't create users, time for complete wipe and re-install? Listbox wrote:Thanks Rich!I just looked in /usr/share/dirsrv/data, and the file "template.ldif" looks like what I get for the ldapquery of acis in dc=hymesruzicka, dc=org. It does not have any entries for uid=admin ( or uid=%as_uid% ).Right. That's the file that is used for just the fedora-ds-base package - the admin server and console stuff are "add-ons".I did find the file "16dssuffixadmin.mod.tmpl", and looks like it may be useful as a model to make more of the correct acis. Is this a goodidea? Yes.How much more should I modify it?You have to replace the %token% items: ds_suffix - your suffix e.g. dc=hymesruzicka, dc=org or cn=config or cn=schema or etc. as_uid - admin or change the entire DN uid=%as_uid%,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot to some other DN that you want to use for an administrator. You can just omit the SIE Group ACI Then just feed that file to ldapmodify e.g. ldapmodify -x -D "cn=directory manager" -w yourpassword -f thefile.ldif Note - make a copy of 16dssuffixadmin.mod.tmpl and edit it - do not edit it in place./usr/share/dirsrv/data/16dssuffixadmin.mod.tmpl # BEGIN COPYRIGHT BLOCK ... # END COPYRIGHT BLOCK dn: %ds_suffix% changetype: modify add: aciaci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=%as_uid%,ou=Administrators, ou=TopologyManagement,o=NetscapeRoot";)aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)Thanks again! ************************************************ ************************************************ ************************************************for bind in config schema monitor ; do ldapsearch -x -D "cn=directory manager" -w mypassword -s sub -b cn=$bind "aci=*" aci ; done # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: aci=* # requesting: aci ## config dn: cn=configaci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; a llow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=To pologyManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l dap:///cn=slapd-trixter, cn=Fedora Directory Server, cn=Server Group, cn=trix ter.hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot";)# SNMP, config dn: cn=SNMP,cn=configaci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");)# 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=configaci: (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read , search, compare, proxy ) userdn = "ldap:///all";)# search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 # extended LDIF # # LDAPv3 # base <cn=schema> with scope subtree # filter: aci=* # requesting: aci # # schema dn: cn=schemaaci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; a llow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=To pologyManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l dap:///cn=slapd-trixter, cn=Fedora Directory Server, cn=Server Group, cn=trix ter.hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot";)# search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 # extended LDIF # # LDAPv3# base <cn=monitor> with scope subtree # filter: aci=* # requesting: aci ## monitor dn: cn=monitoraci: (target ="ldap:///cn=monitor*")(targetattr != "aci || connection")(versio n 3.0; acl "monitor"; allow( read, search, compare ) userdn = "ldap:///anyone";) # search result search: 2 result: 0 Success
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users