Index: trunk/server/doc/HOWTO-SETUP-LDAP
===================================================================
--- trunk/server/doc/HOWTO-SETUP-LDAP	(revision 1177)
+++ trunk/server/doc/HOWTO-SETUP-LDAP	(revision 1178)
@@ -12,4 +12,6 @@
 - /sbin/service dirsrv start
 - Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
+- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
+  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
 - /sbin/service dirsrv stop
 - Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
Index: trunk/server/doc/install-howto.sh
===================================================================
--- trunk/server/doc/install-howto.sh	(revision 1177)
+++ trunk/server/doc/install-howto.sh	(revision 1178)
@@ -75,4 +75,6 @@
     \cp -a etc /
 
+# yum remove nss_ldap, because nss-ldapd conflicts with it
+
 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
     YUM install -y scripts-base
@@ -99,5 +101,5 @@
 
 # Install various dependencies of the scripts system, including syslog-ng,
-# glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
+# glibc-devel.i586, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
 
 # Disable NetworkManager with chkconfig NetworkManager off. Configure
@@ -109,7 +111,25 @@
 #  /usr/vice/etc/cacheinfo to contain:
 #       /afs:/usr/vice/cache:10000000
+# Also fix ThisCell to contain athena.mit.edu in both directories
 
 # Figure out why Zephyr isn't working. Most recently, it was because there
 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one
+
+# Install the athena-base, athena-lprng, and athena-lprng-misc RPMs
+# from the Athena 9 build (these are present in our yum repo).  Note
+# that you will have to use --nodeps for at least one of the lprng
+# ones because it thinks it needs the Athena hesiod RPM.  It doesn't
+# really.  Before doing this, run it without --nodeps and arrange to
+# install the rest of the things it really does depend on.  This will
+# include a bunch of 32-bit rpms; go ahead and install the .i586 versions
+# of them.  In the case of the Kerberos libraries, you'll be told that
+# there are conflicting files with the 64-bit versions of the packages,
+# which we scriptsify.  You'll have to use --force to install those
+# rpms despite the conflicts.  After doing that, you may want to
+# install the corresponding 64-bit scriptsified versions again, just
+# to be safe in case the 32-bit versions overwrite files that differ.
+# When you try this, it will complain that you already have the same
+# version installed; again, you'll need to use --force to do it anyway.
+# Yuck.
 
 # Install the full list of RPMs that users expect to be on the
@@ -127,18 +147,37 @@
 # TO DO THIS:
 # On another server, run:
-# perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "$_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt
+# perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt
 # Then on the server you're installing,
-    perl -MCPAN -e"$(echo notest install $(cat /mit/scripts/config/perl-packages.txt))"
+    cat perl-packages.txt | perl -MCPAN -e shell
 
 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
 # the other scripts.mit.edu servers and do not have RPMs.
-# - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
+# - Look at /usr/lib/python2.6/site-packages and
+#           /usr/lib64/python2.6/site-packages for Python eggs and modules.
+#   First use 'yum search' to see if the relevant package is now available
+#   as an RPM, and install that if it is.  If not, then use easy_install.
 # - Look at `gem list` for Ruby gems.
+#   Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'.
 # - Look at `pear list` for Pear fruits (or whatever they're called).
-
-# echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
-
-# Install the credentials (machine keytab, daemon.scripts keytab, SSL
-# certs).
+#   Yet again, 'yum search' for RPMs before resorting to 'pear install'.  Note
+#   that for things in the beta repo, you'll need 'pear install package-beta'.
+
+# echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth
+
+# Install the credentials.  There are a lot of things to remember here:
+#   o You probably installed the machine keytab long ago
+#   o Use ktutil to combine the host/scripts.mit.edu and
+#     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
+#     the keytab.  Do not use 'k5srvutil change' on the combined keytab
+#     or you'll break the other servers.
+#   o The daemon.scripts keytab
+#   o The SSL cert private key
+#   o The LDAP password for the signup process
+#   o The SQL password for the signup process
+#   o The LDAP keytab for this server, which will be used later
+#   o Replace the ssh host keys with the ones common to all scripts servers
+#   o You'll install an LDAP certificate signed by the scripts CA later
+#   o Make sure root's .k5login is correct
+#   o Make sure logview's .k5login is correct
 
 # If you are setting up a test server, pay attention to
@@ -155,4 +194,7 @@
 # correct.
 
+# cd /etc/postfix; postmap virtual
+# Otherwise postfix will appear to work, but actually not deliver mail
+
 # Run fmtutil-sys --all, which does something that makes TeX work.