Index: branches/fc13-dev/server/doc/install-ldap =================================================================== --- branches/fc13-dev/server/doc/install-ldap (revision 1672) +++ branches/fc13-dev/server/doc/install-ldap (revision 1673) @@ -6,4 +6,6 @@ root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds - root# yum install -y policycoreutils-python +- Temporarily move away the existing slapd-scripts folder + root# mv /etc/dirsrv/slapd-scripts{,.bak} - root# /usr/sbin/setup-ds.pl - Choose a typical install @@ -14,8 +16,10 @@ - Input directory manager password (this can be found in ~/.ldapvirc) - [XXX: Got error: sh: semanage: command not found; turns out this is in - policycoreutils-python. Don't know if this will cause problems.] +- Move the schema back + root# cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts + root# rm -Rf /etc/dirsrv/slapd-scripts.bak - yum install ldapvi - Check if dirsrv starts: /sbin/service dirsrv start + then turn it back off: service dirsrv stop - Apply the following configuration changes. If you're editing dse.ldif, you don't want dirsrv to be on, otherwise it will @@ -41,15 +45,11 @@ nsSaslMapFilterTemplate: (objectClass=posixAccount) -- /sbin/service dirsrv stop -- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts [XXX: I don't - know how to do this, but placing them in /etc might be sufficient?] - Put LDAP keytab (ldap/hostname.mit.edu) in /etc/dirsrv/keytab. Make sure you chown/chgrp it to be readable by fedora-ds - Uncomment and modify in /etc/sysconfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME -- mkdir -p /var/run/dirsrv - chown fedora-ds:fedora-ds /var/run/dirsrv - chmod 755 /var/run/dirsrv -- /sbin/service dirsrv restart -- Use ldapvi -b cn=config to add these indexes: +- /sbin/service dirsrv start +- Use ldapvi -b cn=config to add these indexes (8 of them): add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config @@ -191,4 +191,6 @@ nsDS5ReplicaBindDN: uid=ldap/whole-enchilada.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu nsDS5ReplicaBindDN: uid=ldap/real-mccoy.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu +nsDS5ReplicaBindDN: uid=ldap/better-mousetrap.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu +nsDS5ReplicaBindDN: uid=ldap/old-faithful.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu # ADD SERVERS HERE AS YOU ADD NEW SERVERS nsds5ReplicaPurgeDelay: 604800 @@ -200,5 +202,5 @@ weren't we going to replicate from only one server? That is correct, however, simply binding won't mean we will receive - updates; we have to setup the $MASTER to send data $SALVE. + updates; we have to setup the $MASTER to send data $SLAVE. 3. Although we allowed those uids to bind, that user information @@ -240,5 +242,7 @@ nsDS5ReplicaTimeout: 120 - 4. Run the replication. (you could fold this into the previous step) + 4. Reboot the server `service dirsrv restart`, then run the + replication. (Don't fold this into the previous step! You might + nuke your database!) # under cn="GSSAPI Replication to $SLAVE", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config Index: branches/fc13-dev/server/fedora/config/etc/hosts =================================================================== --- branches/fc13-dev/server/fedora/config/etc/hosts (revision 1672) +++ branches/fc13-dev/server/fedora/config/etc/hosts (revision 1673) @@ -10,16 +10,18 @@ 18.181.0.229 scripts-test.mit.edu scripts-test +18.181.0.57 better-mousetrap.mit.edu better-mousetrap scripts1.mit.edu scripts1 18.181.0.53 old-faithful.mit.edu old-faithful scripts2.mit.edu scripts2 -18.181.0.57 better-mousetrap.mit.edu better-mousetrap scripts1.mit.edu scripts1 18.181.0.167 bees-knees.mit.edu bees-knees sx-blade-4.mit.edu sx-blade-4 scripts3.mit.edu scripts3 18.181.0.228 cats-whiskers.mit.edu cats-whiskers scripts4.mit.edu scripts4 +18.181.0.236 whole-enchilada.mit.edu whole-enchilada scripts5.mit.edu scripts5 18.181.0.237 pancake-bunny.mit.edu pancake-bunny scripts6.mit.edu scripts6 18.181.0.234 busy-beaver.mit.edu busy-beaver scripts7.mit.edu scripts7 18.181.0.235 real-mccoy.mit.edu real-mccoy scripts8.mit.edu scripts8 +172.21.0.57 better-mousetrap.mit.edu 172.21.0.53 old-faithful.mit.edu -172.21.0.57 better-mousetrap.mit.edu 172.21.0.167 bees-knees.mit.edu 172.21.0.228 cats-whiskers.mit.edu +172.21.0.236 whole-enchilada.mit.edu 172.21.0.237 pancake-bunny.mit.edu 172.21.0.234 busy-beaver.mit.edu Index: branches/fc13-dev/server/fedora/config/etc/nagios/check_ldap_mmr.real =================================================================== --- branches/fc13-dev/server/fedora/config/etc/nagios/check_ldap_mmr.real (revision 1672) +++ branches/fc13-dev/server/fedora/config/etc/nagios/check_ldap_mmr.real (revision 1673) @@ -6,4 +6,7 @@ use Net::LDAP; use strict; + +my $nl = $ENV{'USE_NEWLINES'} ? "\n" : ""; +my $tab = $ENV{'USE_NEWLINES'} ? " " : ""; # Nagios codes @@ -25,5 +28,5 @@ my $replicaErrors = 0; my $conflictErrors = 0; -my $errorstring = "Replication error(s): "; +my $errorstring = "Replication error(s): $nl"; foreach my $entr ( @entries ) { my $servername=$entr->get_value($server); @@ -35,6 +38,6 @@ $serverlaststart =~ s/(....)(..)(..)(..)(..)(..)./$1-$2-$3\ $4:$5:$6/; $serverlastend =~ s/(....)(..)(..)(..)(..)(..)./$1-$2-$3\ $4:$5:$6/; - print "Replication to $servername last operation $serverlaststart "; - print "Status: $serverstatus. "; + print "Replication to $servername last operation $serverlaststart $nl"; + print $tab . "Status: $serverstatus. $nl"; if ($statuscode) { $replicaErrors++; @@ -42,4 +45,5 @@ } } +print "$nl"; $result=LDAPSearch($ldap,"nsds5ReplConflict=*",["nsds5ReplConflict"],$replicatedBase); @@ -48,9 +52,10 @@ my $conflictingDN=$entr->dn(); my $conflictDesc=$entr->get_value("nsds5ReplConflict"); - print "Conflict found for DN $conflictingDN "; - print "Reason: $conflictDesc. "; + print "Conflict found for DN $conflictingDN $nl"; + print $tab . "Reason: $conflictDesc. $nl"; $conflictErrors++; $errorstring = $errorstring . $conflictDesc . ", "; } +print "$nl"; if ($conflictErrors > 0) { Index: branches/fc13-dev/server/fedora/config/etc/sudoers =================================================================== --- branches/fc13-dev/server/fedora/config/etc/sudoers (revision 1672) +++ branches/fc13-dev/server/fedora/config/etc/sudoers (revision 1673) @@ -56,4 +56,5 @@ Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" +Defaults env_keep += "USE_NEWLINES" ## Next comes the main part: which users can run what software on Index: branches/fc13-dev/server/fedora/config/etc/sysconfig/network-scripts/route-eth1 =================================================================== --- branches/fc13-dev/server/fedora/config/etc/sysconfig/network-scripts/route-eth1 (revision 1672) +++ branches/fc13-dev/server/fedora/config/etc/sysconfig/network-scripts/route-eth1 (revision 1673) @@ -2,9 +2,10 @@ 18.181.0.56 via 172.21.0.56 18.181.0.52 via 172.21.0.52 +18.181.0.57 via 172.21.0.57 18.181.0.53 via 172.21.0.53 -18.181.0.57 via 172.21.0.57 18.181.0.167 via 172.21.0.167 18.181.0.228 via 172.21.0.228 +18.181.0.236 via 172.21.0.236 +18.181.0.237 via 172.21.0.237 18.181.0.234 via 172.21.0.234 18.181.0.235 via 172.21.0.235 -18.181.0.237 via 172.21.0.237 Index: branches/fc13-dev/server/fedora/config/etc/syslog-ng/d_zroot.pl =================================================================== --- branches/fc13-dev/server/fedora/config/etc/syslog-ng/d_zroot.pl (revision 1672) +++ branches/fc13-dev/server/fedora/config/etc/syslog-ng/d_zroot.pl (revision 1673) @@ -101,4 +101,5 @@ } elsif ($message =~ m|^Postponed keyboard-interactive|) { } elsif ($message =~ m|^Failed keyboard-interactive/pam|) { + } elsif ($message =~ m|^Did not receive identification string from|) { } elsif ($message =~ m|^fatal: Read from socket failed: Connection reset by peer$|) { } elsif ($message =~ m|^reverse mapping checking getaddrinfo|) {