From da453a37d76f0e69d2c104b192a19ced6f29fb80 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Jul 22 2020 20:46:48 +0000 Subject: Issue 51209 - remove legacy tools subpackage Description: Remove the legacy tool subpackage and all the files associated with it. Also cleaned up other unused files. relates: https://pagure.io/389-ds-base/issue/51209 Reviewed by: ? --- diff --git a/Makefile.am b/Makefile.am index 4ea239a..e5fe0e1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -55,18 +55,6 @@ RUST_LDFLAGS = RUST_DEFINES = endif -if ENABLE_PERL -PERL_ON = 1 -else -PERL_ON = 0 -endif - -if ENABLE_LEGACY -LEGACY_ON = 1 -else -LEGACY_ON = 0 -endif - if CLANG_ENABLE CLANG_ON = 1 CLANG_LDFLAGS = -latomic @@ -237,32 +225,7 @@ LIBPOSIX_WINSYNC_PLUGIN = libposix-winsync-plugin.la endif CLEANFILES = dberrstrs.h ns-slapd.properties \ - ldap/admin/src/scripts/template-dbverify ldap/admin/src/template-initconfig \ - ldap/admin/src/scripts/dscreate.map ldap/admin/src/scripts/remove-ds.pl \ - ldap/admin/src/scripts/DSCreate.pm ldap/admin/src/scripts/DSMigration.pm \ - ldap/admin/src/scripts/DSUpdate.pm ldap/admin/src/scripts/dsupdate.map \ - ldap/admin/src/scripts/dsorgentries.map ldap/admin/src/scripts/migrate-ds.pl \ - ldap/admin/src/scripts/Migration.pm ldap/admin/src/scripts/SetupDialogs.pm \ - ldap/admin/src/scripts/setup-ds.pl ldap/admin/src/scripts/setup-ds.res \ - ldap/admin/src/scripts/start-dirsrv ldap/admin/src/scripts/stop-dirsrv \ - ldap/admin/src/scripts/restart-dirsrv ldap/admin/src/scripts/Setup.pm \ - ldap/admin/src/scripts/status-dirsrv \ - ldap/admin/src/scripts/template-bak2db ldap/admin/src/scripts/template-bak2db.pl \ - ldap/admin/src/scripts/template-db2bak ldap/admin/src/scripts/template-db2bak.pl \ - ldap/admin/src/scripts/template-db2index ldap/admin/src/scripts/template-db2index.pl \ - ldap/admin/src/scripts/template-db2ldif ldap/admin/src/scripts/template-db2ldif.pl \ - ldap/admin/src/scripts/template-ldif2db ldap/admin/src/scripts/template-ldif2db.pl \ - ldap/admin/src/scripts/template-ldif2ldap ldap/admin/src/scripts/template-monitor \ - ldap/admin/src/scripts/template-ns-accountstatus.pl ldap/admin/src/scripts/template-ns-activate.pl \ - ldap/admin/src/scripts/template-ns-inactivate.pl ldap/admin/src/scripts/template-ns-newpwpolicy.pl \ - ldap/admin/src/scripts/template-restart-slapd ldap/admin/src/scripts/template-restoreconfig \ - ldap/admin/src/scripts/template-saveconfig ldap/admin/src/scripts/template-start-slapd \ - ldap/admin/src/scripts/template-stop-slapd ldap/admin/src/scripts/template-suffix2instance \ - ldap/admin/src/scripts/template-upgradedb \ - ldap/admin/src/scripts/template-upgradednformat \ - ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl \ - ldap/admin/src/scripts/template-verify-db.pl \ - ldap/admin/src/scripts/template-vlvindex ldap/admin/src/scripts/DSUtil.pm \ + ldap/admin/src/template-initconfig \ ldap/ldif/template-baseacis.ldif ldap/ldif/template-bitwise.ldif ldap/ldif/template-country.ldif \ ldap/ldif/template-dnaplugin.ldif ldap/ldif/template-domain.ldif ldap/ldif/template-dse.ldif \ ldap/ldif/template-dse-minimal.ldif \ @@ -270,24 +233,7 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \ ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif ldap/ldif/template-org.ldif \ ldap/ldif/template-orgunit.ldif ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \ ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif \ - ldap/admin/src/scripts/bak2db ldap/admin/src/scripts/db2bak ldap/admin/src/scripts/upgradedb \ - ldap/admin/src/scripts/db2index ldap/admin/src/scripts/db2ldif \ - ldap/admin/src/scripts/dn2rdn ldap/admin/src/scripts/ldif2db \ - ldap/admin/src/scripts/ldif2ldap ldap/admin/src/scripts/monitor \ - ldap/admin/src/scripts/restoreconfig ldap/admin/src/scripts/saveconfig \ - ldap/admin/src/scripts/suffix2instance \ - ldap/admin/src/scripts/upgradednformat ldap/admin/src/scripts/vlvindex \ - ldap/admin/src/scripts/bak2db.pl ldap/admin/src/scripts/db2bak.pl \ - ldap/admin/src/scripts/db2index.pl ldap/admin/src/scripts/db2ldif.pl \ - ldap/admin/src/scripts/fixup-linkedattrs.pl ldap/admin/src/scripts/fixup-memberof.pl \ - ldap/admin/src/scripts/cleanallruv.pl ldap/admin/src/scripts/ldif2db.pl \ - ldap/admin/src/scripts/ns-accountstatus.pl ldap/admin/src/scripts/ns-activate.pl \ - ldap/admin/src/scripts/ns-inactivate.pl ldap/admin/src/scripts/ns-newpwpolicy.pl \ - ldap/admin/src/scripts/schema-reload.pl ldap/admin/src/scripts/syntax-validate.pl \ - ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \ - ldap/admin/src/scripts/ds_selinux_port_query ldap/admin/src/scripts/ds_selinux_enabled \ - ldap/admin/src/scripts/dbverify ldap/admin/src/scripts/readnsstate \ - doxyfile.stamp ldap/admin/src/scripts/dbmon.sh \ + doxyfile.stamp \ $(NULL) if RUST_ENABLE @@ -303,7 +249,7 @@ if RUST_ENABLE endif dberrstrs.h: Makefile - perl $(srcdir)/ldap/servers/slapd/mkDBErrStrs.pl -i @db_incdir@ -o . + $(srcdir)/ldap/servers/slapd/mkDBErrStrs.py -i @db_incdir@ -o . #------------------------ @@ -352,14 +298,6 @@ sbin_PROGRAMS = ns-slapd ldap-agent bin_PROGRAMS = dbscan \ ldclt \ pwdhash -if ENABLE_LEGACY -bin_PROGRAMS += \ - infadd \ - ldif \ - migratecred \ - mmldif \ - rsearch -endif # ---------------------------------------------------------------------------------------- # This odd looking definition is to keep the libraries in ORDER that they are needed. rsds @@ -578,12 +516,6 @@ dist_noinst_HEADERS = \ ldap/servers/slapd/tools/ldclt/remote.h \ ldap/servers/slapd/tools/ldclt/scalab01.h \ ldap/servers/slapd/tools/ldclt/utils.h \ - ldap/servers/slapd/tools/rsearch/addthread.h \ - ldap/servers/slapd/tools/rsearch/infadd.h \ - ldap/servers/slapd/tools/rsearch/nametable.h \ - ldap/servers/slapd/tools/rsearch/rsearch.h \ - ldap/servers/slapd/tools/rsearch/sdattable.h \ - ldap/servers/slapd/tools/rsearch/searchthread.h \ ldap/servers/snmp/ldap-agent.h \ ldap/systools/pio.h \ lib/base/lexer_pvt.h \ @@ -638,11 +570,8 @@ dist_noinst_DATA = \ $(srcdir)/buildnum.py \ $(srcdir)/ldap/admin/src/*.in \ $(srcdir)/ldap/admin/src/scripts/*.in \ - $(srcdir)/ldap/admin/src/scripts/*.ldif \ $(srcdir)/ldap/admin/src/scripts/*.py \ - $(srcdir)/ldap/admin/src/scripts/*.sh \ $(srcdir)/ldap/admin/src/scripts/ds-replcheck \ - $(srcdir)/ldap/admin/src/scripts/migrate-ds.res \ $(srcdir)/ldap/ldif/*.in \ $(srcdir)/ldap/ldif/*.ldif \ $(srcdir)/ldap/schema/*.ldif \ @@ -666,10 +595,7 @@ dist_noinst_DATA = \ if ENABLE_PERL dist_noinst_DATA += \ $(srcdir)/ldap/admin/src/*.pl \ - $(srcdir)/ldap/admin/src/scripts/*.pl \ - $(srcdir)/ldap/admin/src/scripts/*.pm \ - $(srcdir)/ldap/servers/slapd/mkDBErrStrs.pl \ - $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen* + $(srcdir)/ldap/servers/slapd/mkDBErrStrs.py endif #------------------------ @@ -688,8 +614,7 @@ endif # with the default schema e.g. there is # considerable overlap of 60changelog.ldif and 01common.ldif # and 60inetmail.ldif and 50ns-mail.ldif among others -sampledata_DATA = ldap/admin/src/scripts/DSSharedLib \ - $(srcdir)/ldap/ldif/Ace.ldif \ +sampledata_DATA = $(srcdir)/ldap/ldif/Ace.ldif \ $(srcdir)/ldap/ldif/European.ldif \ $(srcdir)/ldap/ldif/Eurosuffix.ldif \ $(srcdir)/ldap/ldif/Example.ldif \ @@ -710,9 +635,6 @@ sampledata_DATA = ldap/admin/src/scripts/DSSharedLib \ ldap/ldif/template-orgunit.ldif \ ldap/ldif/template-baseacis.ldif \ ldap/ldif/template-sasl.ldif \ - $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-FamilyNames \ - $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-GivenNames \ - $(srcdir)/ldap/servers/slapd/tools/rsearch/scripts/dbgen-OrgUnits \ $(srcdir)/ldap/schema/10rfc2307compat.ldif \ $(srcdir)/ldap/schema/10rfc2307bis.ldif \ $(srcdir)/ldap/schema/60changelog.ldif \ @@ -790,61 +712,8 @@ install-data-hook: endif sbin_SCRIPTS = -if ENABLE_PERL -sbin_SCRIPTS += ldap/admin/src/scripts/setup-ds.pl \ - ldap/admin/src/scripts/migrate-ds.pl \ - ldap/admin/src/scripts/remove-ds.pl \ - ldap/admin/src/scripts/bak2db.pl \ - ldap/admin/src/scripts/db2bak.pl \ - ldap/admin/src/scripts/db2index.pl \ - ldap/admin/src/scripts/db2ldif.pl \ - ldap/admin/src/scripts/fixup-linkedattrs.pl \ - ldap/admin/src/scripts/fixup-memberof.pl \ - ldap/admin/src/scripts/cleanallruv.pl \ - ldap/admin/src/scripts/ldif2db.pl \ - ldap/admin/src/scripts/ns-accountstatus.pl \ - ldap/admin/src/scripts/ns-activate.pl \ - ldap/admin/src/scripts/ns-inactivate.pl \ - ldap/admin/src/scripts/ns-newpwpolicy.pl \ - ldap/admin/src/scripts/schema-reload.pl \ - ldap/admin/src/scripts/syntax-validate.pl \ - ldap/admin/src/scripts/usn-tombstone-cleanup.pl \ - ldap/admin/src/scripts/verify-db.pl -endif -if ENABLE_LEGACY -sbin_SCRIPTS += \ - ldap/admin/src/scripts/start-dirsrv \ - ldap/admin/src/scripts/stop-dirsrv \ - ldap/admin/src/scripts/restart-dirsrv \ - ldap/admin/src/scripts/status-dirsrv \ - ldap/admin/src/scripts/bak2db \ - ldap/admin/src/scripts/db2bak \ - ldap/admin/src/scripts/db2index \ - ldap/admin/src/scripts/db2ldif \ - ldap/admin/src/scripts/dn2rdn \ - ldap/admin/src/scripts/ldif2db \ - ldap/admin/src/scripts/ldif2ldap \ - ldap/admin/src/scripts/monitor \ - ldap/admin/src/scripts/restoreconfig \ - ldap/admin/src/scripts/saveconfig \ - ldap/admin/src/scripts/suffix2instance \ - ldap/admin/src/scripts/upgradednformat \ - ldap/admin/src/scripts/vlvindex \ - ldap/admin/src/scripts/dbverify \ - ldap/admin/src/scripts/upgradedb \ - ldap/admin/src/scripts/dbmon.sh -endif - -bin_SCRIPTS = \ - ldap/admin/src/scripts/readnsstate -if ENABLE_PERL -bin_SCRIPTS += ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \ - wrappers/cl-dump \ - ldap/admin/src/scripts/cl-dump.pl \ - wrappers/repl-monitor \ - ldap/admin/src/scripts/repl-monitor.pl -endif +bin_SCRIPTS = # For scripts that are "as is". dist_bin_SCRIPTS = ldap/admin/src/scripts/ds-replcheck \ @@ -852,26 +721,6 @@ dist_bin_SCRIPTS = ldap/admin/src/scripts/ds-replcheck \ dist_bin_SCRIPTS += ldap/admin/src/logconv.pl -# SCRIPTS makes them executables - these are perl modules -# and should not be marked as executable - so use DATA -if ENABLE_PERL -perl_DATA = ldap/admin/src/scripts/SetupLog.pm \ - ldap/admin/src/scripts/Resource.pm \ - ldap/admin/src/scripts/DSUtil.pm \ - ldap/admin/src/scripts/Setup.pm \ - ldap/admin/src/scripts/SetupDialogs.pm \ - ldap/admin/src/scripts/Inf.pm \ - ldap/admin/src/scripts/DialogManager.pm \ - ldap/admin/src/scripts/Dialog.pm \ - ldap/admin/src/scripts/DSDialogs.pm \ - ldap/admin/src/scripts/Migration.pm \ - ldap/admin/src/scripts/DSMigration.pm \ - ldap/admin/src/scripts/FileConn.pm \ - ldap/admin/src/scripts/DSCreate.pm \ - ldap/admin/src/scripts/DSUpdate.pm \ - ldap/admin/src/scripts/DSUpdateDialogs.pm -endif - python_DATA = ldap/admin/src/scripts/failedbinds.py \ ldap/admin/src/scripts/logregex.py @@ -879,46 +728,6 @@ gdbautoload_DATA = ldap/admin/src/scripts/ns-slapd-gdb.py dist_sysctl_DATA = ldap/admin/src/70-dirsrv.conf -if ENABLE_PERL -property_DATA = ldap/admin/src/scripts/setup-ds.res \ - ldap/admin/src/scripts/migrate-ds.res - -task_SCRIPTS = ldap/admin/src/scripts/template-bak2db \ - ldap/admin/src/scripts/template-db2bak \ - ldap/admin/src/scripts/template-db2index \ - ldap/admin/src/scripts/template-db2ldif \ - ldap/admin/src/scripts/template-dn2rdn \ - ldap/admin/src/scripts/template-ldif2db \ - ldap/admin/src/scripts/template-ldif2ldap \ - ldap/admin/src/scripts/template-monitor \ - ldap/admin/src/scripts/template-restart-slapd \ - ldap/admin/src/scripts/template-restoreconfig \ - ldap/admin/src/scripts/template-saveconfig \ - ldap/admin/src/scripts/template-start-slapd \ - ldap/admin/src/scripts/template-stop-slapd \ - ldap/admin/src/scripts/template-suffix2instance \ - ldap/admin/src/scripts/template-upgradednformat \ - ldap/admin/src/scripts/template-vlvindex \ - ldap/admin/src/scripts/template-bak2db.pl \ - ldap/admin/src/scripts/template-db2bak.pl \ - ldap/admin/src/scripts/template-db2index.pl \ - ldap/admin/src/scripts/template-db2ldif.pl \ - ldap/admin/src/scripts/template-fixup-linkedattrs.pl \ - ldap/admin/src/scripts/template-fixup-memberof.pl \ - ldap/admin/src/scripts/template-fixup-memberuid.pl \ - ldap/admin/src/scripts/template-cleanallruv.pl \ - ldap/admin/src/scripts/template-ldif2db.pl \ - ldap/admin/src/scripts/template-ns-accountstatus.pl \ - ldap/admin/src/scripts/template-ns-activate.pl \ - ldap/admin/src/scripts/template-ns-inactivate.pl \ - ldap/admin/src/scripts/template-ns-newpwpolicy.pl \ - ldap/admin/src/scripts/template-schema-reload.pl \ - ldap/admin/src/scripts/template-syntax-validate.pl \ - ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl \ - ldap/admin/src/scripts/template-verify-db.pl \ - ldap/admin/src/scripts/template-dbverify -endif - if SYSTEMD # yes, that is an @ in the filename . . . systemdsystemunit_DATA = wrappers/$(PACKAGE_NAME)@.service \ @@ -943,9 +752,6 @@ initconfig_DATA = ldap/admin/src/$(PACKAGE_NAME) endif inf_DATA = ldap/admin/src/slapd.inf \ - ldap/admin/src/scripts/dscreate.map \ - ldap/admin/src/scripts/dsupdate.map \ - ldap/admin/src/scripts/dsorgentries.map \ ldap/admin/src/defaults.inf mib_DATA = ldap/servers/snmp/redhat-directory.mib @@ -975,135 +781,12 @@ dist_man_MANS = man/man1/dbscan.1 \ man/man1/ldclt.1 \ man/man1/logconv.pl.1 \ man/man1/pwdhash.1 \ - man/man1/readnsstate.1 \ man/man5/99user.ldif.5 \ man/man8/ns-slapd.8 \ man/man5/certmap.conf.5 \ man/man5/dirsrv.5 \ man/man5/dirsrv.systemd.5 \ man/man5/slapd-collations.conf.5 -if ENABLE_LEGACY -dist_man_MANS += \ - man/man1/infadd.1 \ - man/man1/ldif.1 \ - man/man1/migratecred.1 \ - man/man1/mmldif.1 \ - man/man1/rsearch.1 -endif -if ENABLE_PERL -dist_man_MANS += man/man1/cl-dump.1 \ - man/man1/cl-dump.pl.1 \ - man/man1/dbgen.pl.1 \ - man/man1/repl-monitor.1 \ - man/man1/repl-monitor.pl.1 \ - man/man8/migrate-ds.pl.8 \ - man/man8/restart-dirsrv.8 \ - man/man8/setup-ds.pl.8 \ - man/man8/start-dirsrv.8 \ - man/man8/stop-dirsrv.8 \ - man/man8/status-dirsrv.8 \ - man/man8/bak2db.8 \ - man/man8/bak2db.pl.8 \ - man/man8/cleanallruv.pl.8 \ - man/man8/dbverify.8 \ - man/man8/db2bak.8 \ - man/man8/db2bak.pl.8 \ - man/man8/db2ldif.8 \ - man/man8/db2ldif.pl.8 \ - man/man8/db2index.8 \ - man/man8/db2index.pl.8 \ - man/man8/fixup-linkedattrs.pl.8 \ - man/man8/fixup-memberof.pl.8 \ - man/man8/ldif2db.8 \ - man/man8/ldif2db.pl.8 \ - man/man8/dbmon.sh.8 \ - man/man8/dn2rdn.8 \ - man/man8/ldif2ldap.8 \ - man/man8/monitor.8 \ - man/man8/ns-accountstatus.pl.8 \ - man/man8/ns-newpwpolicy.pl.8 \ - man/man8/ns-activate.pl.8 \ - man/man8/ns-inactivate.pl.8 \ - man/man8/remove-ds.pl.8 \ - man/man8/restoreconfig.8 \ - man/man8/saveconfig.8 \ - man/man8/schema-reload.pl.8 \ - man/man8/suffix2instance.8 \ - man/man8/syntax-validate.pl.8 \ - man/man8/upgradednformat.8 \ - man/man8/upgradedb.8 \ - man/man8/usn-tombstone-cleanup.pl.8 \ - man/man8/vlvindex.8 \ - man/man8/verify-db.pl.8 \ - man/man5/template-initconfig.5 -endif - -#------------------------ -# updates -# the first 3 are just the examples provided - since they -# do not begin with two digits, they will be ignored -# the remaining items should begin with two digits that -# correspond to the order in which they should be applied -# perl files and LDIF files are DATA - not executable -# processed by the update script -# shell scripts and other files are SCRIPTS - executable -#------------------------ -if ENABLE_PERL -update_DATA = ldap/admin/src/scripts/exampleupdate.pl \ - ldap/admin/src/scripts/exampleupdate.ldif \ - ldap/admin/src/scripts/10cleanupldapi.pl \ - ldap/admin/src/scripts/10delautodnsuffix.pl \ - ldap/admin/src/scripts/10fixrundir.pl \ - ldap/admin/src/scripts/20betxn.pl \ - ldap/admin/src/scripts/50addchainingsaslpwroles.ldif \ - ldap/admin/src/scripts/50acctusabilityplugin.ldif \ - ldap/admin/src/scripts/50automemberplugin.ldif \ - ldap/admin/src/scripts/50memberofindex.ldif \ - ldap/admin/src/scripts/50nstombstonecsn.ldif \ - ldap/admin/src/scripts/50bitstringsyntaxplugin.ldif \ - ldap/admin/src/scripts/50managedentriesplugin.ldif \ - ldap/admin/src/scripts/50memberofplugin.ldif \ - ldap/admin/src/scripts/50deliverymethodsyntaxplugin.ldif \ - ldap/admin/src/scripts/50nameuidsyntaxplugin.ldif \ - ldap/admin/src/scripts/50derefplugin.ldif \ - ldap/admin/src/scripts/50numericstringsyntaxplugin.ldif \ - ldap/admin/src/scripts/50disableurisyntaxplugin.ldif \ - ldap/admin/src/scripts/50printablestringsyntaxplugin.ldif \ - ldap/admin/src/scripts/50enhancedguidesyntaxplugin.ldif \ - ldap/admin/src/scripts/50schemareloadplugin.ldif \ - ldap/admin/src/scripts/50entryusnindex.ldif \ - ldap/admin/src/scripts/50syntaxvalidplugin.ldif \ - ldap/admin/src/scripts/50faxnumbersyntaxplugin.ldif \ - ldap/admin/src/scripts/50teletexterminalidsyntaxplugin.ldif \ - ldap/admin/src/scripts/50faxsyntaxplugin.ldif \ - ldap/admin/src/scripts/50fixNsState.pl \ - ldap/admin/src/scripts/50telexnumbersyntaxplugin.ldif \ - ldap/admin/src/scripts/50guidesyntaxplugin.ldif \ - ldap/admin/src/scripts/50targetuniqueid.ldif \ - ldap/admin/src/scripts/60removeLegacyReplication.ldif \ - ldap/admin/src/scripts/50linkedattrsplugin.ldif \ - ldap/admin/src/scripts/50usnplugin.ldif \ - ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif \ - ldap/admin/src/scripts/50refintprecedence.ldif \ - ldap/admin/src/scripts/50retroclprecedence.ldif \ - ldap/admin/src/scripts/50rootdnaccesscontrolplugin.ldif \ - ldap/admin/src/scripts/50contentsync.ldif \ - ldap/admin/src/scripts/60upgradeschemafiles.pl \ - ldap/admin/src/scripts/60upgradeconfigfiles.pl \ - ldap/admin/src/scripts/70upgradefromldif.pl \ - ldap/admin/src/scripts/80upgradednformat.pl \ - ldap/admin/src/scripts/81changelog.pl \ - ldap/admin/src/scripts/82targetuniqueidindex.pl \ - ldap/admin/src/scripts/90subtreerename.pl \ - ldap/admin/src/scripts/91subtreereindex.pl \ - ldap/admin/src/scripts/50AES-pbe-plugin.ldif\ - ldap/admin/src/scripts/50updateconfig.ldif \ - ldap/admin/src/scripts/52updateAESplugin.pl \ - ldap/admin/src/scripts/dnaplugindepends.ldif \ - ldap/admin/src/scripts/91reindex.pl - -update_SCRIPTS = ldap/admin/src/scripts/exampleupdate.sh -endif #//////////////////////////////////////////////////////////////// # @@ -2173,16 +1856,6 @@ dbscan_CPPFLAGS = @db_inc@ $(NSPR_INCLUDES) $(AM_CPPFLAGS) dbscan_LDADD = $(NSPR_LINK) $(DB_LINK) #------------------------ -# infadd -#------------------------ -infadd_SOURCES = ldap/servers/slapd/tools/rsearch/addthread.c \ - ldap/servers/slapd/tools/rsearch/infadd.c \ - ldap/servers/slapd/tools/rsearch/nametable.c - -infadd_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) -infadd_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBSOCKET) - -#------------------------ # ldap-agent #------------------------ ldap_agent_SOURCES = ldap/servers/snmp/main.c \ @@ -2213,32 +1886,6 @@ ldclt_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/ldap/servers/slapd/tools $(DSPLUGIN_ ldclt_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) $(THREADLIB) #------------------------ -# ldif -#------------------------ -ldif_SOURCES = ldap/servers/slapd/tools/ldif.c - -ldif_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) -ldif_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) - -#------------------------ -# migratecred -#------------------------ -migratecred_SOURCES = ldap/servers/slapd/tools/migratecred.c - -migratecred_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) -migratecred_LDADD = libslapd.la libsvrcore.la $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) -migratecred_DEPENDENCIES = libslapd.la - -#------------------------ -# mmldif -#------------------------ -mmldif_SOURCES = ldap/servers/slapd/tools/mmldif.c - -mmldif_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) -mmldif_LDADD = libslapd.la libsvrcore.la $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK_NOTHR) $(SASL_LINK) -mmldif_DEPENDENCIES = libslapd.la - -#------------------------ # ns-slapd #------------------------ if enable_ldapi @@ -2311,17 +1958,6 @@ pwdhash_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) pwdhash_LDADD = libslapd.la libsvrcore.la $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) pwdhash_DEPENDENCIES = libslapd.la -#------------------------ -# rsearch -#------------------------ -rsearch_SOURCES = ldap/servers/slapd/tools/rsearch/nametable.c \ - ldap/servers/slapd/tools/rsearch/rsearch.c \ - ldap/servers/slapd/tools/rsearch/sdattable.c \ - ldap/servers/slapd/tools/rsearch/searchthread.c - -rsearch_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) -rsearch_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBSOCKET) - #------------------------- # CMOCKA TEST PROGRAMS #------------------------- diff --git a/docs/CREDITS.artwork b/docs/CREDITS.artwork deleted file mode 100644 index e9c2b26..0000000 --- a/docs/CREDITS.artwork +++ /dev/null @@ -1 +0,0 @@ -Tops artwork by Logan Megginson diff --git a/docs/intro.md b/docs/intro.md deleted file mode 100644 index c21df21..0000000 --- a/docs/intro.md +++ /dev/null @@ -1,143 +0,0 @@ -Nunc Stans -========== -Nunc Stans is an event framework wrapper that provides a thread pool for event -callback execution. It provides thread safety to event frameworks by isolating -and protecting the thread safe parts from the non-thread safe parts, and allows -multi-threaded applications to use event frameworks that are not thread safe. -It has been primarily developed using [libevent](http://libevent.org "libevent -home page") , but has also been tested with [tevent](https://tevent.samba.org -"tevent home page"). Nunc Stans uses lock free data structures where possible, -to avoid mutex contention. The ​[liblfds](http://liblfds.org "Lock Free Data Structure") -library is used. - -There are two main components: the *event loop thread and queue*, and the -*worker threads and queues*. The basic concept is the -[Thread Pool Pattern](https://en.wikipedia.org/wiki/Thread_pool_pattern "Thread -Pool Pattern description"), where the primary source of tasks (*job* in nunc -stans) for the task queue (the *work queue* in nunc stans) is provided by the -event framework for I/O, timer, and signal events. - -License -------- -Nunc Stans is licensed under the GNU General Public License version 3 or later. -Nunc Stans also provides an exception for the use of OpenSSL. See the files -'COPYING', 'COPYING.openssl', and 'COPYING.liblfds' for more information. - -Event Loop Thread And Queue ---------------------------- - -The event queue is essentially the "main loop" of the application. It runs in -its own thread. The event queue thread is the only thread that interfaces with -the event framework - adding events, removing events, and -issuing the callbacks when the event is triggered. This guarantees that all -interactions with the event framework are performed in a thread safe manner. -When a threaded application wants to be called back because of some event (I/O, -timer, signal), it posts the event and callback data to the event queue. All -interaction with the event queue is thread safe - multiple threads can post -requests to the event queue at the same time. The event loop thread dequeues -all of the event requests from the event queue, creates/removes -events, then calls the event waiting function of the event framework. This -assumes the underlying event framework has a function that allows waiting for a -single event - something like `event_base_loop()` in libevent, or -`tevent_loop_wait()` in tevent. - -When the application wants events to be triggered as soon as possible, but the -event framework is waiting for very long lived events, the event queue has a -persistent I/O listener called the *event_q_wakeup_pipe*. When the application -adds an event, nunc-stans will write to the pipe, which will cause the event -framework to immediately wake up and add the pending events, then do a thread -yield to allow the event framework thread to execute. - -When an event is triggered by I/O, timer, or signal, the event callback is -called. The callback can either be run in the event loop thread, or can be -handed off to the *work queue* for execution in a *worker thread*. The -application uses the flag *NS_JOB_THREAD* to specify that a job will be -executed in a worker thread. - -**NOTE:** Jobs executed in the event loop thread don't need locking if they -don't use resources shared with other threads. This corresponds to a single -threaded app where all jobs are run inside the main loop and no locking is -required. However, just as in that case, jobs run in the event loop thread -must be very careful to execute very quickly and not block on I/O or other -resources. This can lead to event starvation. - -Worker Threads and Queues -------------------------- - -When a job is placed on the *work queue*, it will be executed in a *worker -thread*. The number of worker threads is specified when nunc stans is -initialized. Each worker thread sleeps on a condition variable -(e.g. `pthread_cond_wait()`). When a job is placed on the work queue, nunc -stans will notify the condition variable, waking up one of the worker threads. -This worker thread will dequeue the job from the work queue and execute it. -The work queue is thread safe - the event loop thread can enqueue jobs at the -same time as the worker threads dequeue jobs. Note that the worker threads -only execute jobs which have the *NS_JOB_THREAD* flag. Jobs without this flag -will be executed in the event loop thread. - -Diagram -------- -![Nunc Stans Diagram](nunc-stans-intro.png "Nunc Stans Diagram") - -Diagram Explanation -------------------- - -The solid thick lines represent the flow of data, typically an `ns_job_t` -object. The small dotted lines represent the flow of the program, or the flow -of control. In the case of the signal and notification events, these represent -the program sending a signal or notification, but not yielding control. The -thick dashed lines represent the flow of data and program i.e. a function that -takes an `ns_job_t` object and is the primary program path. The *event queue* -and the *work queue* are thread safe FIFO/queue objects. The bottom of the -stack of ellipses is the tail and the top is the head, labeled "head". The -shaded box labeled "event framework" is the event framework (e.g. libevent). -The boxes that are partially in and partially outside of the event framework -are functions that take nunc stans objects and convert them into the format -used by the event framework. Note that the "add/remove event in -framework" function will pass ownership of the job into the event framework, so -that the event framework will opaquely own that data in the case of add events. -The shaded box labeled "event loop callback" is called by the -event framework for each triggered event. The event loop callback will either -execute the job immediately (for non-threaded jobs) or queue the job on the -work queue for execution by a worker thread (for threaded jobs - the -`NS_JOB_THREADED` job flag). - -The event loop thread and the worker threads are represented by large boxes. -Everything in the box happens inside that thread. The boxes that are partly -inside and partly outside represent functions (e.g. the functions to -add/delete an event job) and data structures (the event queue, the -wakeup fd) that are thread safe or are otherwise protected and can be accessed -both from within and outside of the thread. Although the diagram shows only 1 -worker thread, there will usually be more than one, and they all share the same -work queue, which is thread safe. - -The usual starting point is the application represented by the **APP** icon on -the left side. The application will typically create a new event job (e.g. a -network socket listener). The job will be handed off to the event queue for -processing by the event loop thread. If this is not happening inside the event -loop thread, the event framework will be notified. This is necessary because -the event framework could be waiting for a very long time if there are no I/O -or signals happening, or if the timer jobs are very long lived. This will -wakeup the event framework immediately so that it will loop back around to -process the events in the event queue. The event loop will dequeue all of the -jobs from the event queue and perform the appropriate add/remove job in -the event framework. This ensures that only the single event loop thread, not -multiple threads, will interact with the event framework. Then the event -framework will wait for events. Once an event is triggered, the event -framework will iterate through all of the triggered events and call the event -loop callback for each one. This callback will either execute the job -immediately or add the job to the work queue for a worker thread. This will -also signal the worker threads (e.g. something like `pthread_cond_wait`) to -notify them that there is a new job for processing. Once all of the events are -processed, the event loop goes back to the top to see if there are more events -to process. The worker thread signal will typically wake up 1 of the worker -threads, which will dequeue the job and execute it. - -Note that the job callback is called both with the data (the `ns_job_t` object) -and the program flow. This callback is entry point into the application. It -is the responsibility of the callback to manage the `ns_job_t` object, either -by calling `ns_job_done` to dispose of it safely, or by calling `ns_job_rearm` to -"re-arm" the event. If the -job is not a threaded job, it is executed in the event loop thread, and can -block all other events from being processed, so great care must be taken not to -perform any long running task or otherwise block the thread. diff --git a/docs/job-safety.md b/docs/job-safety.md deleted file mode 100644 index b122afa..0000000 --- a/docs/job-safety.md +++ /dev/null @@ -1,90 +0,0 @@ -Nunc Stans Job Safety -===================== - -Nunc Stans 0.2.0 comes with many improvements for job safety. Most consumers of -this framework will not notice the difference if they are using it "correctly", -but in other cases, you may find you have error conditions. - -Jobs now flow through a set of states in their lifetime. - -States ------- - -* WAITING: This represents a job that is idle, and not owned by a worker or event thread. Any thread can alter this job. -* NEEDS_DELETE: This represents a job that is marked for deletion. It cannot be accessed again! -* DELETED: This represents a job that is deleted. In theory, you can never access a job in this state. -* NEEDS_ARM: This is a job that is about to be placed into the event or work queue for arming, but has not yet been queued. -* ARMED: This is a job that is currently in the event queue or work queue waiting to be executed. -* RUNNING: This is a job that is in the process of executing it's callback right now. - -Diagram -------- - -![Nunc Stans Job States](nunc-stans-job-states.png "Nunc Stans Job States") - -WAITING -------- - -All jobs start in the WAITING state. At this point, the job can have two transitions. It is sent to ns_job_done, and marked as NEEDS_DELETE, or it can be sent to ns_job_rearm, and marked as NEEDS_ARM. A job that is WAITING can be safely modify with ns_job_set_* and accessed with ns_job_get_* from any thread. - -NEEDS_ARM ---------- - -Once a job is in the NEEDS_ARM state, it can not be altered by ns_job_set_*. It can be read from with ns_job_get_*. It can be sent to ns_job_done (which moves to NEEDS_DELETE), but generally this is only from within the job callback, with code like the following. - - callback(ns_job_t *job) { - ns_job_rearm(job); - ns_job_done(job); - } - - -NEEDS_ARM in most cases will quickly move to the next state, ARMED - -ARMED ------ - -In the ARMED state, this means that the job has been sucessfully queued into the event *or* work queue. In the ARMED state, the job can be read from with ns_job_get_*, but it cannot be altered with ns_job_set_*. If a job could be altered while queued, this could cause issues with the intent of what the job should do (set_data, set_cb, set_done_cb) etc. - -A job that is ARMED and queued can NOT be removed from the queue, or stopped from running. This is a point of no return! - -RUNNING -------- - -In the RUNNING state, the job is in the process of executing the callback that the job contains. While RUNNING, the thread that is executing the callback may call ns_job_done, ns_job_rearm, ns_job_get_* and ns_job_set_* upon the job. Note, that calling both ns_job_done and ns_job_rearm from the callback, as the 'done' is a 'stronger' action we will delete the job even though rearm was also called. - -While RUNNING other threads (ie, not the worker thread executing the callback) may only call ns_job_get_* upon the job. Due to the design of the synchronisation underneath, this will block until the execution of the callback, so for all intents and purposes by the time the external thread is able to call ns_job_get_*, the job will have moved to NEEDS_DELETE, NEEDS_ARM or WAITING. - -NEEDS_DELETE ------------- - -When you call ns_job_done, this marks the job as NEEDS_DELETE. The deletion actually occurs at "some later point". When a job is set to NEEDS_DELETE, you may *not* call any of the ns_job_get_* and ns_job_set_* functions on the job. - -DELETED -------- - -This state only exists on the job briefly. This means we are in the process of deleting the job internally. We execute the ns_job_done_cb at this point, so that the user may clean up and free any data as required. Only the ns_job_done_cb thread may access the job at this point. - - -Putting it all together ------------------------ - -This state machine encourages certain types of work flows with jobs. This is because the current states are opaque to the caller, and are enforced inside of nunc-stans. The most obviously side effect of a state machine violation is a ASSERT failure with -DDEBUG, or PR_FAILURE from get()/set(). This encourages certain practices: - -* Only single threads should be accessing jobs. This prevents races and sync issues. -* Data and variables should exist in a single job. Avoid shared (heap) memory locations! -* Changing jobs should only happen from within the callback, as you can guarantee a consistent state without needing to spin/block on ns_job_set_*. -* You may not need mutexes on your data or thread locals, as the job provides the correct cpu synchronisation guarantees. Consider that each job takes a "root" data node, then all other allocated variables are referenced there only by the single thread. You can now dispose of mutexes, as the job will guarantee the synchronisation of this data. -* Jobs work well if stack variables are used inside the callback functions, rather than heap. - -Some work flows that don't work well here: - -* Having threads alter in-flight jobs. This causes race conditions and inconsistencies. -* Sharing heap data via pointers in jobs. This means you need a mutex on the data, which causes a serialisation point: Why bother with thread pools if you are just going to serialise on some data points anyway! -* Modifying jobs and what they handle. Don't do it! Just ns_job_done on the job, and create a new one that matches what you want to do. -* Map reduce: Nunc-Stans doesn't provide a good way to aggregate data on the return, IE reduce. You may need to provide a queue or some other method to reduce if you were interested in this. - -Examples --------- - -Inside of the nunc-stans project, the tests/cmocka/stress_test.c code is a good example of a socket server and socket client using nunc-stans that adheres to these principles. - diff --git a/docs/logo-banner.png b/docs/logo-banner.png deleted file mode 100644 index 96ea176..0000000 Binary files a/docs/logo-banner.png and /dev/null differ diff --git a/docs/logo-banner.xcf b/docs/logo-banner.xcf deleted file mode 100644 index 9ae3b6f..0000000 Binary files a/docs/logo-banner.xcf and /dev/null differ diff --git a/docs/logo-square.xcf b/docs/logo-square.xcf deleted file mode 100644 index ee08202..0000000 Binary files a/docs/logo-square.xcf and /dev/null differ diff --git a/docs/nunc-stans-intro.dia b/docs/nunc-stans-intro.dia deleted file mode 100644 index 2cd0899..0000000 Binary files a/docs/nunc-stans-intro.dia and /dev/null differ diff --git a/docs/nunc-stans-intro.png b/docs/nunc-stans-intro.png deleted file mode 100644 index c541dfa..0000000 Binary files a/docs/nunc-stans-intro.png and /dev/null differ diff --git a/docs/nunc-stans-job-states.dia b/docs/nunc-stans-job-states.dia deleted file mode 100644 index 248d9a7..0000000 Binary files a/docs/nunc-stans-job-states.dia and /dev/null differ diff --git a/docs/nunc-stans-job-states.png b/docs/nunc-stans-job-states.png deleted file mode 100644 index d91fe32..0000000 Binary files a/docs/nunc-stans-job-states.png and /dev/null differ diff --git a/docs/tops_tops.xcf b/docs/tops_tops.xcf deleted file mode 100644 index f698874..0000000 Binary files a/docs/tops_tops.xcf and /dev/null differ diff --git a/ldap/admin/src/makemccvlvindexes b/ldap/admin/src/makemccvlvindexes deleted file mode 100644 index 00ebcf3..0000000 --- a/ldap/admin/src/makemccvlvindexes +++ /dev/null @@ -1,214 +0,0 @@ -#!/usr/bin/env perl -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -# makemccvlvindexes - -sub usage_and_exit -{ - print "makemccvlvindexes usage\n"; - print "\n"; - print "This script analyses an LDAP directory in order to create VLV indices which\n"; - print "could be configured to improve the performance of one-level searches.\n"; - print "This is principally to be used to tune the directory browsing feature\n"; - print "of the Mission Control Console.\n"; - print "\n"; - print "An LDAP client can only take advantage of these indices if it is itself\n"; - print "VLV enabled. See the following specification for full details.\n"; - print "\n"; - print "ftp://ftp.ietf.org/internet-drafts/draft-ietf-ldapext-ldapv3-vlv-00.txt\n"; - print "\n"; - print "Command Line Arguments\n"; - print "-? - help\n"; - print "-D rootdn - Provide a root DN. Default= '$rootdn'\n"; - print "-w password - Provide a password for the root DN.\n"; - print "-h host - Provide a host name. Default= '$host'\n"; - print "-p port - Provide a port. Default= '$port'\n"; - print "-t threshold - Provide a container subordinate threshold. Default= $threshold\n"; - print "-f filter - Provide a search filter. Default= '$vlvfilter'\n"; - print "-s sort - Provide a sort specification. Default='$vlvsort'\n"; - print "-n - Do the work, but don't create the indices\n"; - exit; -} - -# Initialise some things -$vlvfilter= "(objectclass=*)"; -$vlvsort= "sn givenname cn ou o"; -$rootdn= "cn= Directory Manager"; -$host= "localhost"; -$port= "389"; -$threshold= 1000; -$really_do_it= "1"; - -# Process the command line arguments -while( $arg = shift) -{ - if($arg eq "-?") - { - usage_and_exit(); - } - elsif($arg eq "-D") - { - $rootdn= shift @ARGV; - } - elsif($arg eq "-w") - { - $rootpw= shift @ARGV; - } - elsif($arg eq "-h") - { - $host= shift @ARGV; - } - elsif($arg eq "-p") - { - $port= shift @ARGV; - } - elsif($arg eq "-t") - { - $threshold= shift @ARGV; - } - elsif($arg eq "-f") - { - $vlvfilter= shift @ARGV; - } - elsif($arg eq "-s") - { - $vlvsort= shift @ARGV; - } - elsif($arg eq "-n") - { - $really_do_it= "0"; - } - else - { - print "$arg: Unknown command line argument.\n"; - } -} - -$ldapsearch= "ldapsearch -h $host -p $port"; -$ldapmodify= "ldapmodify -h $host -p $port -D \"$rootdn\" -w $rootpw"; - -if( $vlvfilter eq "" || - $vlvsort eq "" || - $rootdn eq "" || - $host eq "" || - $port eq "" || - $threshold eq "") -{ - print "Error: Need command line information..\n"; - usage_and_exit(); -} - -if( $rootpw eq "" ) -{ - print "Warning: No root DN password provided. Won't be able to add VLV Search and Index entries.\n"; -} - -# Tell the user what we're up to. -print "Searching all naming contexts on '$host:$port' for containers with more than $threshold subordinate entries\n"; - -# Read the naming contexts from the root dse -@namingcontexts= `$ldapsearch -s base -b \"\" \"objectclass=*\" namingcontexts`; - -# Get rid of the first line 'dn:' -shift @namingcontexts; - -# Foreach naming context... -foreach $nc (@namingcontexts) -{ - # Extract the base from the naming context - @base= split ' ', $nc; - shift @base; - - # Find all the containers - print "Searching naming context '@base' for containers.\n"; - @containers= `$ldapsearch -s subtree -b \"@base\" \"numsubordinates=*\" numsubordinates`; - chop @containers; - - # Foreach container - - while(@containers) - { - # - $dn_line= shift @containers; - $count_line= shift @containers; - shift @containers; - - # Extract the count, and check it against the threshold - @count_array= split ' ', $count_line; - $count= @count_array[1]; - $dn= substr($dn_line,4); - print "Found container '$dn' with $count subordinates. "; - if($count > $threshold) - { - # We've found a container that should be indexed. - # Extract the DN and RDN of the container - $comma_position= (index $dn, ','); - if($comma_position== -1) - { - $rdn= $dn - } - else - { - $rdn= substr($dn, 0, $comma_position); - } - - # Tell the user what we're up to. - print "Adding VLV Search and Index entries.\n"; - - # Build the vlv search and index entries to be added. - $vlvsearch_name= "MCC $rdn"; - @vlvsearch= ( - "dn: cn=$vlvsearch_name, cn=config, cn=ldbm\n", - "objectclass: top\n", - "objectclass: vlvSearch\n", - "cn: $vlvsearch_name\n", - "vlvbase: $dn\n", - "vlvfilter: $vlvfilter\n", - "vlvscope: 1\n\n" ); - - $vlvindex_name= "SN $vlvsearch_name"; - @vlvindex= ( - "dn: cn=$vlvindex_name, cn=$vlvsearch_name, cn=config, cn=ldbm\n", - "objectclass: top\n", - "objectclass: vlvIndex\n", - "cn: $vlvindex_name\n", - "vlvsort: $vlvsort\n\n" ); - - @vlvnames = ( @vlvnames, "\"" . $vlvindex_name . "\""); - - if($really_do_it eq "1") - { - open(FD,"| $ldapmodify -a -c"); - print FD @vlvsearch; - print FD @vlvindex; - close(FD); - } - } - else - { - print "Too small.\n"; - } - } -} - -# Dump a script to actually create the indexes -if($really_do_it eq "1" && $#vlvnames > 0) -{ - print "\n"; - print "$#vlvnames VLV indices have been declared. Execute the following commands to build the index files.\n"; - print "\n"; - print "\\stop\n"; - print "slapd db2index -f -V @vlvnames\n"; - print "\\start\n"; -} - - diff --git a/ldap/admin/src/makevlvindex b/ldap/admin/src/makevlvindex deleted file mode 100644 index 801ae94..0000000 --- a/ldap/admin/src/makevlvindex +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/env perl -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -# makevlvindex - -sub usage_and_exit -{ - print "makevlvindex [options]\n"; - print "\n"; - print "Options:\n"; - print "-? - help\n"; - print "-D rootdn - Provide a root DN. Default= '$rootdn'\n"; - print "-w password - Provide a password for the root DN.\n"; - print "-h host - Provide a host name. Default= '$host'\n"; - print "-p port - Provide a port. Default= '$port'\n"; - print "-sn search_name - RDN of the vlvSearch parent entry.\n"; - print "-in index_name - RDN for the vlvIndex child entry.\n"; - print "-s sort - Provide a sort specification. Default='$vlvsort'\n"; - exit; -} - -# Initialise some things -$vlvsearch_name= ""; -$vlvindex_name= ""; -$vlvsort= "sn givenname cn ou o"; -$rootdn= "cn=Directory Manager"; -$host= "localhost"; -$port= "389"; - -# Process the command line arguments -while( $arg = shift) -{ - if($arg eq "-?") - { - usage_and_exit(); - } - elsif($arg eq "-D") - { - $rootdn= shift @ARGV; - } - elsif($arg eq "-w") - { - $rootpw= shift @ARGV; - } - elsif($arg eq "-h") - { - $host= shift @ARGV; - } - elsif($arg eq "-p") - { - $port= shift @ARGV; - } - elsif($arg eq "-sn") - { - $vlvsearch_name= shift @ARGV; - } - elsif($arg eq "-in") - { - $vlvindex_name= shift @ARGV; - } - elsif($arg eq "-s") - { - $vlvsort= shift @ARGV; - } - else - { - print "$arg: Unknown command line argument.\n"; - } -} - -$ldapmodify= "ldapmodify -h $host -p $port -D \"$rootdn\" -w $rootpw"; - -if( $vlvsearch_name eq "" || - $vlvindex_name eq "" || - $vlvsort eq "" || - $rootdn eq "" || - $host eq "" || - $port eq "") -{ - print "Error: Need command line information..\n"; - usage_and_exit(); -} - -if( $rootpw eq "" ) -{ - print "Warning: No root DN password provided. Won't be able to add VLV Search and Index entries.\n"; -} - -# Tell the user what we're up to. -print "Adding VLV Search entry.\n"; - -@vlvindex= ( - "dn: cn=$vlvindex_name, cn=$vlvsearch_name, cn=config, cn=ldbm\n", - "objectclass: top\n", - "objectclass: vlvIndex\n", - "cn: $vlvindex_name\n", - "vlvsort: $vlvsort\n\n" ); - -open(FD,"| $ldapmodify -a -c"); -print FD @vlvindex; -close(FD); - - diff --git a/ldap/admin/src/makevlvsearch b/ldap/admin/src/makevlvsearch deleted file mode 100644 index a75360b..0000000 --- a/ldap/admin/src/makevlvsearch +++ /dev/null @@ -1,141 +0,0 @@ -#!/usr/bin/env perl -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -# makevlvsearch - -sub usage_and_exit -{ - print "makevlvsearch [options]\n"; - print "\n"; - print "May be used to create just a vlvSearch entry, or to create\n"; - print "both a vlvSearch and vlvIndex entry.\n"; - print "\n"; - print "Options:\n"; - print "-? - help\n"; - print "-D rootdn - Provide a root DN. Default= '$rootdn'\n"; - print "-w password - Provide a password for the root DN.\n"; - print "-h host - Provide a host name. Default= '$host'\n"; - print "-p port - Provide a port. Default= '$port'\n"; - print "-b scope - Provide a scope. 1 or 2. Default= '$vlvscope'\n"; - print "-f filter - Provide a search filter. Default= '$vlvfilter'\n"; - print "-sn search_name - RDN of the vlvSearch parent entry.\n"; - print "-in index_name - RDN for the vlvIndex child entry.\n"; - print "-s sort - Provide a sort specification. Default='$vlvsort'\n"; - exit; -} - -# Initialise some things -$vlvsearch_name= ""; -$vlvindex_name= ""; -$vlvscope= "2"; -$vlvfilter= "(objectclass=*)"; -$vlvsort= ""; -$rootdn= "cn=Directory Manager"; -$host= "localhost"; -$port= "389"; - -# Process the command line arguments -while( $arg = shift) -{ - if($arg eq "-?") - { - usage_and_exit(); - } - elsif($arg eq "-D") - { - $rootdn= shift @ARGV; - } - elsif($arg eq "-w") - { - $rootpw= shift @ARGV; - } - elsif($arg eq "-h") - { - $host= shift @ARGV; - } - elsif($arg eq "-p") - { - $port= shift @ARGV; - } - elsif($arg eq "-b") - { - $vlvscope= shift @ARGV; - } - elsif($arg eq "-f") - { - $vlvfilter= shift @ARGV; - } - elsif($arg eq "-s") - { - $vlvsort= shift @ARGV; - } - elsif($arg eq "-sn") - { - $vlvsearch_name= shift @ARGV; - } - elsif($arg eq "-in") - { - $vlvindex_name= shift @ARGV; - } - else - { - print "$arg: Unknown command line argument.\n"; - } -} - -$ldapmodify= "ldapmodify -h $host -p $port -D \"$rootdn\" -w $rootpw"; - -if( $vlvfilter eq "" || - $vlvscope eq "" || - $vlvsearch_name eq "" || - $rootdn eq "" || - $host eq "" || - $port eq "") -{ - print "Error: Need command line information..\n"; - usage_and_exit(); -} - -if( $rootpw eq "" ) -{ - print "Warning: No root DN password provided. Won't be able to add VLV Search and Index entries.\n"; -} - -# Tell the user what we're up to. -print "Adding VLV Search and Index entries.\n"; - -# Build the vlv search and index entries to be added. -@vlvsearch= ( - "dn: cn=$vlvsearch_name, cn=config, cn=ldbm\n", - "objectclass: top\n", - "objectclass: vlvSearch\n", - "cn: $vlvsearch_name\n", - "vlvbase: $dn\n", - "vlvfilter: $vlvfilter\n", - "vlvscope: $vlvscope\n\n" ); - -@vlvindex= ( - "dn: cn=$vlvindex_name, cn=$vlvsearch_name, cn=config, cn=ldbm\n", - "objectclass: top\n", - "objectclass: vlvIndex\n", - "cn: $vlvindex_name\n", - "vlvsort: $vlvsort\n\n" ); - -open(FD,"| $ldapmodify -a -c"); -print FD @vlvsearch; -if( not($vlvindex_name eq "" || $vlvsort eq "")) -{ - print FD @vlvindex; -} -close(FD); - - diff --git a/ldap/admin/src/scripts/10cleanupldapi.pl b/ldap/admin/src/scripts/10cleanupldapi.pl deleted file mode 100644 index a09abe6..0000000 --- a/ldap/admin/src/scripts/10cleanupldapi.pl +++ /dev/null @@ -1,23 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my @errs; - my $ldapifile; - - # see if nsslapd-rundir is defined - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$ent) { - return ('error_finding_config_entry', 'cn=config', $conn->getErrorString()); - } - - $ldapifile = $ent->getValues('nsslapd-ldapifilepath'); - if ($ldapifile) { - unlink($ldapifile); - } - - return (); -} diff --git a/ldap/admin/src/scripts/10delautodnsuffix.pl b/ldap/admin/src/scripts/10delautodnsuffix.pl deleted file mode 100644 index 548a2d1..0000000 --- a/ldap/admin/src/scripts/10delautodnsuffix.pl +++ /dev/null @@ -1,23 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my @errs; - - # see if nsslapd-ldapiautodnsuffix is defined - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$ent) { - return ('error_finding_config_entry', 'cn=config', $conn->getErrorString()); - } - - if ($ent->getValues('nsslapd-ldapiautodnsuffix')) { - $ent->remove('nsslapd-ldapiautodnsuffix'); - $conn->update($ent); - # ignore errors - cn=config attr deletion not allowed over ldap - } - - return (); -} diff --git a/ldap/admin/src/scripts/10fixrundir.pl b/ldap/admin/src/scripts/10fixrundir.pl deleted file mode 100644 index b7a395c..0000000 --- a/ldap/admin/src/scripts/10fixrundir.pl +++ /dev/null @@ -1,39 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my @errs; - my $mode; - - # see if nsslapd-rundir is defined - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$ent) { - return ('error_finding_config_entry', 'cn=config', $conn->getErrorString()); - } - - if (!$ent->getValues('nsslapd-rundir')) { - $ent->setValues('nsslapd-rundir', $inf->{slapd}->{run_dir}); - # mark as modified so update will use a replace instead of an add - $ent->attrModified('nsslapd-rundir'); - $conn->update($ent); - my $rc = $conn->getErrorCode(); - if ($rc) { - return ('error_updating_entry', 'cn=config', $conn->getErrorString()); - } - } - - # ensure that other doesn't have permissions on rundir - $mode = (stat($inf->{slapd}->{run_dir}))[2] or return ('error_chmoding_file', $inf->{slapd}->{run_dir}, $!); - # mask off permissions for other - $mode &= 07770; - $! = 0; # clear errno - chmod $mode, $inf->{slapd}->{run_dir}; - if ($!) { - return ('error_chmoding_file', $inf->{slapd}->{run_dir}, $!); - } - - return (); -} diff --git a/ldap/admin/src/scripts/20betxn.pl b/ldap/admin/src/scripts/20betxn.pl deleted file mode 100644 index 6f9b5e1..0000000 --- a/ldap/admin/src/scripts/20betxn.pl +++ /dev/null @@ -1,74 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my @errs; - my $ldapifile; - - # Turn on nsslapd-pluginbetxn for - # cn=Multimaster Replication Plugin - # cn=Roles Plugin,cn=plugins,cn=config - # cn=USN,cn=plugins,cn=config - # cn=Retro Changelog Plugin,cn=plugins,cn=config - my @objplugins = ( - "cn=Multimaster Replication Plugin,cn=plugins,cn=config", - "cn=Roles Plugin,cn=plugins,cn=config", - "cn=USN,cn=plugins,cn=config", - "cn=Retro Changelog Plugin,cn=plugins,cn=config" - ); - foreach my $plugin (@objplugins) { - my $ent = $conn->search($plugin, "base", "(cn=*)"); - if (!$ent) { - return ('error_finding_config_entry', $plugin, $conn->getErrorString()); - } - $ent->setValues('nsslapd-pluginbetxn', "on"); - $conn->update($ent); - } - - # Set betxnpreoperation to nsslapd-plugintype for - # cn=7-bit check,cn=plugins,cn=config - # cn=attribute uniqueness,cn=plugins,cn=config - # cn=Auto Membership Plugin,cn=plugins,cn=config - # cn=Linked Attributes,cn=plugins,cn=config - # cn=Managed Entries,cn=plugins,cn=config - # cn=PAM Pass Through Auth,cn=plugins,cn=config - @preplugins = ( - "cn=7-bit check,cn=plugins,cn=config", - "cn=attribute uniqueness,cn=plugins,cn=config", - "cn=Auto Membership Plugin,cn=plugins,cn=config", - "cn=Linked Attributes,cn=plugins,cn=config", - "cn=Managed Entries,cn=plugins,cn=config", - "cn=PAM Pass Through Auth,cn=plugins,cn=config" - ); - foreach my $plugin (@preplugins) { - my $ent = $conn->search($plugin, "base", "(cn=*)"); - if (!$ent) { - return ('error_finding_config_entry', $plugin, $conn->getErrorString()); - } - $ent->setValues('nsslapd-pluginType', "betxnpreoperation"); - $conn->update($ent); - } - - # Set betxnpostoperation to nsslapd-plugintype for - # cn=MemberOf Plugin,cn=plugins,cn=config - # cn=referential integrity postoperation,cn=plugins,cn=config - # cn=State Change Plugin,cn=plugins,cn=config - @postplugins = ( - "cn=MemberOf Plugin,cn=plugins,cn=config", - "cn=referential integrity postoperation,cn=plugins,cn=config", - "cn=State Change Plugin,cn=plugins,cn=config" - ); - foreach my $plugin (@postplugins) { - my $ent = $conn->search($plugin, "base", "(cn=*)"); - if (!$ent) { - return ('error_finding_config_entry', $plugin, $conn->getErrorString()); - } - $ent->setValues('nsslapd-pluginType', "betxnpostoperation"); - $conn->update($ent); - } - - return (); -} diff --git a/ldap/admin/src/scripts/50AES-pbe-plugin.ldif b/ldap/admin/src/scripts/50AES-pbe-plugin.ldif deleted file mode 100644 index 564ceae..0000000 --- a/ldap/admin/src/scripts/50AES-pbe-plugin.ldif +++ /dev/null @@ -1,16 +0,0 @@ -dn: cn=AES,cn=Password Storage Schemes,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: AES -nsslapd-pluginpath: libpbe-plugin -nsslapd-plugininitfunc: aes_init -nsslapd-plugintype: reverpwdstoragescheme -nsslapd-pluginenabled: on -nsslapd-pluginarg0: nsmultiplexorcredentials -nsslapd-pluginarg1: nsds5ReplicaCredentials -nsslapd-pluginprecedence: 1 -nsslapd-pluginid: ID -nsslapd-pluginDescription: DESC -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR diff --git a/ldap/admin/src/scripts/50acctusabilityplugin.ldif b/ldap/admin/src/scripts/50acctusabilityplugin.ldif deleted file mode 100644 index fa72c4f..0000000 --- a/ldap/admin/src/scripts/50acctusabilityplugin.ldif +++ /dev/null @@ -1,21 +0,0 @@ -dn: cn=Account Usability Plugin,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Account Usability Plugin -nsslapd-pluginpath: libacctusability-plugin -nsslapd-plugininitfunc: auc_init -nsslapd-plugintype: preoperation -nsslapd-pluginenabled: on -nsslapd-plugin-depends-on-type: database -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC - -dn: oid=1.3.6.1.4.1.42.2.27.9.5.8,cn=features,cn=config -objectClass: top -objectClass: directoryServerFeature -oid: 1.3.6.1.4.1.42.2.27.9.5.8 -cn: Account Usable Request Control diff --git a/ldap/admin/src/scripts/50addchainingsaslpwroles.ldif b/ldap/admin/src/scripts/50addchainingsaslpwroles.ldif deleted file mode 100644 index 07ee93a..0000000 --- a/ldap/admin/src/scripts/50addchainingsaslpwroles.ldif +++ /dev/null @@ -1,6 +0,0 @@ -dn: cn=config,cn=chaining database,cn=plugins,cn=config -changetype: modify -add: nsPossibleChainingComponents -nsPossibleChainingComponents: cn=password policy,cn=components,cn=config -nsPossibleChainingComponents: cn=sasl,cn=components,cn=config -nsPossibleChainingComponents: cn=roles,cn=components,cn=config diff --git a/ldap/admin/src/scripts/50automemberplugin.ldif b/ldap/admin/src/scripts/50automemberplugin.ldif deleted file mode 100644 index d0c201a..0000000 --- a/ldap/admin/src/scripts/50automemberplugin.ldif +++ /dev/null @@ -1,15 +0,0 @@ -dn: cn=Auto Membership Plugin,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Auto Membership Plugin -nsslapd-pluginpath: libautomember-plugin -nsslapd-plugininitfunc: automember_init -nsslapd-plugintype: preoperation -nsslapd-pluginenabled: on -nsslapd-plugin-depends-on-type: database -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50bitstringsyntaxplugin.ldif b/ldap/admin/src/scripts/50bitstringsyntaxplugin.ldif deleted file mode 100644 index 8091630..0000000 --- a/ldap/admin/src/scripts/50bitstringsyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Bit String Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Bit String -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: bitstring_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50contentsync.ldif b/ldap/admin/src/scripts/50contentsync.ldif deleted file mode 100644 index c48202b..0000000 --- a/ldap/admin/src/scripts/50contentsync.ldif +++ /dev/null @@ -1,23 +0,0 @@ -dn: cn=Content Synchronization,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Content Synchronization -nsslapd-pluginpath: libcontentsync-plugin -nsslapd-plugininitfunc: sync_init -nsslapd-plugintype: object -nsslapd-pluginenabled: off -nsslapd-plugin-depends-on-named: Retro Changelog Plugin -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC - -dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config -objectClass: top -objectClass: directoryServerFeature -oid: 1.3.6.1.4.1.4203.1.9.1.1 -cn: Sync Request Control -aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( read - , search ) userdn = "ldap:///all";) diff --git a/ldap/admin/src/scripts/50deliverymethodsyntaxplugin.ldif b/ldap/admin/src/scripts/50deliverymethodsyntaxplugin.ldif deleted file mode 100644 index 0103c5b..0000000 --- a/ldap/admin/src/scripts/50deliverymethodsyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Delivery Method Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Delivery Method Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: delivery_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50derefplugin.ldif b/ldap/admin/src/scripts/50derefplugin.ldif deleted file mode 100644 index decadac..0000000 --- a/ldap/admin/src/scripts/50derefplugin.ldif +++ /dev/null @@ -1,16 +0,0 @@ -dn: cn=deref,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -objectclass: nsContainer -cn: deref -nsslapd-pluginpath: libderef-plugin -nsslapd-plugininitfunc: deref_init -nsslapd-plugintype: preoperation -nsslapd-pluginenabled: on -nsslapd-plugin-depends-on-type: database -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50disableurisyntaxplugin.ldif b/ldap/admin/src/scripts/50disableurisyntaxplugin.ldif deleted file mode 100644 index 2838036..0000000 --- a/ldap/admin/src/scripts/50disableurisyntaxplugin.ldif +++ /dev/null @@ -1,9 +0,0 @@ -dn: cn=URI Syntax,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginenabled -nsslapd-pluginenabled: off -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50enhancedguidesyntaxplugin.ldif b/ldap/admin/src/scripts/50enhancedguidesyntaxplugin.ldif deleted file mode 100644 index b5f8ddc..0000000 --- a/ldap/admin/src/scripts/50enhancedguidesyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Enhanced Guide Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Enhanced Guide Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: enhancedguide_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50entryusnindex.ldif b/ldap/admin/src/scripts/50entryusnindex.ldif deleted file mode 100644 index 9196f67..0000000 --- a/ldap/admin/src/scripts/50entryusnindex.ldif +++ /dev/null @@ -1,7 +0,0 @@ -dn: cn=entryusn,cn=default indexes, cn=config,cn=ldbm database,cn=plugins,cn=config -objectclass: top -objectclass: nsIndex -cn: entryusn -nssystemindex: true -nsindextype: eq -nsmatchingrule: integerOrderingMatch diff --git a/ldap/admin/src/scripts/50faxnumbersyntaxplugin.ldif b/ldap/admin/src/scripts/50faxnumbersyntaxplugin.ldif deleted file mode 100644 index 1959cd3..0000000 --- a/ldap/admin/src/scripts/50faxnumbersyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Facsimile Telephone Number Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Facsimile Telephone Number Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: facsimile_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50faxsyntaxplugin.ldif b/ldap/admin/src/scripts/50faxsyntaxplugin.ldif deleted file mode 100644 index 3410c32..0000000 --- a/ldap/admin/src/scripts/50faxsyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Fax Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Fax Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: fax_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50fixNsState.pl b/ldap/admin/src/scripts/50fixNsState.pl deleted file mode 100644 index f825bba..0000000 --- a/ldap/admin/src/scripts/50fixNsState.pl +++ /dev/null @@ -1,241 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Entry; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use DSUtil qw(debug); -use Config; -use Math::BigInt; - -# # Determine the endianness of your system -my $packfmt32 = "VVA6vCx3"; # must be 20 bytes -my $packfmt64 = "VVA6vCx7"; # must be 24 bytes - -my $is_big_endian = unpack('xc', pack('s', 1)); -# see if we are on an LP64 system -my $is64 = ($Config{longsize} == 8); - -sub convert_to_32bit { - my $val64 = shift; - return ($val64 >> 32, $val64 & 0xffffffff); -} - -sub convert_from_32bit { - my ($hi, $lo) = @_; - return ($hi << 32) + $lo; -} - -sub convert_uniqueid { - my $ent = shift; - my $val = shift; - - if (!$ent || !$val) { - return (0, 0); - } - - my $hex = unpack('H*', $val); - #print "hex=$hex\n"; - - my $fmt32 = "VVA6vC"; - my $bigfmt32 = "NNA6nC"; - my $fmt64 = "VVA6vC"; - my $bigfmt64 = "NNA6nC"; - my $fmt = $fmt32; - my $bigfmt = $bigfmt32; - my $packfmt = $packfmt32; - if (length($val) > 20) { - $fmt = $fmt64; - $bigfmt = $bigfmt64; - $packfmt = $packfmt64; - } elsif ($is64) { - # cannot convert 32-bit to 64-bit - just delete the entry and continue - debug(1, "Cannot convert 32-bit nsState value $hex to 64-bit - deleting entry " . - $ent->getDN() . " and continuing\n"); - return (-1, 0); - } else { # 32-bit to 32-bit - just leave it alone - debug(1, "Skipping 32-bit nsState value $hex in entry " . - $ent->getDN() . " and continuing\n"); - return (0, 0); - } - if ($is_big_endian) { - $packfmt32 = "NNA6nCx3"; - $packfmt64 = "NNA6nCx7"; - } - - if ($is64) { - $packfmt = $packfmt64; - } - - my ($tslow, $tshigh, $node, $clockseq, $last_update) = unpack($fmt, $val); - my $ts = convert_from_32bit($tshigh, $tslow); - my $tssecs = ($ts - 0x01B21DD213814000) / 10000000; - my $curts = time; - my $tsdiff = abs($curts - $tssecs); - my $maxdiff = 86400*365*10; # 10 years - if (($tsdiff > $maxdiff) || (($last_update != 0) && ($last_update != 1))) { - # try big endian - ($tshigh, $tslow, $node, $clockseq, $last_update) = unpack($bigfmt, $val); - $ts = convert_from_32bit($tshigh, $tslow); - $tssecs = ($ts - 0x01B21DD213814000) / 10000000; - $tsdiff = abs($curts - $tssecs); - if (($tsdiff > $maxdiff) || (($last_update != 0) && ($last_update != 1))) { - debug(0, "Error: could not parse nsstate $hex - tsdiff is $tsdiff seconds or ", ($tsdiff/86400), " days\n"); - return (0, 0, 'error_could_not_parse_nsstate', $ent->getDN(), $hex); - } - } - - # format for the target system - ($tshigh, $tslow) = convert_to_32bit($ts); - my $newval = pack($packfmt, $tslow, $tshigh, $node, $clockseq, $last_update); - my $rc = 0; - if ($val ne $newval) { # changed - my $hex2 = unpack('H*', $newval); - debug(1, "Converted old nsState val in ", $ent->getDN(), " from $hex to $hex2\n"); - $rc = 1; # changed - } - return ($rc, $newval); -} - -sub convert_replica { - my $ent = shift; - my $val = shift; - - if (!$ent || !$val) { - return (0, 0); - } - - my $len = length($val); - my $pad; - my $timefmt; - my ($rid, $sampled_time, $local_offset, $remote_offset, $seq_num); - my ($st_high, $st_low, $lo_high, $lo_low, $ro_high, $ro_low); - my $fmtstr; - my $bigfmtstr; - if ($len <= 20) { - $pad = 2; # padding for short H values - $timefmt = 'V'; # timevals are unsigned 32-bit int - try little-endian 'V' first - $fmtstr = "vx" . $pad . $timefmt . "3vx" . $pad; - $bigfmtstr = 'nx' . $pad . 'N' . '3nx' . $pad; - ($rid, $sampled_time, $local_offset, $remote_offset, $seq_num) = unpack($fmtstr, $val); - } else { - $pad = 6; # padding for short H values - $timefmt = 'V'; # timevals are unsigned 64-bit int - $fmtstr = "vx" . $pad . $timefmt . "6vx" . $pad; - $bigfmtstr = 'nx' . $pad . 'N' . '6nx' . $pad; - ($rid, $st_low, $st_high, $lo_low, $lo_high, $ro_low, $ro_high, $seq_num) = unpack($fmtstr, $val); - $sampled_time = convert_from_32bit($st_high, $st_low); - $local_offset = convert_from_32bit($lo_high, $lo_low); - $remote_offset = convert_from_32bit($ro_high, $ro_low); - } - # short - padbytes - 3 timevals - short - padbytes - my $hex = unpack('H*', $val); - my $now = time; - my $tdiff = abs($now - $sampled_time); - my $maxdiff = 86400*365*10; # 10 years - if ($tdiff > $maxdiff) { # try big endian - if ($len <= 20) { - ($rid, $sampled_time, $local_offset, $remote_offset, $seq_num) = unpack($bigfmtstr, $val); - } else { - ($rid, $st_high, $st_low, $lo_high, $lo_low, $ro_high, $ro_low, $seq_num) = unpack($bigfmtstr, $val); - $sampled_time = convert_from_32bit($st_high, $st_low); - $local_offset = convert_from_32bit($lo_high, $lo_low); - $remote_offset = convert_from_32bit($ro_high, $ro_low); - } - my $tdiff = abs($now - $sampled_time); - if ($tdiff > $maxdiff) { # error - debug(0, "Error: could not parse nsstate $hex - tdiff is $tdiff seconds or", ($tdiff/86400), " days\n"); - return (0, 0, 'error_could_not_parse_nsstate', $ent->getDN(), $hex); - } - } - # format for the target system - my $packfmt; - my @packargs; - if ($is64) { - my $packfmt = "vx" . $pad . "V6vx" . $pad; - if ($is_big_endian) { - $packfmt = "nx" . $pad . "N6nx" . $pad; - } - $st_high = $st >> 32; - ($st_high, $st_low) = convert_to_32bit($sampled_time); - ($lo_high, $lo_low) = convert_to_32bit($local_offset); - ($ro_high, $ro_low) = convert_to_32bit($remote_offset); - @packargs = ($rid, $st_low, $st_high, $lo_low, $lo_high, $ro_low, $ro_high, $seq_num); - } else { - my $packfmt = "vx" . $pad . "V3vx" . $pad; - if ($is_big_endian) { - $packfmt = "nx" . $pad . "N3nx" . $pad; - } - @packargs = ($rid, $sampled_time, $local_offset, $remote_offset, $seq_num); - } - my $newval = pack($fmtstr, @packargs); - my $rc = 0; - if ($val ne $newval) { # changed - my $hex2 = unpack('H*', $newval); - debug(1, "Converted old nsState val in ", $ent->getDN(), " from $hex to $hex2\n"); - $rc = 1; # changed - } - return ($rc, $newval); -} - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my $ent = $conn->search("cn=config", "sub", "(cn=uniqueid generator)"); - if ($ent) { - my ($rc, $newval, @errs) = convert_uniqueid($ent, $ent->getValues('nsState')); - if (@errs) { - return @errs; - } - if ($rc) { # changed - if ($rc == -1) { # delete it - if (!$conn->delete($ent->getDN())) { - return ("error_deleteall_entries", $ent->getDN(), $conn->getErrorString()); - } - } else { - $ent->setValues('nsState', $newval); - if (!$conn->update($ent)) { - return ("error_updating_entry", $ent->getDN(), $conn->getErrorString()); - } - } - } - } - - for ($ent = $conn->search("cn=config", "sub", "(cn=replica)"); - $ent; $ent = $conn->nextEntry) { - my ($rc, $newval, @errs) = convert_replica($ent, $ent->getValues('nsState')); - if (@errs) { - return @errs; - } - if ($rc) { # changed - $ent->setValues('nsState', $newval); - if (!$conn->update($ent)) { - return ("error_updating_entry", $ent->getDN(), $conn->getErrorString()); - } - } - } - - return (); -} - -sub testit { -#my $val = 'ACm2BdIdsgH+tw/8AAB+swEAAAA='; -#my $val = 'AOj+tyuA4AHsNZ7S9NnxZwEAAAAAAAAA'; -#my $val = 'ABI3gdIdsgH3TJWpAACGIgEAAAA='; -#my $testval = "00a43cb4d11db2018b7912fd0000a42e01000000"; -#my $testval = "0029B605D21DB201FEB70FFC00007EB301000000"; -#my $testval = "00E8FEB72B80E001EC359ED2F4D9F1670100000000000000"; -#my $testval = "00123781D21DB201F74C95A90000862201000000"; -my $testval = '01E0D2DA53198600A12C2D6BADF15D630100000000000000'; -my $testreplval = "\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00N\\\x8b5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00"; -my $testdecval = $testval; -# base16 decode -$testdecval =~ s/(..)/chr(hex($1))/eg; -my $ent = new Mozilla::LDAP::Entry; -$ent->setDN("cn=uniqueid generator"); -my ($rc, $newval) = convert_uniqueid($ent, $testdecval); -$ent->setDN('cn=replica'); -my ($rc, $newval2) = convert_replica($ent, $testreplval); -} - -testit() unless caller(); - -1; diff --git a/ldap/admin/src/scripts/50guidesyntaxplugin.ldif b/ldap/admin/src/scripts/50guidesyntaxplugin.ldif deleted file mode 100644 index d9c3a08..0000000 --- a/ldap/admin/src/scripts/50guidesyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Guide Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Guide Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: guide_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50linkedattrsplugin.ldif b/ldap/admin/src/scripts/50linkedattrsplugin.ldif deleted file mode 100644 index a321673..0000000 --- a/ldap/admin/src/scripts/50linkedattrsplugin.ldif +++ /dev/null @@ -1,16 +0,0 @@ -dn: cn=Linked Attributes,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -objectclass: nsContainer -cn: Linked Attributes -nsslapd-pluginpath: liblinkedattrs-plugin -nsslapd-plugininitfunc: linked_attrs_init -nsslapd-plugintype: preoperation -nsslapd-pluginenabled: on -nsslapd-plugin-depends-on-type: database -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50managedentriesplugin.ldif b/ldap/admin/src/scripts/50managedentriesplugin.ldif deleted file mode 100644 index ad2984c..0000000 --- a/ldap/admin/src/scripts/50managedentriesplugin.ldif +++ /dev/null @@ -1,16 +0,0 @@ -dn: cn=Managed Entries,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -objectclass: nsContainer -cn: Managed Entries -nsslapd-pluginpath: libmanagedentries-plugin -nsslapd-plugininitfunc: mep_init -nsslapd-plugintype: preoperation -nsslapd-pluginenabled: on -nsslapd-plugin-depends-on-type: database -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50memberofindex.ldif b/ldap/admin/src/scripts/50memberofindex.ldif deleted file mode 100644 index 6ede083..0000000 --- a/ldap/admin/src/scripts/50memberofindex.ldif +++ /dev/null @@ -1,6 +0,0 @@ -dn: cn=memberOf,cn=default indexes, cn=config,cn=ldbm database,cn=plugins,cn=config -objectclass: top -objectclass: nsIndex -cn: memberOf -nssystemindex: false -nsindextype: eq diff --git a/ldap/admin/src/scripts/50memberofplugin.ldif b/ldap/admin/src/scripts/50memberofplugin.ldif deleted file mode 100644 index 722e943..0000000 --- a/ldap/admin/src/scripts/50memberofplugin.ldif +++ /dev/null @@ -1,17 +0,0 @@ -dn: cn=MemberOf Plugin,cn=plugins,cn=config -objectClass: top -objectClass: nsSlapdPlugin -objectClass: extensibleObject -cn: MemberOf Plugin -nsslapd-pluginpath: libmemberof-plugin -nsslapd-plugininitfunc: memberof_postop_init -nsslapd-plugintype: postoperation -nsslapd-pluginenabled: off -nsslapd-plugin-depends-on-type: database -memberOfGroupAttr: member -memberOfAttr: memberOf -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50nameuidsyntaxplugin.ldif b/ldap/admin/src/scripts/50nameuidsyntaxplugin.ldif deleted file mode 100644 index f4a3305..0000000 --- a/ldap/admin/src/scripts/50nameuidsyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Name And Optional UID Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Name And Optional UID Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: nameoptuid_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50nstombstonecsn.ldif b/ldap/admin/src/scripts/50nstombstonecsn.ldif deleted file mode 100644 index 871124b..0000000 --- a/ldap/admin/src/scripts/50nstombstonecsn.ldif +++ /dev/null @@ -1,7 +0,0 @@ -dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: nsIndex -cn: nsTombstoneCSN -nssystemindex: true -nsindextype: eq \ No newline at end of file diff --git a/ldap/admin/src/scripts/50numericstringsyntaxplugin.ldif b/ldap/admin/src/scripts/50numericstringsyntaxplugin.ldif deleted file mode 100644 index a5ba17f..0000000 --- a/ldap/admin/src/scripts/50numericstringsyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Numeric String Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Numeric String Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: numstr_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50printablestringsyntaxplugin.ldif b/ldap/admin/src/scripts/50printablestringsyntaxplugin.ldif deleted file mode 100644 index d8dad9b..0000000 --- a/ldap/admin/src/scripts/50printablestringsyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Printable String Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Printable String Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: printable_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50refintprecedence.ldif b/ldap/admin/src/scripts/50refintprecedence.ldif deleted file mode 100644 index dec649c..0000000 --- a/ldap/admin/src/scripts/50refintprecedence.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=referential integrity postoperation,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginPrecedence -nsslapd-pluginPrecedence: 40 diff --git a/ldap/admin/src/scripts/50retroclprecedence.ldif b/ldap/admin/src/scripts/50retroclprecedence.ldif deleted file mode 100644 index 2faf329..0000000 --- a/ldap/admin/src/scripts/50retroclprecedence.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=Retro Changelog Plugin,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginPrecedence -nsslapd-pluginPrecedence: 25 diff --git a/ldap/admin/src/scripts/50rootdnaccesscontrolplugin.ldif b/ldap/admin/src/scripts/50rootdnaccesscontrolplugin.ldif deleted file mode 100644 index 21ceb0f..0000000 --- a/ldap/admin/src/scripts/50rootdnaccesscontrolplugin.ldif +++ /dev/null @@ -1,15 +0,0 @@ -dn: cn=RootDN Access Control,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: RootDN Access Control -nsslapd-pluginpath: librootdn-access-plugin.so -nsslapd-plugininitfunc: rootdn_init -nsslapd-plugintype: internalpreoperation -nsslapd-pluginenabled: off -nsslapd-plugin-depends-on-type: database -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50schemareloadplugin.ldif b/ldap/admin/src/scripts/50schemareloadplugin.ldif deleted file mode 100644 index b6d12a5..0000000 --- a/ldap/admin/src/scripts/50schemareloadplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Schema Reload,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Schema Reload -nsslapd-pluginpath: libschemareload-plugin -nsslapd-plugininitfunc: schemareload_init -nsslapd-plugintype: object -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif b/ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif deleted file mode 100644 index 6ef0fae..0000000 --- a/ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif +++ /dev/null @@ -1,13 +0,0 @@ -dn: cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -cn: SMD5 -nsslapd-pluginpath: libpwdstorage-plugin -nsslapd-plugininitfunc: smd5_pwd_storage_scheme_init -nsslapd-plugintype: pwdstoragescheme -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50syntaxvalidplugin.ldif b/ldap/admin/src/scripts/50syntaxvalidplugin.ldif deleted file mode 100644 index ee0a085..0000000 --- a/ldap/admin/src/scripts/50syntaxvalidplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Syntax Validation Task,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Syntax Validation Task -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: syntax_validate_task_init -nsslapd-plugintype: object -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50targetuniqueid.ldif b/ldap/admin/src/scripts/50targetuniqueid.ldif deleted file mode 100644 index 8f5cbc3..0000000 --- a/ldap/admin/src/scripts/50targetuniqueid.ldif +++ /dev/null @@ -1,7 +0,0 @@ -dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: nsIndex -cn: targetuniqueid -nssystemindex: true -nsindextype: eq diff --git a/ldap/admin/src/scripts/50teletexterminalidsyntaxplugin.ldif b/ldap/admin/src/scripts/50teletexterminalidsyntaxplugin.ldif deleted file mode 100644 index ae16488..0000000 --- a/ldap/admin/src/scripts/50teletexterminalidsyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Teletex Terminal Identifier Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Teletex Terminal Identifier Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: teletex_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50telexnumbersyntaxplugin.ldif b/ldap/admin/src/scripts/50telexnumbersyntaxplugin.ldif deleted file mode 100644 index cf28820..0000000 --- a/ldap/admin/src/scripts/50telexnumbersyntaxplugin.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=Telex Number Syntax,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: Telex Number Syntax -nsslapd-pluginpath: libsyntax-plugin -nsslapd-plugininitfunc: telex_init -nsslapd-plugintype: syntax -nsslapd-pluginenabled: on -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/50updateconfig.ldif b/ldap/admin/src/scripts/50updateconfig.ldif deleted file mode 100644 index 719d4a8..0000000 --- a/ldap/admin/src/scripts/50updateconfig.ldif +++ /dev/null @@ -1,10 +0,0 @@ -# -# Updates for the cn=config entry -# - -# Enable the Normalized DN cache -dn: cn=config -changetype: modify -replace: nsslapd-ndn-cache-enabled -nsslapd-ndn-cache-enabled: on - diff --git a/ldap/admin/src/scripts/50usnplugin.ldif b/ldap/admin/src/scripts/50usnplugin.ldif deleted file mode 100644 index 5fd2cfb..0000000 --- a/ldap/admin/src/scripts/50usnplugin.ldif +++ /dev/null @@ -1,15 +0,0 @@ -dn: cn=USN,cn=plugins,cn=config -objectclass: top -objectclass: nsSlapdPlugin -objectclass: extensibleObject -cn: USN -nsslapd-pluginpath: libusn-plugin -nsslapd-plugininitfunc: usn_init -nsslapd-plugintype: object -nsslapd-pluginenabled: off -nsslapd-plugin-depends-on-type: database -# these will be replaced when the server loads the plugin -nsslapd-pluginId: ID -nsslapd-pluginVersion: PACKAGE_VERSION -nsslapd-pluginVendor: VENDOR -nsslapd-pluginDescription: DESC diff --git a/ldap/admin/src/scripts/52updateAESplugin.pl b/ldap/admin/src/scripts/52updateAESplugin.pl deleted file mode 100644 index 9a27729..0000000 --- a/ldap/admin/src/scripts/52updateAESplugin.pl +++ /dev/null @@ -1,87 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Entry; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use File::Basename; -use File::Copy; -use DSUtil qw(debug serverIsRunning); - -# no warnings 'experimental::smartmatch'; -no if $] >= 5.017011, warnings => 'experimental::smartmatch'; - -# -# Check if there is a DES plugin and make sure the AES plugin contains the same attributes -# -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - my @attrs; - my @attrs_to_add; - my $aes_count = 0; - my $des_count = 0; - my $i = 0; - - my $aes_dn = "cn=AES,cn=Password Storage Schemes,cn=plugins,cn=config"; - my $aes_entry = $conn->search($aes_dn, "base", "(cn=*)"); - if (!$aes_entry) { - # No AES plugin - nothing to do - return (); - } - - # We need to grab the AES plugin args... - while(1){ - my $argattr = "nsslapd-pluginarg" . $i; - my $val = $aes_entry->getValues($argattr); - if($val ne ""){ - $attrs[$aes_count] = $val; - $aes_count++; - } else { - last; - } - $i++; - } - - # Grab the DES plugin - my $des_dn = "cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config"; - my $des_entry = $conn->search($des_dn, "base", "(cn=*)"); - if (!$des_entry) { - # No DES plugin - nothing to do - return (); - } - - # We need to check the DES plugin args against the AES args. - $i = 0; - while(1){ - my $argattr = "nsslapd-pluginarg" . $i; - my $val = $des_entry->getValues($argattr); - if($val eq ""){ - last; - } - if(!($val ~~ @attrs) ){ # smartmatch - $attrs_to_add[$des_count] = $val; - $des_count++; - } - $i++; - } - - # Add the missing attributes to the AES plugin - if($#attrs_to_add >= 0){ - foreach $val (@attrs_to_add){ - $aes_entry->addValue("nsslapd-pluginarg" . $aes_count, $val); - $aes_count++; - } - $conn->update($aes_entry); - } - - # Change replication plugin dependency from DES to AES - my $mmr_entry = $conn->search("cn=Multimaster Replication Plugin,cn=plugins,cn=config", "base", "(cn=*)"); - $mmr_entry->removeValue("nsslapd-plugin-depends-on-named", "DES"); - $mmr_entry->addValue("nsslapd-plugin-depends-on-named", "AES"); - $conn->update($mmr_entry); - - # Change the des plugin to use the new libpbe-plugin library - $des_entry->{"nsslapd-pluginPath"} = [ "libpbe-plugin" ]; - $conn->update($des_entry); - - return (); -} - diff --git a/ldap/admin/src/scripts/60removeLegacyReplication.ldif b/ldap/admin/src/scripts/60removeLegacyReplication.ldif deleted file mode 100644 index 7c64a96..0000000 --- a/ldap/admin/src/scripts/60removeLegacyReplication.ldif +++ /dev/null @@ -1,2 +0,0 @@ -dn: cn=Legacy Replication Plugin,cn=plugins,cn=config -changetype: delete diff --git a/ldap/admin/src/scripts/60upgradeconfigfiles.pl b/ldap/admin/src/scripts/60upgradeconfigfiles.pl deleted file mode 100644 index 189eb03..0000000 --- a/ldap/admin/src/scripts/60upgradeconfigfiles.pl +++ /dev/null @@ -1,69 +0,0 @@ -use File::Copy; -use Mozilla::LDAP::LDIF; -use DSCreate qw(installSchema); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - if (!$inf->{slapd}->{config_dir} or (! -d $inf->{slapd}->{config_dir})) { - return ('error_reading_config_dir', $inf->{slapd}->{config_dir}); - } - - # these files are obsolete, or we want to replace - # them with newer versions - my @toremove = qw(slapd-collations.conf); - - # make a backup directory to store the deleted config file, then - # don't really delete it, just move it to that directory - my $mode = (stat($inf->{slapd}->{config_dir}))[2]; - my $bakdir = $inf->{slapd}->{config_dir} . "/bak" ; - if (! -d $bakdir) { - $! = 0; # clear - mkdir $bakdir, $mode; - if ($!) { - return ('error_creating_directory', $bakdir, $!); - } - } - - my @errs; - for my $file (@toremove) { - my $oldname = $inf->{slapd}->{config_dir} . "/" . $file; - next if (! -f $oldname); # does not exist - skip - already (re)moved - my $newname = "$bakdir/$file"; - $! = 0; # clear - rename $oldname, $newname; - if ($!) { - push @errs, ["error_renaming_config", $oldname, $newname, $!]; - } - } - - my $configsrcdir = $inf->{slapd}->{config_dir} . "/../config"; - for my $file (@toremove) { - my $srcname = "$configsrcdir/$file"; - my $newname = $inf->{slapd}->{config_dir} . "/" . $file; - - copy $srcname, $newname; - if ($!) { - push @errs, ["error_renaming_config", $srcname, $newname, $!]; - } - } - - # If we've encountered any errors up to this point, restore - # the original file. - if (@errs) { - # restore the original files - for my $file (@toremove) { - my $oldname = "$bakdir/$file"; - next if (! -f $oldname); # does not exist - not backed up - my $newname = $inf->{slapd}->{config_dir} . "/" . $file; - next if (-f $newname); # not removed - rename $oldname, $newname; - } - return @errs; - } - - if (-d $bakdir) { - system("rm -rf $bakdir"); - } - return (); -} diff --git a/ldap/admin/src/scripts/60upgradeschemafiles.pl b/ldap/admin/src/scripts/60upgradeschemafiles.pl deleted file mode 100644 index 5a2c019..0000000 --- a/ldap/admin/src/scripts/60upgradeschemafiles.pl +++ /dev/null @@ -1,189 +0,0 @@ - -use Mozilla::LDAP::LDIF; -use DSCreate qw(installSchema); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - if (!$inf->{slapd}->{schema_dir} or (! -d $inf->{slapd}->{schema_dir})) { - return ('error_reading_schema_dir', $inf->{slapd}->{schema_dir}); - } - - # these schema files are obsolete, or we want to replace - # them with newer versions - my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 10dna-plugin.ldif 28pilot.ldif 30ns-common.ldif 50ns-mail.ldif 50ns-directory.ldif 60qmail.ldif 60radius.ldif 60mozilla.ldif 60pam-plugin.ldif 60sudo.ldif 60rfc3712.ldif 60samba3.ldif 60posix-winsync-plugin.ldif 60sabayon.ldif 60nis.ldif 60sendmail.ldif); - - # these hashes will be used to check for obsolete schema - # in 99user.ldif - my %attrsbyname; - my %attrsbyoid; - my %objclassesbyname; - my %objclassesbyoid; - my $userschemaentry; - - # make a backup directory to store the deleted schema, then - # don't really delete it, just move it to that directory - my $mode = (stat($inf->{slapd}->{schema_dir}))[2]; - my $bakdir = $inf->{slapd}->{schema_dir} . ".bak"; - if (! -d $bakdir) { - $! = 0; # clear - mkdir $bakdir, $mode; - if ($!) { - return ('error_creating_directory', $bakdir, $!); - } - } - - my @errs; - for my $file (@toremove) { - my $oldname = $inf->{slapd}->{schema_dir} . "/" . $file; - next if (! -f $oldname); # does not exist - skip - already (re)moved - my $newname = "$bakdir/$file"; - $! = 0; # clear - rename $oldname, $newname; - if ($!) { - push @errs, ["error_renaming_schema", $oldname, $newname, $!]; - } - } - - # Remove obsolete schema from 99user.ldif. Compare by name and OID. - if (!open( OLDUSERSCHEMA, $inf->{slapd}->{schema_dir} . "/99user.ldif")) { - push @errs, ["error_reading_schema_file", $inf->{slapd}->{schema_dir} . "/99user.ldif", $!]; - } else { - my $olduserschema = new Mozilla::LDAP::LDIF(*OLDUSERSCHEMA); - - # Find the cn=schema entry. - while ($userschemaentry = readOneEntry $olduserschema) { - my $dn = $userschemaentry->getDN(); - # The only entry should be cn=schema, but best to play it safe. - next if ($dn ne "cn=schema"); - - # create the attributeTypes hashes (name->value, oid->value) - my @attrtypes = $userschemaentry->getValues("attributeTypes"); - foreach my $attrtype (@attrtypes) { - # parse out the attribute name and oid - if ($attrtype =~ /^\(\s*([\d\.]+)\s+NAME\s+'(\w+)'/) { - # normalize the attribute name - $attrsbyname{lc "$2"} = "$attrtype"; - $attrsbyoid{"$1"} = "$attrtype"; - } - } - - # create the objectClasses hashes (name->value, oid->value) - my @objclasses = $userschemaentry->getValues("objectClasses"); - foreach my $objclass (@objclasses) { - # parse out the objectclass name and oid - if ($objclass =~ /^\(\s*([\d\.]+)\s+NAME\s+'(\w+)'/) { - # normalize the objectclass name - $objclassesbyname{lc "$2"} = "$objclass"; - $objclassesbyoid{"$1"} = "$objclass"; - } - } - - # We found the cn=schema entry, so there's no need - # to look for more entries. - last; - } - - close OLDUSERSCHEMA; - } - - for my $file (@toremove) { - my $fullname = "$bakdir/$file"; - - next if (! -f $fullname); # does not exist - skip - already (re)moved - - if (!open( OBSOLETESCHEMA, "$fullname")) { - push @errs, ["error_reading_schema_file", $fullname, $!]; - } else { - my $obsoleteschema = new Mozilla::LDAP::LDIF(*OBSOLETESCHEMA); - - # Find the cn=schema entry. - while (my $entry = readOneEntry $obsoleteschema) { - my $dn = $entry->getDN(); - # The only entry should be cn=schema, but best to play it safe. - next if ($dn ne "cn=schema"); - - # Check if any of the attributeTypes in this file - # are defined in 99user.ldif and remove them if so. - my @attrtypes = $entry->getValues("attributeTypes"); - foreach $attrtype (@attrtypes) { - # parse out the attribute name and oid - if ($attrtype =~ /^\(\s*([\d\.]+)\s+NAME\s+'(\w+)'/) { - # normalize the attribute name - if ($attrsbyname{lc "$2"}) { - $userschemaentry->removeValue("attributeTypes", $attrsbyname{lc "$2"}); - } elsif ($attrsbyoid{"$1"}) { - $userschemaentry->removeValue("attributeTypes", $attrsbyoid{"$1"}); - } - } - } - - # Check if any of the objectClasses in this file - # are defined in 99user.ldif and remove them if so. - my @objclasses = $entry->getValues("objectClasses"); - foreach $objclass (@objclasses) { - # parse out the objectclass name and oid - if ($objclass =~ /^\(\s*([\d\.]+)\s+NAME\s+'(\w+)'/) { - # normalize the objectclass name - if ($objclassesbyname{lc "$2"}) { - $userschemaentry->removeValue("objectClasses", $objclassesbyname{lc "$2"}); - } elsif ($objclassesbyoid{"$1"}) { - $userschemaentry->removeValue("objectClasses", $objclassesbyoid{"$1"}); - } - } - } - } - - close OBSOLETESCHEMA; - } - } - - # Backup the original 99user.ldif - $! = 0; # clear - rename $inf->{slapd}->{schema_dir} . "/99user.ldif", "$bakdir/99user.ldif"; - if ($!) { - push @errs, ["error_renaming_schema", $inf->{slapd}->{schema_dir} . "/99user.ldif", "$bakdir/99user.ldif", $!]; - } - - # Write the new 99user.ldif - if (!open ( NEWUSERSCHEMA, ">" . $inf->{slapd}->{schema_dir} . "/99user.ldif")) { - push @errs, ["error_writing_schema_file", $inf->{slapd}->{schema_dir} . "/99user.ldif", $!]; - } else { - my $newuserschema = new Mozilla::LDAP::LDIF(*NEWUSERSCHEMA); - writeOneEntry $newuserschema $userschemaentry; - close NEWUSERSCHEMA; - - # Set permissions based off of the original 99user.ldif. - my @stat = stat("$bakdir/99user.ldif"); - my $mode = $stat[2]; - my $uid = $stat[4]; - my $gid = $stat[5]; - chmod $mode, $inf->{slapd}->{schema_dir} . "/99user.ldif"; - chown $uid, $gid, $inf->{slapd}->{schema_dir} . "/99user.ldif"; - } - - # If we've encountered any errors up to this point, restore - # the original schema. - if (@errs) { - # restore the original schema files - for my $file (@toremove) { - my $oldname = "$bakdir/$file"; - next if (! -f $oldname); # does not exist - not backed up - my $newname = $inf->{slapd}->{schema_dir} . "/" . $file; - next if (-f $newname); # not removed - rename $oldname, $newname; - } - - # Restore 99user.ldif. We overwrite whatever is there since - # it is possible that we have modified it. - if (-f "$bakdir/99user.ldif") { - rename "$bakdir/99user.ldif", $inf->{slapd}->{schema_dir} . "/99user.ldif"; - } - - return @errs; - } - - # after removing them, just add everything in the default - # schema directory - return installSchema($inf, 1); -} diff --git a/ldap/admin/src/scripts/70upgradefromldif.pl b/ldap/admin/src/scripts/70upgradefromldif.pl deleted file mode 100644 index daeed66..0000000 --- a/ldap/admin/src/scripts/70upgradefromldif.pl +++ /dev/null @@ -1,108 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Entry; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use File::Basename; -use File::Copy; -use DSUtil qw(debug serverIsRunning); - -# Used to upgrade from an older version whose database might not be -# compatible - also for an upgrade from a machine of a different -# architecture -# For each backend instance, the ldif directory should contain -# a file called BACKEND.ldif e.g. userRoot.ldif NetscapeRoot.ldif etc. -# each file will be imported -# if the import is successful, the file will be renamed so that if -# upgrade is run again, it will not attempt to import it again, but -# it will be left around as a backup -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my @errs; - - my $config = "cn=config"; - my $config_entry = $conn->search($config, "base", "(cn=*)"); - if (!$config_entry) { - return ("error_no_configuration_entry", $!); - } - my $ldifdir = $config_entry->getValues('nsslapd-ldifdir'); - if (!$ldifdir) { - debug(1, "No such attribute nsslapd-ldifdir in cn=config in $inst\n"); - return (); # nothing to do - } - my $rundir = $config_entry->getValues('nsslapd-rundir'); - my $instdir = $config_entry->getValues('nsslapd-instancedir'); - # Check if the server is up or not - my $isrunning = serverIsRunning($rundir, $inst); - - for my $file (glob("$ldifdir/*.upgrade.ldif")) { - # assumes file name is backendname.upgrade.ldif - my $dbinst = basename($file, ".upgrade.ldif"); - @errs = importLDIF($conn, $file, $dbinst, $isrunning, $instdir); - if (@errs) { - return @errs; - } - # else ok - rename file so we don't try to import again - my $newfile = $file . ".importok"; - rename($file, $newfile); - } - - return (); -} - -sub startTaskAndWait { - my ($conn, $entry) = @_; - - my $dn = $entry->getDN(); - # start the task - $conn->add($entry); - my $rc; - if ($rc = $conn->getErrorCode()) { - debug(0, "Couldn't add entry $dn: " . $conn->getErrorString()); - return $rc; - } - - # wait for task completion - task is complete when the nsTaskExitCode attr is set - my @attrlist = qw(nsTaskLog nsTaskStatus nsTaskExitCode nsTaskCurrentItem nsTaskTotalItems); - my $done = 0; - my $exitCode = 0; - while (! $done) { - sleep 1; - $entry = $conn->search($dn, "base", "(objectclass=*)", 0, @attrlist); - if ($entry->exists('nsTaskExitCode')) { - $exitCode = $entry->getValues('nsTaskExitCode'); - $done = 1; - } else { - debug(1, $entry->getValues('nsTaskLog') . "\n"); - } - } - - return $exitCode; -} - -sub importLDIF { - my ($conn, $file, $be, $isrunning, $instdir, $rc) = @_; - - if ($isrunning) { - my $cn = "import" . time; - my $dn = "cn=$cn,cn=import,cn=tasks,cn=config"; - my $entry = new Mozilla::LDAP::Entry(); - $entry->setDN($dn); - $entry->setValues('objectclass', 'top', 'extensibleObject'); - $entry->setValues('cn', $cn); - $entry->setValues('nsFilename', $file); - $entry->setValues('nsInstance', $be); - $rc = startTaskAndWait($conn, $entry); - if ($rc) { - return ('error_import_check_log', $file, $be, $rc . ":" . $conn->getErrorString()); - } - } else { # server down - use ldif2db - $? = 0; # clear - if ($rc = system("$instdir/ldif2db -n $be -i $file > /dev/null 2>&1")) { - debug(0, "Could not import $file to database $be - check errors log\n"); - return ('error_import_check_log', $file, $be, $?); - } - } - - return (); -} diff --git a/ldap/admin/src/scripts/80upgradednformat.pl.in b/ldap/admin/src/scripts/80upgradednformat.pl.in deleted file mode 100644 index 2cb7b1a..0000000 --- a/ldap/admin/src/scripts/80upgradednformat.pl.in +++ /dev/null @@ -1,307 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use File::Basename; -use File::Copy; -use DSUpdate qw(isOffline); - -# Upgrade DN format if needed. -# For each backend instance, -# run upgradednformat with -N (dryrun mode), -# if it returns 0 (Upgrade candidates are found), -# recursively copy the instance dir to the work dir (dnupgrade) -# run upgradednformat w/o -N against the DB in the work dir -# if it went ok, replace the original instance dir with the work dir. -# Note: This script does nothing if the server is up. -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my @errs; - - my $config = "cn=config"; - my $config_entry = $conn->search($config, "base", "(cn=*)"); - if (!$config_entry) { - return ("error_no_configuration_entry", $!); - } - - # Check if the server is up or not - my $rc; - ($rc, @errs) = isOffline($inf, $inst, $conn); - if (!$rc) { - return @errs; - } - my $mappingtree = "cn=mapping tree,cn=config"; - my $ldbmbase = "cn=ldbm database,cn=plugins,cn=config"; - - my $backend_entry; - my $mtentry = $conn->search($mappingtree, "onelevel", "(cn=*)", 0, @attr); - if (!$mtentry) { - return (); - } - - my $db_config_entry = - $conn->search("cn=config,cn=ldbm database,cn=plugins,cn=config", - "base", "(objectclass=*)"); - if (!$db_config_entry) { - return ('error_finding_config_entry', - 'cn=config,cn=ldbm database,cn=plugins,cn=config', - $conn->getErrorString()); - } - # If subtree rename swich is not found in the config file, - # set off to the switch and upgrade dn format using entrydn. - my $switch = $db_config_entry->getValues('nsslapd-subtree-rename-switch'); - if ("" eq $switch) { - $db_config_entry->addValue('nsslapd-subtree-rename-switch', "off"); - $conn->update($db_config_entry); - } - - # If a suffix in the mapping tree is doube-quoted and - # the cn value has only the double-quoted value, e.g. - # dn: cn="dc=example,dc=com",cn=mapping tree,cn=config - # cn: "dc=example,dc=com" - # the following code adds non-quoted value: - # cn: dc=example,dc=com - while ($mtentry) { - my $numvals = $mtentry->size("cn"); - my $i; - my $withquotes = -1; - my $noquotes = -1; - for ($i = 0; $i < $numvals; $i++) { - if ($mtentry->{"cn"}[$i] =~ /^".*"$/) { - $withquotes = $i; - } else { - $noquotes = $i; - } - } - if ($withquotes >= 0 && $noquotes == -1) { - # Has only cn: "" - # Adding cn: - my $stripped = $mtentry->{"cn"}[$withquotes]; - $stripped =~ s/^"(.*)"$/$1/; - $mtentry->addValue("cn", $stripped); - $conn->update($mtentry); - } - $mtentry = $conn->nextEntry(); - } - - my $ldifdir = $config_entry->{"nsslapd-ldifdir"}[0]; - my $instancedir = $config_entry->{"nsslapd-instancedir"}[0]; - my ($slapd, $serverID) = split(/-/, $instancedir, 2); - my $upgradednformat = "@sbindir@/upgradednformat -Z $serverID"; - my $reindex = "@sbindir@/db2index -Z $serverID"; - - # Scan through all of the backends to see if any of them - # contain escape characters in the DNs. If we find any - # escapes, we need to run the conversion tool on that - # backend. - $backend_entry = $conn->search($ldbmbase, "onelevel", "(objectClass=nsBackendInstance)", 0, @attr); - if (!$backend_entry) { - return ("error_no_backend_entries", $!); - } - - while ($backend_entry) { - my $backend = $backend_entry->{"cn"}[0]; - my $dbinstdir = $backend_entry->{"nsslapd-directory"}[0]; - my $workdir = $dbinstdir . "/dnupgrade"; - my $dbdir = dirname($dbinstdir); - my $pdbdir = dirname($dbdir); - my $instname = basename($dbinstdir); - my $dn_norm_sp_txt = $ldifdir . "/" . $instname . "_dn_norm_sp.txt"; - - if ("$dbdir" eq "" || "$instname" eq "") { - push @errs, ["error_invalid_dbinst_dir", $dbinstdir]; - return @errs; - } - - # clean up db region files, which might contain the old pages - if ( -d $dbdir && -f $dbdir."/__db.001") { - unlink <$dbdir/__db.*>; - } - - my $escapes = 0; - my $rc = 0; - my $cmd = 0; - if ((-e "$dbinstdir/id2entry.db") || (-e "$dbinstdir/id2entry.db4")) { - # Check if any DNs contain escape characters with dbscan. - # dryrun mode - # return values: 0 -- need to upgrade dn format - # 1 -- no need to upgrade dn format - # -1 -- error - $cmd = "$upgradednformat -n $backend -a $dbinstdir -N"; - $rc = system("$cmd"); - if ($rc & 127) { - push @errs, [ 'error_running_command', $cmd, $rc, $! ]; - return @errs; - } - $escapes = $rc >> 8; -# $escapes == 0 ==> no need to do dn upgrade -# $escapes == 1 ==> need to do dn upgrade (both dn upgrade and spaces) -# $escapes == 2 ==> need to do dn upgrade (dn upgrade only) -# $escapes == 3 ==> need to do dn upgrade (dn upgrade spaces only) - if ($escapes <= 0) { - # already upgraded or an error occurred. - # check ancestorid to see if it has not-sorted ID list or not. - my $ancestorid = $dbinstdir . "/ancestorid.db4"; - if (!(-e "$ancestorid")) { - $ancestorid = $dbinstdir . "/ancestorid.db"; - } - if (-e "$ancestorid") { - my $disorder = 0; - open(ANCESTOR, "/usr/bin/dbscan -f $ancestorid -r |"); - while () { - if (!/^=[0-9]*/) { - chomp($_); - my @IDs = split(/ | /, $_); - # print "ID count: $#IDs\n"; - my $lasti = $#IDs; - for (my $i = 1; $i < $lasti; $i++) { - if ($IDs[$i] >= $IDs[$i + 1]) { - $disorder = 1; - last; - } - } - # print "Result: $disorder \n"; - if ($disorder) { - last; - } - } - } - close(ANCESTOR); - - # ancestorid index is in disorder; need to reindex it. - if ($disorder) { - print "The ancestorid index in $backend is in disorder; Reindexing $ancestorid.\n"; - $cmd = "$reindex -n $backend -t ancestorid"; - $rc = system("$cmd"); - if ($rc & 127) { - push @errs, [ 'error_running_command', $cmd, $rc, $! ]; - return @errs; - } - } - } - } else { - # need to upgrade dn format - $rc = 0; - - if (system("cd $pdbdir; tar cf - db/DBVERSION | (cd $dbinstdir; tar xf -)") || - system("cd $pdbdir; tar cf - db/$instname/DBVERSION | (cd $dbinstdir; tar xf -)") || - system("cd $pdbdir; tar cf - db/$instname/*.db* | (cd $dbinstdir; tar xf -)")) { - push @errs, [ "error_cant_backup_db", $backend, $! ]; - return @errs; - } - my @stat = stat("$dbdir"); - my $mode = $stat[2]; - my $uid = $stat[4]; - my $gid = $stat[5]; - - move("$dbinstdir/db", "$workdir"); - chmod($mode, $workdir); - chown($uid, $gid, $workdir); - - @stat = stat("$dbinstdir"); - $mode = $stat[2]; - $uid = $stat[4]; - $gid = $stat[5]; - - chmod($mode, "$workdir/$instname"); - chown($uid, $gid, "$workdir/$instname"); - - my $do_dn_norm_sp = 0; - if ((1 == $escapes) || (3 == $escapes)) { - # We are taking care of spaces in DN. - my $sorted = $dn_norm_sp_txt . ".sorted"; - $cmd = "sort $dn_norm_sp_txt"; - $rc = system("$cmd > $sorted"); - if ($rc) { - debug(1, "Error: $cmd failed - output $sorted: $!\n"); - push @errs, [ 'error_running_command', $cmd, $rc, $! ]; - return @errs; - } - # Create a work file from $sorted. - my $workfile = $sorted . ".work"; - # print "$sorted -> $workfile\n"; - - open(SORTEDFILE, "$sorted"); - open(WORKFILE, "> $workfile"); - my $prev_dn = ""; - my $prev_id = 0; - my $new = 1; - for (my $line = ; $line; $line = ) { - chomp($line); - my ($dn, $id) = split(":", $line, 2); - if ($dn eq $prev_dn) { - if ($new == 1) { - print WORKFILE "$prev_id:$id"; - $new = 0; - $do_dn_norm_sp = 1; # go ahead and fix it. - } else { - print WORKFILE " $id"; - } - } else { - if (0 == $new) { - print WORKFILE "\n"; - $new = 1; - } - } - $prev_dn = $dn; - $prev_id = $id; - } - close(WORKFILE); - close(SORTEDFILE); - unlink <$sorted>; - move("$dn_norm_sp_txt", "$dn_norm_sp_txt.orig"); - if ($do_dn_norm_sp) { - move("$workfile", "$dn_norm_sp_txt"); - # otherwise, we don't need $dn_norm_sp_txt - } - } else { - unlink <$dn_norm_sp_txt>; - } - - if ((1 == $escapes) || (2 == $escapes) || (3 == $escapes)) { - # call conversion tool here and get return status. - $cmd = "$upgradednformat -n $backend -a $workdir/$instname"; - $rc = system("$cmd"); - if ($rc & 127) { - push @errs, [ 'error_running_command', $cmd, $rc, $! ]; - return @errs; - } - $escapes = $rc >> 8; - } - if ((0 == $rc) || (1 == $escapes) || (3 == $escapes)) { - # success - move("$dbinstdir", "$dbinstdir.orig"); - move("$dbinstdir.orig/dnupgrade/$instname", "$dbinstdir"); - copy("$dbinstdir.orig/dnupgrade/DBVERSION", "$dbdir"); - if ((1 == $escapes) || (3 == $escapes)) { - $cmd = "$reindex -n $backend -t entryrdn"; - $rc = system("$cmd"); - if ($rc & 127) { - push @errs, [ 'error_running_command', $cmd, $rc, $! ]; - return @errs; - } - } - my $dn_norm_sp_txt = $ldifdir . "/" . $instname . "_dn_norm_sp.txt"; - my $conflict = $ldifdir . "/" . $instname . "_conflict.txt"; - system("echo prinary entry ID: duplicated entry IDs > $conflict"); - system("cat $dn_norm_sp_txt >> $conflict"); - print "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n"; - print "Duplicated DN(s) were found and renamed.\n"; - print "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n"; - print "Renamed entry IDs are listed in $conflict.\n"; - } else { - # Conversion failed. Cleanup and bail. - unlink <$dbinstdir/dnupgrade/$backend/*>; - rmdir("$dbinstdir/dnupgrade/$backend"); - unlink <$dbinstdir/dnupgrade/*>; - rmdir("$dbinstdir/dnupgrade"); - return ("error_cant_convert_db", $backend, $rc); - } - } - } - - $backend_entry = $conn->nextEntry(); - } - - return (); -} diff --git a/ldap/admin/src/scripts/81changelog.pl b/ldap/admin/src/scripts/81changelog.pl deleted file mode 100644 index b1e399a..0000000 --- a/ldap/admin/src/scripts/81changelog.pl +++ /dev/null @@ -1,34 +0,0 @@ -use Mozilla::LDAP::Conn; -use DSUpdate qw(isOffline); - -# Cleanup local changelog db -# If changelog db exists, run db_checkpoint to flush the transaction logs. -# Then, remove the local region files and transaction logs. -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my @errs, $rc; - - my $config = "cn=changelog5,cn=config"; - my $config_entry = $conn->search($config, "base", "(cn=*)"); - if (!$config_entry) { - # cn=changelog5 does not exist; not a master. - return (); - } - # First, check if the server is up or down. - ($rc, @errs) = isOffline($inf, $inst, $conn); - if (!$rc) { - return @errs; - } - my $changelogdir = $config_entry->getValues('nsslapd-changelogdir'); - - # Run db_checkpoint - system("/usr/bin/db_checkpoint -h $changelogdir -1"); - - # Remove old db region files and transaction logs - system("rm -f $changelogdir/__db.*"); - system("rm -f $changelogdir/log.*"); - system("rm -f $changelogdir/guardian"); - - return (); -} diff --git a/ldap/admin/src/scripts/82targetuniqueidindex.pl b/ldap/admin/src/scripts/82targetuniqueidindex.pl deleted file mode 100644 index a0bffe6..0000000 --- a/ldap/admin/src/scripts/82targetuniqueidindex.pl +++ /dev/null @@ -1,52 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use DSUpdate qw(isOffline); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my $rc, @errs; - - my $config = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$config) { - push @errs, ['error_finding_config_entry', 'cn=config', - $conn->getErrorString()]; - return @errs; - } - - ($rc, @errs) = isOffline($inf, $inst, $conn); - if (!$rc) { - return @errs; - } - - my $retrocldb = $conn->search("cn=changelog,cn=ldbm database,cn=plugins,cn=config", "base", "(objectclass=*)"); - if (!$retrocldb) { - return (); # retrocl is not enabled; do nothing - } - - my $indexdn = "cn=targetuniqueid,cn=index,cn=changelog,cn=ldbm database,cn=plugins,cn=config"; - my $targetuiniqidindex = $conn->search($indexdn, "base", "(objectclass=*)"); - if ($targetuiniqidindex) { - return (); # targetuiniqidindex is alredy defined; do nothing - } - - # add the targetuniqeid index to the retrocl backend - - my $entry = new Mozilla::LDAP::Entry(); - $entry->setDN($indexdn); - $entry->setValues('objectclass', 'top', 'nsIndex'); - $entry->setValues('cn', 'targetuniqueid'); - $entry->setValues('nsSystemIndex', 'false'); - $entry->setValues('nsIndexType', 'eq'); - $conn->add($entry); - - # reindex targetuniquueid - my $instancedir = $config->getValues('nsslapd-instancedir'); - my $reindex = $instancedir . "/db2index"; - - my $rc = system("$reindex -n changelog -t targetuniqeid"); - - - return @errs; -} diff --git a/ldap/admin/src/scripts/90subtreerename.pl b/ldap/admin/src/scripts/90subtreerename.pl deleted file mode 100644 index 6c90f0d..0000000 --- a/ldap/admin/src/scripts/90subtreerename.pl +++ /dev/null @@ -1,57 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use DSUpdate qw(isOffline); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my $rc, @errs; - - ($rc, @errs) = isOffline($inf, $inst, $conn); - if (!$rc) { - return @errs; - } - - my $ent0 = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$ent0) { - return ('error_finding_config_entry', 'cn=config', - $conn->getErrorString()); - } - - my $ent1 = $conn->search("cn=config,cn=ldbm database,cn=plugins,cn=config", - "base", "(objectclass=*)"); - if (!$ent1) { - return ('error_finding_config_entry', - 'cn=config,cn=ldbm database,cn=plugins,cn=config', - $conn->getErrorString()); - } - - # Get the value of nsslapd-subtree-rename-switch. - my $need_update = 0; - my $switch = $ent1->getValues('nsslapd-subtree-rename-switch'); - if ("" eq $switch) { - $ent1->addValue('nsslapd-subtree-rename-switch', "on"); - $need_update = 1; - } elsif ("off" eq $switch || "OFF" eq $switch) { - $ent1->setValues('nsslapd-subtree-rename-switch', "on"); - $need_update = 1; - $conn->update($ent1); - } - - if (1 == $need_update) { - $conn->update($ent1); - # Convert the database format from entrydn to entryrdn - my $instdir = $ent0->getValue('nsslapd-instancedir'); - my $prog = $instdir . "/dn2rdn"; - my $output = `$prog 2>&1`; - my $stat = $?; - - if (0 != $stat) { - $ent1->setValues('nsslapd-subtree-rename-switch', "off"); - $conn->update($ent1); - } - } - - return (); -} diff --git a/ldap/admin/src/scripts/91reindex.pl.in b/ldap/admin/src/scripts/91reindex.pl.in deleted file mode 100644 index 99b08e3..0000000 --- a/ldap/admin/src/scripts/91reindex.pl.in +++ /dev/null @@ -1,103 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use DSUpdate qw(isOffline); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - my $rc, @errs; - - # List of index to be reindexed - my @toreindex = qw(parentid); - # rdn-format value. See $rdn_format set below. - # If equal to or greater than this value, no need to reindex. - # If it needs to be unconditionally reindexed, set 0. - my @rdnconditions = (4); - - my $config = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$config) { - push @errs, ['error_finding_config_entry', 'cn=config', - $conn->getErrorString()]; - return @errs; - } - - ($rc, @errs) = isOffline($inf, $inst, $conn); - if (!$rc) { - return @errs; - } - - my $reindex = "@sbindir@/db2index -Z $inst"; - my @errs; - my $instconf = $conn->search("cn=ldbm database,cn=plugins,cn=config", "onelevel", "(objectclass=*)"); - if (!$instconf) { - push @errs, ['error_finding_config_entry', 'cn=*,cn=ldbm database,cn=plugins,cn=config', $conn->getErrorString()]; - return @errs; - } - - my $dbconf = $conn->search("cn=config,cn=ldbm database,cn=plugins,cn=config", "base", "(objectclass=*)"); - if (!$dbconf) { - push @errs, ['error_finding_config_entry', - 'cn=config,cn=ldbm database,cn=plugins,cn=config', - $conn->getErrorString()]; - return @errs; - } - - # Get the value of nsslapd-subtree-rename-switch. - my $switch = $dbconf->getValues('nsslapd-subtree-rename-switch'); - if ("" eq $switch) { - return (); # subtree-rename-switch does not exist; do nothing. - } elsif ("off" eq $switch || "OFF" eq $switch) { - return (); # subtree-rename-switch is OFF; do nothing. - } - - my $dbdir = $dbconf->getValues('nsslapd-directory'); - my $dbversion0 = $dbdir . "/DBVERSION"; - my $rdn_format = 0; - my $dbversionstr = ""; - if (!open(DBVERSION, "$dbversion0")) { - push @errs, ['error_opening_file', $dbversion0, $!]; - return @errs; - } else { - while () { - if ($_ =~ /rdn-format/) { - $rdn_format = 1; - $dbversionstr = $_; - if ($_ =~ /rdn-format-1/) { - $rdn_format = 2; - } elsif ($_ =~ /rdn-format-2/) { - $rdn_format = 3; - } elsif ($_ =~ /rdn-format-3/) { - $rdn_format = 4; - } elsif ($_ =~ /rdn-format-4/) { - $rdn_format = 5; - } elsif ($_ =~ /rdn-format-5/) { - $rdn_format = 6; - } elsif ($_ =~ /rdn-format-/) { - # assume greater than -5 - $rdn_format = 7; - } - } - } - close DBVERSION; - } - - while ($instconf) { - my $backend= $instconf->getValues('cn'); - if (($backend eq "config") || ($backend eq "monitor")) { - goto NEXT; - } - - for (my $idx = 0; $ <= $#toreindex; $idx++) { - if (0 == $rdnconditions[$idx] || $rdnconditions[$idx] > $rdn_format) { - my $rc = system("$reindex -n $backend -t $idx"); - if ($rc) { - push @errs, ["error_reindexng", $idx, $backend, $rc]; - } - } - } -NEXT: - $instconf = $conn->nextEntry(); - } - - return @errs; -} diff --git a/ldap/admin/src/scripts/91subtreereindex.pl b/ldap/admin/src/scripts/91subtreereindex.pl deleted file mode 100644 index c4b40a3..0000000 --- a/ldap/admin/src/scripts/91subtreereindex.pl +++ /dev/null @@ -1,152 +0,0 @@ -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn); -use DSUpdate qw(isOffline); - -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; - - my $rc, @errs; - - my $config = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$config) { - push @errs, ['error_finding_config_entry', 'cn=config', - $conn->getErrorString()]; - return @errs; - } - - ($rc, @errs) = isOffline($inf, $inst, $conn); - if (!$rc) { - return @errs; - } - - my $dbconf = $conn->search("cn=config,cn=ldbm database,cn=plugins,cn=config", "base", "(objectclass=*)"); - if (!$dbconf) { - push @errs, ['error_finding_config_entry', - 'cn=config,cn=ldbm database,cn=plugins,cn=config', - $conn->getErrorString()]; - return @errs; - } - - # Get the value of nsslapd-subtree-rename-switch. - my $switch = $dbconf->getValues('nsslapd-subtree-rename-switch'); - if ("" eq $switch) { - return (); # subtree-rename-switch does not exist; do nothing. - } elsif ("off" eq $switch || "OFF" eq $switch) { - return (); # subtree-rename-switch is OFF; do nothing. - } - - my $dbdir = $dbconf->getValues('nsslapd-directory'); - my $dbversion0 = $dbdir . "/DBVERSION"; - my $is_rdn_format = 0; - my $dbversionstr = ""; - if (!open(DBVERSION, "$dbversion0")) { - push @errs, ['error_opening_file', $dbversion0, $!]; - return @errs; - } else { - while () { - if ($_ =~ /rdn-format/) { - $is_rdn_format = 1; - $dbversionstr = $_; - if ($_ =~ /rdn-format-1/) { - $is_rdn_format = 2; - } - elsif ($_ =~ /rdn-format-2/) { - $is_rdn_format = 3; - } - elsif ($_ =~ /rdn-format-/) { - # assume greater than -2 - $is_rdn_format = 4; - } - } - } - close DBVERSION; - - if (3 <= $is_rdn_format) { - return (); # DB already has the new rdn format. - } - - if (0 == $is_rdn_format) { - push @errs, ['error_format_error', 'database']; - return @errs; - } - } - - my $instconf = $conn->search("cn=ldbm database,cn=plugins,cn=config", "onelevel", "(objectclass=*)"); - if (!$instconf) { - push @errs, ['error_finding_config_entry', - 'cn=*,cn=ldbm database,cn=plugins,cn=config', - $conn->getErrorString()]; - return @errs; - } - - my $instancedir = $config->getValues('nsslapd-instancedir'); - my $reindex = $instancedir . "/db2index"; - - while ($instconf) { - my $backend= $instconf->getValues('cn'); - if (($backend eq "config") || ($backend eq "monitor")) { - goto NEXT; - } - my $instdbdir = $instconf->getValues('nsslapd-directory'); - my $dbversion1 = $instdbdir . "/DBVERSION"; - if (!open(DBVERSION, "$dbversion1")) { - push @errs, ['error_opening_file', $dbversion1, $!]; - goto NEXT; - } else { - my $versionstr = ""; - while () { - if ($_ =~ /rdn-format/) { - $is_rdn_format = 1; - $versionstr = $_; - if ($_ =~ /rdn-format-1/) { - $is_rdn_format = 2; - } - if ($_ =~ /rdn-format-2/) { - $is_rdn_format = 3; - } - } - } - close DBVERSION; - - if (3 == $is_rdn_format) { - # DB already has the new rdn format. - goto NEXT; - } - - if (0 == $is_rdn_format) { - push @errs, ['error_format_error', $instdbdir]; - goto NEXT; - } - - # reindex entryrdn - my $rc = system("$reindex -n $backend -t entryrdn"); - - # update instance DBVERSION file - if ($versionstr ne "") { - if (!open(DBVERSION, "> $dbversion1")) { - push @errs, ['error_opening_file', $dbversion1, $!]; - } else { - $versionstr =~ s,rdn\-format\-1/,rdn\-format\-2/,; - $versionstr =~ s,rdn\-format/,rdn\-format\-2/,; - print DBVERSION $versionstr; # not chomp'd above, already has newline - close DBVERSION; - } - } - } -NEXT: - $instconf = $conn->nextEntry(); - } - - # update main DBVERSION file - if (!open(DBVERSION, "> $dbversion0")) { - push @errs, ['error_opening_file', $dbversion0, $!]; - } else { - $dbversionstr =~ s,rdn\-format\-1/,rdn\-format\-2/,; - $dbversionstr =~ s,rdn\-format/,rdn\-format\-2/,; - print DBVERSION $dbversionstr; # not chomp'd above, already has newline - close DBVERSION; - } - - return @errs; -} diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in deleted file mode 100644 index a2f15f9..0000000 --- a/ldap/admin/src/scripts/DSCreate.pm.in +++ /dev/null @@ -1,1556 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -########################### -# -# This perl module provides a way to create a new instance of -# directory server. -# -########################## - -package DSCreate; -use DSUtil; -use Inf; -use FileConn; -use Config; - -use Sys::Hostname; -# tempfiles -use File::Temp qw(tempfile tempdir); -use File::Path; -use File::Copy; -use File::Basename qw(basename dirname); -use POSIX qw(:errno_h); - -# load perldap -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(ldap_explode_dn); -use Mozilla::LDAP::LDIF; - -use POSIX ":sys_wait_h"; - -use Exporter; -@ISA = qw(Exporter); -@EXPORT = qw(createDSInstance removeDSInstance setDefaults createInstanceScripts - makeOtherConfigFiles installSchema updateSelinuxPolicy updateTmpfilesDotD - get_initconfigdir updateSystemD makeDSDirs); -@EXPORT_OK = qw(createDSInstance removeDSInstance setDefaults createInstanceScripts - makeOtherConfigFiles installSchema updateSelinuxPolicy updateTmpfilesDotD - get_initconfigdir updateSystemD makeDSDirs); - -use strict; - -use SetupLog; - -sub get_initconfigdir { - my $prefix = shift; - - # determine initconfig_dir - if (getLogin eq 'root') { - return "$prefix@initconfigdir@"; - } else { - return "$ENV{HOME}/.@package_name@"; - } -} - -sub checkPort { - my $inf = shift; - - # allow port 0 if ldapi is used - if ("@enable_ldapi@") { - if ($inf->{slapd}->{ldapifilepath} && - ($inf->{slapd}->{ServerPort} == 0)) { - return (); - } - } - - if ($inf->{slapd}->{ServerPort} !~ /^\d+$/) { - return ('error_port_invalid', $inf->{slapd}->{ServerPort}); - } - if (!portAvailable($inf->{slapd}->{ServerPort})) { - return ('error_port_available', $inf->{slapd}->{ServerPort}, $!); - } - - return (); -} - -# checks the parameters in $inf to make sure the supplied values -# are valid -# returns null if successful, or an error string for use with getText() -sub sanityCheckParams { - my $inf = shift; - my @errs = (); - - # if we don't need to start the server right away, we can skip the - # port number checks - if (!defined($inf->{slapd}->{start_server}) or - ($inf->{slapd}->{start_server} == 1)) { - - if (@errs = checkPort($inf)) { - return @errs; - } - } - - if($inf->{slapd}->{ServerIdentifier} eq "admin"){ - return ('error_reserved_serverid' ,"admin"); - } elsif (!isValidServerID($inf->{slapd}->{ServerIdentifier})) { - return ('error_invalid_serverid', $inf->{slapd}->{ServerIdentifier}); - } elsif (-d $inf->{slapd}->{config_dir}) { - return ('error_server_already_exists', $inf->{slapd}->{config_dir}); - } - - if (@errs = isValidUser($inf->{General}->{SuiteSpotUserID})) { - return @errs; - } - - if (@errs = isValidGroup($inf->{General}->{SuiteSpotGroup})) { - return @errs; - } - - if (!isValidDN($inf->{slapd}->{Suffix})) { - return ('dialog_dssuffix_error', $inf->{slapd}->{Suffix}); - } - - if (!isValidDN($inf->{slapd}->{RootDN})) { - return ('dialog_dsrootdn_error', $inf->{slapd}->{RootDN}); - } - - if ($inf->{slapd}->{RootDNPwd} =~ /^\{\w+\}.+/) { - debug(1, "The root password is already hashed - no checking will be performed\n"); - } elsif (length($inf->{slapd}->{RootDNPwd}) < 8) { - debug(0, "WARNING: The root password is less than 8 characters long. You should choose a longer one.\n"); - } - - $inf->{General}->{StrictHostCheck} = lc $inf->{General}->{StrictHostCheck}; - - if ("true" ne $inf->{General}->{StrictHostCheck} && "false" ne $inf->{General}->{StrictHostCheck}) { - debug(1, "StrictHostCheck is not a valid boolean"); - return ('error_invalid_boolean', $inf->{General}->{StrictHostCheck}); - } - - if ($inf->{General}->{StrictHostCheck} eq "true" ) { - if (@errs = checkHostname($inf->{General}->{FullMachineName}, 0)) { - debug(1, @errs); - return @errs; - } - } - - # We need to make sure this value is lowercase - $inf->{slapd}->{InstScriptsEnabled} = lc $inf->{slapd}->{InstScriptsEnabled}; - - if ("true" ne $inf->{slapd}->{InstScriptsEnabled} && "false" ne $inf->{slapd}->{InstScriptsEnabled}) { - debug(1, "InstScriptsEnabled is not a valid boolean"); - return ('error_invalid_boolean', $inf->{slapd}->{InstScriptsEnabled}); - } - - - return (); -} - -sub getMode { - my $inf = shift; - my $mode = shift; - my $rest = shift; - if (!$rest) { - $rest = "0"; - } - if (defined($inf->{General}->{SuiteSpotGroup})) { - $mode = "0" . $mode . $mode . $rest; - } else { - $mode = "0" . $mode . $rest . $rest; - } - - return oct($mode); -} - -# This is used to change the ownership and permissions of files and directories -# The mode is just a single digit octal number (e.g. 4 6 7) -# If there is a group, the ownership and permissions will allow group access -# otherwise, only the owner will be allowed access -sub changeOwnerMode { - my $inf = shift; - my $mode = shift; - my $it = shift; - my $gidonly = shift; - my $othermode = shift; - - my $uid = getpwnam $inf->{General}->{SuiteSpotUserID}; - my $gid = -1; # default to leave it alone - my $mode_string = ""; - - if (defined($inf->{General}->{SuiteSpotGroup})) { - $gid = getgrnam $inf->{General}->{SuiteSpotGroup}; - } - - $mode = getMode($inf, $mode, $othermode); - - $! = 0; # clear errno - chmod $mode, $it; - if ($!) { - return ('error_chmoding_file', $it, $!); - } - - $mode_string = sprintf "%lo", $mode; - debug(1, "changeOwnerMode: changed mode of $it to $mode_string\n"); - - $! = 0; # clear errno - if ( $gidonly ) { - chown -1, $gid, $it; - } else { - chown $uid, $gid, $it; - } - if ($!) { - return ('error_chowning_file', $it, $inf->{General}->{SuiteSpotUserID}, $!); - } - - if ( $gidonly ) { - debug(1, "changeOwnerMode: changed group ownership of $it to group $gid\n"); - } else { - debug(1, "changeOwnerMode: changed ownership of $it to user $uid group $gid\n"); - } - - return (); -} - -sub makeDSDirs { - my $inf = shift; - my $verbose = ($DSUtil::debuglevel > 0); - my $mode = getMode($inf, 7); - my @errs; - - my @dsdirs = qw(config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_home_dir db_dir ldif_dir bak_dir); - if ($inf->{slapd}->{InstScriptsEnabled} eq "true") { - @dsdirs = qw(inst_dir config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_home_dir db_dir ldif_dir bak_dir); - } - - # These paths are owned by the SuiteSpotGroup - # This allows the admin server to run as a different, - # more privileged user than the directory server, but - # still allows the admin server to manage directory - # server files/dirs without being root - for my $kw (@dsdirs) { - my $dir = $inf->{slapd}->{$kw}; - @errs = makePaths($dir, $mode, $inf->{General}->{SuiteSpotUserID}, - $inf->{General}->{SuiteSpotGroup}); - if (@errs) { - return @errs; - } - } - # run_dir is a special case because it is usually shared among - # all instances and the admin server - # all instances must be able to write to it - # if the SuiteSpotUserID is root or 0, we can just skip - # this because root will have access to it - we really - # shouldn't be using root anyway, primarily just for - # legacy migration support - # if there are two different user IDs that need access - # to this directory, then SuiteSpotGroup must be defined, - # and both users must be members of the SuiteSpotGroup - if (($inf->{General}->{SuiteSpotUserID} eq 'root') || - (defined($inf->{General}->{SuiteSpotUserID}) && - ($inf->{General}->{SuiteSpotUserID} =~ /^0$/))) { - # skip - debug(3, "Root user " . $inf->{General}->{SuiteSpotUserID} . " already has access to $inf->{slapd}->{run_dir} - skipping\n"); - } else { - my $dir = $inf->{slapd}->{run_dir}; - # rwx by user only, or by user & group if a group is defined. Also only change the group ownership. - @errs = changeOwnerMode($inf, 7, $dir, 1); - debug(3, "\t" . `/bin/ls -ld $dir`); - } - # set the group of the parent dir of config_dir and inst_dir - if (defined($inf->{General}->{SuiteSpotGroup})) { - for my $kw (qw(inst_dir config_dir)) { - my $dir = $inf->{slapd}->{$kw}; - my $parent = dirname($dir); - # changeOwnerMode(inf, mode, file, gidonly, othermode); - @errs = changeOwnerMode($inf, 7, $parent, 1, 5); - if (@errs) { - return @errs; - } - } - } - - return @errs; -} - -sub createInstanceScripts { - my $inf = shift; - my $skip = shift; - my $perlexec = "@perlexec@" || "/usr/bin/env perl"; - my $myperl = "!$perlexec"; - my $mydevnull = (-c "/dev/null" ? " /dev/null " : " NUL "); - - # If we have InstScriptsEnabled, we likely have setup.inf or the argument. - # However, during an upgrade, we need to know if we should upgrade the template files or not. - # For now, the easiest way is to check to if the directory exists, and if is does, we assume we want to upgrade / create the updated scripts. - if ($inf->{slapd}->{InstScriptsEnabled} eq "true" || -d $inf->{slapd}->{inst_dir} ) { - debug(1, "Creating or updating instance directory scripts\n"); - # determine initconfig_dir - my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir($inf->{General}->{prefix}); - - my %maptable = ( - "DS-ROOT" => $inf->{General}->{prefix}, - "SEP" => "/", # works on all platforms - "SERVER-NAME" => $inf->{General}->{FullMachineName}, - "SERVER-PORT" => $inf->{slapd}->{ServerPort}, - "PERL-EXEC" => $myperl, - "DEV-NULL" => $mydevnull, - "ROOT-DN" => $inf->{slapd}->{RootDN}, - "LDIF-DIR" => $inf->{slapd}->{ldif_dir}, - "SERV-ID" => $inf->{slapd}->{ServerIdentifier}, - "BAK-DIR" => $inf->{slapd}->{bak_dir}, - "SERVER-DIR" => $inf->{General}->{ServerRoot}, - "CONFIG-DIR" => $inf->{slapd}->{config_dir}, - "INITCONFIG-DIR" => $initconfig_dir, - "INST-DIR" => $inf->{slapd}->{inst_dir}, - "RUN-DIR" => $inf->{slapd}->{run_dir}, - "PRODUCT-NAME" => "slapd", - "SERVERBIN-DIR" => $inf->{slapd}->{sbindir}, - "DB-DIR" => $inf->{slapd}->{db_dir}, - "DB-HOME-DIR" => $inf->{slapd}->{db_home_dir} - ); - - - my $dir = "$inf->{General}->{prefix}@taskdir@"; - for my $file (glob("$dir/template-*")) { - my $basename = $file; - $basename =~ s/^.*template-//; - my $destfile = "$inf->{slapd}->{inst_dir}/$basename"; - debug(1, "$destfile\n"); - - next if ($skip and -f $destfile); # in skip mode, skip files that already exist - - if (!open(SRC, "< $file")) { - return ("error_opening_scripttmpl", $file, $!); - } - if (!open(DEST, "> $destfile")) { - return ("error_opening_scripttmpl", $destfile, $!); - } - my $contents; # slurp entire file into memory - read SRC, $contents, int(-s $file); - close(SRC); - while (my ($key, $val) = each %maptable) { - $contents =~ s/\{\{$key\}\}/$val/g; - } - print DEST $contents; - close(DEST); - my @errs = changeOwnerMode($inf, 5, $destfile); - if (@errs) { - return @errs; - } - } - } else { - debug(1, "No instance directory scripts will be updated or created\n"); - } - - return (); -} - -sub createConfigFile { - my $inf = shift; - my $conffile = "$inf->{slapd}->{config_dir}/dse.ldif"; - my $conn = new FileConn; - my @errs; - - # first, create the basic config - my $mapper = new Inf("$inf->{General}->{prefix}@infdir@/dscreate.map"); - my $dsinf = new Inf("$inf->{General}->{prefix}@infdir@/slapd.inf"); - if (!$inf->{slapd}->{ds_bename}) { - $inf->{slapd}->{ds_bename} = "userRoot"; # for suffix-db - } - $mapper = process_maptbl($mapper, \@errs, $inf, $dsinf); - if (!$mapper or @errs) { - $conn->close(); - if (!@errs) { - @errs = ('error_creating_file', $conffile, $!); - } - return @errs; - } - - my @ldiffiles = ("$inf->{General}->{prefix}@templatedir@/template-dse.ldif", - "$inf->{General}->{prefix}@templatedir@/template-suffix-db.ldif", - "$inf->{General}->{prefix}@templatedir@/template-sasl.ldif"); - - # additional configuration LDIF files - if (exists($inf->{slapd}->{ConfigFile})) { - if (ref($inf->{slapd}->{ConfigFile})) { - push @ldiffiles, @{$inf->{slapd}->{ConfigFile}}; - } else { - push @ldiffiles, $inf->{slapd}->{ConfigFile}; - } - } - - getMappedEntries($mapper, \@ldiffiles, \@errs, \&check_and_add_entry, - [$conn]); - - if (@errs) { - $conn->close(); - return @errs; - } - - if ("@enable_ldapi@") { - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - if (defined($inf->{slapd}->{ldapifilepath})) { - $ent->setValues("nsslapd-ldapifilepath", $inf->{slapd}->{ldapifilepath}); - $ent->setValues("nsslapd-ldapilisten", "on"); - } else { - my $parent = dirname($inf->{slapd}->{run_dir}); - $ent->setValues("nsslapd-ldapifilepath", - "$parent/slapd-$inf->{slapd}->{ServerIdentifier}.socket"); - $ent->setValues("nsslapd-ldapilisten", "off"); - } - if ("@enable_autobind@") { - $ent->setValues("nsslapd-ldapiautobind", "off"); - $ent->setValues("nsslapd-ldapimaprootdn", $inf->{slapd}->{RootDN}); - $ent->setValues("nsslapd-ldapimaptoentries", "off"); - $ent->setValues("nsslapd-ldapiuidnumbertype", "uidNumber"); - $ent->setValues("nsslapd-ldapigidnumbertype", "gidNumber"); - $ent->setValues("nsslapd-ldapientrysearchbase", $inf->{slapd}->{Suffix}); - if ("@enable_auto_dn_suffix@") { - $ent->setValues("nsslapd-ldapiautodnsuffix", "cn=peercred,cn=external,cn=auth"); - } - } - $ent->setValues("nsslapd-defaultNamingContext", $inf->{slapd}->{Suffix}); - if (!$conn->update($ent)) { - $conn->close(); - return ("error_enabling_feature", "ldapi", $conn->getErrorString()); - } - } - - if ($inf->{slapd}->{sasl_path}) { - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - $ent->setValues("nsslapd-saslpath", $inf->{slapd}->{sasl_path}); - if (!$conn->update($ent)) { - $conn->close(); - return ("error_enabling_feature", "sasl_path", $conn->getErrorString()); - } - } - - if (!$conn->write($conffile)) { - $conn->close(); - return ("error_writing_ldif", $conffile, $!); - } - $conn->close(); - - if (@errs = changeOwnerMode($inf, 6, $conffile)) { - return @errs; - } - # make a copy - my $origconf = "$inf->{slapd}->{config_dir}/dse_original.ldif"; - $! = 0; # clear errno - copy($conffile, $origconf); - if ($!) { - return ('error_copying_file', $conffile, $origconf, $!); - } - if (@errs = changeOwnerMode($inf, 4, $origconf)) { - return @errs; - } - - return @errs; -} - -sub makeOtherConfigFiles { - my $inf = shift; - my $skip = shift; - my @errs; - my %maptable = ( - "DS-ROOT" => $inf->{General}->{prefix}, - "SERVER-DIR" => $inf->{General}->{ServerRoot}, - "CONFIG-DIR" => $inf->{slapd}->{config_dir}, - "INST-DIR" => $inf->{slapd}->{inst_dir}, - "RUN-DIR" => $inf->{slapd}->{run_dir}, - "PRODUCT-NAME" => "slapd", - "SERVERBIN-DIR" => $inf->{slapd}->{sbindir}, - ); - - # install certmap.conf at - my $src = "$inf->{General}->{prefix}@configdir@/certmap.conf"; - my $dest = "$inf->{slapd}->{config_dir}/certmap.conf"; - $! = 0; # clear errno - - #in skip mode, skip files that already exist - unless ($skip and -f $dest) { - copy($src, $dest); - if ($!) { - return ('error_copying_file', $src, $dest, $!); - } - if (@errs = changeOwnerMode($inf, 4, $dest)) { - return @errs; - } - } - - $src = "$inf->{General}->{prefix}@configdir@/slapd-collations.conf"; - $dest = "$inf->{slapd}->{config_dir}/slapd-collations.conf"; - - $! = 0; # clear errno - - #in skip mode, skip files that already exist - unless ($skip and -f $dest) { - copy($src, $dest); - if ($!) { - return ('error_copying_file', $src, $dest, $!); - } - if (@errs = changeOwnerMode($inf, 4, $dest)) { - return @errs; - } - } - - # determine initconfig_dir - my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir($inf->{General}->{prefix}); - - # install instance specific initconfig script - $src = "$inf->{General}->{prefix}@configdir@/template-initconfig"; - $dest = "$initconfig_dir/@package_name@-$inf->{slapd}->{ServerIdentifier}"; - - $! = 0; # clear errno - - # in skip mode, skip files that already exist - unless ($skip and -f $dest) { - if (!open(SRC, "< $src")) { - return ("error_opening_scripttmpl", $src, $!); - } - if (!open(DEST, "> $dest")) { - return ("error_opening_scripttmpl", $dest, $!); - } - my $contents; # slurp entire file into memory - read SRC, $contents, int(-s $src); - close(SRC); - while (my ($key, $val) = each %maptable) { - $contents =~ s/\{\{$key\}\}/$val/g; - } - print DEST $contents; - close(DEST); - if (@errs = changeOwnerMode($inf, 4, $dest)) { - return @errs; - } - } - - return (); -} - -sub installSchema { - my $inf = shift; - my $skip = shift; - my @errs; - my @schemafiles = (); - if (!defined($inf->{slapd}->{install_full_schema}) or - $inf->{slapd}->{install_full_schema}) { - push @schemafiles, glob("$inf->{General}->{prefix}@schemadir@/*"); - } else { - push @schemafiles, "$inf->{General}->{prefix}@schemadir@/00core.ldif", - "$inf->{General}->{prefix}@schemadir@/01core389.ldif"; - } - - # additional schema files - if (exists($inf->{slapd}->{SchemaFile})) { - if (ref($inf->{slapd}->{SchemaFile})) { - push @schemafiles, @{$inf->{slapd}->{SchemaFile}}; - } else { - push @schemafiles, $inf->{slapd}->{SchemaFile}; - } - } - for my $file (@schemafiles) { - my $src = $file; - my $basename = basename($src); - my $dest = "$inf->{slapd}->{schema_dir}/$basename"; - - next if ($skip and -f $dest); # skip files that already exist - - $! = 0; # clear errno - copy($src, $dest); - if ($!) { - return ('error_copying_file', $src, $dest, $!); - } - my $mode = 4; # default read only - if ($basename eq "99user.ldif") { - $mode = 6; # read write - } - if (@errs = changeOwnerMode($inf, $mode, $dest)) { - return @errs; - } - } - - return (); -} - -# maps the suffix attr to the filename to use -my %suffixTable = ( - 'o' => "@templatedir@/template-org.ldif", - 'dc' => "@templatedir@/template-domain.ldif", - 'ou' => "@templatedir@/template-orgunit.ldif", - 'st' => "@templatedir@/template-state.ldif", - 'l' => "@templatedir@/template-locality.ldif", - 'c' => "@templatedir@/template-country.ldif" -); - -sub initDatabase { - my $inf = shift; - my $istempldif = 0; - # If the user has specified an LDIF file to use to initialize the database, - # load it now - my $ldiffile = $inf->{slapd}->{InstallLdifFile}; - if ($ldiffile =~ /none/i) { - debug(1, "No ldif file or org entries specified - no initial database will be created\n"); - return (); - } elsif ($ldiffile && ($ldiffile !~ /suggest/i)) { - debug(1, "Loading initial ldif file $ldiffile\n"); - if (! -r $ldiffile) { - return ('error_opening_init_ldif', $ldiffile); - } - } elsif (($inf->{slapd}->{Suffix} =~ /^(.*?)=/) && $suffixTable{$1}) { - my @errs; - my $template = $inf->{General}->{prefix} . $suffixTable{$1}; - my $mapper = new Inf("$inf->{General}->{prefix}@infdir@/dsorgentries.map"); - my $dsinf = new Inf("$inf->{General}->{prefix}@infdir@/slapd.inf"); - my @rdns = ldap_explode_dn($inf->{slapd}->{Suffix}, 1); - $inf->{slapd}->{naming_value} = $rdns[0]; - $mapper = process_maptbl($mapper, \@errs, $inf, $dsinf); - if (!$mapper or @errs) { - return @errs; - } - - my @ldiffiles = ($template, "$inf->{General}->{prefix}@templatedir@/template-baseacis.ldif"); - # default is to create org entries unless explicitly set to none - if (!exists($inf->{slapd}->{InstallLdifFile}) or - ($inf->{slapd}->{InstallLdifFile} =~ /suggest/i)) { - push @ldiffiles, "$inf->{General}->{prefix}@templatedir@/template.ldif"; - } - - my ($fh, $templdif) = tempfile("ldifXXXXXX", SUFFIX => ".ldif", OPEN => 0, - DIR => File::Spec->tmpdir); - if (!$templdif) { - return ('error_creating_templdif', $!); - } - my $conn = new FileConn; - $conn->setNamingContext($inf->{slapd}->{Suffix}); - getMappedEntries($mapper, \@ldiffiles, \@errs, \&check_and_add_entry, - [$conn]); - if (@errs) { - $conn->close(); - return @errs; - } - if (!$conn->write($templdif)) { - $conn->close(); - return ('error_writing_ldif', $templdif, $!); - } - $conn->close(); - if (@errs) { - return @errs; - } - if (@errs = changeOwnerMode($inf, 4, $templdif)) { - unlink($ldiffile); - return @errs; - } - # $templdif now contains the ldif to import - $ldiffile = $templdif; - $istempldif = 1; - } - if (!$ldiffile) { - return (); - } - - my $cmd = "$inf->{slapd}->{sbindir}/ldif2db -Z $inf->{slapd}->{ServerIdentifier} -n $inf->{slapd}->{ds_bename} -i \'$ldiffile\'"; - $? = 0; # clear error condition - my $output = `$cmd 2>&1`; - my $result = $?; - if ($istempldif) { - unlink($ldiffile); - } - if ($result) { - return ('error_importing_ldif', $ldiffile, $result, $output); - } - - debug(1, $output); - - return (); -} - -sub startServer { - my $inf = shift; - return () if (defined($inf->{slapd}->{start_server}) && !$inf->{slapd}->{start_server}); - - my @errs; - # get error log - my $errLog = "$inf->{slapd}->{log_dir}/errors"; - my $startcmd = "$inf->{slapd}->{sbindir}/start-dirsrv $inf->{slapd}->{ServerIdentifier}"; - if ("@systemdsystemunitdir@" and (getLogin() eq 'root')) { - $startcmd = "/bin/systemctl start @package_name@\@$inf->{slapd}->{ServerIdentifier}.service"; - } - - # emulate tail -f - # if the last line we see does not contain "slapd started", try again - my $done = 0; - my $started = 0; - my $code = 0; - my $lastLine = ""; - my $cmdPat = 'slapd started\.'; - my $timeout = $inf->{slapd}->{startup_timeout}; - - $timeout = $timeout?$timeout:600; # default is 10 minutes - $timeout = time + $timeout; - - debug(1, "Starting the server: $startcmd\n"); - - # We have to do this because docker is incapable of sane process management - # Sadly we have to sacrifice output collection, because of perl issues - my $cpid = open(my $output, "-|", "$startcmd 2>&1"); - my $code = -512; - if ($cpid) { - # Parent process - waitpid($cpid,0); - $code = $?; - } - close($output); - if ($code) { - debug(0, "Process returned $code\n"); - } else { - debug(1, "Process returned $code\n"); - } - - # try to open the server error log - my $ii = 0; - while (time < $timeout) { - if (open(IN, $errLog)) { - last; - } - sleep(1); - if (!($ii % 10)) { - debug(0, "Attempting to obtain server status . . .\n"); - } - ++$ii; - } - - if (! -f $errLog) { - debug(0, "Error: Could not read error log $errLog to get server startup status. Error: $!\n"); - return ('error_starting_server', $startcmd, "no status", $!); - } - if (time >= $timeout) { - debug(0, "Error: timed out waiting for the server to start and write to $errLog"); - return ('error_starting_server', $startcmd, "timeout", 0); - } - - my $pos = tell(IN); - my $line; - while (($done == 0) && (time < $timeout)) { - for (; ($done == 0) && ($line = ); $pos = tell(IN)) { - $lastLine = $line; - debug(1, $line); - if ($line =~ /$cmdPat/) { - $done = 1; - $started = 1; - } elsif ($line =~ /Initialization Failed/) { - debug(1, "Server failed to start, retrying . . .\n"); - $code = system($startcmd); - } elsif ($line =~ /exiting\./) { - debug(1, "Server failed to start, retrying . . .\n"); - $code = system($startcmd); - } - } - if ($lastLine =~ /PR_Bind/) { - # server port conflicts with another one, just report and punt - debug(0, $lastLine); - @errs = ('error_port_available', $inf->{slapd}->{ServerPort}, $!); - $done = 1; - } - if ($done == 0) { - # rest a bit, then . . . - sleep(2); - # . . . reset the EOF status of the file desc - seek(IN, $pos, 0); - } - } - close(IN); - - if (!$started) { - $! = $code; - my $now = time; - if ($now > $timeout) { - debug(0, "Possible timeout starting server: timeout=$timeout now=$now\n"); - } - @errs = ('error_starting_server', $startcmd, $lastLine, $!); - } else { - debug(1, "Your new directory server has been started.\n"); - } - - return @errs; -} - -sub set_path_attribute { - my $val = shift; - my $defaultval = shift; - my $prefix = shift; - - if ($val) { - return "$prefix" . "$val"; - } else { - return "$prefix" . "$defaultval"; - } -} - -sub set_localrundir { - my $val = shift; - my $prefix = shift; - - if ($val) { - return "$prefix" . "$val"; - } else { - return ""; - } -} - -sub setDefaults { - my $inf = shift; - # set default values - - # this turns off the warnings - if (!defined($inf->{General}->{prefix})) { - $inf->{General}->{prefix} = ""; - } - - if (!$inf->{General}->{FullMachineName}) { - $inf->{General}->{FullMachineName} = hostname(); - } - - if (!$inf->{General}->{SuiteSpotUserID}) { - if ($> != 0) { # if not root, use the user's uid - $inf->{General}->{SuiteSpotUserID} = getLogin; - } else { - return('error_missing_userid'); - } - } - - if (!$inf->{General}->{SuiteSpotGroup}) { - # If the group wasn't specified, use the primary group - # of the SuiteSpot user - $inf->{General}->{SuiteSpotGroup} = getGroup($inf->{General}->{SuiteSpotUserID}); - } - - if (!$inf->{slapd}->{RootDN}) { - $inf->{slapd}->{RootDN} = "cn=Directory Manager"; - } - - if (!$inf->{slapd}->{Suffix}) { - my $suffix = $inf->{General}->{FullMachineName}; - # convert fqdn to dc= domain components - $suffix =~ s/^[^\.]*\.//; # just the domain part - $suffix = "dc=$suffix"; - $suffix =~ s/\./,dc=/g; - $inf->{slapd}->{Suffix} = $suffix; - } - $inf->{slapd}->{Suffix} = normalizeDN($inf->{slapd}->{Suffix}); - - if (!$inf->{slapd}->{ServerIdentifier}) { - my $servid = $inf->{General}->{FullMachineName}; - # strip out the leftmost domain component - $servid =~ s/\..*$//; - $inf->{slapd}->{ServerIdentifier} = $servid; - } - - if ("@with_fhs_opt@") { - $inf->{General}->{ServerRoot} = "$inf->{General}->{prefix}/opt/@PACKAGE_NAME@"; - } else { - $inf->{General}->{ServerRoot} = "$inf->{General}->{prefix}@serverdir@"; - } - - if (!defined($inf->{slapd}->{sasl_path})) { - if ($Config{'osname'} ne "linux") { - $inf->{slapd}->{sasl_path} = "$inf->{General}->{prefix}@libdir@/sasl2"; - } - } - - if (!defined($inf->{slapd}->{ServerPort}) and - !defined($inf->{slapd}->{ldapifilepath})) { - if ("@enable_ldapi@") { - return ('error_missing_port_and_ldapi'); - } else { - return ('error_missing_port'); - } - } - - if (!defined($inf->{slapd}->{ServerPort})) { - $inf->{slapd}->{ServerPort} = 0; - } - - $inf->{slapd}->{HashedRootDNPwd} = getHashedPassword($inf->{slapd}->{RootDNPwd}); - - $inf->{slapd}->{localstatedir} = set_path_attribute($inf->{slapd}->{localstatedir}, - "@localstatedir@", - $inf->{General}->{prefix}); - my $localstatedir = $inf->{slapd}->{localstatedir}; - my $servid = $inf->{slapd}->{ServerIdentifier}; - $inf->{slapd}->{sysconfdir} = set_path_attribute($inf->{slapd}->{sysconfdir}, - "@sysconfdir@", - $inf->{General}->{prefix}); - my $sysconfdir = $inf->{slapd}->{sysconfdir}; - $inf->{slapd}->{bindir} = set_path_attribute($inf->{slapd}->{bindir}, - "@bindir@", - $inf->{General}->{prefix}); - $inf->{slapd}->{sbindir} = set_path_attribute($inf->{slapd}->{sbindir}, - "@sbindir@", - $inf->{General}->{prefix}); - $inf->{slapd}->{datadir} = set_path_attribute($inf->{slapd}->{datadir}, - "@datadir@", - $inf->{General}->{prefix}); - - if (!defined($inf->{slapd}->{InstScriptsEnabled})) { - $inf->{slapd}->{InstScriptsEnabled} = "true"; - } - - if (!defined($inf->{General}->{StrictHostCheck})) { - $inf->{General}->{StrictHostCheck} = "true"; - } - - if (!defined($inf->{slapd}->{inst_dir})) { - $inf->{slapd}->{inst_dir} = "$inf->{General}->{ServerRoot}/slapd-$servid"; - } - - if (!defined($inf->{slapd}->{config_dir})) { - $inf->{slapd}->{config_dir} = "$inf->{General}->{prefix}@instconfigdir@/slapd-$servid"; - } - $ENV{DS_CONFIG_DIR} = $inf->{slapd}->{config_dir}; - - if (!defined($inf->{slapd}->{schema_dir})) { - $inf->{slapd}->{schema_dir} = "$sysconfdir/@PACKAGE_NAME@/slapd-$servid/schema"; - } - - if (!defined($inf->{slapd}->{lock_dir})) { - if ("@with_fhs_opt@") { - $inf->{slapd}->{lock_dir} = "$localstatedir/@PACKAGE_NAME@/slapd-$servid/lock"; - } else { - $inf->{slapd}->{lock_dir} = "$localstatedir/lock/@PACKAGE_NAME@/slapd-$servid"; - } - } - - if (!defined($inf->{slapd}->{log_dir})) { - if ("@with_fhs_opt@") { - $inf->{slapd}->{log_dir} = "$localstatedir/@PACKAGE_NAME@/slapd-$servid/log"; - } else { - $inf->{slapd}->{log_dir} = "$localstatedir/log/@PACKAGE_NAME@/slapd-$servid"; - } - } - - if (!defined($inf->{slapd}->{run_dir})) { - if ("@with_fhs_opt@") { - $inf->{slapd}->{run_dir} = "$localstatedir/@PACKAGE_NAME@/slapd-$servid/run"; - } else { - $inf->{slapd}->{run_dir} = "$localstatedir/run/@PACKAGE_NAME@"; - } - } - $ENV{DS_RUN_DIR} = $inf->{slapd}->{run_dir}; - - if (!defined($inf->{slapd}->{db_dir})) { - if ("@with_fhs_opt@") { - $inf->{slapd}->{db_dir} = "$localstatedir/@PACKAGE_NAME@/slapd-$servid/db"; - } else { - $inf->{slapd}->{db_dir} = "$localstatedir/lib/@PACKAGE_NAME@/slapd-$servid/db"; - } - } - - if (!defined($inf->{slapd}->{db_home_dir})) { - $inf->{slapd}->{db_home_dir} = $inf->{slapd}->{db_dir}; - } - - if (!defined($inf->{slapd}->{bak_dir})) { - if ("@with_fhs_opt@") { - $inf->{slapd}->{bak_dir} = "$localstatedir/@PACKAGE_NAME@/slapd-$servid/bak"; - } else { - $inf->{slapd}->{bak_dir} = "$localstatedir/lib/@PACKAGE_NAME@/slapd-$servid/bak"; - } - } - $ENV{DS_BAK_DIR} = $inf->{slapd}->{bak_dir}; - - if (!defined($inf->{slapd}->{ldif_dir})) { - if ("@with_fhs_opt@") { - $inf->{slapd}->{ldif_dir} = "$localstatedir/@PACKAGE_NAME@/slapd-$servid/ldif"; - } else { - $inf->{slapd}->{ldif_dir} = "$localstatedir/lib/@PACKAGE_NAME@/slapd-$servid/ldif"; - } - } - - if (!defined($inf->{slapd}->{tmp_dir})) { - if ("@with_fhs_opt@") { - $inf->{slapd}->{tmp_dir} = "/tmp"; - } else { - $inf->{slapd}->{tmp_dir} = "/tmp"; - } - } - $ENV{DS_TMP_DIR} = $inf->{slapd}->{tmp_dir}; - - if (!defined($inf->{slapd}->{cert_dir})) { - $inf->{slapd}->{cert_dir} = $inf->{slapd}->{config_dir}; - } - - return (); -} - -sub updateSelinuxPolicy { - my $inf = shift; - my $mydevnull = (-c "/dev/null" ? " /dev/null " : " NUL "); - - # if selinux is not available, do nothing - # In perl, exit(1) is 256 from system. ds_selinux_enable returns 1 on true, 0 on false. - if ((getLogin() eq 'root') and "@with_selinux@" and system("$inf->{slapd}->{libexecdir}/ds_selinux_enabled") == 256 ) { - debug(1, "Selinux is enabled or permissive, fixing contexts\n"); - # -f "@sbindir@/sestatus" and !system ("@sbindir@/sestatus | egrep -i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) { - my $localstatedir = $inf->{slapd}->{localstatedir}; - - # run restorecon on all of the parent directories we - # may have created (this only happens if this is the - # first instance created). - if ("@with_fhs_opt@") { - system("restorecon -R $localstatedir/@PACKAGE_NAME@"); - } else { - system("restorecon -R $localstatedir/lock/@PACKAGE_NAME@"); - system("restorecon -R $localstatedir/log/@PACKAGE_NAME@"); - system("restorecon -R $localstatedir/run/@PACKAGE_NAME@"); - system("restorecon -R $localstatedir/lib/@PACKAGE_NAME@"); - } - - my @inst_dirs = qw(config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_home_dir db_dir ldif_dir bak_dir); - if ($inf->{slapd}->{InstScriptsEnabled} eq "true") { - @inst_dirs = qw(inst_dir config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_home_dir db_dir ldif_dir bak_dir); - } - # run restorecon on all instance directories we created - for my $kw (@inst_dirs) { - my $dir = $inf->{slapd}->{$kw}; - system("restorecon -R $dir"); - } - - # label the selected port as ldap_port_t - # We should be doing this for secure port too ..... - if ($inf->{slapd}->{ServerPort} != 0 and not $ENV{DS_SKIP_LABEL}) { - my $port_query_cmd = ("$inf->{slapd}->{libexecdir}/ds_selinux_port_query $inf->{slapd}->{ServerPort} ldap_port_t 2> $mydevnull"); - my $need_label = 0; - my $result = system($port_query_cmd); - - # 0 is false, 1 is true. True means 'already in policy'. - if ($result == 0) { - debug(1, "Port $inf->{slapd}->{ServerPort} must be labeled as ldap_port_t \n"); - $need_label = 1; - } - if ($result == 512) { - $need_label = 0; - debug(0, "Port $inf->{slapd}->{ServerPort} already belongs to another selinux type.\n"); - debug(0, " The command below will show you the current type that owns the port.\n"); - debug(0, "sudo $inf->{slapd}->{libexecdir}/ds_selinux_port_query $inf->{slapd}->{ServerPort} ldap_port_t\n"); - debug(0, " It is highly likely your server will fail to start ... \n"); - } - if ($result == 131072) { - $need_label = 0; - debug(0, "An error occured running ds_selinux_port_query. This is probably a bug\n"); - debug(0, "$port_query_cmd \n"); - } - - if ($need_label == 1) { - my $semanage_err; - my $rc; - # 60 is a bit excessive, we should fail faster. - my $retry = 2; - $ENV{LANG} = "C"; - while (($retry > 0) && ($semanage_err = `semanage port -a -t ldap_port_t -p tcp $inf->{slapd}->{ServerPort} 2>&1`) && ($rc = $?)) { - debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc, $retry attempts remain).\n"); - debug(1, "Retrying in 5 seconds\n"); - sleep(5); - $retry--; - } - if (0 == $retry) { - debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc).\n"); - debug(1, "Reached time limit.\n"); - } - } - } - } -} - -sub updateTmpfilesDotD { - my $inf = shift; - my $dir = "@tmpfiles_d@"; - my $rundir; - my $lockdir; - my $parentdir; - - # if tmpfiles.d is not available, do nothing - if ((getLogin() eq 'root') and $dir and -d $dir) { - my $filename = "$dir/@package_name@-$inf->{slapd}->{ServerIdentifier}.conf"; - if (-f $filename) { - debug(3, "Removing the old tmpfile: $filename\n"); - if (!unlink($filename)){ - debug(1, "Can not delete old tmpfile $filename ($!)\n"); - return(); - } - } - debug(3, "Creating $filename\n"); - my $username = ""; - my $groupname = ""; - my $conffile = "$inf->{slapd}->{config_dir}/dse.ldif"; - # use the owner:group from the dse.ldif for the instance - if (-f $conffile) { - my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, - $atime,$mtime,$ctime,$blksize,$blocks) - = stat(_); - $username = getpwuid($uid); - if (!$username) { - debug(1, "Error: could not get username from uid $uid\n"); - } - $groupname = getgrgid($gid); - } - # else, see if we were passed in values to use - if (!$username) { - $username = $inf->{General}->{SuiteSpotUserID}; - } - if (!$groupname) { - if (defined($inf->{General}->{SuiteSpotGroup})) { - $groupname = $inf->{General}->{SuiteSpotGroup}; - } else { # $groupname - $groupname = "-"; # use default - } - } - if (!open(DOTDFILE, ">$filename")) { - return ( [ 'error_creating_file', $filename, $! ] ); - } - # Type Path Mode UID GID Age - # d /var/run/user 0755 root root 10d - # we don't use age - my $localrundir = set_localrundir("@localrundir@", $inf->{General}->{prefix}); - if( $localrundir ne "" && -d "$localrundir"){ - $rundir = "$localrundir/@PACKAGE_NAME@"; - $lockdir = "$localrundir/lock/@PACKAGE_NAME@/slapd-$inf->{slapd}->{ServerIdentifier}"; - $parentdir = "$localrundir/lock/@PACKAGE_NAME@"; - } else { - $rundir = $inf->{slapd}->{run_dir}; - $lockdir = $inf->{slapd}->{lock_dir}; - $parentdir = dirname($inf->{slapd}->{lock_dir}); - } - print DOTDFILE "d $rundir 0770 $username $groupname\n"; - print DOTDFILE "d $parentdir 0770 $username $groupname\n"; - print DOTDFILE "d $lockdir 0770 $username $groupname\n"; - - close DOTDFILE; - } else { - debug(3, "no tmpfiles.d - skipping\n"); - } - - return (); -} - -sub updateSystemD { - my $noservicelink = shift; - my $inf = shift; - my $unitdir = "@systemdsystemunitdir@"; - my $confbasedir = "@systemdsystemconfdir@"; - my $confdir = "$confbasedir/@systemdgroupname@.wants"; - - if ((getLogin() ne 'root') or !$unitdir or !$confdir or ! -d $unitdir or ! -d $confdir) { - debug(3, "no systemd - skipping\n"); - return (); - } - - my @errs = (); - my $initconfigdir = $inf->{slapd}->{initconfigdir} || get_initconfigdir($inf->{General}->{prefix}); - debug(1, "updating systemd files in $unitdir and $confdir for all directory server instances in $initconfigdir\n"); - my $pkgname = "@package_name@"; - my $changes = 0; - # installation should already have put down the files and - # directories - we just need to update the symlinks - my $servicefile = "$unitdir/$pkgname\@.service"; - # first, look for new instances - for my $file (glob("$initconfigdir/$pkgname-*")) { - my $inst = $file; - $inst =~ s/^.*$pkgname-//; - # see if this is the admin or snmp or some other service - if (-f "$unitdir/$pkgname-$inst.service") { - debug(1, "$unitdir/$pkgname-$inst.service already exists - skipping\n"); - next; - } elsif (-f "$confbasedir/$pkgname-$inst.service") { - debug(1, "$confbasedir/$pkgname-$inst.service already exists - skipping\n"); - next; - } else { - my $servicelink = "$confdir/$pkgname\@$inst.service"; - if (! -l $servicelink && ! $noservicelink) { - if (!symlink($servicefile, $servicelink)) { - debug(1, "error updating link $servicelink to $servicefile - $!\n"); - push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ]; - } else { - debug(2, "updated link $servicelink to $servicefile\n"); - } - $changes++; - } - } - } - # next, look for instances that have been removed - for my $file (glob("$confdir/$pkgname\@*.service")) { - my $inst = $file; - $inst =~ s/^.*$pkgname\@(.*?).service$/$1/; - if (! -f "$initconfigdir/$pkgname-$inst") { - if (!unlink($file)) { - debug(1, "error removing $file - $!\n"); - push @errs, [ 'error_removing_path', $file, $! ]; - } else { - debug(2, "removed systemd file $file for removed instance $inst\n"); - } - $changes++; - } - } - if ($changes > 0) { - $? = 0; - my $cmd = '/bin/systemctl --system daemon-reload'; - # run the reload command - my $output = `$cmd 2>&1`; - my $status = $?; - if ($status) { - debug(1, "Error: $cmd failed - output $output: $!\n"); - push @errs, [ 'error_running_command', $cmd, $output, $! ]; - } else { - debug(2, "$cmd succeeded\n"); - } - } else { - debug(1, "No changes to $unitdir or $confdir\n"); - } - - - return @errs; -} - -sub createDSInstance { - my $inf = shift; - my @errs; - - if (@errs = setDefaults($inf)) { - return @errs; - } - - if (@errs = sanityCheckParams($inf)) { - return @errs; - } - - if (@errs = makeDSDirs($inf)) { - return @errs; - } - - if (@errs = createConfigFile($inf)) { - return @errs; - } - - if (@errs = makeOtherConfigFiles($inf)) { - return @errs; - } - - if (@errs = createInstanceScripts($inf)) { - return @errs; - } - - if (@errs = installSchema($inf)) { - return @errs; - } - - if (@errs = initDatabase($inf)) { - return @errs; - } - - updateSelinuxPolicy($inf); - - if (@errs = updateTmpfilesDotD($inf)) { - return @errs; - } - - if (@errs = updateSystemD(0, $inf)) { - return @errs; - } - - if (@errs = startServer($inf)) { - return @errs; - } - - return @errs; -} - -sub stopServer { - my $instance = shift; - my $prog = "@sbindir@/stop-dirsrv"; - if (-x $prog) { - $? = 0; - # run the stop command - my $output = `$prog $instance 2>&1`; - my $status = $?; - debug(3, "stopping server $instance returns status $status: output $output\n"); - if ($status) { - debug(1,"Warning: Could not stop directory server: status $status: output $output\n"); - # if the server is not running, that's ok - if ($output =~ /not running/) { - $! = ENOENT; - return 1; - } - # else, some other error (e.g. permission) - return false for error - return; - } - } else { - debug(1, "stopping server: no such program $prog: cannot stop server\n"); - return; - } - - debug(1, "Successfully stopped server $instance\n"); - return 1; -} - -# NOTE: Returns a list of array ref - each array ref is suitable for passing -# to Resource::getText -sub removeDSInstance { - my $inst = shift; - my $force = shift; - my $all = shift; - my $initconfig_dir = shift || get_initconfigdir(); - my $baseconfigdir = $ENV{DS_CONFIG_DIR} || "@instconfigdir@"; - my $instname = "slapd-$inst"; - my $configdir; - my $rundir; - my $product_name; - my @errs; - - my $initconfig = "$initconfig_dir/@package_name@-$inst"; - my $pkglockdir = "@localstatedir@/lock/@package_name@"; - my $pkgrundir = "@localstatedir@/run/@package_name@"; - my $pkglibdir = "@localstatedir@/lib/@package_name@"; - - # Get the configdir, rundir and product_name from the instance initconfig script. - unless(open(INFILE, $initconfig)) { - return ( [ 'error_no_such_instance', $instname, $! ] ); - } - - my $line; - while($line = ) { - if ($line =~ /CONFIG_DIR=(.*) ; export CONFIG_DIR/) { - $configdir = $1; - } elsif ($line =~ /CONFIG_DIR=(.*)$/) { - $configdir = $1; - } elsif ($line =~ /RUN_DIR=(.*) ; export RUN_DIR/) { - $rundir = $1; - } elsif ($line =~ /RUN_DIR=(.*)$/) { - $rundir = $1; - } elsif ($line =~ /PRODUCT_NAME=(.*) ; export PRODUCT_NAME/) { - $product_name = $1; - } elsif ($line =~ /PRODUCT_NAME=(.*)$/) { - $product_name = $1; - } - } - close(INFILE); - - if ( ! -d $configdir ) - { - debug(1, "Error: $configdir does not exist: $!\n"); - return ( [ 'error_no_such_instance', $configdir, $! ] ); - } - # read the config file to find out the paths - my $dseldif = "$configdir/dse.ldif"; - my $conn = new FileConn($dseldif, 1); - if (!$conn) { - debug(1, "Error: Could not open config file $dseldif: Error $!\n"); - return ( [ 'error_opening_dseldif', $dseldif, $! ] ); - } - - my $dn = "cn=config"; - my $entry = $conn->search($dn, "base", "(cn=*)", 0); - if (!$entry) - { - debug(1, "Error: Search $dn in $dseldif failed: $entry\n"); - push @errs, [ 'error_finding_config_entry', $dn, $dseldif, $conn->getErrorString() ]; - } - - $dn = "cn=config,cn=ldbm database,cn=plugins,cn=config"; - my $dbentry = $conn->search($dn, "base", "(cn=*)", 0); - if (!$dbentry) - { - debug(1, "Error: Search $dn in $dseldif failed: $dbentry\n"); - push @errs, [ 'error_finding_config_entry', $dn, $dseldif, $conn->getErrorString() ]; - } - $conn->close(); - - # stop the server - if (!stopServer($inst)) { - if ($force) { - debug(1, "Warning: Could not stop directory server - Error: $! - forcing continue\n"); - } elsif ($! == ENOENT) { # stop script not found or server not running - debug(1, "Warning: Could not stop directory server: already removed or not running\n"); - push @errs, [ 'error_stopping_server', $inst, $! ]; - } else { # real error - debug(1, "Error: Could not stop directory server - aborting - use -f flag to force removal\n"); - push @errs, [ 'error_stopping_server', $inst, $! ]; - return @errs; - } - } - - # remove physical dirs/files - if ($dbentry) { - push @errs, remove_tree($dbentry, "nsslapd-directory", $instname, 1); - push @errs, remove_tree($dbentry, "nsslapd-db-logdirectory", $instname, 1); - } - if ($entry) { - push @errs, remove_tree($entry, "nsslapd-lockdir", $instname, 0); - push @errs, remove_tree($entry, "nsslapd-tmpdir", $instname, 0); - push @errs, remove_tree($entry, "nsslapd-bakdir", $instname, 1); - push @errs, remove_tree($entry, "nsslapd-errorlog", $instname, 1); - } - - - # instance dir - my $instdir = ""; - if ($entry) { - foreach my $instdir ( @{$entry->{"nsslapd-instancedir"}} ) - { - if ( -d $instdir && $instdir =~ /$instname/ ) - { - # clean up pid files (if any) - remove_pidfile("STARTPIDFILE", $inst, $instdir, $instname, $rundir, $product_name); - remove_pidfile("PIDFILE", $inst, $instdir, $instname, $rundir, $product_name); - - my $rc = rmtree($instdir); - if ( 0 == $rc ) - { - push @errs, [ 'error_removing_path', $instdir, $! ]; - debug(1, "Warning: $instdir was not removed. Error: $!\n"); - } - } - } - } - # Finally, config dir - if ($all) { - push @errs, remove_tree($entry, "nsslapd-schemadir", $instname, 1); - } else { - push @errs, remove_tree($entry, "nsslapd-schemadir", $instname, 1, "\.db\$"); - } - - # Remove the instance specific initconfig script - if ( -f $initconfig ) { - my $rc = unlink($initconfig); - if ( 0 == $rc ) - { - push @errs, [ 'error_removing_path', $initconfig, $! ]; - debug(1, "Warning: $initconfig was not removed. Error: $!\n"); - } - } - - my $tmpfilesdir = "@tmpfiles_d@"; - my $tmpfilesname = "$tmpfilesdir/@package_name@-$inst.conf"; - if ((getLogin() eq 'root') && $tmpfilesdir && -d $tmpfilesdir && -f $tmpfilesname) { - my $rc = unlink($tmpfilesname); - if ( 0 == $rc ) - { - push @errs, [ 'error_removing_path', $tmpfilesname, $! ]; - debug(1, "Warning: $tmpfilesname was not removed. Error: $!\n"); - } - } - - # remove the selinux label from the ports if needed - my $mydevnull = (-c "/dev/null" ? " /dev/null " : " NUL "); - if ((getLogin() eq 'root') and "@with_selinux@" and system("@libexecdir@/ds_selinux_enabled") == 256 and not $ENV{DS_SKIP_UNLABEL}) { - foreach my $port (@{$entry->{"nsslapd-port"}}) - { - - my $need_remove_label = 0; - my $port_query_cmd = ("@libexecdir@/ds_selinux_port_query $port ldap_port_t 2> $mydevnull"); - my $result = system($port_query_cmd); - - if ($result == 256) { - debug(1, "Port $port may be removed as ldap_port_t \n"); - $need_remove_label = 1; - } - if ($result == 131072) { - $need_remove_label = 0; - debug(0, "An error occured running ds_selinux_port_query. This is probably a bug\n"); - debug(0, "$port_query_cmd \n"); - } - - my $semanage_err; - my $rc; - my $retry = 5; - $ENV{LANG} = "C"; - if ($need_remove_label) { - while (($retry > 0) && ($semanage_err = `semanage port -d -t ldap_port_t -p tcp $port 2>&1`) && ($rc = $?)) { - if (($semanage_err =~ /defined in policy, cannot be deleted/) || ($semanage_err =~ /is not defined/)) { - $retry = -1; - } else { - debug(1, "Warning: Port $port not removed from selinux policy correctly, $retry attempts remain. Error: $semanage_err\n"); - debug(1, "Retrying in 5 seconds\n"); - sleep(5); - $retry--; - } - } - if (0 == $retry) { - push @errs, [ 'error_removing_port_label', $port, $semanage_err]; - debug(1, "Warning: Port $port not removed from selinux policy correctly. Error: $semanage_err\n"); - debug(1, "Reached time limit.\n"); - } - } - } - - foreach my $secureport (@{$entry->{"nsslapd-secureport"}}) - { - my $need_remove_label = 0; - my $port_query_cmd = ("@libexecdir@/ds_selinux_port_query $secureport ldap_port_t 2> $mydevnull"); - my $result = system($port_query_cmd); - - if ($result == 256) { - debug(1, "Port $secureport may be removed as ldap_port_t \n"); - $need_remove_label = 1; - } - if ($result == 131072) { - $need_remove_label = 0; - debug(0, "An error occured running ds_selinux_port_query. This is probably a bug\n"); - debug(0, "$port_query_cmd \n"); - } - my $semanage_err; - my $rc; - my $retry = 60; - $ENV{LANG} = "C"; - if ($need_remove_label) { - while (($retry > 0) && ($semanage_err = `semanage port -d -t ldap_port_t -p tcp $secureport 2>&1`) && ($rc = $?)) { - if (($semanage_err =~ /defined in policy, cannot be deleted/) || ($semanage_err =~ /is not defined/)) { - $retry = -1; - } else { - debug(1, "Warning: Port $secureport not removed from selinux policy correctly. Error: $semanage_err\n"); - debug(1, "Retrying in 5 seconds\n"); - sleep(5); - $retry--; - } - } - if (0 == $retry) { - push @errs, [ 'error_removing_port_label', $secureport, $semanage_err]; - debug(1, "Warning: Port $secureport not removed from selinux policy correctly. Error: $semanage_err\n"); - debug(1, "Reached time limit.\n"); - } - } - } - } - - # update systemd files - push @errs, updateSystemD(0); - - # if we got here, report success - if (@errs) { - debug(1, "Could not successfully remove $instname\n"); - } else { - if (!<$pkglockdir/*>){ - # If this was the last instance, remove /var/lock/dirsrv & /var/run/dirsrv - rmdir $pkglockdir; - rmdir $pkgrundir; - } - debug(1, "Instance $instname removed.\n"); - } - - return @errs; -} - -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/DSDialogs.pm b/ldap/admin/src/scripts/DSDialogs.pm deleted file mode 100644 index e4cceaf..0000000 --- a/ldap/admin/src/scripts/DSDialogs.pm +++ /dev/null @@ -1,233 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -package DSDialogs; - -use strict; - -use Sys::Hostname; -use DialogManager; -use Setup; -use Dialog; -use DSUtil; - -my $dsport = new Dialog ( - $TYPICAL, - 'dialog_dsport_text', - sub { - my $self = shift; - my $port = $self->{manager}->{inf}->{slapd}->{ServerPort}; - if (!defined($port)) { - $port = 389; - } - if (!portAvailable($port)) { - $port = getAvailablePort(); - } - return $port; - }, - sub { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::SAME; - if ($ans !~ /^\d+$/) { - $self->{manager}->alert("dialog_dsport_invalid", $ans); - } elsif (!portAvailable($ans) && !$self->{manager}->{setup}->{force}) { - $self->{manager}->alert("dialog_dsport_error", $ans); - } else { - $res = $DialogManager::NEXT; - $self->{manager}->{inf}->{slapd}->{ServerPort} = $ans; - } - return $res; - }, - ['dialog_dsport_prompt'] -); - -my $dsserverid = new Dialog ( - $TYPICAL, - 'dialog_dsserverid_text', - sub { - my $self = shift; - my $serverid = $self->{manager}->{inf}->{slapd}->{ServerIdentifier}; - if (!defined($serverid)) { - $serverid = $self->{manager}->{inf}->{General}->{FullMachineName}; - if (!defined($serverid)) { - $serverid = hostname(); - } - # strip out the leftmost domain component - $serverid =~ s/\..*$//; - } - return $serverid; - }, - sub { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::SAME; - my $path = $self->{manager}->{setup}->{configdir} . "/slapd-" . $ans; - if (!isValidServerID($ans)) { - if($ans eq "admin"){ - $self->{manager}->alert("error_reserved_serverid", $ans); - } else { - $self->{manager}->alert("error_invalid_serverid", $ans); - } - } elsif (-d $path) { - $self->{manager}->alert("error_server_already_exists", $path); - } else { - $res = $DialogManager::NEXT; - $self->{manager}->{inf}->{slapd}->{ServerIdentifier} = $ans; - } - return $res; - }, - ['dialog_dsserverid_prompt'] -); - -my $dssuffix = new Dialog ( - $TYPICAL, - 'dialog_dssuffix_text', - sub { - my $self = shift; - my $suffix = $self->{manager}->{inf}->{slapd}->{Suffix}; - if (!defined($suffix)) { - $suffix = $self->{manager}->{inf}->{General}->{FullMachineName}; - if (!defined($suffix)) { - $suffix = hostname(); - } - $suffix =~ s/^[^\.]*\.//; # just the domain part - # convert fqdn to dc= domain components - $suffix = "dc=$suffix"; - $suffix =~ s/\./, dc=/g; - } - return $suffix; - }, - sub { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::SAME; - if (!isValidDN($ans)) { - $self->{manager}->alert("dialog_dssuffix_error", $ans); - } else { - $res = $DialogManager::NEXT; - $self->{manager}->{inf}->{slapd}->{Suffix} = $ans; - } - return $res; - }, - ['dialog_dssuffix_prompt'] -); - -my $dsrootdn = new Dialog ( - $EXPRESS, - 'dialog_dsrootdn_text', - sub { - my $self = shift; - my $index = shift; - my $rootdn; - if ($index == 0) { # return undef for password defaults - $rootdn = $self->{manager}->{inf}->{slapd}->{RootDN}; - if (!defined($rootdn)) { - $rootdn = "cn=Directory Manager"; - } - } - return $rootdn; - }, - sub { - my $self = shift; - my $ans = shift; - my $index = shift; - my $res = $DialogManager::SAME; - if ($index == 0) { # verify DN - if (!isValidDN($ans)) { - $self->{manager}->alert("dialog_dsrootdn_error", $ans); - } else { - $res = $DialogManager::NEXT; - $self->{manager}->{inf}->{slapd}->{RootDN} = $ans; - } - } elsif ($index == 1) { # verify initial password - my $test = $ans; - if ($test) { - $test =~ s/\s//g; - } - if (!$ans or (length($ans) < 8)) { - $self->{manager}->alert("dialog_dsrootpw_tooshort", 8); - } elsif (length($test) != length($ans)) { - $self->{manager}->alert("dialog_dsrootpw_invalid"); - } else { - $res = $DialogManager::NEXT; - $self->{firstpassword} = $ans; # save for next index - } - } elsif ($index == 2) { # verify second password - if ($ans ne $self->{firstpassword}) { - $self->{manager}->alert("dialog_dsrootpw_nomatch"); - } else { - $self->{manager}->{inf}->{slapd}->{RootDNPwd} = $ans; - $res = $DialogManager::NEXT; - } - } - return $res; - }, - ['dialog_dsrootdn_prompt'], ['dialog_dsrootpw_prompt1', 1], ['dialog_dsrootpw_prompt2', 1] -); - -my $dssample = new DialogYesNo ( - $CUSTOM, - 'dialog_dssample_text', - 0, - sub { - my $self = shift; - my $ans = shift; - my $res = $self->handleResponse($ans); - if ($res == $DialogManager::NEXT) { - $self->{manager}->{inf}->{slapd}->{AddSampleEntries} = ($self->isYes() ? 'Yes' : 'No'); - } - return $res; - }, - ['dialog_dssample_prompt'], -); - -my $dspopulate = new Dialog ( - $CUSTOM, - 'dialog_dspopulate_text', - sub { - my $self = shift; - my $val = $self->{manager}->{inf}->{slapd}->{InstallLdifFile}; - if (!defined($val)) { - $val = 'suggest'; - $self->{manager}->{inf}->{slapd}->{AddOrgEntries} = 'Yes'; - } - return $val; - }, - sub { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::SAME; - if ($ans eq 'none') { - $self->{manager}->{inf}->{slapd}->{InstallLdifFile} = 'none'; - $self->{manager}->{inf}->{slapd}->{AddOrgEntries} = 'No'; - $res = $DialogManager::NEXT; - } elsif ($ans eq 'suggest') { - $self->{manager}->{inf}->{slapd}->{InstallLdifFile} = 'suggest'; - $self->{manager}->{inf}->{slapd}->{AddOrgEntries} = 'Yes'; - $res = $DialogManager::NEXT; - } else { # a file - if (! -f $ans) { - $self->{manager}->alert("dialog_dspopulate_error", $ans); - } else { - $self->{manager}->{inf}->{slapd}->{InstallLdifFile} = $ans; - $self->{manager}->{inf}->{slapd}->{AddOrgEntries} = 'No'; - $res = $DialogManager::NEXT; - } - } - return $res; - }, - ['dialog_dspopulate_prompt'] -); - -sub getDialogs { - return ($dsport, $dsserverid, $dssuffix, $dsrootdn, $dssample, $dspopulate); -} - -1; diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in deleted file mode 100644 index 630ab43..0000000 --- a/ldap/admin/src/scripts/DSMigration.pm.in +++ /dev/null @@ -1,1175 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -########################### -# -# This perl module provides a way to set up a new installation after -# the binaries have already been extracted. This is typically after -# using native packaging support to install the package e.g. RPM, -# pkgadd, depot, etc. This script will show the license, readme, -# dsktune, then run the usual setup pre and post installers. -# -########################## - -package DSMigration; -use Migration; -use DSUtil; -use Inf; -use DSCreate; -use DSUpdate; - -# tempfiles -use File::Temp qw(tempfile tempdir); -use File::Basename qw(basename); - -# absolute path handling -use Cwd qw(realpath); - -# load perldap -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(ldap_explode_dn); -use Mozilla::LDAP::LDIF; - -use Carp; - -use Exporter; -@ISA = qw(Exporter); -@EXPORT = qw(migrateDS); -@EXPORT_OK = qw(migrateDS); - -use strict; - -use SetupLog; - -# these are the attributes for which we will always use -# the new value, or which do not apply anymore -# for the next major release e.g. when we support migration from the -# current release 1.1.x to 1.2 or 2.0, the old version number will -# become quite important for migration - for example, when migrating -# from older than 1.1 to 1.1.x, we need to add the attributes in the -# table below to the new entry because the attribute didn't exist -# at all in the old server version - however, when migrating from -# e.g. 1.1.x to 2.0, we must preserve the old value - this means -# if the user has deleted the attribute from the entry, we must -# "migrate" that deletion by removing the attribute from the new -# entry -my %ignoreOld = -( - 'nsslapd-errorlog' => 'nsslapd-errorlog', - 'nsslapd-accesslog' => 'nsslapd-accesslog', - 'nsslapd-auditlog' => 'nsslapd-auditlog', - 'nskeyfile' => 'nsKeyfile', - 'nscertfile' => 'nsCertfile', - 'nsslapd-pluginpath' => 'nsslapd-pluginPath', - 'nsslapd-plugintype' => 'nsslapd-pluginType', - 'nsslapd-pluginversion' => 'nsslapd-pluginVersion', - 'nsslapd-plugin-depends-on-named' => 'nsslapd-plugin-depends-on-named', -# these are new attrs that we should just pass through - 'nsslapd-allow-unauthenticated-binds' => 'nsslapd-allow-unauthenticated-binds', - 'nsslapd-allow-anonymous-access' => 'nsslapd-allow-anonymous-access', - 'nsslapd-localssf' => 'nsslapd-localssf', - 'nsslapd-minssf' => 'nsslapd-minssf', - 'nsslapd-saslpath' => 'nsslapd-saslpath', - 'nsslapd-rundir' => 'nsslapd-rundir', - 'nsslapd-schemadir' => 'nsslapd-schemadir', - 'nsslapd-lockdir' => 'nsslapd-lockdir', - 'nsslapd-tmpdir' => 'nsslapd-tmpdir', - 'nsslapd-certdir' => 'nsslapd-certdir', - 'nsslapd-ldifdir' => 'nsslapd-ldifdir', - 'nsslapd-bakdir' => 'nsslapd-bakdir', - 'nsslapd-instancedir' => 'nsslapd-instancedir', - 'nsslapd-ldapifilepath' => 'nsslapd-ldapifilepath', - 'nsslapd-ldapilisten' => 'nsslapd-ldapilisten', - 'nsslapd-ldapiautobind' => 'nsslapd-ldapiautobind', - 'nsslapd-ldapimaprootdn' => 'nsslapd-ldapimaprootdn', - 'nsslapd-ldapimaptoentries' => 'nsslapd-ldapimaptoentries', - 'nsslapd-ldapiuidnumbertype' => 'nsslapd-ldapiuidnumbertype', - 'nsslapd-ldapigidnumbertype' => 'nsslapd-ldapigidnumbertype', - 'nsslapd-ldapientrysearchbase' => 'nsslapd-ldapientrysearchbase', - 'nsslapd-ldapiautodnsuffix' => 'nsslapd-ldapiautodnsuffix', - 'numsubordinates' => 'numSubordinates', - # for these, we just want to use the default values, even if they were - # set in 7.1 or later - 'nsslapd-db-private-import-mem' => 'nsslapd-db-private-import-mem', - 'nsslapd-import-cache-autosize' => 'nsslapd-import-cache-autosize', - # nsslapd-allidsthreshold does not exist anymore - # the analogous concept is nsslapd-idlistscanlimit for searches - 'nsslapd-allidsthreshold' => 'nsslapd-allidsthreshold' -); - -# these are the obsolete entries we do not migrate -my %ignoreOldEntries = -( - 'cn=presence,cn=plugins,cn=config' => 'cn=presence,cn=plugins,cn=config', - 'cn=aim presence,cn=presence,cn=plugins,cn=config' => 'cn=aim presence,cn=presence,cn=plugins,cn=config', - 'cn=icq presence,cn=presence,cn=plugins,cn=config' => 'cn=icq presence,cn=presence,cn=plugins,cn=config', - 'cn=yahoo presence,cn=presence,cn=plugins,cn=config' => 'cn=yahoo presence,cn=presence,cn=plugins,cn=config' -); - - -# these are the attributes for which we will always use -# the old value -my %alwaysUseOld = -( - 'aci' => 'aci' -); - -sub getDBVERSION { - my $olddbdir = shift; - my $data = shift; - - open DBVERSION, "$olddbdir/DBVERSION" or - return ('error_reading_dbversion', $olddbdir, $!); - my $line = ; - close DBVERSION; - chomp($line); - @{$data} = split("/", $line); - return (); -} - -sub isOldDatabase { - my $olddbdir = shift; - my $errs = shift; # array ref - # check old DBVERSION file - my @verinfo; - if (@{$errs} = getDBVERSION($olddbdir, \@verinfo)) { - return 0; - } - - if ((($verinfo[0] =~ /^netscape/i) or ($verinfo[0] =~ /^iplanet/i)) and - (($verinfo[1] =~ /^6/) or ($verinfo[1] =~ /^5/) or ($verinfo[1] =~ /^4/))) { - return 1; - } - - return 0; -} - -sub getNewDbDir { - my ($ent, $attr, $mig, $inst) = @_; - my $newval; - my %objclasses = map { lc($_) => $_ } $ent->getValues('objectclass'); - my $cn = $ent->getValues('cn'); - # there is one case where we want to just use the existing db directory - # that's the case where the user has moved the indexes and/or the - # transaction logs to different partitions for performance - # in that case, the old directory will not be the same as the default, - # and the directory will exist - # for cross platform, we should just use the new default location - if (!$mig->{crossplatform}) { - my $oldval = $ent->getValues($attr); - my $absoldval = realpath($oldval) || $oldval; - my $olddefault = "$mig->{actualsroot}/$inst"; - if (-d $absoldval and ($absoldval !~ /^$olddefault/)) { - debug(2, "Keeping old value [$absoldval] for attr $attr in entry ", $ent->getDN(), "\n"); - return $oldval; - } - } - # otherwise, just use the new default locations - if ("@with_fhs_opt@") { - if ($objclasses{nsbackendinstance}) { - $newval = "@localstatedir@/$mig->{pkgname}/$inst/db/$cn"; - } elsif (lc $cn eq 'config') { - $newval = "@localstatedir@/$mig->{pkgname}/$inst/db"; - } elsif (lc $cn eq 'changelog5') { - $newval = "@localstatedir@/$mig->{pkgname}/$inst/changelogdb"; - } - } else { - if ($objclasses{nsbackendinstance}) { - $newval = "@localstatedir@/lib/$mig->{pkgname}/$inst/db/$cn"; - } elsif (lc $cn eq 'config') { - $newval = "@localstatedir@/lib/$mig->{pkgname}/$inst/db"; - } elsif (lc $cn eq 'changelog5') { - $newval = "@localstatedir@/lib/$mig->{pkgname}/$inst/changelogdb"; - } - } - debug(2, "New value [$newval] for attr $attr in entry ", $ent->getDN(), "\n"); - return $newval; -} - -sub migrateCredentials { - my ($ent, $attr, $mig, $inst) = @_; - my $oldval = $ent->getValues($attr); - my $qoldval = shellEscape($oldval); - - # Older versions of the server on x86 systems and other systems that do not use network byte order - # stored the credentials incorrectly. The first step is to determine if this is the case. We - # migrate using the same server root to see if we get the same output as we input. - debug(3, "In migrateCredentials - see how old credentials were encoded.\n"); - my $testval = `@bindir@/migratecred -o $mig->{actualsroot}/$inst -n $mig->{actualsroot}/$inst -c $qoldval`; - chomp($testval); - if ($testval ne $oldval) { # need to turn on the special flag - debug(3, "Credentials not encoded correctly. oldval $oldval not equal to testval $testval. The value will be re-encoded correctly.\n"); - $ENV{MIGRATE_BROKEN_PWD} = "1"; # decode and re-encode correctly - } - - debug(3, "Executing @bindir@/migratecred -o $mig->{actualsroot}/$inst -n @instconfigdir@/$inst -c $qoldval . . .\n"); - my $newval = `@bindir@/migratecred -o $mig->{actualsroot}/$inst -n @instconfigdir@/$inst -c $qoldval`; - chomp($newval); - delete $ENV{MIGRATE_BROKEN_PWD}; # clear the flag, if set - debug(3, "Converted old value [$oldval] to new value [$newval] for attr $attr in entry ", $ent->getDN(), "\n"); - return $newval; -} - -sub removensState { - my ($ent, $attr, $mig, $inst) = @_; - my $newval; - - # nsstate is binary and cannot be migrated cross platform - if (!$mig->{crossplatform}) { - $newval = $ent->getValues($attr); - } - - return $newval; -} - -sub migIdlSwitch { - my ($ent, $attr, $mig, $inst) = @_; - my $newval; - - # if doing cross platform migration, just use the default value for - # nsslapd-idl-switch - # if not doing cross platform, meaning we just use the existing - # database binaries, we must preserve whatever the old value is - # unless migrating from 6.21 or earlier, in which case we must - # be migrating from LDIF, and must use the new idl switch - if (!$mig->{crossplatform}) { - # the given entry is the old entry - see if it has the nsslapd-directory - my $olddbdir = $ent->getValues('nsslapd-db-home-directory') || - $ent->getValues('nsslapd-directory') || - "$mig->{actualsroot}/$inst/db"; # old default db home directory - # replace the old sroot value with the actual physical location on the target/dest - $olddbdir =~ s/^$mig->{actualsroot}/$mig->{oldsroot}/; - my @errs; - my $isold = isOldDatabase($olddbdir, \@errs); - if (@errs) { - $mig->msg($FATAL, @errs); - return $newval; # use default new value - } elsif ($isold) { - debug(3, "The database in $olddbdir is too old to migrate the idl switch setting\n"); - return $newval; # use default new value - } - - # else the database could be in the new format already - preserve - # the user's old value - $newval = $ent->getValues($attr); - } - - return $newval; -} - -# these are attributes that we have to transform from -# the old value to the new value (e.g. a pathname) -# The key of this hash is the attribute name. The value -# is an anonymous sub which takes two arguments - the entry -# and the old value. The return value of the sub is -# the new value -my %transformAttr = -( - 'nsslapd-directory' => \&getNewDbDir, - 'nsslapd-db-logdirectory' => \&getNewDbDir, - 'nsslapd-changelogdir' => \&getNewDbDir, - 'nsds5replicacredentials' => \&migrateCredentials, - 'nsmultiplexorcredentials' => \&migrateCredentials, - 'nsstate' => \&removensState, - 'nsslapd-idl-switch' => \&migIdlSwitch -); - -sub copyDatabaseDirs { - my $srcdir = shift; - my $destdir = shift; - my $filesonly = shift; - my @errs; - - my $isold = isOldDatabase($srcdir, \@errs); - if (@errs) { - return @errs; - } elsif ($isold) { - return ('error_database_too_old', $srcdir); - } - - if (-d $srcdir && ! -d $destdir && !$filesonly) { - debug(1, "Copying database directory $srcdir to $destdir\n"); - if (system ("cp -p -r $srcdir $destdir")) { - return ('error_copying_dbdir', $srcdir, $destdir, $?); - } - } elsif (! -d $srcdir) { - return ("error_dbsrcdir_not_exist", $srcdir); - } else { - debug(1, "The destination directory $destdir already exists, copying files/dirs individually\n"); - $! = 0; - debug(1, "Removing any existing db files in $destdir\n"); - foreach my $file (glob("$destdir/*")) { - next if (! -f $file); - unlink($file); - if ($!) { - return ("error_removing_temp_db_files", $destdir, $!); - } - } - foreach my $file (glob("$srcdir/*")) { - if (-f $file) { - debug(3, "Copying $file to $destdir\n"); - if (system ("cp -p $file $destdir")) { - return ('error_copying_dbfile', $file, $destdir, $?); - } - } elsif (-d $file && !$filesonly) { - debug(3, "Copying $file to $destdir\n"); - if (system ("cp -p -r $file $destdir")) { - return ('error_copying_dbdir', $file, $destdir, $?); - } - } - } - } - - return (); -} - -# older versions may use the old Netscape names e.g. Netscape Administration Server -# we have to convert these to the new names e.g. @capbrand@ Administration Server -sub migrateNetscapeRoot { - my $ldiffile = shift; - my ($fh, $tmpldiffile); - # create a temp inf file for writing for other processes - # never overwrite the user supplied inf file - ($fh, $tmpldiffile) = tempfile("nsrootXXXXXX", UNLINK => 0, - SUFFIX => ".ldif", OPEN => 1, - DIR => File::Spec->tmpdir); - if (!open( MYLDIF, "$ldiffile" )) { - debug(1, "Error: Can't open $ldiffile: $!"); - return; - } - my $in = new Mozilla::LDAP::LDIF(*MYLDIF); - while (my $ent = readOneEntry $in) { - my $dn = $ent->getDN(); - next if (!$dn); # netscaperoot should not have the empty dn - $dn =~ s/\bNetscape\b/@capbrand@/g; - $ent->setDN($dn); - foreach my $attr (keys %{$ent}) { - my @vals = $ent->getValues($attr); - map { s/\bNetscape\b/@capbrand@/g } @vals; - $ent->setValues($attr, @vals); - } - Mozilla::LDAP::LDIF::put_LDIF($fh, 78, $ent); - } - close( MYLDIF ); - close( $fh ); - - return $tmpldiffile; -} - -sub fixIntegerIndexes { - my $mig = shift; - my $inst_dir = shift; - my $newdbdir = shift; - - if (!$mig->{integerattrs}) { - debug(1, "No integer syntax attributes, no indexes fixed\n"); - return (); - } - - # look at each index file in the db dir - # if it is on our list of integer attributes, - # remove it and re-create it - my $dbname = basename($newdbdir); - for (glob("$newdbdir/*.db4")) { - my $indexname = basename($_, '.db4'); - if ($mig->{integerattrs}->{lc $indexname}) { - $mig->msg($INFO, 'fixing_integer_attr_index', $indexname, $newdbdir); - debug(1, "Removing file $_\n"); - if (! unlink $_) { - debug(1, "Error: could not remove file $_: $!\n"); - return ('error_removing_index_file', $_, $!); - } - my $cmd = "$inst_dir/db2index -n \"$dbname\" -t \"$indexname\""; - debug(1, "Re-creating index file $_: $cmd\n"); - $? = 0; # clear error condition - my $output = `$cmd 2>&1`; - if ($?) { - return ('error_recreating_index_file', $_, $output); - } - debug(1, $output); - } else { - debug(3, "Index $indexname is not for an integer syntax attribute - skipping\n"); - } - } - - return (); -} - -# migrate all of the databases in an instance -sub migrateDatabases { - my $mig = shift; # the Migration object - my $inst = shift; # the instance name (e.g. slapd-instance) - my $src = shift; # a Conn to the source - my $dest = shift; # a Conn to the dest - my $olddefault = "$mig->{actualsroot}/$inst/db"; # old default db home directory - my @errs; - - # the ldif2db command will be in nsslapd-instancedir - my $cfgent = $dest->search("cn=config", "base", "(objectclass=*)"); - my $inst_dir = $cfgent->getValues('nsslapd-instancedir'); - # first, look for an LDIF file in that directory with the same name as the - # database - my $foundldif; - for (glob("$mig->{oldsroot}/$inst/db/*.ldif")) { - my $fname = $_; - my $dbname = basename($fname, '.ldif'); - my $deleteflag = 0; - if ($fname =~ /NetscapeRoot.ldif$/) { - $fname = migrateNetscapeRoot($fname); - if ($fname) { - # make sure $fname is owned by the server user - my $cfgent = $dest->search("cn=config", "base", "(objectclass=*)"); - my $user = $cfgent->getValues('nsslapd-localuser'); - my $uid = getpwnam $user; - chown $uid, -1, $fname; - $deleteflag = 1; - } else { - return ("error_creating_templdif", $!); - } - } - my $cmd = "$inst_dir/ldif2db -n \"$dbname\" -i \"$fname\""; - debug(1, "migrateDatabases: executing command $cmd\n"); - $? = 0; # clear error condition - my $output = `$cmd 2>&1`; - if ($deleteflag) { - unlink($fname); - } - if ($?) { - return ('error_importing_migrated_db', $fname, $?, $output); - } - debug(1, $output); - $foundldif = 1; - } - - if ($foundldif) { - return (); # done - can do nothing else for cross-platform - } elsif ($mig->{crossplatform}) { # cross platform requires LDIF files - return ('ldif_required_for_cross_platform', "$mig->{oldsroot}/$inst/db"); - } - - # if no LDIF files, just copy over the database directories - my $ent = $src->search("cn=ldbm database,cn=plugins,cn=config", "one", - "(objectclass=*)"); - if (!$ent) { - return ("error_reading_olddbconfig", $src->getErrorString()); - } - # there is one case where we want to just use the existing db directory - # that's the case where the user has moved the indexes and/or the - # transaction logs to different partitions for performance - # in that case, the old directory will not be the same as the default, - # and the directory will exist - my $olddefault = "$mig->{actualsroot}/$inst"; - do { - my $cn = $ent->getValues('cn'); - my %objclasses = map { lc($_) => $_ } $ent->getValues('objectclass'); - if ($cn eq 'config') { # global config - my $newent = $dest->search($ent->getDN(), "base", "(objectclass=*)"); - my $newdbdir = ""; - if ("@with_fhs_opt@") { - $newdbdir = $newent->getValues('nsslapd-directory') || - "@localstatedir@/$mig->{pkgname}/$inst/db"; - } else { - $newdbdir = $newent->getValues('nsslapd-directory') || - "@localstatedir@/lib/$mig->{pkgname}/$inst/db"; - } - debug(1, "Found ldbm database plugin config entry ", $ent->getDN(), "\n"); - my $dir = $ent->getValues('nsslapd-directory'); - my $homedir = $ent->getValues('nsslapd-db-home-directory'); - my $logdir = $ent->getValues('nsslapd-db-logdirectory'); - debug(1, "old db dir = $dir homedir = $homedir logdir = $logdir\n"); - my $srcdir = $homedir || $dir || "$olddefault/db"; - if (-d $srcdir and ($srcdir !~ /^$olddefault/)) { - debug(2, "Not copying database files from [$srcdir]\n"); - } else { - # replace the old sroot value with the actual physical location on the target/dest - $srcdir =~ s/^$mig->{actualsroot}/$mig->{oldsroot}/; - if (@errs = copyDatabaseDirs($srcdir, $newdbdir, 1)) { - return @errs; - } - } - if ($logdir && ($logdir ne $srcdir)) { - if (-d $logdir and ($logdir !~ /^$olddefault/)) { - debug(2, "Not copying transaction logs from [$logdir]\n"); - } else { - # replace the old sroot value with the actual physical location on the target/dest - $newdbdir = $newent->getValues('nsslapd-db-logdirectory') || - $newdbdir; - $logdir =~ s/^$mig->{actualsroot}/$mig->{oldsroot}/; - if (@errs = copyDatabaseDirs($logdir, $newdbdir, 1)) { - return @errs; - } - } - } - } elsif ($objclasses{nsbackendinstance}) { - debug(1, "Found ldbm database instance entry ", $ent->getDN(), "\n"); - my $dir = $ent->getValues('nsslapd-directory'); - # the default db instance directory is - # $oldroot/$inst/$cn - debug(1, "old instance $cn dbdir $dir\n"); - my $srcdir = $dir || "$olddefault/db/$cn"; - my $newent = $dest->search($ent->getDN(), "base", "(objectclass=*)"); - my $newdbdir = ""; - if ("@with_fhs_opt@") { - $newdbdir = $newent->getValues('nsslapd-directory') || - "@localstatedir@/$mig->{pkgname}/$inst/db/$cn"; - } else { - $newdbdir = $newent->getValues('nsslapd-directory') || - "@localstatedir@/lib/$mig->{pkgname}/$inst/db/$cn"; - } - if (-d $srcdir and ($srcdir !~ /^$olddefault/)) { - debug(2, "Not copying database indexes from [$srcdir]\n"); - } else { - # replace the old sroot value with the actual physical location on the target/dest - $srcdir =~ s/^$mig->{actualsroot}/$mig->{oldsroot}/; - if (@errs = copyDatabaseDirs($srcdir, "$newdbdir")) { - return @errs; - } - # fix up the integer indexes - if ($mig->{integerattrs}) { - debug(3, "The schema has some integer attributes\n"); - if (@errs = fixIntegerIndexes($mig, $inst_dir, $newdbdir)) { - return @errs; - } - } else { - debug(3, "No integer attributes to fix for $newdbdir\n"); - } - } - } - } while ($ent = $src->nextEntry()); - - return (); -} - -sub migrateChangelogs { - my $mig = shift; # the Migration object - my $inst = shift; # the instance name (e.g. slapd-instance) - my $src = shift; # a Conn to the source - my $dest = shift; # a Conn to the dest - my $olddefault = "$mig->{actualsroot}/$inst"; # old default db home directory - # changelog config entry - my $oldent = $src->search("cn=changelog5, cn=config", "base", "(objectclass=*)"); - my $newent = $dest->search("cn=changelog5, cn=config", "base", "(objectclass=*)"); - if ($oldent and $newent) { # changelog configured - my $oldcldir = $oldent->getValues('nsslapd-changelogdir'); - if (-d $oldcldir and ($oldcldir !~ /^$olddefault/)) { - debug(2, "Not copying changelogdb from [$oldcldir]\n"); - } else { - # replace the old sroot value with the actual physical location on the target/dest - $oldcldir =~ s/^$mig->{actualsroot}/$mig->{oldsroot}/; - my $newcldir = $newent->getValues('nsslapd-changelogdir'); - my @errs = copyDatabaseDirs($oldcldir, $newcldir); - if (@errs) { - return @errs; - } - } - } - - return (); -} - -sub fixAttrsInEntry { - my ($ent, $mig, $inst) = @_; - for my $attr (keys %{$ent}) { - my $lcattr = lc $attr; - if ($ignoreOld{$lcattr}) { - debug(3, "fixAttrsInEntry: ignoring old invalid or obsolete attr $attr\n"); - $ent->remove($attr); - next; - } elsif ($transformAttr{$lcattr}) { - my $newval = &{$transformAttr{$lcattr}}($ent, $attr, $mig, $inst); - if (!$newval) { - debug(2, "Removing attribute $attr from entry ", $ent->getDN(), "\n"); - $ent->remove($attr); - } else { - debug(2, "Setting new value $newval for attribute $attr in entry ", $ent->getDN(), "\n"); - $ent->setValues($attr, $newval); - } - } # else just keep as is - } -} - -sub mergeEntries { - my ($old, $new, $mig, $inst) = @_; - my %inoldonly; # attrs in old entry but not new one - my %innewonly; # attrs in new entry but not old one - my @attrs; # attrs common to old and new - # if the attribute exists in the old entry but not the new one - # we should probably add it (checking for special cases first) - # if the attribute exists in the new entry but not the old one - # we might have to delete it from the new entry - # first, get a list of all attributes - foreach my $attr (keys %{$old}) { - if (! $new->exists($attr)) { - $inoldonly{$attr} = $attr; - } else { - push @attrs, $attr; - } - } - foreach my $attr (keys %{$new}) { - if (! $old->exists($attr)) { - $innewonly{$attr} = $attr; - } - } - - # iterate through the attr lists - my $cn = lc $new->getValues("cn"); - foreach my $attr (keys %inoldonly, keys %innewonly, @attrs) { - debug(3, "mergeEntries: merging entry ", $old->getDN(), " attr $attr\n"); - my $lcattr = lc $attr; - if ($ignoreOld{$lcattr}) { - debug(3, "mergeEntries: ignoring old invalid or obsolete attr $attr\n"); - next; # use new value or just omit if attr is obsolete - } elsif ($transformAttr{$lcattr}) { - # only transform if the value is in the old entry - if (!$innewonly{$attr}) { - my $oldval = $old->getValues($attr); - my $newval = &{$transformAttr{$lcattr}}($old, $attr, $mig, $inst); - if (!$newval) { - debug(3, "Removing attribute $attr from entry ", $new->getDN(), "\n"); - $new->remove($attr); - } else { - debug(3, "Setting new value $newval for attribute $attr in entry ", $new->getDN(), "\n"); - $new->setValues($attr, $newval); - } - } - } elsif ($cn eq "internationalization plugin" and $lcattr eq "nsslapd-pluginarg0") { - debug(3, "mergeEntries: using new value of internationalization plugin nsslapd-pluginarg0\n"); - next; # use the new value of this path name - } elsif ($cn eq "referential integrity postoperation" and $lcattr eq "nsslapd-pluginarg1") { - debug(3, "mergeEntries: using new value of referential integrity postoperation nsslapd-pluginarg1\n"); - next; # use the new value of this path name - } elsif ($innewonly{$attr}) { - debug(3, "mergeEntries: removing attr $attr from new entry\n"); - $new->remove($attr); # in new but not old - just remove it - } else { - my $oldval = $old->getValues($attr); - my $newval = $new->getValues($attr); - $new->setValues($attr, $old->getValues($attr)); # use old value - debug(3, "mergeEntries: using old val $oldval instead of new val $newval\n"); - } - } -} - -my @allattrlist = ('*', 'aci', 'createTimestamp', 'creatorsName', - 'modifyTimestamp', 'modifiersName'); - -sub getAllEntries { - my $conn = shift; - my $href = shift; - my $aref = shift; - - # these are the special DSEs for which we only need ACIs - for my $dn ("", "cn=monitor", "cn=config") { - my $scope = $dn ? "sub" : "base"; - my @attrlist; - if ($dn eq "cn=config") { - @attrlist = @allattrlist; - } else { - @attrlist = qw(aci); - } - my $ent = $conn->search($dn, $scope, "(objectclass=*)", 0, @attrlist); - next if (!$ent or ($conn->getErrorCode() eq 32)); - if ($conn->getErrorCode()) { - return ('error_reading_entry', $dn, $conn->getErrorString()); - } - do { - my $ndn = normalizeDN($ent->getDN()); - $href->{$ndn} = $ent; - push @{$aref}, $ndn; - } while ($ent = $conn->nextEntry()); - } - - return (); -} - -# these entries cannot be migrated if doing cross platform -my %noCrossPlatformDN = ( - 'cn=uniqueid generator,cn=config' => 'cn=uniqueid generator,cn=config' -); - -sub mergeConfigEntries { - my $mig = shift; # the Migration object - my $inst = shift; # the instance name (e.g. slapd-instance) - my $src = shift; # a Conn to the source - my $dest = shift; # a Conn to the dest - - # first, read in old file - my %olddse; # map of normalized DN to Entry - my @olddns; # the DNs in their original order - my @errs; - if (@errs = getAllEntries($src, \%olddse, \@olddns)) { - return @errs; - } - - # next, read in new file - my %newdse; # map of normalized DN to Entry - my @allnewdns; - my @newdns; # the DNs in their original order that are not in olddns - if (@errs = getAllEntries($dest, \%newdse, \@allnewdns)) { - return @errs; - } - - for my $ndn (@allnewdns) { - if (! exists $olddse{$ndn}) { - push @newdns, $ndn; - } - } - - # now, compare entries - # if the entry exists in the old tree but not the new, add it - # if the entry exists in the new tree but not the old, delete it - # otherwise, merge the entries - # @olddns contains the dns in the old dse.ldif, including ones that - # may also be in the new dse.ldif - # @newdns contains dns that are only in the new dse.ldif - for my $dn (@olddns, @newdns) { - my $oldent = $olddse{$dn}; - my $newent = $newdse{$dn}; - my $op; - my $rc = 1; - if ($mig->{crossplatform} && $noCrossPlatformDN{$dn}) { - debug(1, "Cannot migrate the entry $dn - skipping\n"); - next; - } elsif ($oldent && !$newent) { - if (!$ignoreOldEntries{$dn}) { # make sure it's not obsolete - # may have to fix up some values in the old entry - fixAttrsInEntry($oldent, $mig, $inst); - $rc = $dest->add($oldent); - $op = "add"; - } else { - debug(2, "Ignoring entry $dn - configuration not supported\n"); - } - } elsif (!$oldent && $newent) { - if ($dn =~ /o=deleteAfterMigration/i) { - $rc = $dest->delete($dn); - $op = "delete"; - } else { - # do nothing - no change to entry - } - } else { #merge - # $newent will contain the merged entry - mergeEntries($oldent, $newent, $mig, $inst); - $rc = $dest->update($newent); - $op = "update"; - } - - if (!$rc) { - return ('error_updating_merge_entry', $op, $dn, $dest->getErrorString()); - } - } - - return (); -} - -my %deletedschema = ( - '50ns-calendar' => '50ns-calendar.ldif', - '50ns-compass' => '50ns-compass.ldif', - '50ns-delegated-admin' => '50ns-delegated-admin.ldif', - '50ns-legacy' => '50ns-legacy.ldif', - '50ns-mail' => '50ns-mail.ldif', - '50ns-mcd-browser' => '50ns-mcd-browser.ldif', - '50ns-mcd-config' => '50ns-mcd-config.ldif', - '50ns-mcd-li' => '50ns-mcd-li.ldif', - '50ns-mcd-mail' => '50ns-mcd-mail.ldif', - '50ns-media' => '50ns-media.ldif', - '50ns-mlm' => '50ns-mlm.ldif', - '50ns-msg' => '50ns-msg.ldif', - '50ns-netshare' => '50ns-netshare.ldif', - '50ns-news' => '50ns-news.ldif', - '50ns-proxy' => '50ns-proxy.ldif', - '50ns-wcal' => '50ns-wcal.ldif', - '51ns-calendar' => '51ns-calendar.ldif' -); - -# these indexes are handled specially by the db code -my %intattrstoskip = ( - 'numsubordinates' => 'numSubordinates', - 'hassubordinates' => 'hasSubordinates' -); - -sub fixup99user { - my $mig = shift; # the Migration object - my $inst = shift; # The name of the instance - my $newschemadir = shift; # the new instance's schema path - - my %attrstoskip = (); - my %objclassestoskip = (); - my $uid; - my $gid; - my $mode; - - # Read every schema file in the legacy server's schema directory - for (glob("$mig->{oldsroot}/$inst/config/schema/*.ldif")) { - if (!open( OLDSCHEMA, $_ )) { - debug(0, "Can't open schema file $_: $!\n"); - next; - } - - # Read attributes from each file, looking for ones that contain - # the string "DESC ''". - my $in = new Mozilla::LDAP::LDIF(*OLDSCHEMA); - while (my $ent = readOneEntry $in) { - my @attrs = $ent->getValues('attributeTypes'); - my @objclasses = $ent->getValues('objectClasses'); - foreach my $attr (@attrs) { - debug(4, "Checking if attribute should be added to skip list ($attr)\n"); - if ($attr =~ /\(\s*(\S*)\s*NAME .* DESC \'\'/) { - # Store the OID of those in an associative array for - # quick lookups later. - debug(3, "Adding attribute to list to skip (OID $1)\n"); - $attrstoskip{"$1"} = 1; - } - } - - foreach my $objclass (@objclasses) { - debug(4, "Checking if objectclass should be added to skip list ($objclass)\n"); - if ($objclass =~ /\(\s*(\S*)\s*NAME .* DESC \'\'/) { - # Store the OID of those in an associative array for - # quick lookups later. - debug(3, "Adding objectclass to list to skip (OID $1)\n"); - $objclassestoskip{"$1"} = 1; - } - } - } - - close(OLDSCHEMA); - } - - # Open the 99user.ldif file in the new server schema directory, which is a - # copy of the one in the legacy server. Also open a tempfile. - if (!open(USERSCHEMA, "$newschemadir/99user.ldif")) { - return ("error_opening_schema", "$newschemadir/99user.ldif", $!); - } - - # Open a tempfile to write the cleaned 99user.ldif to - if (!open(TMPSCHEMA, ">$newschemadir/99user.ldif.tmp")) { - close(USERSCHEMA); - return ("error_opening_schema", "$newschemadir/99user.ldif.tmp", $!); - } - - # Iterate through every attribute in the 99user.ldif file and write them to the - # tempfile if their OID doesn't exist in the "bad schema" array. - my $in = new Mozilla::LDAP::LDIF(*USERSCHEMA); - while (my $ent = readOneEntry $in) { - my @attrs = $ent->getValues('attributeTypes'); - my @objclasses = $ent->getValues('objectClasses'); - my @keepattrs; - my @keepobjclasses; - foreach my $attr (@attrs) { - if ($attr =~ /\(\s*(\S*)\s*NAME/) { - debug(3, "Checking if attribute should be trimmed (OID $1)\n"); - # See if this OID is in our list of attrs to skip - if ($attrstoskip{"$1"}) { - debug(2, "Trimming attribute from 99user.ldif (OID $1)\n"); - next; - } - } - - # Keep this value - debug(3, "Keeping attribute in 99user.ldif (OID $1)\n"); - push @keepattrs, $attr; - } - - foreach my $objclass (@objclasses) { - if ($objclass =~ /\(\s*(\S*)\s*NAME/) { - debug(3, "Checking if objectclass should be trimmed (OID $1)\n"); - # See if this OID is in our list of objectclasses to skip - if ($objclassestoskip{"$1"}) { - debug(2, "Trimming objectclass from 99user.ldif (OID $1)\n"); - next; - } - } - - # Keep this value - debug(3, "Keeping objectclass in 99user.ldif (OID $1)\n"); - push @keepobjclasses, $objclass; - } - - # Update the entry with the values we want to keep - if ($#keepattrs >= $[) { - $ent->setValues("attributetypes", @keepattrs); - } else { - $ent->remove("attributetypes"); - } - - if ($#keepobjclasses >= $[) { - $ent->setValues("objectclasses", @keepobjclasses); - } else { - $ent->remove("objectclasses"); - } - - # Write the entry to temp schema file - my $oldfh = select(TMPSCHEMA); - $ent->printLDIF(); - select($oldfh); - } - - close(USERSCHEMA); - close(TMPSCHEMA); - - # Make the ownership and permissions on the temp schema file - # the same as the copied 99user.ldif. - ($mode, $uid, $gid) = (stat("$newschemadir/99user.ldif"))[2,4,5]; - if ((chown $uid, $gid, "$newschemadir/99user.ldif.tmp") != 1) { - return ("error_schema_permissions", "$newschemadir/99user.ldif.tmp", $!); - } - - if ((chmod $mode, "$newschemadir/99user.ldif.tmp") != 1) { - return ("error_schema_permissions", "$newschemadir/99user.ldif.tmp", $!); - } - - # Replace the copied 99user.ldif with the trimmed file. - if ((rename "$newschemadir/99user.ldif.tmp", "$newschemadir/99user.ldif") != 1) { - return ("error_renaming_schema", "$newschemadir/99user.ldif.tmp", "$newschemadir/99user.ldif", $!); - } - - return(); -} - -sub migrateSchema { - my $mig = shift; # the Migration object - my $inst = shift; # the instance name (e.g. slapd-instance) - my $src = shift; # a Conn to the source - my $dest = shift; # a Conn to the dest - - my @errs; - my $cfgent = $dest->search("cn=config", "base", "(objectclass=*)"); - my $newschemadir = $cfgent->getValues('nsslapd-schemadir') || - "$mig->{configdir}/$inst/schema"; - my %newschema = map {basename($_, '.ldif') => $_} glob("$newschemadir/*.ldif"); - delete $newschema{"99user"}; # always copy this one - for (glob("$mig->{oldsroot}/$inst/config/schema/*.ldif")) { - my $fname = basename($_, '.ldif'); - next if ($deletedschema{$fname}); # don't copy deleted schema - next if ($newschema{$fname}); # use new version - if (system("cp -p $_ $newschemadir")) { - return ("error_migrating_schema", $_, $!); - } - } - - # fixup any attributes with missing descriptions in 99user.ldif - if (@errs = fixup99user($mig, $inst, $newschemadir)) { - return @errs; - } - - if (!$mig->{crossplatform}) { - # now, for all of the new schema, we need to get the list of attribute - # types with INTEGER syntax, including derived types (e.g. SUP 'attr') - # not required for cross platform because import of the old ldif file - # will automatically recreate all indexes - my %intattrs = (); - for (glob("$newschemadir/*.ldif")) { - # read in schema entry from LDIF - if (!open( MYSCHEMA, $_ )) { - debug(0, "Can't open schema file $_: $!\n"); - next; - } - my $in = new Mozilla::LDAP::LDIF(*MYSCHEMA); - while (my $ent = readOneEntry $in) { - my @attrs = $ent->getValues('attributeTypes'); - foreach my $attr (@attrs) { - # first see if the attribute definition uses INTEGER syntax - # else see if the super uses INTEGER - note this assumes the attributes - # are listed in the files in SUP order - that is, an attribute does - # not reference a SUP before it is defined - if ($attr =~ / NAME (?:\(\s)?[\']?(\w+)[\']?.* SYNTAX 1.3.6.1.4.1.1466.115.121.1.27[\{\s]/) { - next if ($intattrstoskip{lc $1}); - $intattrs{lc $1} = $1; - } elsif (($attr =~ / NAME (?:\(\s)?[\']?(\w+)[\']?.*SUP [\']?(\w+)[\']?/) && - $intattrs{lc $2}) { - next if ($intattrstoskip{lc $1}); - $intattrs{lc $1} = $1; - } - } - } - close MYSCHEMA; - } - # %intattrs now contains all of the integer valued attributes - $mig->{integerattrs} = \%intattrs; # hashref - } - - return (); -} - -sub migrateDSInstance { - my $mig = shift; # the Migration object - my $inst = shift; # the instance name (e.g. slapd-instance) - my $src = shift; # a Conn to the source - my $dest = shift; # a Conn to the dest - - my @errs; - # first, merge dse ldif - if (@errs = mergeConfigEntries($mig, $inst, $src, $dest)) { - return @errs; - } - - # next, grab the old schema - if (@errs = migrateSchema($mig, $inst, $src, $dest)) { - return @errs; - } - - if (@errs = updateDS($mig)) { - return @errs; - } - - # next, the databases - if (@errs = migrateDatabases($mig, $inst, $src, $dest)) { - return @errs; - } - - # next, the changelogs - if (!$mig->{crossplatform}) { - if (@errs = migrateChangelogs($mig, $inst, $src, $dest)) { - return @errs; - } - } - - # next, the security files - my $cfgent = $dest->search("cn=config", "base", "(objectclass=*)"); - my $newcertdir = $cfgent->getValues("nsslapd-certdir") || - "@instconfigdir@/$inst"; - $mig->migrateSecurityFiles($inst, $newcertdir); - - return @errs; -} - -sub migrateDS { - my $mig = shift; - my @errs; - - # migration needs to know the instance directory for the directory - # servers - this assumes they are all in the same place - if (!$mig->{ServerRoot}) { - if ("@with_fhs_opt@") { - $mig->{ServerRoot} = "$mig->{inf}->{General}->{prefix}/opt/@PACKAGE_NAME@"; - } else { - $mig->{ServerRoot} = "$mig->{inf}->{General}->{prefix}@serverdir@"; - } - } - - # for each instance - foreach my $inst (@{$mig->{instances}}) { - if (-f "$mig->{configdir}/$inst/dse.ldif") { - $mig->msg($WARN, 'instance_already_exists', "$mig->{configdir}/$inst/dse.ldif"); - next; - } - - # you could theoretically make this work with either a remote source or - # remote dest - # $mig->{inf} would contain an entry for each instance e.g. - # $mig->{inf}->{$inst} - # each instance specific entry would contain a {General} and a {slapd} - # all the information necessary to open an LDAP::Conn to the server - # if the source, you could also change createInfFromConfig to read - # the info from the Conn (or FileConn) that's needed to create the - # instance on the dest - - # extract the information needed for ds_newinst.pl - my $oldconfigdir = "$mig->{oldsroot}/$inst/config"; - my $inf = createInfFromConfig($oldconfigdir, $inst, \@errs); - if (@errs) { - $mig->msg(@errs); - return 0; - } - if (!$inf) { - $mig->msg($FATAL, 'error_opening_dseldif', "$oldconfigdir/dse.ldif", $!); - return 0; - } - debug(2, "Using inf created from $oldconfigdir\n"); - - # create servers but do not start them until after databases - # have been migrated - $inf->{slapd}->{start_server} = 0; - - # create the new instance - @errs = createDSInstance($inf); - if ($inf->{filename}) { - unlink($inf->{filename}); - } - if (@errs) { - $mig->msg(@errs); - $mig->msg($FATAL, 'error_creating_dsinstance', $inst); - goto cleanup; - } else { - $mig->msg('created_dsinstance', $inst); - } - - my $src = new FileConn("$oldconfigdir/dse.ldif", 1); # read-only - if (!$src) { - $mig->msg($FATAL, 'error_opening_dseldif', "$oldconfigdir/dse.ldif", $!); - goto cleanup; - } - my $dest = new FileConn("$mig->{configdir}/$inst/dse.ldif"); - if (!$dest) { - $src->close(); - $mig->msg($FATAL, 'error_opening_dseldif', "$mig->{configdir}/$inst/dse.ldif", $!); - goto cleanup; - } - - @errs = migrateDSInstance($mig, $inst, $src, $dest); - $src->close(); - $dest->close(); - if (@errs) { - $mig->msg(@errs); - goto cleanup; - } - - # ensure any selinux relabeling gets done if needed - DSCreate::updateSelinuxPolicy($inf); - - # do the tmpfiles.d stuff - @errs = DSCreate::updateTmpfilesDotD($inf); - if (@errs) { - $mig->msg(@errs); - goto cleanup; - } - - # do the systemd stuff - @errs = DSCreate::updateSystemD(0, $inf); - if (@errs) { - $mig->msg(@errs); - goto cleanup; - } - - # finally, start the server - if ($mig->{start_servers}) { - $inf->{slapd}->{start_server} = 1; - if (@errs = DSCreate::startServer($inf)) { - $mig->msg(@errs); - goto cleanup; - } - } - - next; - -cleanup: - if (-d "$mig->{configdir}/$inst") { - @errs = removeDSInstance($inf->{slapd}->{ServerIdentifier}, 1, "" ,"", $mig->{inf}->{General}->{prefix} ); - if (@errs) { - $mig->msg(@errs); - } - } - return 0; - } - - return 1; -} - -############################################################################# -# Mandatory TRUE return value. -# -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/DSSharedLib.in b/ldap/admin/src/scripts/DSSharedLib.in deleted file mode 100644 index e41b259..0000000 --- a/ldap/admin/src/scripts/DSSharedLib.in +++ /dev/null @@ -1,179 +0,0 @@ -libpath_add() -{ - [ -z "$1" ] && return - LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1 -} - -# Pass a patch to the instance, and return the server ID -normalize_server_id() -{ - servid=$1 - servid=`echo "$servid" | sed 's#^@instconfigdir@/slapd-##'` - echo $servid -} - -# -# Get all the instances -# -get_slapd_instances () -{ - CONFIG_DIR=$1 - instances= - found=1 - for inst in $CONFIG_DIR/slapd-* ; do - if [[ ! $inst =~ ".removed" ]] ; then - if [ -z "$instances" ] ; then - instances=$inst - else - instances="$instances $inst" - fi - found=0 - fi - done - echo $instances - return $found -} - -get_slapd_instance () -{ - dir=$1 - servid=$2 - first="yes" - inst_count=0 - instances="" - - # normalize servid, if given - if [ -n "$servid" ] - then - servid=`normalize_server_id $servid` - fi - - for instance in `get_slapd_instances $dir` - do - inst_count=`expr $inst_count + 1` - id=`normalize_server_id $instance` - if [ -n "$servid" ] && [ "$id" = "$servid" ] - then - # found it - echo $id - exit 0 - fi - if [ $first = "yes" ] - then - instances=$id - first="no" - else - instances=$instances", $id" - fi - done - - # server id not provided, check if there is only one instance - if [ -z "$servid" ] && [ $inst_count -eq 1 ] - then - # return the file - echo $instances - exit 0 - else - # Either we have an invalid name, or more than one instance is available - # Return the available instances instead of the config file - echo $instances - exit 1; - fi - -} - - -# -# -# -process_dse () -{ - configdir=$1 - pid=$2 - file="$configdir/dse.ldif" - OLD_IFS=$IFS - IFS="" - while read -r LINE - do - case $LINE in - ' '*) - ;; - *) - if [ -n "$output" ] - then - echo "$output" >> /tmp/DSSharedLib.$pid - output="" - fi - ;; - esac - if [ -n "$output" ] - then - case $LINE in - ' '*) - # continuation line, strip the space and append it - LINE=`echo "$LINE" | sed -e 's/^ //'` - output=$output$LINE - ;; - esac - else - case $LINE in - nsslapd-certdir*|\ - nsslapd-ldapiautobind*|\ - nsslapd-ldapilisten*|\ - nsslapd-ldapifilepath*|\ - nsslapd-localhost*|\ - nsslapd-port*|\ - nsslapd-rootdn*|\ - nsslapd-securePort*|\ - nsslapd-security*) - output=$LINE - ;; - esac - fi - - done < $file - - IFS=$OLD_IFS -} - -# -# Check protocol -# -check_protocol () -{ - protocol=$1 - security=$2 - ldapi=$3 - openldap=$4 - - if [ "$protocol" = "LDAPI" ] && [ "$openldap" != "yes" ]; then - echo "" - exit - elif [ "$protocol" = "LDAPI" ] && [ "$ldapi" = "off" ]; then - echo "" - exit - elif [ "$protocol" = "STARTTLS" ]; then - if [ -z "$security" ] || [ "$security" = "off" ]; then - echo "" - exit - fi - elif [ "$protocol" = "LDAPS" ]; then - if [ -z "$security" ] || [ "$security" = "off" ]; then - echo "" - exit - fi - fi - - if [ "$protocol" != "" ]; then - if [ "$protocol" != "STARTTLS" ] && - [ "$protocol" != "LDAPS" ] && - [ "$protocol" != "LDAPI" ] && - [ "$protocol" != "LDAP" ] - then - echo "" - exit - fi - fi - - echo "$protocol" -} diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in deleted file mode 100644 index d2e0e8a..0000000 --- a/ldap/admin/src/scripts/DSUpdate.pm.in +++ /dev/null @@ -1,538 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2009 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -########################### -# -# This perl module provides code to update/upgrade directory -# server shared files/config and instance specific files/config -# -########################## - -package DSUpdate; -use DSUtil; -use Inf; -use FileConn; -use DSCreate qw(setDefaults createInstanceScripts makeOtherConfigFiles - makeDSDirs updateSelinuxPolicy updateTmpfilesDotD updateSystemD); - -use File::Basename qw(basename dirname); - -# load perldap -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(ldap_explode_dn); -use Mozilla::LDAP::LDIF; - -use Exporter; -@ISA = qw(Exporter); -@EXPORT = qw(updateDS isOffline); -@EXPORT_OK = qw(updateDS isOffline); - -use strict; - -use SetupLog; - -# the default location of the updates - this is a subdir -# of the directory server data dir (e.g. /usr/share/dirsrv) -# the default directory is read-only - if you need to provide -# additional updates, pass in additional update directories -# to updateDS -my $DS_UPDATE_PATH = "@updatedir@"; - -my $PRE_STAGE = "pre"; -my $PREINST_STAGE = "preinst"; -my $RUNINST_STAGE = "runinst"; -my $POSTINST_STAGE = "postinst"; -my $POST_STAGE = "post"; - -my @STAGES = ($PRE_STAGE, $PREINST_STAGE, $RUNINST_STAGE, $POSTINST_STAGE, $POST_STAGE); -my @INSTSTAGES = ($PREINST_STAGE, $RUNINST_STAGE, $POSTINST_STAGE); - -# used to create unique package names for loading updates -# from perl scriptlets -my $pkgname = "Package00000000000"; - -# generate and return a unique package name that is a -# subpackage of our current package -sub get_pkgname { - return __PACKAGE__ . "::" . $pkgname++; -} - -sub loadUpdates { - my $errs = shift; - my $dirs = shift; - my $mapinfo = shift || {}; - my @updates; # a list of hash refs, sorted in execution order - - for my $dir (@{$dirs}) { - for my $file (glob("$dir/*")) { - my $name = basename($file); - next if $name !~ /^\d\d/; # we only consider files that begin with two digits -# print "name = $name\n"; - my $href = { path => $file, name => $name }; - if ($file =~ /\.(pl|pm)$/) { # a perl file - my $fullpkg = get_pkgname(); # get a unique package name for the file - # this will import the update functions from the given file - # each file is given its own private namespace via the package - # directive below - # we have to use the eval because package takes a "bareword" - - # you cannot pass a dynamically constructed string to package - eval "package $fullpkg; require q($file)"; # "import" it - if ($@) { - if ($@ =~ /did not return a true value/) { - # this usually means the file did not end with 1; - just use it anyway - debug(3, "notice: $file does not return a true value - using anyway\n"); - } else { - # probably a syntax or other compilation error in the file - # we can't safely use it, so log it and skip it - push @{$errs}, ['error_loading_update', $file, $@]; - debug(0, "Error: not applying update $file. Error: $@\n"); - next; # skip this one - } - } - # grab the hook functions from the update - for my $fn (@STAGES) { - # this is some deep perl magic - see the perl Symbol Table - # documentation for the gory details - # We're trying to find if the file defined a symbol called - # pre, run, post, etc. and if so, if that symbol is code - no strict 'refs'; # turn off strict refs to use magic - if (*{$fullpkg . "::" . $fn}{CODE}) { - debug(5, "$file $fn is defined\n"); - # store the "function pointer" in the href for this update - $href->{$fn} = \&{$fullpkg . "::" . $fn}; - } else { - debug(5, "$file $fn is not defined or not a subroutine\n"); - } - } - } else { # some other type of file - $href->{file} = 1; - } - if ($mapinfo->{$file}) { - $href->{mapper} = $mapinfo->{$file}->{mapper}; - $href->{infary} = $mapinfo->{$file}->{infary}; - } - push @updates, $href; - } - } - - # we have all the updates now - sort by the name - @updates = sort { $a->{name} cmp $b->{name} } @updates; - - return @updates; -} - -sub applyLDIFUpdate { - my ($upd, $conn, $inf) = @_; - my @errs; - my $path = ref($upd) ? $upd->{path} : $upd; - - my $mapper; - my @infary; - # caller can set mapper to use and additional inf to use - if (ref($upd)) { - if ($upd->{mapper}) { - $mapper = new Inf($upd->{mapper}); - } - if ($upd->{infary}) { - @infary = @{$upd->{infary}}; - } - } - if (!$mapper) { - $mapper = new Inf("$inf->{General}->{prefix}@infdir@/dsupdate.map"); - } - my $dsinf = new Inf("$inf->{General}->{prefix}@infdir@/slapd.inf"); - - $mapper = process_maptbl($mapper, \@errs, $inf, $dsinf, @infary); - if (!$mapper or @errs) { - return @errs; - } - - getMappedEntries($mapper, [$path], \@errs, \&check_and_add_entry, - [$conn]); - - return @errs; -} - -# process an update from an ldif file or executable -# LDIF files only apply to instance updates, so ignore -# LDIF files when not processing updates for instances -sub processUpdate { - my ($upd, $inf, $configdir, $stage, $inst, $dseldif, $conn) = @_; - my @errs; - # $upd is either a hashref or a simple path name - my $path = ref($upd) ? $upd->{path} : $upd; - if ($path =~ /\.ldif$/) { - # ldif files are only processed during the runinst stage - if ($stage eq $RUNINST_STAGE) { - @errs = applyLDIFUpdate($upd, $conn, $inf); - } - } elsif (-x $path) { - # setup environment - $ENV{DS_UPDATE_STAGE} = $stage; - $ENV{DS_UPDATE_DIR} = $configdir; - $ENV{DS_UPDATE_INST} = $inst; # empty if not instance specific - $ENV{DS_UPDATE_DSELDIF} = $dseldif; # empty if not instance specific - $? = 0; # clear error condition - my $output = `$path 2>&1`; - if ($?) { - @errs = ('error_executing_update', $path, $?, $output); - } - debug(1, $output); - } else { - @errs = ('error_unknown_update', $path); - } - - return @errs; -} - -# -sub updateDS { - # get base configdir, instances from setup - my $setup = shift; - # get other info from inf - my $inf = $setup->{inf}; - # directories containing updates to apply - my $dirs = shift || []; - my $mapinfo = shift; - # the default directory server update path - if ($inf->{slapd}->{updatedir}) { - push @{$dirs}, $inf->{General}->{prefix} . $inf->{slapd}->{updatedir}; - } else { - push @{$dirs}, $inf->{General}->{prefix} . $DS_UPDATE_PATH; - } - my @errs; - my $force = $setup->{force}; - - my @updates = loadUpdates(\@errs, $dirs, $mapinfo); - - if (@errs and !$force) { - return @errs; - } - - if (!@updates) { - # nothing to do? - debug(0, "No updates to apply in @{$dirs}\n"); - return @errs; - } - - # run pre-update hooks - for my $upd (@updates) { - my @localerrs; - if ($upd->{$PRE_STAGE}) { - debug(1, "Running updateDS stage $PRE_STAGE update ", $upd->{path}, "\n"); - @localerrs = &{$upd->{$PRE_STAGE}}($inf, $setup->{configdir}); - } elsif ($upd->{file}) { - debug(1, "Running updateDS stage $PRE_STAGE update ", $upd->{path}, "\n"); - @localerrs = processUpdate($upd, $inf, $setup->{configdir}, $PRE_STAGE); - } - if (@localerrs) { - push @errs, @localerrs; - if (!$force) { - return @errs; - } - } - } - - # update each instance - my @instances = $setup->getDirServers(); - my $inst_count = @instances; - my @failed_instances = (); - my $failed_count = 0; - for my $inst (@instances) { - debug(0, "Updating instance ($inst)...\n"); - my @localerrs = updateDSInstance($inst, $inf, $setup->{configdir}, \@updates, $force); - if (@localerrs) { - # push array here because localerrs will likely be an array of - # array refs already - $failed_count++; - if (!$force || $inst_count == 1) { - push @errs, @localerrs; - return @errs; - } - push @failed_instances, $inst; - debug(0, "Failed to update instance ($inst):\n---> @localerrs\n"); - } else { - debug(0, "Successfully updated instance ($inst).\n"); - } - } - if($failed_count && $failed_count == $inst_count){ - push @errs, ('error_update_all'); - return @errs; - } - if (@failed_instances){ - # list all the instances that were not updated - debug(0, "The following instances were not updated: (@failed_instances). "); - debug(0, "After fixing the problems you will need to rerun the setup script\n"); - } - - # run post-update hooks - for my $upd (@updates) { - my @localerrs; - if ($upd->{$POST_STAGE}) { - debug(1, "Running updateDS stage $POST_STAGE update ", $upd->{path}, "\n"); - @localerrs = &{$upd->{$POST_STAGE}}($inf, $setup->{configdir}); - } elsif ($upd->{file}) { - debug(1, "Running updateDS stage $POST_STAGE update ", $upd->{path}, "\n"); - @localerrs = processUpdate($upd, $inf, $setup->{configdir}, $POST_STAGE); - } - if (@localerrs) { - push @errs, @localerrs; - if (!$force) { - return @errs; - } - } - } - - return @errs; -} - -sub updateDSInstance { - my ($inst, $inf, $configdir, $updates, $force) = @_; - my @errs; - - my $dseldif = "$configdir/$inst/dse.ldif"; - - # get the information we need from the instance - delete $inf->{slapd}; # delete old data, if any - if (@errs = initInfFromInst($inf, $dseldif, $configdir, $inst)) { - return @errs; - } - - # create dirs if missing e.g. cross platform upgrade - if (@errs = makeDSDirs($inf)) { - return @errs; - } - - # upgrade instance scripts - if (@errs = createInstanceScripts($inf, 0)) { - return @errs; - } - - # add new or missing config files - if (@errs = makeOtherConfigFiles($inf, 1)) { - return @errs; - } - - my $conn; - if ($inf->{General}->{UpdateMode} eq 'online') { - # open a connection to the directory server to upgrade - my $host = $inf->{General}->{FullMachineName}; - my $port = $inf->{slapd}->{ServerPort}; - # this says RootDN and password, but it can be any administrative DN - # such as the one used by the console - my $binddn = $inf->{$inst}->{RootDN} || $inf->{slapd}->{RootDN}; - my $bindpw = $inf->{$inst}->{RootDNPwd}; - my $certdir = $inf->{$inst}->{cert_dir} || $inf->{$inst}->{config_dir} || $inf->{slapd}->{cert_dir}; - - $conn = new Mozilla::LDAP::Conn({ host => $host, port => $port, bind => $binddn, - pswd => $bindpw, cert => $certdir, starttls => 1 }); - if (!$conn) { - debug(1, "Could not open TLS connection to $host:$port - trying regular connection\n"); - $conn = new Mozilla::LDAP::Conn({ host => $host, port => $port, bind => $binddn, - pswd => $bindpw }); - } - - if (!$conn) { - debug(0, "Could not open a connection to $host:$port\n"); - return ('error_online_update', $host, $port, $binddn); - } - } else { - $conn = new FileConn($dseldif); - if (!$conn) { - debug(0, "Could not open a connection to $dseldif: $!\n"); - return ('error_offline_update', $dseldif, $!); - } - } - - # run pre-instance hooks first, then runinst hooks, then postinst hooks - # the DS_UPDATE_STAGE - for my $stage (@INSTSTAGES) { - # always process these first in the runinst stage - we don't really have any - # other good way to process conditional features during update - if ($stage eq $RUNINST_STAGE) { - my @ldiffiles; - if ("@enable_dna@") { - push @ldiffiles, $inf->{General}->{prefix} . $DS_UPDATE_PATH . "/dnaplugindepends.ldif"; - } - push @ldiffiles, $inf->{General}->{prefix} . $DS_UPDATE_PATH . "/50updateconfig.ldif"; - - for my $ldiffile (@ldiffiles) { - my @localerrs = processUpdate($ldiffile, $inf, $configdir, $stage, - $inst, $dseldif, $conn); - if (@localerrs) { - push @errs, @localerrs; - if (!$force) { - $conn->close(); - return @errs; - } - } - } - } - for my $upd (@{$updates}) { - my @localerrs; - if ($upd->{$stage}) { - debug(1, "Running updateDSInstance stage $stage update ", $upd->{path}, "\n"); - @localerrs = &{$upd->{$stage}}($inf, $inst, $dseldif, $conn); - } elsif ($upd->{file}) { - debug(1, "Running updateDSInstance stage $stage update ", $upd->{path}, "\n"); - @localerrs = processUpdate($upd, $inf, $configdir, $stage, - $inst, $dseldif, $conn); - } - if (@localerrs) { - push @errs, @localerrs; - if (!$force) { - $conn->close(); - return @errs; - } - } - } - } - - $conn->close(); - - updateSelinuxPolicy($inf); - - push @errs, updateTmpfilesDotD($inf); - - push @errs, updateSystemD(1, $inf); - - return @errs; -} - -# populate the fields in the inf we need to perform upgrade -# tasks from the information in the instance dse.ldif and -# other config -sub initInfFromInst { - my ($inf, $dseldif, $configdir, $inst) = @_; - my $conn = new FileConn($dseldif, 1); - if (!$conn) { - debug(1, "Error: Could not open config file $dseldif: Error $!\n"); - return ('error_opening_dseldif', $dseldif, $!); - } - - my $dn = "cn=config"; - my $entry = $conn->search($dn, "base", "(cn=*)", 0); - if (!$entry) { - $conn->close(); - debug(1, "Error: Search $dn in $dseldif failed: ".$conn->getErrorString()."\n"); - return ('error_finding_config_entry', $dn, $dseldif, $conn->getErrorString()); - } - - my $servid = $inst; - $servid =~ s/slapd-//; - - if (!$inf->{General}->{FullMachineName}) { - $inf->{General}->{FullMachineName} = $entry->getValue("nsslapd-localhost"); - } - $inf->{General}->{SuiteSpotUserID} = $entry->getValue("nsslapd-localuser"); - $inf->{slapd}->{ServerPort} = $entry->getValue("nsslapd-port"); - $inf->{slapd}->{ldapifilepath} = $entry->getValue("nsslapd-ldapifilepath"); - if (!$inf->{$inst}->{RootDN}) { - $inf->{$inst}->{RootDN} || $entry->getValue('nsslapd-rootdn'); - } - # we don't use this password - we either use {$inst} password or - # none at all - $inf->{slapd}->{RootDNPwd} = '{SSHA}dummy'; - if (!$inf->{$inst}->{cert_dir}) { - $inf->{$inst}->{cert_dir} = $entry->getValue('nsslapd-certdir'); - } - $inf->{slapd}->{cert_dir} = $inf->{$inst}->{cert_dir}; - if (!$inf->{slapd}->{ldif_dir}) { - $inf->{slapd}->{ldif_dir} = $entry->getValue('nsslapd-ldifdir'); - } - if (!$inf->{slapd}->{ServerIdentifier}) { - $inf->{slapd}->{ServerIdentifier} = $servid; - } - if (!$inf->{slapd}->{bak_dir}) { - $inf->{slapd}->{bak_dir} = $entry->getValue('nsslapd-bakdir'); - } - if (!$inf->{slapd}->{config_dir}) { - $inf->{slapd}->{config_dir} = $configdir."/".$inst; - } - if (!$inf->{slapd}->{inst_dir}) { - $inf->{slapd}->{inst_dir} = $entry->getValue('nsslapd-instancedir'); - } - if (!$inf->{slapd}->{run_dir}) { - $inf->{slapd}->{run_dir} = $entry->getValue('nsslapd-rundir'); - } - if (!$inf->{slapd}->{schema_dir}) { - $inf->{slapd}->{schema_dir} = $entry->getValue('nsslapd-schemadir'); - } - if (!$inf->{slapd}->{lock_dir}) { - $inf->{slapd}->{lock_dir} = $entry->getValue('nsslapd-lockdir'); - } - if (!$inf->{slapd}->{log_dir}) { - # use the errorlog dir - my $logfile = $entry->getValue('nsslapd-errorlog'); - if ($logfile) { - $inf->{slapd}->{log_dir} = dirname($logfile); - } - } - if (!$inf->{slapd}->{sasl_path}) { - $inf->{slapd}->{sasl_path} = $entry->getValue('nsslapd-saslpath'); - } - - - # dn: cn=config,cn=ldbm database,cn=plugins,cn=config - $dn = "cn=config,cn=ldbm database,cn=plugins,cn=config"; - $entry = $conn->search($dn, "base", "(cn=*)", 0); - if (!$entry) { - $conn->close(); - debug(1, "Error: Search $dn in $dseldif failed: ".$conn->getErrorString()."\n"); - return ('error_finding_config_entry', $dn, $dseldif, $conn->getErrorString()); - } - - if (!$inf->{slapd}->{db_dir}) { - $inf->{slapd}->{db_dir} = $entry->getValue('nsslapd-directory'); - } - - if (!$inf->{slapd}->{db_home_dir}) { - $inf->{slapd}->{db_home_dir} = $entry->getValue('nsslapd-db-home-directory'); - } - - $conn->close(); # don't need this anymore - - # set defaults for things we don't know how to find, after setting the values - # we do know how to find - return setDefaults($inf); -} - -# check to see if the user has chosen offline mode and the server is really offline -sub isOffline { - my ($inf, $inst, $conn) = @_; - - if ($inf->{General}->{UpdateMode} !~ /offline/i) { - debug(3, "UpdateMode " . $inf->{General}->{UpdateMode} . " is not offline\n"); - return 0; - } - - # mode is offline - see if server is really offline - my $config = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$config) { - return 0, ['error_finding_config_entry', 'cn=config', - $conn->getErrorString()]; - } - my $rundir = $config->getValues('nsslapd-rundir'); - - if (serverIsRunning($rundir, $inst)) { - return 0, ['error_update_not_offline', $inst]; - } - - return 1; # server is offline -} - -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/DSUpdateDialogs.pm b/ldap/admin/src/scripts/DSUpdateDialogs.pm deleted file mode 100644 index 5598606..0000000 --- a/ldap/admin/src/scripts/DSUpdateDialogs.pm +++ /dev/null @@ -1,152 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2009 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -package DSUpdateDialogs; - -use strict; - -use DialogManager; -use Setup; -use Dialog; -use DSUtil; -use FileConn; - -my @updateadmindialogs; - -my $updatewelcome = new DialogYesNo ( - $EXPRESS, - ['update_dialog_first', 'brand', 'brand'], - 1, - sub { - my $self = shift; - my $ans = shift; - my $res = $self->handleResponse($ans); - if ($res == $DialogManager::NEXT) { - $res = $DialogManager::ERR if (!$self->isYes()); - } - return $res; - }, - ['update_dialog_first_prompt'], -); - -my $updatemode = new Dialog ( - $EXPRESS, - 'update_dialog_mode', - sub { - my $self = shift; - return $self->{manager}->{inf}->{General}->{UpdateMode} || - 'quit'; - }, - sub { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::ERR; - - if ($ans =~ /^off/i) { - $self->{manager}->{inf}->{General}->{UpdateMode} = 'offline'; - $res = $DialogManager::NEXT; - for (@updateadmindialogs) { - $_->disable(); # don't need admins and passwords - } - } elsif ($ans =~ /^on/i) { - $self->{manager}->{inf}->{General}->{UpdateMode} = 'online'; - $res = $DialogManager::NEXT; - if (!@updateadmindialogs) { - @updateadmindialogs = makeInstanceDialogs($self->{manager}); - $self->{manager}->addDialog(@updateadmindialogs); - } - for (@updateadmindialogs) { - $_->enable(); # need admins and passwords - } - } - return $res; - }, - ['update_dialog_mode_prompt'] -); - -sub makeInstanceDialogs { - my $manager = shift; - # for each directory server instance, create a dialog that prompts - # for the admin user and password for that instance - # the default admin user for each instance is the rootdn for that - # instance - for my $inst ($manager->{setup}->getDirServers()) { - my $innerinst = $inst; - if (!$manager->{inf}->{$inst}->{RootDN}) { - # if we don't already have an admin DN set for this - # instance, look in the dse.ldif for the nsslapd-rootdn - my $dseldif = $manager->{setup}->{configdir} . "/" . $inst . "/dse.ldif"; - my $conn = new FileConn($dseldif, 1); - my $rootdn; - if ($conn) { - my $ent = $conn->search("cn=config", "base", '(objectclass=*)'); - if ($ent) { - $rootdn = $ent->getValue('nsslapd-rootdn'); - } else { - $manager->alert('error_finding_config_entry', - "cn=config", $dseldif, $conn->getErrorString()); - } - $conn->close(); - } else { - $manager->alert('error_opening_dseldif', $dseldif, $!); - } - if ($rootdn) { - $manager->{inf}->{$inst}->{RootDN} = $rootdn; - } else { - $manager->{inf}->{$inst}->{RootDN} = "cn=Directory Manager"; - } - } - my $dlg = new Dialog ( - $EXPRESS, - ['update_admin_dialog', $innerinst], - sub { - my $self = shift; - my $index = shift; - my $id; - if ($index == 0) { # return undef for password defaults - $id = $self->{manager}->{inf}->{$innerinst}->{RootDN}; - } - return $id; - }, - sub { - my $self = shift; - my $ans = shift; - my $index = shift; - - my $res = $DialogManager::SAME; - if ($index == 0) { - if (!isValidDN($ans)) { - $self->{manager}->alert("dialog_dsrootdn_error", $ans); - } else { - $self->{manager}->{inf}->{$innerinst}->{RootDN} = $ans; - $res = $DialogManager::NEXT; - } - } else { - if (!$ans or !length($ans)) { - $self->{manager}->alert("dialog_dsrootpw_invalid"); - } else { - $self->{manager}->{inf}->{$innerinst}->{RootDNPwd} = $ans; - $res = $DialogManager::NEXT; - } - } - return $res; - }, - ['update_admin_id_prompt'], ['update_admin_pwd_prompt', 1] - ); - push @updateadmindialogs, $dlg; - } - - return @updateadmindialogs; -} - -sub getDialogs { - return ($updatewelcome, $updatemode); -} - -1; diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in deleted file mode 100644 index 197aafa..0000000 --- a/ldap/admin/src/scripts/DSUtil.pm.in +++ /dev/null @@ -1,1665 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -package DSUtil; - -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(:constant ldap_explode_dn ldap_err2string) ; # Direct access to C API -use Mozilla::LDAP::LDIF; -use File::Spec::Functions qw(rel2abs); -use File::Spec; -use File::Basename; - -require Exporter; -@ISA = qw(Exporter); -@EXPORT = qw(portAvailable getAvailablePort isValidDN addSuffix getMappedEntries - process_maptbl check_and_add_entry getMappedEntries addErr - getHashedPassword debug createInfFromConfig shellEscape - isValidServerID isValidUser isValidGroup makePaths getLogin getGroup - remove_tree remove_pidfile setDebugLog checkHostname serverIsRunning); -@EXPORT_OK = qw(portAvailable getAvailablePort isValidDN addSuffix getMappedEntries - process_maptbl check_and_add_entry getMappedEntries addErr - getHashedPassword debug createInfFromConfig shellEscape - isValidServerID isValidUser isValidGroup makePaths getLogin getGroup - remove_tree remove_pidfile setDebugLog checkHostname serverIsRunning); - -use strict; - -my $sockVersion; -BEGIN { - use Socket; - $sockVersion = Socket->VERSION; - if ($sockVersion >= 2.000) { - import Socket qw ( :addrinfo inet_ntoa - unpack_sockaddr_in unpack_sockaddr_in6 - AF_INET INADDR_ANY - PF_INET SO_REUSEADDR SOCK_STREAM SOL_SOCKET ); - } elsif (eval {require Socket6; 1}) { - import Socket6 qw (getaddrinfo getnameinfo unpack_sockaddr_in6); - } -} -$sockVersion = Socket->VERSION; -use NetAddr::IP::Util qw( ipv6_n2x ); - -use File::Temp qw(tempfile tempdir); -use File::Basename qw(dirname); -use File::Path qw(rmtree); - -use Carp; - -$DSUtil::debuglevel = 0; -$DSUtil::log = 0; - -# use like this: -# debug(3, "message"); -# this will only print "message" if $debuglevel is 3 or higher (-ddd on the command line) -sub debug { - my ($level, @rest) = @_; - if ($level <= $DSUtil::debuglevel) { - print STDERR "+" x $level, @rest; - if ($DSUtil::log) { - $DSUtil::log->logDebug(@rest); - } - } -} - -sub setDebugLog { - $DSUtil::log = shift; -} - -# return true if the given port number is available, false otherwise -sub portAvailable { - my $port = shift; - my $proto = getprotobyname('tcp'); - my $rc = socket(SOCK, PF_INET, SOCK_STREAM, $proto); - if ($rc == 1) { - setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, 1); - $rc = bind(SOCK, sockaddr_in($port, INADDR_ANY)); - } - close(SOCK); - return $rc and ($rc == 1); -} - -# returns a randomly assigned port number, or -1 -# if not able to find an available port -sub getAvailablePort { - my $MINPORT = 1024; - my $MAXPORT = 65535; - - srand( time() ^ ($$ + ($$ << 15)) ); - while (1) { - my $port = $MINPORT + int(rand($MAXPORT-$MINPORT)); - - if (portAvailable($port)) { - return $port; - } - } -} - -sub isValidDN { - my $dn = shift; - return ($dn =~ /^[0-9a-zA-Z_-]+=.*$/); -} - -sub isValidServerID { - my $servid = shift; - my $validchars = '#%:\w@_-'; - if($servid eq "admin"){ - # "admin" is reserved for the admin server - return 0; - } else { - return $servid =~ /^[$validchars]+$/o; - } -} - -# we want the name of the effective user id of this process e.g. if someone did -# an su root, we want getLogin to return "root" not the originating id (getlogin) -# in perl, $> is the effective numeric user id - we need to turn it into a string -# use confess here because if we cannot determine the user, something is really, -# really wrong and we need to abort immediately -sub getLogin { - return (getpwuid($>))[0] || $ENV{USER} || confess "Error: could not determine the current user ID: $!"; -} - -# Look up the primary group name for the supplied user -sub getGroup { - my $user = shift; - my @userinfo = getpwnam($user); - - if(!@userinfo){ - confess "Error: could not find user ID ($user): $!"; - } - - return (getgrgid($userinfo[3]))[0] || confess "Error: could not determine the current group name from gid ($userinfo[3]): $!"; -} - -sub isValidUser { - my $user = shift; - # convert numeric uid to string - my $strans = $user; - if ($user =~ /^\d+$/) { # numeric - convert to string - $strans = getpwuid $user; - if (!$strans) { - return ("dialog_ssuser_error", $user); - } - } - if ($> != 0) { # if not root, the user must be our uid - my $username = getLogin; - if ($strans ne $username) { - return ("dialog_ssuser_must_be_same", $username); - } - } else { # user is root - verify id - my $nuid = getpwnam $strans; - if (!defined($nuid)) { - return ("dialog_ssuser_error", $user); - } - if (!$nuid) { - debug(0, "Warning: using root as the server user id. You are strongly encouraged to use a non-root user.\n"); - } - } - - return (); -} - -sub isValidGroup { - my $group = shift; - my $ngid; - # convert numeric gid to string - my $strans = $group; - if ($group =~ /^\d+$/) { # numeric - convert to string - $strans = (getgrgid($group))[0]; - if (!$strans) { - return ("dialog_ssgroup_error", $group); - } - } - # ensure the specified group is a defined group - $ngid = getgrnam $strans; - if (!defined($ngid)) { - return ("dialog_ssgroup_error", $group); - } - - return (); -} - -# arguments -# - hostname - the hostname to look for -# - res - the Resource object to use to construct messages -# returns - the error message string, or "" upon success if $res exists -# - the error message array, or () upon success otherwise -sub checkHostname { - my $hn = shift; - my $res = shift; - - # see if hostname is an fqdn - if ($hn !~ /\./) { - if ($res) { - return $res->getText('warning_hostname_not_fully_qualified', $hn); - } else { - return ('warning_hostname_not_fully_qualified', $hn); - } - } - - # see if we can resolve the hostname (IPv6 supported) - my $found = 0; - my @hostip = (); - if ($sockVersion >= 2.000) { - debug(1, "Socket version $sockVersion\n"); - my %hints = (socktype => SOCK_STREAM); - my ($err, @aires) = getaddrinfo($hn, "ldap", \%hints); - if ($err) { - if ($res) { - return $res->getText('warning_no_such_hostname', $hn); - } else { - return ('warning_no_such_hostname', $hn); - } - } - while (my $ai = shift @aires) { - debug(1, "found for hostname $hn\n"); - my $ip; - if ($ai->{family} == AF_INET) { - my ( $port, $ipaddr ) = unpack_sockaddr_in( $ai->{addr} ); - $ip = inet_ntoa($ipaddr); - } else { - my ( $port, $ipaddr ) = unpack_sockaddr_in6( $ai->{addr} ); - $ip = ipv6_n2x($ipaddr); - } - debug(1, "ipaddr=", $ip, "\n"); - # see if reverse resolution works - my ($err, $hn2, $service) = getnameinfo($ai->{addr}); - if (!$err) { - push @hostip, [$hn2, $ip]; - if (lc($hn) eq lc($hn2)) { - $found = 1; - last; - } - } - } - if (!$found) { - system("@bindir@/host -t CNAME $hn 2>&1 1> /dev/null"); - if ($? == 0){ - $found = 1; - } - } - } elsif (eval {require Socket6; 1}) { - debug(1, "Socket6\n"); - my @aires = getaddrinfo($hn, "ldap", AF_UNSPEC, SOCK_STREAM); - if (scalar(@aires) < 5) { - if ($res) { - return $res->getText('warning_no_such_hostname', $hn); - } else { - return ('warning_no_such_hostname', $hn); - } - } - my $ailen = scalar(@aires); - while ($ailen >= 5) { - debug(1, "found for hostname $hn\n"); - my $family = shift @aires; - my $socktype = shift @aires; - my $proto = shift @aires; - my $saddr = shift @aires; - my $canonname = shift @aires; - $ailen = scalar(@aires); - my $ip; - if ($family == AF_INET) { - my ($port, $ipaddr) = unpack_sockaddr_in($saddr); - $ip = inet_ntoa($ipaddr); - } else { - my ($port, $ipaddr) = unpack_sockaddr_in6($saddr); - $ip = ipv6_n2x($ipaddr); - } - debug(1, "ipaddr=", $ip, "\n"); - # see if reverse resolution works - my ($hn2, $service) = getnameinfo($saddr); - if ($hn2) { - push @hostip, [$hn2, $ip]; - if (lc($hn) eq lc($hn2)) { - $found = 1; - } - } - } - } else { - debug(1, "gethostbyname ...\n"); - # see if we can resolve the hostname - my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($hn); - if (!$name) { - if ($res) { - return $res->getText('warning_no_such_hostname', $hn); - } else { - return ('warning_no_such_hostname', $hn); - } - } - debug(1, "found for hostname $hn: name=$name\n"); - debug(1, "aliases=$aliases\n"); - debug(1, "addrtype=$addrtype\n"); - # see if reverse resolution works - foreach my $ii (@addrs) { - my $hn2 = gethostbyaddr($ii, $addrtype); - my $ip = join('.', unpack('C4', $ii)); - debug(1, "\thost=$hn2 ip=$ip\n"); - push @hostip, [$hn2, $ip]; - if (lc($hn) eq lc($hn2)) { - $found = 1; - last; - } - } - } - - if (!$found) { - if ($res) { - my $retstr = ""; - $retstr = $res->getText('warning_reverse_resolve', $hn, $hn); - for my $ii (@hostip) { - $retstr .= $res->getText('warning_reverse_resolve_sub', $ii->[1], $ii->[0]); - } - return $retstr; - } else { - my @reterrs = (); - push @reterrs, [ 'warning_reverse_resolve', $hn, $hn ]; - for my $ii (@hostip) { - push @reterrs, [ 'warning_reverse_resolve_sub', $ii->[1], $ii->[0] ]; - } - return @reterrs; - } - } - - debug(1, "hostname $hn resolves correctly\n"); - if ($res) { - return ''; - } else { - return (); - } -} - -# delete the subtree starting from the passed entry -sub delete_all -{ - my ($conn, $bentry) = @_; - my $sentry = $conn->search($bentry->{dn}, - "subtree", "(objectclass=*)", 0, ("dn")); - my @mystack = (); - while ($sentry) { - push @mystack, $sentry->getDN(); - $sentry = $conn->nextEntry(); - } - # reverse order - my $dn = pop @mystack; - while ($dn) { - $conn->delete($dn); - my $rc = $conn->getErrorCode(); - if ( $rc != 0 ) { - debug(1, "ERROR: unable to delete entry $dn, error code: $rc:" . $conn->getErrorString() . "\n"); - return 1; - } - $dn = pop @mystack; - } - return 0; -} - -# if the entry does not exist on the server, add the entry. -# otherwise, do nothing -# you can use this as the callback to getMappedEntries, so -# that for each entry in the ldif file being processed, you -# can call this subroutine to add or update the entry -# use like this: -# getMappedEntries($mapper, \@ldiffiles, \&check_and_add_entry, -# [$conn, $fresh, $verbose]); -# where $conn is a perldap Conn -# $fresh if true will update the entry if it exists -# $verbose prints out more info -sub check_and_add_entry -{ - my ($context, $aentry, $errs) = @_; - my $conn = $context->[0]; - my $fresh = $context->[1]; - my $verbose = $context->[2]; - my @ctypes = $aentry->getValues("changetype"); - my $sentry = $conn->search($aentry->{dn}, "base", "(objectclass=*)", 0, ("*", "aci")); - if ($sentry) { - debug(3, "check_and_add_entry: Found entry " . $sentry->getDN() . "\n"); - if ( (! @ctypes) or ("add" eq lc($ctypes[0])) ) { # entry exists, and this is not a modify op - # or add is explicitely specified - debug(3, "check_and_add_entry: skipping entry " . $sentry->getDN() . "\n"); - return 1; # ignore - return success - } - } else { - debug(3, "check_and_add_entry: Entry not found " . $aentry->{dn} . - " error " . $conn->getErrorString() . "\n"); - if (@ctypes and !("add" eq lc($ctypes[0]))) { # uh oh - attempt to del/mod an entry that doesn't exist - debug(3, "check_and_add_entry: attepting to @ctypes the entry " . $aentry->{dn} . - " that does not exist\n"); - return 1; # ignore - return success - } - } - do - { - my @addtypes; # list of attr types for mod add - my @reptypes; # list of attr types for mod replace - my @deltypes; # list of attr types for mod delete - my $OP_NONE = 0; - my $OP_ADD = 1; - my $OP_MOD = 2; - my $OP_DEL = 3; - # $op stores either of the above $OP_ values - my $op = $OP_NONE; - if ( (0 > $#ctypes) or ("add" eq lc($ctypes[0])) ) # aentry: complete entry - { - $op = $OP_ADD; # just add the entry - } - else # aentry: modify format - { - if ( $sentry ) - { - if ( "delete" eq lc($ctypes[0]) ) - { - $op = $OP_DEL; - } - else - { - @addtypes = $aentry->getValues("add"); - @reptypes = $aentry->getValues("replace"); - @deltypes = $aentry->getValues("delete"); - $op = $OP_MOD; - } - } - else - { - $op = $OP_NONE; - } - } - - if ( $OP_ADD == $op ) - { - if ("add" eq lc($ctypes[0])) { - # remove the changetype: add from the entry - $aentry->remove('changetype'); - } - $conn->add($aentry); - my $rc = $conn->getErrorCode(); - if ( $rc != 0 ) - { - my $string = $conn->getErrorString(); - push @{$errs}, 'error_adding_entry', $aentry->{dn}, $string; - debug(1, "ERROR: adding an entry $aentry->{dn} failed, error: $string\n"); - $aentry->printLDIF(); - $conn->close(); - return 0; - } - debug(1, "Entry $aentry->{dn} is added\n"); - } - elsif ( $OP_DEL == $op ) - { - my $rc = delete_all($conn, $sentry); - if ( 0 != $rc ) - { - push @{$errs}, 'error_deleteall_entries', $sentry->{dn}, $conn->getErrorString(); - debug(1, "Error deleting $sentry->{dn}\n"); - return 0; - } - debug(1, "Entry $aentry->{dn} is deleted\n"); - $sentry = undef; - } - elsif ( 0 < $op ) # modify op - { - my $attr; - my @errsToIgnore; - if (@addtypes) { - push @errsToIgnore, LDAP_TYPE_OR_VALUE_EXISTS; - } - foreach $attr ( @addtypes ) - { - foreach my $val ($aentry->getValues($attr)) - { - debug(3, "Adding attr=$attr value=$val to entry $aentry->{dn}\n"); - $sentry->addValue( $attr, $val ); - } - } - foreach $attr ( @reptypes ) - { - my @vals = $aentry->getValues($attr); - debug(3, "Replacing attr=$attr values=" . $aentry->getValues($attr) . " to entry $aentry->{dn}\n"); - $sentry->setValues($attr, @vals); - } - if (@deltypes) { - push @errsToIgnore, LDAP_NO_SUCH_ATTRIBUTE; - } - foreach $attr ( @deltypes ) - { - # removeValue takes a single value only - if (!$aentry->size($attr)) - { - debug(3, "Deleting attr=$attr from entry $aentry->{dn}\n"); - $sentry->remove($attr); # just delete the attribute - } - else - { - debug(3, "Deleting attr=$attr values=" . $aentry->getValues($attr) . " from entry $aentry->{dn}\n"); - foreach my $val ($aentry->getValues($attr)) - { - $sentry->removeValue($attr, $val); - } - } - } - $conn->update($sentry); - my $rc = $conn->getErrorCode(); - if ( $rc != 0 ) - { - my $string = $conn->getErrorString(); - debug(1, "ERROR: updating an entry $sentry->{dn} failed, error: $string\n"); - if (grep /^$rc$/, @errsToIgnore) { - debug(1, "Ignoring error $rc returned by adding @addtypes deleting @deltypes\n"); - } else { - push @{$errs}, 'error_updating_entry', $sentry->{dn}, $string; - $aentry->printLDIF(); - $conn->close(); - return 0; - } - } - } - if ( $sentry ) - { - $sentry = $conn->nextEntry(); # supposed to have no more entries - } - } until ( !$sentry ); -out: - return 1; -} - -# the default callback used with getMappedEntries -# just adds the given entry to the given list -sub cbaddent { - my $list = shift; - my $ent = shift; - push @{$list}, $ent; - return 1; -} - -# given a mapper and a list of LDIF files, produce a list of -# perldap Entry objects which have had their tokens subst-ed -# with values from the mapper -# An optional callback can be supplied. Each entry will be -# given to this callback. The callback should return a list -# of localizable errors. If no callback is supplied, the -# entries will be returned in a list. -# Arguments: -# mapper - a hash ref - the keys are the tokens to replace -# and the values are the replacements -# ldiffiles - an array ref - the list of LDIF files to -# operate on -# errs - an array ref - this is filled in with the -# errors encountered in processing - this is -# suitable for passing to setup->msg or -# Resource->getText -# callback (optional) - a code ref - a ref to a subroutine -# that will be called with each entry - see below -# context (optional) - this will be passed as the first -# argument to your given callback - see below -# Callback: -# The callback sub will be called for each entry after -# the entry has been converted. The callback will be -# called with the given context as the first argument -# and the Mozilla::LDAP::Entry as the second argument, -# and an errs array ref as the third argument. The -# callback should return true to continue processing, -# or false if a fatal error was encountered that should -# abort processing of any further. -# Errors: -# This function should return an array of errors in the -# format described below, for use with Resource::getText() -# or Setup::msg() -# Return: -# The return value is a list of entries. -# Example usage: -# sub handle_entries { -# my $context = shift; -# my $entry = shift; -# my $errs = shift; -# .... do something with entry .... -# .... if $context is Mozilla::LDAP::Conn, $conn->add($entry); ... -# .... report errors .... -# if ($fatalerror) { -# push @{$errs}, 'error_token', arg1, arg2, ...; -# return 0; -# } else { -# return 1; -# } -# } -# $mapper = {foo => 'bar', baz => 'biff'}; -# @ldiffiles = ('foo.ldif', 'bar.ldif', ..., 'biff.ldif'); -# $conn = new Mozilla::LDAP::Conn(...); -# my @errs; -# @entries = getMappedEntries($mapper, \@ldiffiles, \@errs, \&handle_entries, $conn); -# Note that this will return 0 entries since a callback was used. -# The simpler example is this: -# @entries = getMappedEntries($mapper, \@ldiffiles, \@errs); -# -sub getMappedEntries { - my $mapper = shift; - my $ldiffiles = shift; - my $errs = shift; - my $callback = shift || \&cbaddent; # default - just add entry to @entries - my @entries = (); - my $context = shift || \@entries; - my $error; - - if (!ref($ldiffiles)) { - $ldiffiles = [ $ldiffiles ]; - } - - foreach my $ldiffile (@{$ldiffiles}) { - if (!open(MYLDIF, "< $ldiffile")) { - push @{$errs}, "error_opening_ldiftmpl", $ldiffile, $!; - return 0; - } - my $in = new Mozilla::LDAP::LDIF(*MYLDIF); - debug(1, "Processing $ldiffile ...\n"); - ENTRY: while (my $entry = Mozilla::LDAP::LDIF::readOneEntry($in)) { - # first, fix the DN - my $dn = $entry->getDN(); - my $origdn = $dn; - while ( $dn =~ /%([\w_-]+)%/ ) { - if (exists($mapper->{$1})) { - $dn =~ s{%([\w_-]+)%}{$mapper->{$1}}ge; - } else { - push @{$errs}, 'error_mapping_token_ldiftmpl', $dn, $ldiffile, $1; - $error = 1; - last ENTRY; - } - } - $entry->setDN($dn); - # next, fix all of the values in all of the attributes - foreach my $attr (keys %{$entry}) { - my @newvalues = (); - foreach my $value ($entry->getValues($attr)) { - # Need to repeat to handle nested subst - my $origvalue = $value; - while ( $value =~ /%([\w_-]+)%/ ) { - if (exists($mapper->{$1})) { - $value =~ s{%([\w_-]+)%}{$mapper->{$1}}ge; - } else { - push @{$errs}, 'error_mapping_token_ldiftmpl', $dn, $ldiffile, $1; - debug(1, "ERROR: \"$origvalue\" mapped to \"$value\".\n"); - $error = 1; - last ENTRY; - } - } - push @newvalues, $value; - } - $entry->setValues( $attr, @newvalues ); - } - - if (!&{$callback}($context, $entry, $errs)) { - debug(1, "ERROR: There was an error processing entry ". $entry->getDN(). "\n"); - debug(1, "Cannot continue processing entries.\n"); - $error = 1; - last ENTRY; - } - - } - close(MYLDIF); - last if ($error); # do not process any more ldiffiles if an error occurred - } - - return @entries; -} - -# you should only use this function if you know for sure -# that the suffix and backend do not already exist -# use addSuffix instead -sub newSuffixAndBackend { - my $context = shift; - my $suffix = shift; - my $bename = shift; - my $nsuffix = normalizeDN($suffix); - my @errs; - - my $dn = "cn=$bename, cn=ldbm database, cn=plugins, cn=config"; - my $entry = new Mozilla::LDAP::Entry(); - $entry->setDN($dn); - $entry->setValues('objectclass', 'top', 'extensibleObject', 'nsBackendInstance'); - $entry->setValues('cn', $bename); - $entry->setValues('nsslapd-suffix', $nsuffix); - $context->add($entry); - my $rc = $context->getErrorCode(); - if ($rc) { - return ('error_creating_suffix_backend', $suffix, $bename, $context->getErrorString()); - } - - $entry = new Mozilla::LDAP::Entry(); - $dn = "cn=\"$nsuffix\", cn=mapping tree, cn=config"; - $entry->setDN($dn); - $entry->setValues('objectclass', 'top', 'extensibleObject', 'nsMappingTree'); - $entry->setValues('cn', "\"$nsuffix\""); - $entry->setValues('nsslapd-state', 'backend'); - $entry->setValues('nsslapd-backend', $bename); - $context->add($entry); - $rc = $context->getErrorCode(); - if ($rc) { - return ('error_creating_suffix', $suffix, $context->getErrorString()); - } - - return (); -} - -sub findbecb { - my $entry = shift; - my $attrs = shift; - return $entry->hasValue('objectclass', $attrs->[0], 1) && - $entry->hasValue('cn', $attrs->[1], 1); -} - -sub findBackend { - my $context = shift; - my $bename = shift; - my $ent; - if (ref($context) eq 'Mozilla::LDAP::Conn') { - $ent = $context->search("cn=ldbm database,cn=plugins,cn=config", "one", - "(&(objectclass=nsBackendInstance)(cn=$bename)") - } else { - $ent = $context->search("cn=ldbm database,cn=plugins,cn=config", "one", - \&findbecb, ['nsBackendInstance', $bename]) - } -} - -sub findsuffixcb { - my $entry = shift; - my $attrs = shift; - return $entry->hasValue('cn', $attrs->[0], 1) || - $entry->hasValue('cn', $attrs->[1], 1); -} - -sub findSuffix { - my $context = shift; - my $suffix = shift; - my $nsuffix = normalizeDN($suffix); - my $ent; - if (ref($context) eq 'Mozilla::LDAP::Conn') { - $ent = $context->search("cn=mapping tree,cn=config", "one", - "(|(cn=\"$suffix\")(cn=\"$nsuffix\"))"); - } else { - $ent = $context->search("cn=mapping tree,cn=config", "one", - \&findsuffixcb, ["\"$suffix\"", "\"$nsuffix\""]) - } -} - -sub getUniqueBackendName { - my $context = shift; - my $bename = "backend"; - my $index = 0; - my $ent = findBackend($context, ($bename . $index)); - while ($ent) { - ++$index; - $ent = findBackend($context, ($bename . $index)); - } - - return $bename.$index; -} - -sub addSuffix { - my $context = shift; # Conn - my $suffix = shift; - my $bename = shift; # optional - my $ent; - - if ($bename && ($ent = findBackend($context, $bename))) { - return ('backend_already_exists', $bename, $ent->getDN()); - } - - if ($ent = findSuffix($context, $suffix)) { - return ('suffix_already_exists', $suffix, $ent->getDN()); - } - - if (!$bename) { - $bename = getUniqueBackendName($context); - } - - my @errs = newSuffixAndBackend($context, $suffix, $bename); - - return @errs; -} - -# process map table -# [map table sample] -# fqdn = FullMachineName -# hostname = `use Sys::Hostname; $returnvalue = hostname();` -# ds_console_jar ="%normbrand%-ds-%ds_version%.jar" -# -# * If the right-hand value is in ` (backquote), the value is eval'ed by perl. -# The output should be stored in $returnvalue to pass to the internal hash. -# * If the right-hand value is in " (doublequote), the value is passed as is. -# * If the right-hand value is not in any quote, the value should be found -# in either of the setup inf file (static) or the install inf file (dynamic). -# * Variables surrounded by @ (e.g., @admin_confdir@) are replaced with the -# system path at the compile time. -# * The right-hand value can contain variables surrounded by % (e.g., %asid%) -# which refers the right-hand value (key) of this map file. -# The %token% tokens are replaced in getMappedEntries -sub process_maptbl -{ - my ($mapper, $errs, @infdata) = @_; - my @deferredkeys = (); - - if (defined($mapper->{""})) { - $mapper = $mapper->{""}; # side effect of Inf with no sections - } - - KEY: foreach my $key (keys %{$mapper}) - { - my $value = $mapper->{$key}; - if ($value =~ /^\"/) - { - $value =~ tr/\"//d; # value is a regular double quoted string - remove quotes - $mapper->{$key} = $value; - } - elsif ($value =~ /^\`/) - { - push @deferredkeys, $key; # process these last - } - else - { - # get the value from one of the Inf passed in - # they $value could be pure Key or Key:"default_value" - my ($key_value, $default_value) = split(/:/, $value, 2); - my $infsection; - foreach my $thisinf (@infdata) - { - foreach my $section0 (keys %{$thisinf}) - { - $infsection = $thisinf->{$section0}; - next if (!ref($infsection)); - if (defined($infsection->{$key_value})) - { - $mapper->{$key} = $infsection->{$key_value}; - next KEY; - } - } - } - if ($default_value ne "") - { - $default_value =~ tr/\"//d; # default_value is a regular double quoted string - remove quotes - $mapper->{$key} = $default_value; - } - else - { - push @{$errs}, ['no_mapvalue_for_key', $value, $key]; - return {}; - } - } - } - - # we have to process the perl expressions to eval last, because those - # expressions may use mappings defined elsewhere in the file, and we are not - # guaranteed of the order in which hash keys are enumerated - foreach my $key (@deferredkeys) { - my $value = $mapper->{$key}; - $value =~ tr/\`//d; # value is a perl expression to eval - my $returnvalue; # set in eval expression - eval $value; - $mapper->{$key} = $returnvalue; # perl expression sets $returnvalue - } - - return $mapper; -} - -# given a string, escape the characters in the string -# so that it can be safely passed to the shell via -# the system() call or `` backticks -sub shellEscape { - my $val = shift; - # first, escape the double quotes and slashes - $val =~ s/([\\"])/\\$1/g; # " font lock fun - # next, escape the rest of the special chars - my $special = '!$\' @#%^&*()|[\]{};:<>?/`'; - $val =~ s/([$special])/\\$1/g; - - return $val; -} - -# given a string, escape the special characters in the string. -# the characters are defined in RFC 4514. -# special = escaped / SPACE / SHARP / EQUALS -# escaped = DQUOTE / PLUS / COMMA / SEMI / LANGLE / RANGLE -# hex string "# HEX HEX" is unlikely appearing in the installation. -# thus, it won't be supported for now. -my %dnspecial = ( - '"' => '\\"', # '\\22' - '\+' => '\\+', # '\\2B' - ',' => '\\,', # '\\2C' - ';' => '\\;', # '\\3B' - '<' => '\\<', # '\\3C' - '>' => '\\>', # '\\3E' - '=' => '\\=' # '\\3D' -); - -sub dnEscape { - my $val = shift; - # first, remove spaces surrounding ',' and leading/trailing spaces - $val =~ s/^\s*//; - $val =~ s/\s*$//; - $val =~ s/\s*,\s*/,/g; - # next, replace the special characters - foreach my $idx (keys %dnspecial) { - $val =~ s/$idx/$dnspecial{$idx}/g; - } - $val =~ s/\s*,\s*/,/g; - - return $val; -} - -sub getHashedPassword { - my $pwd = shift; - my $alg = shift; - - if ($pwd =~ /^\{\w+\}.+/) { - return $pwd; # already hashed - } - - my $cmd = "@bindir@/pwdhash"; - if ($alg) { - $cmd .= " -s $alg"; - } - $cmd .= " -- " . shellEscape($pwd); - my $hashedpwd = `$cmd`; - chomp($hashedpwd); - - return $hashedpwd; -} - -# this creates an Inf suitable for passing to createDSInstance -# except that it has a bogus suffix -sub createInfFromConfig { - my $configdir = shift; - my $inst = shift; - my $errs = shift; - my $fname = "$configdir/dse.ldif"; - my $id; - ($id = $inst) =~ s/^slapd-//; - if (! -f $fname || ! -r $fname) { - push @{$errs}, "error_opening_dseldif", $fname, $!; - return 0; - } - my $conn = new FileConn($fname, 1); - if (!$conn) { - push @{$errs}, "error_opening_dseldif", $fname, $!; - return 0; - } - - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$ent) { - push @{$errs}, "error_opening_dseldif", $fname, $!; - $conn->close(); - return 0; - } - - my $inf = new Inf(); - $inf->{General}->{FullMachineName} = $ent->getValues('nsslapd-localhost'); - $inf->{General}->{SuiteSpotUserID} = $ent->getValues('nsslapd-localuser'); - $inf->{slapd}->{RootDN} = $ent->getValues('nsslapd-rootdn'); - $inf->{slapd}->{RootDNPwd} = $ent->getValues('nsslapd-rootpw'); - $inf->{slapd}->{ServerPort} = $ent->getValues('nsslapd-port'); - $inf->{slapd}->{ServerIdentifier} = $id; - - my $suffix = ""; - $ent = $conn->search("cn=ldbm database,cn=plugins,cn=config", - "one", "(objectclass=*)"); - if (!$ent) { - push @{$errs}, "error_opening_dseldif", $fname, $!; - $conn->close(); - return 0; - } - # use the userRoot suffix if available - while ($ent) { - if ($ent->getValues('nsslapd-suffix')) { - $suffix = $ent->getValues('nsslapd-suffix'); - } - last if ($ent->hasValue('cn', 'userRoot', 1)); - $ent = $conn->nextEntry(); - } - if ( "" eq "$suffix" ) - { - push @{$errs}, "error_opening_dseldif", $fname, $!; - $conn->close(); - return 0; - } - - # we also need the instance dir - $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - if (!$ent) { - push @{$errs}, "error_opening_dseldif", $fname, $!; - $conn->close(); - return 0; - } - my $inst_dir = $ent->getValue('nsslapd-instancedir'); - - $conn->close(); - - if ($inst_dir) { - $inf->{slapd}->{inst_dir} = $inst_dir; - } - $inf->{slapd}->{Suffix} = $suffix; - - return $inf; -} - -# like File::Path mkpath, except we can set the owner and perm -# of each new path and parent path created -sub makePaths { - my ($path, $mode, $user, $group) = @_; - my $uid = getpwnam $user; - my $gid = -1; # default to leave it alone - my $mode_string = ""; - - if ($group) { - $gid = getgrnam $group; - } - my @dirnames = ($path); - my $parent = $path; - for ($parent = dirname($parent); - $parent and ($parent ne "/"); - $parent = dirname($parent)) { - unshift @dirnames, $parent; - } - for my $dir (@dirnames) { - next if (-d $dir); - $! = 0; # clear - mkdir $dir, $mode; - if ($!) { - return ('error_creating_directory', $dir, $!); - } - chown $uid, $gid, $dir; - if ($!) { - return ('error_chowning_directory', $dir, $!); - } - chmod $mode, $dir; - $mode_string = sprintf "%lo", $mode; - debug(1, "makePaths: created directory $dir mode $mode_string user $user group $group\n"); - debug(2, "\t" . `ls -ld $dir`); - } - - return (); -} - -# remove_tree($centry, $key, $instname, [$isparent, [$dontremove]]) -# $centry: entry to look for the path to be removed -# $key: key to look for the path in the entry -# $instname: instance name "slapd-" to check the path -# $isparent: specify 1 to remove from the parent dir -# $dontremove: pattern not to be removed (e.g., ".db$") -sub remove_tree -{ - my $centry = shift; - my $key = shift; - my $instname = shift; - my $isparent = shift; - my $dontremove = shift; - my @errs = (); # a list of array refs - each array ref is suitable for passing to Resource::getText - - foreach my $path ( @{$centry->{$key}} ) - { - my $rmdir = ""; - my $rc = 0; - if ( 1 == $isparent ) - { - $rmdir = dirname($path); - } - else - { - $rmdir = $path; - } - if ( -d $rmdir && $rmdir =~ /$instname/ ) - { - if ( "" eq "$dontremove" ) - { - $rc = rmtree($rmdir); - if ( 0 == $rc ) - { - push @errs, [ 'error_removing_path', $rmdir, $! ]; - debug(1, "Warning: $rmdir was not removed. Error: $!\n"); - } - } - else - { - # Skip the dontremove files - $rc = opendir(DIR, $rmdir); - if ($rc) - { - while (defined(my $file = readdir(DIR))) - { - next if ( "$file" =~ /$dontremove/ ); - next if ( "$file" eq "." ); - next if ( "$file" eq ".." ); - my $rmfile = $rmdir . "/" . $file; - my $rc0 = rmtree($rmfile); - if ( 0 == $rc0 ) - { - push @errs, [ 'error_removing_path', $rmfile, $! ]; - debug(1, "Warning: $rmfile was not removed. Error: $!\n"); - } - } - closedir(DIR); - } - my $newrmdir = $rmdir . ".removed"; - my $rc1 = 1; - if ( -d $newrmdir ) - { - $rc1 = rmtree($newrmdir); - if ( 0 == $rc1 ) - { - push @errs, [ 'error_removing_path', $newrmdir, $! ]; - debug(1, "Warning: $newrmdir was not removed. Error: $!\n"); - } - } - if ( 0 < $rc1 ) - { - rename($rmdir, $newrmdir); - } - } - } - } - - return @errs; # a list of array refs - if (!@errs) then success -} - -sub remove_pidfile -{ - my ($type, $serv_id, $instdir, $instname, $run_dir, $product_name) = @_; - my $pidfile; - - # Construct the pidfile name as follows: - # PIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.pid - # STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid - if ($type eq "PIDFILE") { - $pidfile = $run_dir . "/" . $product_name . "-" . $serv_id . ".pid"; - } elsif ($type eq "STARTPIDFILE") { - $pidfile = $run_dir . "/" . $product_name . "-" . $serv_id . ".startpid"; - } - - if ( -e $pidfile && $pidfile =~ /$instname/ ) - { - unlink($pidfile); - } -} - -sub serverIsRunning -{ - my ($run_dir, $inst) = @_; - my $pidfile = $run_dir . "/" . $inst . ".pid"; - if ( -e $pidfile ) { - if (!open(PIDFILE, $pidfile)) { - debug(3, "Could not open pidfile $pidfile - $! - assume server is not running\n"); - return 0; # could not open pid file - assume server is not running - } - my $pid = ; - chomp($pid); - close(PIDFILE); - if (!$pid) { - debug(3, "Bogus pid $pid found in pidfile $pidfile - assume server is not running\n"); - return 0; # could not open pid file - assume server is not running - } - if (kill(0, $pid)) { - debug(3, "pid $pid from file $pidfile is running\n"); - return 1; # server is running - } - debug(3, "pid $pid from file $pidfile is not running - could not kill 0 - $!\n"); - } else { - debug(3, "No such file pidfile $pidfile - $! - assume server is not running\n"); - } - - return 0; # no pid file - assume not running -} - -sub libpath_add { - my $libpath = shift; - - if ($libpath) { - if ($ENV{'LD_LIBRARY_PATH'}) { - $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath"; - } else { - $ENV{'LD_LIBRARY_PATH'} = "$libpath"; - } - } -} - -# -# get_info() -# -# Grab all the config settings we need from the dse.ldif -# -sub get_info { - my %info = (); - my $dir = shift; - $info{host} = shift; - $info{port} = shift; - $info{rootdn} = shift; - my $dse_file = "$dir/dse.ldif"; - my $foundcfg = "no"; - my $value; - my $entry; - my $ldif; - - # - # Are we using openLDAP or Mozilla? - # - my $toollib = `ldapsearch -V 2>&1`; - if ($toollib =~ /OpenLDAP/) { - $info{openldap} = "yes"; - $info{nofold} = "-o ldif-wrap=no"; - } else { - $info{openldap} = "no"; - $info{nofold} = "-T"; - } - - # - # Open dse.ldif and grab the cn=config entry - # - open(DSE, "$dse_file") || die "Failed to open config file $dse_file $!\n"; - $ldif = new Mozilla::LDAP::LDIF(*DSE); - while($entry = readOneEntry $ldif){ - if($entry->getDN() eq "cn=config"){ - $foundcfg = "yes"; - last; - } - } - if($foundcfg eq "no"){ - print (STDERR "Failed to find \"cn=config\" entry from $dse_file\n"); - close (DSE); - exit 1; - } - - # - # Get missing info - # - if($info{host} eq ""){ - $info{host} = $entry->getValues("nsslapd-localhost"); - } - if($info{port} eq ""){ - $info{port} = $entry->getValues("nsslapd-port") || "389"; - } - if($info{rootdn} eq ""){ - $info{rootdn} = $entry->getValues("nsslapd-rootdn"); - } - - # - # Get SSL and LDAPI settings - # - $info{certdir} = $entry->getValues("nsslapd-certdir"); - if($info{openldap} eq "yes"){ - $ENV{LDAPTLS_CACERTDIR}=$info{certdir}; - } - $info{security} = $entry->getValues("nsslapd-security"); - $info{secure_port} = $entry->getValues("nsslapd-securePort") || "636"; - $info{ldapi} = $entry->getValues("nsslapd-ldapilisten"); - $info{autobind} = $entry->getValues("nsslapd-ldapiautobind"); - $value = $entry->getValues("nsslapd-ldapifilepath"); - if ($value){ - $value =~ s/\//%2f/g; - $info{ldapiURL} = "ldapi://" . $value; - } - - while($entry = readOneEntry $ldif){ - if($entry->getDN() eq "cn=encryption,cn=config"){ - $foundcfg = "yes"; - last; - } - } - if($foundcfg eq "yes" && $entry){ - $info{cacertfile} = $entry->getValues("CACertExtractFile"); - if ($info{cacertfile}) { - $ENV{LDAPTLS_CACERT}=$info{cacertfile}; - } - } - - close (DSE); - return %info; -} - -# -# return the normalized server id and the server config dir (contains dse.ldif) -# -sub get_server_id { - my $servid = shift; - my $dir = shift; - my $instance_count = 0; - my $first = "yes"; - my $instances = ""; - my $confdir = ""; - my $inst; - my $file; - - # normalize the given servid - if (!$servid) { - # not given - } elsif ($servid =~ /^@package_name@-/){ - # strip off "@package_name@-" - $servid =~ s/^@package_name@-//; - } elsif ($servid =~ /^slapd-/){ - # strip off "slapd-" - $servid =~ s/^slapd-//; - } # else assume already normalized - - opendir(DIR, "$dir"); - my @files = map {$_ = "$dir/$_"} readdir(DIR); - closedir(DIR); - push @files; - my $found = 0; - foreach $file (@files){ - next if(! -d $file); # skip non-directories - if($file =~ m,/slapd-, && $file !~ m/\.removed$/){ - $inst = $file; - $inst =~ s/$dir\/slapd-//; - $instance_count++; - if ($servid && ($servid eq $inst)) { - $found = 1; - $confdir = $file; - last; - } - if($first eq "yes"){ - $instances=$inst; - $first = "no"; - } else { - $instances=$instances . ", $inst"; - } - } - } - - if ($servid && !$found) { # if we got here, did not find given serverid - print (STDERR "Invalid server identifer: $servid\n"); - print (STDERR "Available instances in $dir: $instances\n"); - exit (1); - } - - if ($instance_count == 0){ - print "No instances found in $dir\n"; - exit (1); - } - - if (!$servid && $instance_count > 1){ - print "You must supply a valid server instance identifier. Use -Z to specify instance name\n"; - print "Available instances: $instances\n"; - exit (1); - } - - return ($inst, $confdir); -} - -# -# Get the root DN password from the file, or command line input -# -sub get_password_from_file { - my $passwd = shift; - my $passwdfile = shift; - - if ($passwdfile ne ""){ - # Open file and get the password - unless (open (RPASS, $passwdfile)) { - die "Error, cannot open password file $passwdfile\n"; - } - $passwd = ; - chomp($passwd); - close(RPASS); - } elsif ($passwd eq "-"){ - # Read the password from terminal - print "Bind Password: "; - # Disable console echo - system("@sttyexec@ -echo") if -t STDIN; - # read the answer - $passwd = ; - # Enable console echo - system("@sttyexec@ echo") if -t STDIN; - print "\n"; - chop($passwd); # trim trailing newline - } - - return $passwd; -} - -# -# Execute the ldapmodify -# -sub ldapmod { - my $entry = shift; - my %info = @_; - my $file = "/tmp/DSUtil-$$.txt"; - my $protocol_error; - my $result; - my $rc; - my $myrootdnpw = shellEscape($info{rootdnpw}); - - # - # write the entry to file so we can grab the result code after running ldapmodify(-f) - # - if(!open (FILE, ">$file") ){ - print (STDERR "DSUtil::ldapmod() failed to create tmp file ($!)\n"); - return 1; - } else { - print (FILE "$entry\n"); - close (FILE); - } - - if ($info{redirect} eq ""){ - $info{redirect} = "> /dev/null"; - } - - # - # Check the protocol, and reset it if it's invalid - # - $result = check_protocol(%info); - if($result == 1){ - $protocol_error = "yes"; - $info{protocol} = ""; - } elsif( $result == 2){ - unlink ($file); - return 1; - } - - # - # Execute ldapmodify using the specified/most secure protocol - # - if (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/STARTTLS/i) ){ - # - # STARTTLS - # - if($protocol_error eq "yes"){ - print "STARTTLS)\n"; - } - if($info{openldap} eq "yes"){ - system "ldapmodify -x -ZZ -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}"; - } else { - system "ldapmodify -ZZZ -P \"$info{certdir}\" -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}"; - } - } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ - # - # LDAPS - # - if($protocol_error eq "yes"){ - print "LDAPS)\n"; - } - if($info{openldap} eq "yes"){ - system "ldapmodify -x -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}"; - } else { - system "ldapmodify -Z -P \"$info{certdir}\" -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}"; - } - } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ - # - # LDAPI - # - if ($< == 0 && $info{autobind} eq "on"){ - if($protocol_error eq "yes"){ - print "LDAPI/AUTOBIND)\n"; - } - system "ldapmodify -H \"$info{ldapiURL}\" -Y EXTERNAL $info{args} -f \"$file\" > /dev/null 2>&1"; - } else { - if($protocol_error eq "yes"){ - print "LDAPI)\n"; - } - system "ldapmodify -x -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}"; - } - } else { - # - # LDAP - # - if($protocol_error eq "yes"){ - print "LDAP)\n"; - } - if($info{openldap} eq "yes"){ - system "ldapmodify -x -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}"; - } else { - system "ldapmodify -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}"; - } - } - unlink ($file); - if ($? != 0){ - my $retCode=$?>>8; - return $retCode; - } - return 0; -} - -# -# Build the ldapsearch -# -sub ldapsrch { - my %info = @_; - my $protocol_error; - my $search; - my $result; - my $myrootdnpw = shellEscape($info{rootdnpw}); - - $result = check_protocol(%info); - if($result == 1){ - $protocol_error = "yes"; - $info{protocol} = ""; - } elsif( $result == 2){ - return ""; - } - if (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/STARTTLS/i) ){ - # - # STARTTLS - # - if($protocol_error eq "yes"){ - print "STARTTLS)\n"; - } - if($info{openldap} eq "yes"){ - $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . - "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; - } else { - $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " . - "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; - } - } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ - # - # LDAPS - # - if($protocol_error eq "yes"){ - print "LDAPS)\n"; - } - if($info{openldap} eq "yes"){ - $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" $info{nofold} " . - "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; - } else { - $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " . - "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; - } - } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ - # - # LDAPI - # - if ($< == 0 && $info{autobind} eq "on"){ - $search = "ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} " . - "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} 2>/dev/null"; - } else { - $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . - "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; - } - } else { - # - # LDAP - # - if($protocol_error eq "yes"){ - print "LDAP)\n"; - } - if($info{openldap} eq "yes"){ - $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . - "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; - } else { - $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . - "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; - } - } - return $search; -} - -# -# Execute the search -# -sub ldapsrch_ext { - my %info = @_; - my $protocol_error; - my $result; - my $txt; - my $myrootdnpw = shellEscape($info{rootdnpw}); - - $result = check_protocol(%info); - if($result == 1){ - $protocol_error = "yes"; - $info{protocol} = ""; - } elsif($result == 2){ - return 1; - } - if (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/STARTTLS/i) ){ - # - # STARTTLS - # - if($protocol_error eq "yes"){ - print "STARTTLS)\n"; - } - if($info{openldap} eq "yes"){ - return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; - } else { - return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; - } - } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ - # - # LDAPS - # - if($protocol_error eq "yes"){ - print "LDAPS)\n"; - } - if($info{openldap} eq "yes"){ - return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; - } else { - return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; - } - } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ - # - # LDAPI - # - if ($< == 0 && $info{autobind} eq "on"){ - return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`; - } else { - return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; - } - } else { - # - # LDAP - # - if($protocol_error eq "yes"){ - print "LDAP)\n"; - } - if($info{openldap} eq "yes"){ - return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; - } else { - return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; - } - } -} - -# -# Check to see if the protocol is supported. -# -# If it's not supported, start logging the error message - the -# message will be completed by the calling function. -# -sub check_protocol { - my %info = @_; - my $txt; - - if(($info{protocol} eq "LDAPI" && $info{openldap} eq "no") || - ($info{protocol} eq "LDAPI" && $info{ldapi} eq "off") || - ($info{protocol} eq "STARTTLS" && ($info{security} eq "" || $info{security} eq "off")) || - ($info{protocol} eq "LDAPS" && ($info{security} eq "" || $info{security} eq "off")) - ){ - if($info{protocol} eq "LDAPI" && $info{openldap} eq "no"){ - $txt = " by the Mozilla LDAP client"; - } else { - $txt = " by the Directory Server"; - } - print (STDERR "Protocol $info{protocol} requested, but this protocol is not supported" . $txt . ".\n" . - "Using the next most secure protocol (" ); # completed by the caller - return 1; - } - if( ($info{protocol} ne "") && ($info{protocol} ne "STARTTLS" && - $info{protocol} ne "LDAPS" && - $info{protocol} ne "LDAPI" && - $info{protocol} ne "LDAP") ) - { - print (STDERR "Unknown protocol: $info{protocol}\n"); - return 2; - } - return 0; -} - -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/Dialog.pm b/ldap/admin/src/scripts/Dialog.pm deleted file mode 100644 index aca3553..0000000 --- a/ldap/admin/src/scripts/Dialog.pm +++ /dev/null @@ -1,249 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -package Dialog; - -use DialogManager; - -#require Exporter; -#@ISA = qw(Exporter); -#@EXPORT = qw(); - -# NOTE: This "class" is an "abstract" class. There are two methods which -# must be provided by subclasses: -# $ans = $dialog->defaultAns($promptindex); -# where $promptindex is the index into the array of prompts given when -# constructing the Dialog object -# The dialog will typically use a default answer either hardcoded in -# or from some key in the setup cache (.inf) file -# -# $resp = $dialog->handleResponse($ans, $index); -# The dialog uses this method to perform validation of the input, set the value -# in the setup cache, display errors or warnings, and tell the dialog manager -# if the prompt needs to be redisplayed, or if there was an unrecoverable error -# $resp should be $SAME to reprompt, $ERR to abort, or $NEXT to continue -# the $ans and defaultAns should be in the native charset, so the dialog -# may have to convert to/from utf8 as needed. - -# a dialog consists of a title, some explanatory text, and one or more prompts -# each prompt has a default value. An example of a dialog with more than -# one prompt would be a dialog asking the user for the new root DN and password - -# in that case, there would be 3 prompts - one for the DN, one for the password, -# and one to verify the password -# The text and prompts are given as resource keys. Usually the resource value -# will be a simple string, in which case the resource key is passed in as a simple -# string. However, if the resource string contains replaceable parameters, the -# resource key is passed as an array ref consisting of the resource key as the -# first element and the parameters to use for replacement as the subsequent -# array elements e.g. -# $foo = new Dialog(['RESOURCE_KEY_CONFIG_LDAP_URL', $secure, $host, $port, $suffix], ...); -# but usually for simple cases like this: -# $foo = new Dialog('RESOURCE_KEY_WELCOME', ...); -# The manager contains the context for all of the dialogs - the setup type, the resource -# file, setup log, other context shared among the dialogs -# the type is the setup type - 1, 2, or 3 for express, typical, or custom -# type is used to say which types use this dialog -sub new { - my $type = shift; - my $self = {}; - - $self->{type} = shift; - $self->{text} = shift; - $self->{defaultAns} = shift; - $self->{handleResp} = shift; - $self->{prompts} = \@_; - - $self = bless $self, $type; - - return $self; -} - -sub setManager { - my $self = shift; - $self->{"manager"} = shift; -} - -# returns true if this dialog is to be displayed for the current setup type -# false otherwise -sub isDisplayed { - my $self = shift; - - return $self->{type} <= $self->{"manager"}->{type}; -} - -sub isEnabled { - my $self = shift; - return !defined($self->{disabled}); -} - -sub enable { - my $self = shift; - delete $self->{disabled}; -} - -sub disable { - my $self = shift; - $self->{disabled} = 1; -} - -# each prompt looks like this: -# [ 'resource key', is pwd, hide ] -# The resource key is the string key of the resource -# is pwd is optional - if present, the prompt is for a password -# and should not echo the answer -# hide is optional - if present and true, the prompt will not be displayed - this -# is useful in cases where you may want to display or hide a subprompt depending -# on the response to a main prompt -# e.g. -# ['RESOURCE_USERNAME'], ['RESOURCE_PASSWORD', 1], ['RESOURCE_PASSWORD_AGAIN', 1] -# e.g. -# ['USE_SECURITY'], ['CA_CERTIFICATE', 0, 0] -# you can set the 0 to a 1 if the user has chosen to use security -sub run { - my $self = shift; - my $direction = shift; - my $resp = $DialogManager::SAME; - - # display the dialog text - if ($self->isDisplayed()) { - $self->{manager}->showText($self->{text}); - } - - # display each prompt for this dialog - my $index = 0; - my @prompts = @{$self->{prompts}}; - for (my $index = 0; $index < @prompts; ++$index) { - my $prompt = $prompts[$index]; - my $defaultans = $self->{defaultAns}($self, $index); - my $ans; - if ($self->isDisplayed() && !$prompt->[2]) { - $ans = $self->{manager}->showPrompt($prompt->[0], $defaultans, $prompt->[1]); - } else { - $ans = $defaultans; - } - - # see if this is the special BACK response, and finish if so - if ($self->{"manager"}->isBack($ans)) { - $resp = $DialogManager::BACK; - last; - } - - # figure out what action to take based on the users response - # this will set values in the setup info file - # this will also validate input, and display errors if the - # input is not correct - in that case, the resp will be - # SAME to reprompt, or ERR if unrecoverable - # NOTE: user cannot BACK from prompt to prompt - BACK - # always means BACK to the previous dialog - $resp = $self->{handleResp}($self, $ans, $index); - if (($resp == $DialogManager::SAME) or ($resp == $DialogManager::FIRST)) { - if (!$self->isDisplayed()) { - $self->{manager}->alert('dialog_use_different_type'); - $resp = $DialogManager::ERR; - } elsif ($resp == $DialogManager::SAME) { - $index--; # reprompt - } else { - $index = -1; # reshow first prompt on dialog - } - } elsif ($resp == $DialogManager::ERR) { - last; - } elsif (!$self->isDisplayed() && ($direction < 0) && - ($resp == $DialogManager::NEXT)) { - # we did not display this dialog, and the current navigation - # direction is BACK, so we should return BACK, to allow - # the user to go back through several dialogs - $resp = $DialogManager::BACK; - } - } - - return $resp; -} - -package DialogYesNo; - -@ISA = qw(Dialog); - -sub new { - my $type = shift; - my $setuptype = shift; - my $text = shift; - my $defaultIsYes = shift; - my $handler = shift || \&handleResponse; - my $prompt = shift || ['prompt_yes_no']; - my $self = Dialog->new($setuptype, $text, - \&defaultAns, $handler, $prompt); - - $self->{defaultIsYes} = $defaultIsYes; - - $self = bless $self, $type; - - return $self; -} - -sub setDefaultYes { - my $self = shift; - $self->{default} = $self->{"manager"}->getText("yes"); -} - -sub setDefaultNo { - my $self = shift; - $self->{default} = $self->{"manager"}->getText("no"); -} - -sub defaultAns { - my $self = shift; - if (exists($self->{ans})) { - return $self->{ans}; - } - if (!exists($self->{default})) { - my $isyes; - if (ref($self->{defaultIsYes}) eq 'CODE') { - $isyes = &{$self->{defaultIsYes}}($self); - } else { - $isyes = $self->{defaultIsYes}; - } - if ($isyes) { - $self->{default} = $self->{"manager"}->getText("yes"); - } else { - $self->{default} = $self->{"manager"}->getText("no"); - } - } - return $self->{default}; -} - -sub isYes { - my $self = shift; - return $self->{ans} eq $self->{"manager"}->getText("yes"); -} - -sub handleResponse { - my $self = shift; - my $ans = shift; - my $resp = $DialogManager::SAME; - my $yes = $self->{"manager"}->getText("yes"); - my $nno = $self->{"manager"}->getText("no"); - - # the regexp allows us to use y or ye or yes for "yes" - if ($nno =~ /^$ans/i) { - $resp = $DialogManager::NEXT; - $self->{ans} = $nno; - } elsif ($yes =~ /^$ans/i) { - $resp = $DialogManager::NEXT; - $self->{ans} = $yes; - } else { - $self->{"manager"}->alert("yes_no_error"); - } - - return $resp; -} - -############################################################################# -# Mandatory TRUE return value. -# -1; diff --git a/ldap/admin/src/scripts/DialogManager.pm.in b/ldap/admin/src/scripts/DialogManager.pm.in deleted file mode 100644 index 3882b7d..0000000 --- a/ldap/admin/src/scripts/DialogManager.pm.in +++ /dev/null @@ -1,212 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -package DialogManager; -use Exporter (); -@ISA = qw(Exporter); -@EXPORT = qw($BACK $SAME $NEXT $ERR); -@EXPORT_OK = qw($BACK $SAME $NEXT $ERR); - -use Dialog; -use SetupLog; - -# Dialog responses -$FIRST = -2; # go back to first prompt on a dialog -$BACK = -1; # go back to previous dialog -$SAME = 0; # reshow the same prompt or dialog -$NEXT = 1; # go to the next dialog -$ERR = 2; # fatal error - -# The DialogManager controls the flow of the dialogs and contains context shared -# among all of the dialogs (resources, logs, current setup type, etc.) -# all of these are optional -sub new { - my $type = shift; - my $self = {}; - - $self->{setup} = shift; - $self->{res} = shift; - $self->{type} = shift; - - $self->{log} = $self->{setup}->{log}; - $self->{inf} = $self->{setup}->{inf}; - - $self = bless $self, $type; - - return $self; -} - -sub getType { - my $self = shift; - return $self->{type}; -} - -sub setType { - my $self = shift; - $self->{type} = shift; -} - -sub addDialog { - my $self = shift; - for my $dialog (@_) { - $dialog->setManager($self); - push @{$self->{dialogs}}, $dialog; - } -} - -sub resetDialog { - my $self = shift; - @{$self->{dialogs}} = (); -} - -# see if the user answered with the special BACK answer -sub isBack { - my $self = shift; - my $ans = shift; - - if (!$ans) { - return 0; - } - - # the word "back" - if ($ans =~ /^\s*back\s*$/i) { - return 1; - } - # a Ctrl-B sequence - if ($ans eq '') { - return 1; - } - - return 0; -} - -sub log { - my $self = shift; - if (!$self->{log}) { - print @_; - } else { - $self->{log}->logMessage($INFO, "Setup", @_); - } -} - -sub getText { - my $self = shift; - return $self->{res}->getText(@_); -} - -sub handleError { - my $self = shift; - my $msg = $self->{res}->getText('setup_err_exit'); - $self->{log}->logMessage($FATAL, "Setup", $msg); -} - -sub showText { - my $self = shift; - my $msg = shift; - my $text = $self->getText($msg); - print "\n", ("=" x 78), "\n"; - # display it, - print $text; - # log it - $self->log($text); -} - -sub showPrompt { - my $self = shift; - my $msg = shift; - my $defaultans = shift; - my $ispwd = shift; - - my $text = $self->getText($msg); - # display it, - print $text; - # log it - $self->log($text . "\n"); - # display the default answer - if ($defaultans) { - print " [$defaultans]"; - } - print ": "; - # if we are prompting for a password, disable console echo - if ($ispwd) { - system("@sttyexec@ -echo"); - } - # read the answer - my $ans = ; - # if we are prompting for a password, enable console echo - if ($ispwd) { - system("@sttyexec@ echo"); - print "\n"; - } - chop($ans); # trim trailing newline - - # see if this is the special BACK response, and finish if so - if ($self->isBack($ans)) { - $self->log("BACK\n"); - return $ans; - } - - if (!length($ans)) { - $ans = $defaultans; - } - - # log the response, if not a password - if (!$ispwd) { - $self->log($ans . "\n"); - } - - return $ans; -} - -sub alert { - my $self = shift; - my $msg = $self->{res}->getText(@_); - print $msg; - $self->{log}->logMessage($WARN, "Setup", $msg); -} - -sub run { - my $self = shift; - my $done; - my $index = 0; - my $incr = 1; - my $rc = 0; - - while (!$done) { - my $dialog = $self->{dialogs}->[$index]; - if ($dialog->isEnabled()) { - my $resp = $NEXT; - $resp = $dialog->run($incr); - if ($resp == $BACK) { - $incr = -1; - } elsif ($resp == $NEXT) { - $incr = 1; - } elsif (($resp == $SAME) or ($resp == $FIRST)) { - $incr = 0; - } else { - $self->handleError($resp); - $done = 1; - $rc = 1; - } - } - $index += $incr; - if ($index < 0) { - $index = 0; - } elsif ($index >= @{$self->{dialogs}}) { - $done = 1; - } - } - - return $rc; -} - -############################################################################# -# Mandatory TRUE return value. -# -1; diff --git a/ldap/admin/src/scripts/FileConn.pm b/ldap/admin/src/scripts/FileConn.pm deleted file mode 100644 index 8a2a1af..0000000 --- a/ldap/admin/src/scripts/FileConn.pm +++ /dev/null @@ -1,461 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# -# FileConn is a subclass of Mozilla::LDAP::Conn. This class does -# not use LDAP. Instead, it operates on a given LDAP file, allowing -# you to search, add, modify, and delete entries in the file. -# -package FileConn; - -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::API qw(:constant ldap_explode_dn ldap_err2string); # Direct access to C API -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::LDIF; - -use DSUtil qw(debug); - -require Exporter; -@ISA = qw(Exporter Mozilla::LDAP::Conn); -@EXPORT = qw(); -@EXPORT_OK = qw(); - -sub new { - my $class = shift; - my $filename = shift; - my $readonly = shift; - my @namingContexts = @_; - my $self = {}; - - $self = bless $self, $class; - - $self->{readonly} = $readonly; - for my $ctx (@namingContexts) { - $self->setNamingContext($ctx); - } - $self->setNamingContext(""); # root DSE - if (!$self->read($filename)) { - return; - } - - return $self; -} - -sub getParentDN { - my $dn = shift; - my @rdns = ldap_explode_dn($dn, 0); - shift @rdns; - return join(',', @rdns); -} - -sub read { - my $self = shift; - my $filename = shift; - - if ($filename) { - $self->{filename} = $filename; - } else { - $filename = $self->{filename}; - } - - if (!$self->{filename}) { - return 1; # no filename given - ok - } - - if (!open( MYLDIF, "$filename" )) { - debug(1, "Could not open $filename: $!\n"); - return 0; - } - - my $in = new Mozilla::LDAP::LDIF(*MYLDIF); - $self->{reading} = 1; - while ($ent = readOneEntry $in) { - if (!$self->add($ent)) { - debug(1, "Error: could not add entry " . $ent->getDN() . ":" . $self->getErrorString()); - } - } - delete $self->{reading}; - close( MYLDIF ); - - return 1; -} - -sub setNamingContext { - my $self = shift; - my $nc = shift; - my $ndn = normalizeDN($nc); - $self->{namingContexts}->{$ndn} = $ndn; -} - -sub isNamingContext { - my $self = shift; - my $ndn = shift; - return exists($self->{namingContexts}->{$ndn}); -} - -# return all nodes below the given node -sub iterate { - my $self = shift; - my $dn = shift; - my $scope = shift; - my $callback = shift; - my $context = shift; - my $suppress = shift; - my $ndn = normalizeDN($dn); - my $children; - if (exists($self->{$ndn}) and exists($self->{$ndn}->{children})) { - $children = $self->{$ndn}->{children}; - } - if (($scope != LDAP_SCOPE_ONELEVEL) && exists($self->{$ndn}) && - exists($self->{$ndn}->{data}) && $self->{$ndn}->{data} && !$suppress) { - &{$callback}($self->{$ndn}->{data}, $context); - } - - if ($scope == LDAP_SCOPE_BASE) { - return; - } - - for my $node (@{$children}) { - &{$callback}($node->{data}, $context); - } - if ($scope == LDAP_SCOPE_SUBTREE) { - for my $node (@{$children}) { - $self->iterate($node->{data}->getDN(), $scope, $callback, $context, 1); - } - } -} - -sub writecb { - my $entry = shift; - my $fh = shift; - if (! $entry->getDN()) { # rootDSE requires special hack around perldap bug - my $ary = $entry->getLDIFrecords(); - shift @$ary; # remove "dn" - shift @$ary; # remove the empty dn value - print $fh "dn:\n"; - print $fh (Mozilla::LDAP::LDIF::pack_LDIF (78, $ary), "\n"); - } else { - Mozilla::LDAP::LDIF::put_LDIF($fh, 78, $entry); - } -} - -sub write { - my $self = shift; - my $filename = shift; - - if ($filename) { - $self->{filename} = $filename; - } else { - $filename = $self->{filename}; - } - - if (!$self->{filename} or $self->{readonly} or $self->{reading}) { - return 1; # ok - no filename given - just ignore - } - - if (!open( MYLDIF, ">$filename" )) { - debug(1, "Can't write $filename: $!\n"); - return 0; - } - - $self->iterate("", LDAP_SCOPE_SUBTREE, \&writecb, \*MYLDIF); - for my $ctx (keys %{$self->{namingContexts}}) { - next if (!$ctx); # skip "" - we already did that - $self->iterate($ctx, LDAP_SCOPE_SUBTREE, \&writecb, \*MYLDIF); - } - close( MYLDIF ); - - return 1; -} - -sub setErrorCode { - my $self = shift; - $self->{lastErrorCode} = shift; -} - -sub getErrorCode { - my $self = shift; - return $self->{lastErrorCode}; -} - -sub getErrorString { - my $self = shift; - return ldap_err2string($self->{lastErrorCode}); -} - -############################################################################# -# Print the last error code... -# -sub printError -{ - my ($self, $str) = @_; - - $str = "LDAP error:" unless defined($str); - print "$str ", $self->getErrorString(), "\n"; -} - -sub DESTROY { - my $self = shift; - $self->close(); -} - -sub close { - my $self = shift; - return if ($self->{readonly}); - $self->write(); -} - -sub printcb { - my $entry = shift; - - print $entry->getDN(), "\n"; -} - -sub print { - my $self = shift; - my $dn = shift; - my $scope = shift; - $self->iterate($dn, $scope, \&printcb); -} - -# for each entry, call the user provided filter callback -# with the entry and the user provided filter context -# if the filtercb returns true, add the entry to the -# list of entries to return -sub searchcb { - my $entry = shift; - my $context = shift; - my $self = $context->[0]; - my $filtercb = $context->[1]; - my $filtercontext = $context->[2]; - if (&{$filtercb}($entry, $filtercontext)) { - push @{$self->{entries}}, $entry; - } -} - -sub matchall { - return 1; -} - -sub matchAttrVal { - my $entry = shift; - my $context = shift; - my $attr = $context->[0]; - my $val = $context->[1]; - - if ($val eq "*") { - return $entry->exists($attr); - } - return $entry->hasValue($attr, $val, 1); -} - -my $attrpat = '[-;.:\w]*[-;\w]'; - -# given a string filter, figure out which subroutine to -# use to match -sub filterToMatchSub { - my $self = shift; - my ($basedn, $scope, $filter, $attrsonly, @rest) = @_; - my ($matchsub, $context); -# do some filter processing - if (!$filter or ($filter eq "(objectclass=*)") or - ($filter eq "objectclass=*")) { - $matchsub = \&matchall; - } elsif ($filter =~ /^\(($attrpat)=(.+)\)$/o) { - push @{$context}, $1, $2; - $matchsub = \&matchAttrVal; -# } elsif ($filter =~ /^\(\|\(($attrpat)=(.+)\)\(($attrpat)=(.+)\)\)$/o) { -# $attr = $1; -# $val = $2; -# $attr1 = $1; -# $val1 = $2; -# $isand = 0; -# } elsif ($filter =~ /^\(\&\(($attrpat)=(.+)\)\(($attrpat)=(.+)\)\)$/o) { -# $attr = $1; -# $val = $2; -# $attr1 = $1; -# $val1 = $2; -# $isand = 1; -# } elsif ($filter =~ /^\(\|\(($attrpat)=(.+)\)\(($attrpat)=(.+)\)\)$/o) {) { -# # "(&(objectclass=nsBackendInstance)(|(nsslapd-suffix=$suffix)(nsslapd-suffix=$nsuffix)))"); - } - - $self->iterate($basedn, $scope, \&searchcb, [$self, $matchsub, $context]); -} - -# simple searches only -sub search { - my $self = shift; - my ($basedn, $scope, $filter, $attrsonly, @rest) = @_; - my $attrs; - if (ref($rest[0]) eq "ARRAY") { - $attrs = $rest[0]; - } elsif (scalar(@rest) > 0) { - $attrs = \@rest; - } - - $scope = Mozilla::LDAP::Utils::str2Scope($scope); - - $self->{entries} = []; - - my $ndn = normalizeDN($basedn); - if (!exists($self->{$ndn}) or !exists($self->{$ndn}->{data})) { - $self->setErrorCode(LDAP_NO_SUCH_OBJECT); - return undef; - } - - $self->setErrorCode(0); - if (ref($filter) eq 'CODE') { - $self->iterate($basedn, $scope, \&searchcb, [$self, $filter, $attrsonly]); - } else { - $self->filterToMatchSub($basedn, $scope, $filter, $attrsonly); - } - - return $self->nextEntry(); -} - -sub cloneEntry { - my $src = shift; - if (!$src) { - return undef; - } - my $dest = new Mozilla::LDAP::Entry(); - $dest->setDN($src->getDN()); - for my $key (keys %{$src}) { - if (ref($src->{$key})) { - my @copyary = @{$src->{$key}}; - $dest->{$key} = [ @copyary ]; # make a deep copy - } else { - $dest->{$key} = $src->{$key}; - } - } - - return $dest; -} - -# have to return a copy of the entry - disallow inplace updates -sub nextEntry { - my $self = shift; - my $ent = shift @{$self->{entries}}; - return cloneEntry($ent); -} - -sub add { - my $self = shift; - my $entry = shift; - my $dn = $entry->getDN(); - my $ndn = normalizeDN($dn); - my $parentdn = getParentDN($dn); - my $nparentdn = normalizeDN($parentdn); - - $self->setErrorCode(0); - # special case of naming context - has no parent - if ($self->isNamingContext($ndn) and - !exists($self->{$ndn}->{data})) { - $self->{$ndn}->{data} = $entry; - return $self->write(); - } - - if ($ndn && exists($self->{$ndn})) { - $self->setErrorCode(LDAP_ALREADY_EXISTS); - return 0; - } - - if ($ndn && $nparentdn && !exists($self->{$nparentdn})) { - $self->setErrorCode(LDAP_NO_SUCH_OBJECT); - return 0; - } - # each hash entry has two keys - # data is the actual Entry - # children is the array ref of the one level children of this dn - $self->{$ndn}->{data} = $entry; - # don't add parent to list of children - if ($nparentdn ne $ndn) { - push @{$self->{$nparentdn}->{children}}, $self->{$ndn}; - } - - return 1; -} - -sub update { - my $self = shift; - my $entry = shift; - my $dn = $entry->getDN(); - my $ndn = normalizeDN($dn); - - if ($self->{readonly}) { - debug(1, "Attempt to update read only $self->{filename} entry $dn\n"); - return 0; - } - - $self->setErrorCode(0); - if (!exists($self->{$ndn})) { - $self->setErrorCode(LDAP_NO_SUCH_OBJECT); - debug(1, "Attempt to update entry $dn that does not exist\n"); - return 0; - } - - # The cloned entry will not contain the deleted attrs - the cloning - # process omits the deleted attrs via the Entry FETCH, FIRSTKEY, and NEXTKEY - # methods - $self->{$ndn}->{data} = cloneEntry($entry); - return $self->write(); -} - -sub delete { - my $self = shift; - my $dn = shift; - - if ($self->{readonly}) { - debug(1, "Attempt to delete read only $self->{filename} entry $dn\n"); - return 0; - } - - if (ref($dn)) { - $dn = $dn->getDN(); # an Entry - } - my $ndn = normalizeDN($dn); - - $self->setErrorCode(0); - if (!exists($self->{$ndn})) { - $self->setErrorCode(LDAP_NO_SUCH_OBJECT); - debug(1, "Attempt to delete entry $dn that does not exist\n"); - return 0; - } - - if (@{$self->{$ndn}->{children}}) { - $self->setErrorCode(LDAP_NOT_ALLOWED_ON_NONLEAF); - debug(1, "Attempt to delete entry $dn that has children\n"); - return 0; - } - - # delete the data associated with this node - delete $self->{$ndn}->{data}; - delete $self->{$ndn}->{children}; - - my $parentdn = getParentDN($dn); - my $nparentdn = normalizeDN($parentdn); - # delete this node from its parent - if ($ndn ne $nparentdn) { - for (my $ii = 0; $ii < @{$self->{$nparentdn}->{children}}; ++$ii) { - # find matching hash ref in parent's child list - if ($self->{$nparentdn}->{children}->[$ii] eq $self->{$ndn}) { - # remove that element from the array - splice @{$self->{$nparentdn}->{children}}, $ii, 1; - # done - should only ever be one matching child - last; - } - } - } - - # delete this node - delete $self->{$ndn}; - - return $self->write(); -} - -1; diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm deleted file mode 100644 index d4c55f1..0000000 --- a/ldap/admin/src/scripts/Inf.pm +++ /dev/null @@ -1,268 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -# manages inf files - gets values -# given keys - -package Inf; - -use DSUtil; -use File::Temp qw(tempfile tempdir); - -#require Exporter; -#@ISA = qw(Exporter); -#@EXPORT = qw(); - -sub new { - my $type = shift; - my $self = {}; - - $self->{filename} = shift; - $self->{writable} = shift; # do not overwrite user supplied file - # if you want to init an Inf with a writable file, use - # $inf = new Inf($filename, 1) - - $self = bless $self, $type; - - if ($self->{filename}) { - if($self->read() != 0){ - undef $self; - } - } - - return $self; -} - -sub read { -# each key in the table is a section name -# the value is a hash ref of the items in that section -# in that hash ref, each key is the config param name, -# and the value is the config param value - my $self = shift; - my $filename = shift; - my $curSection = ""; - - if ($filename) { - $self->{filename} = $filename; - } else { - $filename = $self->{filename}; - } - - my $incontinuation = 0; - my $curkey; - my $curval; - my $inffh; - if ($filename eq "-") { - $inffh = \*STDIN; - } else { - if (!open(INF, $filename)) { - debug(0, "Error: could not open inf file $filename: $!\n"); - return -1; - } - $inffh = \*INF; - } - my $line; - while ($line = <$inffh>) { - my $iscontinuation; - chop $line; # trim trailing newline - if ($line =~ /^\s*$/) { # skip blank/empty lines - $incontinuation = 0; - next; - } - if ($line =~ /^\s*\#/) { # skip comment lines - $incontinuation = 0; - next; - } - if ($line =~ /\\$/) { # line ends in \ - continued on next line - chop $line; - $iscontinuation = 1; - } - if ($incontinuation) { - if ($curval) { - $self->{$curSection}->{$curkey}->[$curval] .= "\n" . $line; # add line in entirety to current value - } else { - $self->{$curSection}->{$curkey} .= "\n" . $line; # add line in entirety to current value - } - } elsif ($line =~ /^\[(.*?)\]/) { # e.g. [General] - $curSection = $1; - $iscontinuation = 0; # disallow section continuations - } elsif ($line =~ /^\s*(.*?)\s*=\s*(.*?)\s*$/) { # key = value - $curkey = $1; - # a single value is just a single scalar - # multiple values are represented by an array ref - if (exists($self->{$curSection}->{$curkey})) { - if (!ref($self->{$curSection}->{$curkey})) { - # convert single scalar to array ref - my $ary = [$self->{$curSection}->{$curkey}]; - $self->{$curSection}->{$curkey} = $ary; - } - # just push the new value - push @{$self->{$curSection}->{$curkey}}, $2; - $curval = @{$self->{$curSection}->{$curkey}} - 1; # curval is index of last item - } else { - # single value - $self->{$curSection}->{$curkey} = $2; - $curval = 0; # only 1 value - } - } - if ($iscontinuation) { # if line ends with a backslash, continue the data on the next line - $incontinuation = 1; - } else { - $incontinuation = 0; - } - } - if ($inffh ne \*STDIN) { - close $inffh; - } - - return 0; -} - -sub section { - my $self = shift; - my $key = shift; - - if (!exists($self->{$key})) { - debug(0, "Error: unknown inf section $key\n"); - return undef; - } - - return $self->{$key}; -} - -sub writeSection { - my $self = shift; - my $name = shift; - my $fh = shift; - my $section = $self->{$name}; - if (ref($section) eq 'HASH') { - print $fh "[$name]\n"; - for my $key (sort keys %{$section}) { - if (exists($section->{$key}) and defined($section->{$key}) and - (length($section->{$key}) > 0)) { - my @vals = (); - if (ref($section->{$key})) { - @vals = @{$section->{$key}}; - } else { - @vals = ($section->{$key}); - } - for my $val (@vals) { - $val =~ s/\n/\\\n/g; # make continuation lines - print $fh "$key = $val\n"; - } - } - } - } -} - -sub write { - my $self = shift; - my $filename = shift; - my $fh; - - return if ($filename and $filename eq "-"); - - # see if user wants to force use of a temp file - if ($filename and $filename eq '__temp__') { - $self->{writable} = 1; - $filename = ''; - delete $self->{filename}; - } - - if (!$self->{writable}) { - return; # do not overwrite read only file - } - - if ($filename) { # use user supplied filename - $self->{filename} = $filename; - } elsif ($self->{filename}) { # use existing filename - $filename = $self->{filename}; - } else { # create temp filename - ($fh, $self->{filename}) = tempfile("setupXXXXXX", UNLINK => 0, - SUFFIX => ".inf", OPEN => 1, - DIR => File::Spec->tmpdir); - } - - my $savemask = umask(0077); - if (!$fh) { - if (!open(INF, ">$filename")) { - debug(0, "Error: could not write inf file $filename: $!\n"); - umask($savemask); - return; - } - $fh = *INF; - } - # write General section first - $self->writeSection('General', $fh); - for my $key (keys %{$self}) { - next if ($key eq 'General'); - $self->writeSection($key, $fh); - } - close $fh; - umask($savemask); -} - -sub updateFromArgs { - my $self = shift; - my $argsinf = {}; # tmp for args read in - - if (!@_) { - return 1; # no args - just return - } - - # read args into temp inf - for my $arg (@_) { - if ($arg =~ /^([\w_-]+)\.([\w_-]+)=(.*)$/) { # e.g. section.param=value - my $sec = $1; - my $parm = $2; - my $val = $3; - # a single value is just a single scalar - # multiple values are represented by an array ref - if (exists($argsinf->{$sec}->{$parm})) { - if (!ref($argsinf->{$sec}->{$parm})) { - # convert single scalar to array ref - my $ary = [$argsinf->{$sec}->{$parm}]; - $argsinf->{$sec}->{$parm} = $ary; - } - # just push the new value - push @{$argsinf->{$sec}->{$parm}}, $val; - } else { - # single value - $argsinf->{$sec}->{$parm} = $val; - } - } else { # error - debug(0, "Error: unknown command line option $arg\n"); - return; - } - } - - # no args read - just return true - if (!$argsinf || !%{$argsinf}) { - return 1; - } - - # override inf with vals read from args - while (my ($name, $sec) = each %{$argsinf}) { - if (ref($sec) eq 'HASH') { - for my $key (keys %{$sec}) { - if (defined($sec->{$key})) { - my $val = $sec->{$key}; - $self->{$name}->{$key} = $val; - } - } - } - } - - return 1; -} - -############################################################################# -# Mandatory TRUE return value. -# -1; diff --git a/ldap/admin/src/scripts/Migration.pm.in b/ldap/admin/src/scripts/Migration.pm.in deleted file mode 100644 index 946b43b..0000000 --- a/ldap/admin/src/scripts/Migration.pm.in +++ /dev/null @@ -1,327 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -########################### -# -# This perl module provides a way to set up a new installation after -# the binaries have already been extracted. This is typically after -# using native packaging support to install the package e.g. RPM, -# pkgadd, depot, etc. This script will show the license, readme, -# dsktune, then run the usual setup pre and post installers. -# -########################## - -package Migration; -use Setup; - -use Exporter (); -@ISA = qw(Exporter Setup); -@EXPORT = qw(); -@EXPORT_OK = qw(); - -# hostname -use Sys::Hostname; - -# load perldap -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(ldap_explode_dn); -use Mozilla::LDAP::LDIF; - -use Getopt::Long; - -use SetupLog; -use DSUtil; - -# process command line options -Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd - -sub VersionMessage { - print "@capbrand@ Directory Server Migration Program Version @PACKAGE_VERSION@\n"; -} - -sub HelpMessage { - print <{res} = shift; - my ($silent, $inffile, $keep, $preonly, $logfile, $oldsroot, $actualsroot, $crossplatform); - my @instances; - - GetOptions('help|h|?' => sub { VersionMessage(); HelpMessage(); exit 0 }, - 'version|v' => sub { VersionMessage(); exit 0 }, - 'debug|d+' => \$DSUtil::debuglevel, - 'silent|s' => \$silent, - 'file|f=s' => \$inffile, - 'keepcache|k' => \$keep, - 'preonly|p' => \$preonly, - 'logfile|l=s' => \$logfile, - 'oldsroot|o=s' => \$oldsroot, - 'actualsroot|a=s' => \$actualsroot, - 'crossplatform|cross|c|x' => \$crossplatform, - 'instance|i=s' => \@instances - ); - - my $pkgname = "@package_name@"; - # this is the new pkgname which may be something like - # 389-ds-base - we have to strip off the -suffix - if ($pkgname =~ /-(core|base)$/) { - $pkgname =~ s/-(core|base)$//; - } - my $oldpkgname = "@brand@-ds"; - - $self->{pkgname} = $pkgname; - $oldsroot =~ s/\/+$//; # trim trailing '/'s, if any - $self->{oldsroot} = $oldsroot || "/opt/$oldpkgname"; - $actualsroot =~ s/\/+$//; # trim trailing '/'s, if any - $self->{actualsroot} = $actualsroot || $self->{oldsroot}; - $self->{silent} = $silent; - $self->{keep} = $keep; - $self->{preonly} = $preonly; - $self->{logfile} = $logfile; - $self->{crossplatform} = $crossplatform; - $self->{log} = new SetupLog($self->{logfile}, "migrate"); - DSUtil::setDebugLog($self->{log}); - $self->{start_servers} = 1; # start servers as soon as they are migrated - # if user supplied inf file, use that to initialize - if (defined($inffile)) { - $self->{inf} = new Inf($inffile); - } else { - $self->{inf} = new Inf; - } - - # see if user passed in default inf values - also, command line - # arguments override those passed in via an inf file - this - # allows the reuse of .inf files with some parameters overridden - if (!$self->{inf}->updateFromArgs(@ARGV)) { - HelpMessage(); - exit 1; - } - - # this is the base config directory - the directory containing - # the slapd-instance instance specific config directories - $self->{configdir} = $ENV{DS_CONFIG_DIR} || "@instconfigdir@"; - - # get list of instances to migrate - if (! @instances) { - # an instance must be a directory called $oldsroot/slapd-something and the file - # $oldsroot/slapd-something/config/dse.ldif must exist - @instances = grep { -d && -f "$_/config/dse.ldif" && ($_ =~ s,$self->{oldsroot}/,,) } - glob("$self->{oldsroot}/slapd-*"); - } - - if (!@instances) { - $self->msg($FATAL, "error_no_instances", $self->{oldsroot}); - VersionMessage(); - HelpMessage(); - exit 1; - } - - $self->{instances} = \@instances; -} - -# log only goes the the logfile -sub log { - my $self = shift; - my $level = shift; - $self->{log}->logMessage($level, "Migration", @_); -} - -sub doExit { - my $self = shift; - my $code = shift; - if (!defined($code)) { - $code = 1; - } - - if ($code) { - $self->msg($FATAL, 'migration_exiting', $self->{log}->{filename}); - } else { - $self->msg($SUCCESS, 'migration_exiting', $self->{log}->{filename}); - } - exit $code; -} - -sub migrateSecurityFiles { - my $self = shift; - my $inst = shift; - my $destdir = shift; - my $oldroot = $self->{oldsroot}; - - if (! -d "$oldroot/alias") { - $self->msg('old_secdir_error', "$oldroot/alias", $!); - return 0; - } elsif (! -d $destdir) { - $self->msg('new_secdir_error', $destdir, $!); - return 0; - } else { - if (-f "$oldroot/alias/$inst-cert8.db") { - $self->log($INFO, "Copying $oldroot/alias/$inst-cert8.db to $destdir/cert8.db\n"); - if (system ("cp -p $oldroot/alias/$inst-cert8.db $destdir/cert8.db")) { - $self->msg($FATAL, 'error_copying_certdb', "$oldroot/alias/$inst-cert8.db", - "$destdir/cert8.db", $!); - return 0; - } - } else { - $self->log($DEBUG, "No file to migrate: $oldroot/alias/$inst-cert8.db\n"); - } - - if (-f "$oldroot/alias/$inst-key3.db") { - $self->log($INFO, "Copying $oldroot/alias/$inst-key3.db to $destdir/key3.db\n"); - if (system ("cp -p $oldroot/alias/$inst-key3.db $destdir/key3.db")) { - $self->msg($FATAL, 'error_copying_keydb', "$oldroot/alias/$inst-key3.db", - "$destdir/key3.db", $!); - return 0; - } - } else { - $self->log($DEBUG, "No file to migrate: $oldroot/alias/$inst-key3.db\n"); - } - - if (-f "$oldroot/alias/secmod.db") { - $self->log($INFO, "Copying $oldroot/alias/secmod.db to $destdir/secmod.db\n"); - if (system ("cp -p $oldroot/alias/secmod.db $destdir/secmod.db")) { - $self->msg($FATAL, 'error_copying_secmoddb', "$oldroot/alias/secmod.db", - "$destdir/secmod.db", $!); - return 0; - } - } else { - $self->log($DEBUG, "No file to migrate: $oldroot/alias/secmod.db\n"); - } - - if (-f "$oldroot/alias/$inst-pin.txt") { - $self->log($INFO, "Copying $oldroot/alias/$inst-pin.txt to $destdir/pin.txt\n"); - if (system ("cp -p $oldroot/alias/$inst-pin.txt $destdir/pin.txt")) { - $self->msg($FATAL, 'error_copying_pinfile', "$oldroot/alias/$inst-pin.txt", - "$destdir/pin.txt", $!); - return 0; - } - } else { - $self->log($INFO, "No $oldroot/alias/$inst-pin.txt to migrate\n"); - } - - if (-f "$oldroot/shared/config/certmap.conf") { - $self->log($INFO, "Copying $oldroot/shared/config/certmap.conf to $destdir/certmap.conf\n"); - if (system ("cp -p $oldroot/shared/config/certmap.conf $destdir/certmap.conf")) { - $self->msg($FATAL, 'error_copying_certmap', "$oldroot/shared/config/certmap.conf", - "$destdir/certmap.conf", $!); - return 0; - } - } else { - $self->log($INFO, "No $oldroot/shared/config/certmap.conf to migrate\n"); - } - } - - return 1; -} - -############################################################################# -# Mandatory TRUE return value. -# -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/Resource.pm b/ldap/admin/src/scripts/Resource.pm deleted file mode 100644 index 325ce0a..0000000 --- a/ldap/admin/src/scripts/Resource.pm +++ /dev/null @@ -1,137 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -# manages resource bundle files - gets values -# given keys - -package Resource; - -use strict; - -#require Exporter; -#@ISA = qw(Exporter); -#@EXPORT = qw(); - -sub new { - my $type = shift; - my $self = {}; - - while (@_) { - push @{$self->{filenames}}, shift; - } - - $self = bless $self, $type; - - if (@{$self->{filenames}}) { - $self->read(); - } - - return $self; -} - -# the resource files are read in order given. Definitions from -# later files override the same definitions in earlier files. -sub read { - my $self = shift; - - while (@_) { - push @{$self->{filenames}}, shift; - } - - for my $filename (@{$self->{filenames}}) { - my $incontinuation = 0; - my $curkey; - open RES, $filename or die "Error: could not open resource file $filename: $!"; - my $line; - while ($line = ) { - my $iscontinuation; - chop $line; # trim trailing newline - if ($line =~ /^\s*$/) { # skip blank/empty lines - $incontinuation = 0; - next; - } - if ($line =~ /^\s*\#/) { # skip comment lines - $incontinuation = 0; - next; - } - # read name = value pairs like this - # bol whitespace* name whitespace* '=' whitespace* value eol - # the value will include any trailing whitespace - if ($line =~ /\\$/) { - chop $line; - $iscontinuation = 1; - } - if ($incontinuation) { - $self->{res}->{$curkey} .= "\n" . $line; - } elsif ($line =~ /^\s*(.*?)\s*=\s*(.*?)$/) { - # replace \n with real newline - if ($curkey) { - $self->{res}->{$curkey} =~ s/\\n/\n/g; - } - $curkey = $1; - $self->{res}->{$curkey} = $2; - } - if ($iscontinuation) { # if line ends with a backslash, continue the data on the next line - $incontinuation = 1; - } else { - $incontinuation = 0; - } - } - # replace \n with real newline - if (defined($curkey)) { - $self->{res}->{$curkey} =~ s/\\n/\n/g; - } - close RES; - } -} - -# given a resource key and optional args, return the value -# $text = $res->getText('key'); -# or -# $text = $res->getText('key', @args); -# or -# $text = $res->getText($arrayref) -# where $arrayref is ['key', @args] -sub getText { - my $self = shift; - my $key = shift; - my @args = @_; - - if (ref($key) eq 'ARRAY') { - my $tmpkey = shift @{$key}; - @args = @{$key}; - $key = $tmpkey; - } - - if (!exists($self->{res}->{$key})) { - print "Error: unknown resource key $key\n"; - return undef; - } - - if (!defined($self->{res}->{$key})) { - print "Error: resource key $key has no value\n"; - return undef; - } - - # see if the args themselves are resource keys - for (my $ii = 0; $ii < @args; ++$ii) { - if (exists($self->{res}->{$args[$ii]})) { - $args[$ii] = $self->{res}->{$args[$ii]}; - } - } - - my $text = sprintf $self->{res}->{$key}, @args; - - return $text; -} - -############################################################################# -# Mandatory TRUE return value. -# -1; diff --git a/ldap/admin/src/scripts/Setup.pm.in b/ldap/admin/src/scripts/Setup.pm.in deleted file mode 100644 index 99025ab..0000000 --- a/ldap/admin/src/scripts/Setup.pm.in +++ /dev/null @@ -1,240 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -########################### -# -# This perl module provides a way to set up a new installation after -# the binaries have already been extracted. This is typically after -# using native packaging support to install the package e.g. RPM, -# pkgadd, depot, etc. This script will show the license, readme, -# dsktune, then run the usual setup pre and post installers. -# -########################## - -package Setup; -use Exporter (); -@ISA = qw(Exporter); -@EXPORT = qw($SILENT $EXPRESS $TYPICAL $CUSTOM); -@EXPORT_OK = qw($SILENT $EXPRESS $TYPICAL $CUSTOM); - -# hostname -use Sys::Hostname; # hostname() - -# load perldap -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(ldap_explode_dn); -use Mozilla::LDAP::LDIF; - -use Getopt::Long; - -use SetupLog; -use DSUtil; -use Inf; - -use strict; -use vars qw($EXPRESS $TYPICAL $CUSTOM $SILENT); - -# the setup types -$EXPRESS = 1; -$TYPICAL = 2; -$CUSTOM = 3; -$SILENT = 4; - -# process command line options -Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd - -sub VersionMessage { - print "@capbrand@ Directory Server Setup Program Version @PACKAGE_VERSION@\n"; -} - -sub HelpMessage { - print <init(@_); - return $self; -} - -sub init { - my $self = shift; - $self->{res} = shift; - my ($silent, $inffile, $keep, $preonly, $logfile, $update, $force); - - GetOptions('help|h|?' => sub { VersionMessage(); HelpMessage(); exit 0 }, - 'version|v' => sub { VersionMessage(); exit 0 }, - 'debug|d+' => \$DSUtil::debuglevel, - 'silent|s' => \$silent, - 'file|f=s' => \$inffile, - 'keepcache|k' => \$keep, - 'preonly|p' => \$preonly, - 'logfile|l=s' => \$logfile, - 'update|u' => \$update, - 'continue|force|c' => \$force - ); - - $self->{silent} = $silent; - $self->{keep} = $keep; - $self->{preonly} = $preonly; - $self->{update} = $update; - $self->{force} = $force; - $self->{logfile} = $logfile; - $self->{log} = new SetupLog($self->{logfile}); - DSUtil::setDebugLog($self->{log}); - # if user supplied inf file, use that to initialize - if (defined($inffile)) { - $self->{inf} = new Inf($inffile); - if(!$self->{inf}){ - $self->doExit(1); - } - } else { - $self->{inf} = new Inf; - } - - # see if user passed in default inf values - also, command line - # arguments override those passed in via an inf file - this - # allows the reuse of .inf files with some parameters overridden - if (!$self->{inf}->updateFromArgs(@ARGV)) { - HelpMessage(); - exit 1; - } - - # this is the base config directory - the directory containing - # the slapd-instance instance specific config directories - $self->{configdir} = $ENV{DS_CONFIG_DIR} || "@instconfigdir@"; -} - -# log only goes the the logfile -sub log { - my $self = shift; - my $level = shift; - $self->{log}->logMessage($level, "Setup", @_); -} - -# msg does to the screen and optionally to the log file -# if you use msg like this: -# msg(0, "some message") -# it will go only to the screen -# if you use msg like this: -# msg($WARN, "some message") -# it will go to the screen and to the log at the $WARN level -# all messages are localizable - you must define a resource key -# the first string passed to this method is a resource key -# additional strings are used as "arguments" to that resource key -# if you want to print un-localizable messages, use debug or write -# directly to the log or screen -sub msg { - my $self = shift; - my $level = shift; - my @ary = @_; - if (!$level && @ary) { - # e.g. msg(0, "string") - no logging - } elsif ($level and @ary and grep {/^$level$/} $self->{log}->levels()) { - # e.g. msg($WARN, "string") - print and log - } else { - # log at default INFO level - unshift @ary, $level; - $level = $INFO; - } - # @text is an array of strings for one message or - # an array of array refs, each one is a message - while (@ary) { - my @text = shift @ary; - - last if (!@text or !$text[0]); - - # element is an array ref - just pass to getText - # else is a list of strings - # NOTE: this will NOT work if ary contains - # consecutive simple string errors not separated - # by an array ref e.g. this will work - # ARRAY, 'errkey', arg, arg, ARRAY - # this will not work - # ARRAY, 'errkey', arg, 'errkey2', arg2, ARRAY - while (@ary and !ref($ary[0])) { - push @text, shift @ary; - } - my $string = $self->{res}->getText(@text); - if ($level) { - $self->log($level, $string); - } - print $string; - } -} - -sub doExit { - my $self = shift; - my $code = shift; - if (!defined($code)) { - $code = 1; - } - - if ($code) { - $self->msg($FATAL, 'setup_exiting', $self->{log}->{filename}); - } else { - $self->msg($SUCCESS, 'setup_exiting', $self->{log}->{filename}); - } - exit $code; -} - -# get a list of the directory servers in configdir -sub getDirServers { - my $self = shift; - if (!$self->{dirservers}) { - $self->{dirservers} = []; - for my $dir (glob("$self->{configdir}/slapd-*")) { - next if ($dir =~ /\.removed$/); # skip removed instances - if (-d $dir) { - $dir =~ s,$self->{configdir}/,,; # strip off dir part - push @{$self->{dirservers}}, $dir; - } - } - } - return @{$self->{dirservers}}; -} - - -############################################################################# -# Mandatory TRUE return value. -# -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/SetupDialogs.pm.in b/ldap/admin/src/scripts/SetupDialogs.pm.in deleted file mode 100644 index 79bb402..0000000 --- a/ldap/admin/src/scripts/SetupDialogs.pm.in +++ /dev/null @@ -1,221 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -package SetupDialogs; - -use strict; - -use DialogManager; -use Setup; -use Dialog; -use Sys::Hostname; -use DSUtil; - -my $welcome = new DialogYesNo ( - $EXPRESS, - ['dialog_welcome_text', 'brand', 'brand'], - 1, - sub { - my $self = shift; - my $ans = shift; - my $res = $self->handleResponse($ans); - if ($res == $DialogManager::NEXT) { - $res = $DialogManager::ERR if (!$self->isYes()); - } - return $res; - }, - ['dialog_welcome_prompt'], -); - -my $setuptype = new Dialog ( - $EXPRESS, - 'dialog_setuptype_text', - sub { - my $self = shift; - return $self->{manager}->getType(); - }, - sub { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::SAME; - if ($ans < $EXPRESS or $ans > $CUSTOM) { - $self->{manager}->alert("dialog_setuptype_error"); - } else { - $res = $DialogManager::NEXT; - $self->{manager}->setType($ans); - } - return $res; - }, - ['dialog_setuptype_prompt'] -); - -my $hostdlg = new Dialog ( - $TYPICAL, - 'dialog_hostname_text', - sub { - my $self = shift; - return $self->{manager}->{inf}->{General}->{FullMachineName} || - hostname(); - }, - sub { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::NEXT; - my $str; - if ($str = checkHostname($ans, $self->{manager}->{res})) { - my $promptary = ["dialog_hostname_warning", $str, $ans]; - my $yesorno = $self->{manager}->showPrompt($promptary, $self->{manager}->getText("no")); - $res = DialogYesNo::handleResponse($self, $yesorno); - if ($res == $DialogManager::NEXT) { - $res = $DialogManager::SAME if (!DialogYesNo::isYes($self)); - } - } - $self->{manager}->{inf}->{General}->{FullMachineName} = $ans; - return $res; - }, - ['dialog_hostname_prompt'] -); - -# must verify that the user or uid specified by the user to run the server as -# is a valid uid -sub verifyUserChoice { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::NEXT; - # convert numeric uid to string - my $strans = $ans; - if ($ans =~ /^\d/) { # numeric - convert to string - $strans = getpwuid $ans; - if (!$strans) { - $self->{manager}->alert("dialog_ssuser_error", $ans); - return $DialogManager::SAME; - } - } - if ($> != 0) { # if not root, the user must be our uid - my $username = getLogin; - if ($strans ne $username) { - $self->{manager}->alert("dialog_ssuser_must_be_same", $username); - return $DialogManager::SAME; - } - } else { # user is root - verify id - my $nuid = getpwnam $strans; - if (!defined($nuid)) { - $self->{manager}->alert("dialog_ssuser_error", $ans); - return $DialogManager::SAME; - } - if (!$nuid) { - $self->{manager}->alert("dialog_ssuser_root_warning"); - } - } - $self->{manager}->{inf}->{General}->{SuiteSpotUserID} = $ans; - return $res; -} - -# must verify that the given group is one of the groups the given user -# belongs to -sub verifyGroupChoice { - my $self = shift; - my $ans = shift; - my $res = $DialogManager::NEXT; - my ($dummy, $memstr); - my $strgrp; - my $numgrp; - if ($ans =~ /^\d/) { # numeric - $numgrp = $ans; - ($strgrp, $dummy, $dummy, $memstr) = getgrgid $ans; - } else { - $strgrp = $ans; - ($dummy, $dummy, $numgrp, $memstr) = getgrnam $ans; - } - - if (!defined($strgrp) or !defined($numgrp)) { - $self->{manager}->alert("dialog_ssgroup_error", $ans); - return $DialogManager::SAME; - } - - # get the user id, and then get the user's default group id - my $uid = $self->{manager}->{inf}->{General}->{SuiteSpotUserID}; - my $usergid; - if ($uid =~ /^\d/) { # numeric - ($uid, $dummy, $dummy, $usergid, $dummy) = getpwuid $uid; - } else { # string - ($uid, $dummy, $dummy, $usergid, $dummy) = getpwnam $uid; - } - - if ($numgrp == $usergid) { - $self->{manager}->{inf}->{General}->{SuiteSpotGroup} = $ans; - } elsif ($memstr) { # see if the user is in the member list - if ($memstr =~ /\b$uid\b/) { # uid exactly matches one of the users in the member string - $self->{manager}->{inf}->{General}->{SuiteSpotGroup} = $ans; - } else { # no match - $self->{manager}->alert("dialog_ssgroup_no_match", - $self->{manager}->{inf}->{General}->{SuiteSpotUserID}, - $ans, $memstr); - $res = $DialogManager::SAME; - } - } else { # user not in group - $self->{manager}->alert("dialog_ssgroup_no_user", - $self->{manager}->{inf}->{General}->{SuiteSpotUserID}, - $ans); - $res = $DialogManager::SAME; - } - return $res; -} - -my $usergroup = new Dialog ( - $TYPICAL, - 'dialog_ssuser_text', - sub { - my $self = shift; - my $index = shift; - if ($index == 0) { - my $username = $self->{manager}->{inf}->{General}->{SuiteSpotUserID}; - if (!$username) { - if ($> == 0) { # if root, use the default user - $username = "@defaultuser@"; - } else { # if not root, use the user's uid - $username = getLogin; - } - } - return $username; - } else { # group - my $groupname = $self->{manager}->{inf}->{General}->{SuiteSpotGroup}; - if (!$groupname) { - if ($> == 0) { # if root, use the default group - $groupname = "@defaultgroup@"; - } else { # if not root, use the user's gid - $groupname = getgrgid $(; - } - } - return $groupname; - } - }, - sub { - my $self = shift; - my $ans = shift; - my $index = shift; - if ($index == 0) { - return verifyUserChoice($self, $ans); - } else { - return verifyGroupChoice($self, $ans); - } - }, - ['dialog_ssuser_prompt'], ['dialog_ssgroup_prompt'] -); - - -sub getDialogs { - return ($welcome, $setuptype, $hostdlg, $usergroup); -} - -sub getRegDialogs { - return ($usergroup); -} - -1; diff --git a/ldap/admin/src/scripts/SetupLog.pm b/ldap/admin/src/scripts/SetupLog.pm deleted file mode 100644 index 699d98f..0000000 --- a/ldap/admin/src/scripts/SetupLog.pm +++ /dev/null @@ -1,82 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# -# This implements SetupLog from setuputil InstallLog in perl -# -package SetupLog; -use Exporter (); -@ISA = qw(Exporter); -@EXPORT = qw($FATAL $START $SUCCESS $WARN $INFO $DEBUG); -@EXPORT_OK = qw($FATAL $START $SUCCESS $WARN $INFO $DEBUG); - -use POSIX qw(strftime); - -# tempfiles -use File::Temp qw(tempfile tempdir); - -# exported variables -$FATAL = "Fatal"; -$START = "Start"; -$SUCCESS = "Success"; -$WARN = "Warning"; -$INFO = "Info"; -$DEBUG = "Debug"; - -sub new { - my $type = shift; - my $filename = shift; - my $prefix = shift || "setup"; - my $self = {}; - my $fh; - - if (!$filename) { - ($fh, $filename) = tempfile("${prefix}XXXXXX", UNLINK => 0, - SUFFIX => ".log", DIR => File::Spec->tmpdir); - } else { - if (!open(LOGFILE, ">$filename")) { - print STDERR "Error: could not open logfile $filename: $!\n"; - return; - } - $fh = \*LOGFILE; - } - $self->{fh} = $fh; - $self->{filename} = $filename; - $self = bless $self, $type; - - return $self; -} - -sub logMessage { - my ($self, $level, $who, $msg, @rest) = @_; - if (!$self->{fh}) { - return; - } - - my $string = strftime "[%y/%m/%d:%H:%M:%S] - ", localtime; - $string .= "[$who] $level "; - $string .= sprintf $msg, @rest; - print { $self->{fh} } $string; -} - -sub logDebug { - my ($self, @msg) = @_; - if (!$self->{fh}) { - return; - } - print { $self->{fh} } @msg; -} - -sub levels { - my $self = shift; - return ($FATAL, $START, $SUCCESS, $WARN, $INFO, $DEBUG); -} - -############################################################################# -# Mandatory TRUE return value. -# -1; diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in deleted file mode 100755 index 87c5366..0000000 --- a/ldap/admin/src/scripts/bak2db.in +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage() -{ - echo "Usage: bak2db archivedir [-Z serverID] [-q] [-V] [-h]" - echo "Options:" - echo " archivedir - Directory where the archived backup is located" - echo " -Z serverID - Server instance identifier" - echo " -q - Quiet mode - suppresses output" - echo " -V - Verbose output" - echo " -h - Display usage" -} - -if [ $# -lt 1 ] || [ $# -gt 7 ] -then - usage - exit 1 -fi -case $1 in - -*) - usage - exit 1 - ;; - *) - archivedir=$1 - shift - ;; -esac - -while getopts "hn:Z:qVd:vi:a:SD:" flag -do - case $flag in - h) usage - exit 0;; - Z) servid=$OPTARG;; - q) args=$args" -q";; - V) args=$args" -V";; - d) args=$args" -d \"$OPTARG\"";; - v) args=$args" -v";; - D) args=$args" -D \"$OPTARG\"";; - i) args=$args" -i \"$OPTARG\"";; - a) archivedir=$OPTARG;; - S) args=$args" -S";; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -if [ 1 = `expr $archivedir : "\/"` ] -then - archivedir=$archivedir -else - # relative - archivedir=`pwd`/$archivedir -fi - -eval @sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args diff --git a/ldap/admin/src/scripts/bak2db.pl.in b/ldap/admin/src/scripts/bak2db.pl.in deleted file mode 100644 index 818ad39..0000000 --- a/ldap/admin/src/scripts/bak2db.pl.in +++ /dev/null @@ -1,108 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use File::Spec; -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$dbtype = "ldbm database"; -$i = 0; - -sub usage { - print(STDERR "Usage: bak2db.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } -a dirname [-t dbtype]\n"); - print(STDERR " [-P protocol] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -a dirname - Backup directory\n"); - print(STDERR " -t dbtype - Database type (default: ldbm database)\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) { - if ("$ARGV[$i]" eq "-a") { # backup directory - $i++; $archivedir = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-t") { # database type - $i++; $dbtype = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z") { # server instance name - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-P") { # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h") { # help - &usage; exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; -if ($archivedir eq ""){ - &usage; - exit(1); -} -if ((-e $archivedir) && (-l $archivedir)) { # symlink - $archivedir = readlink($archivedir); -} - -# -# Contruct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "restore_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$isabs = File::Spec->file_name_is_absolute( $archivedir ); -if (!$isabs) { - $archivedir = File::Spec->rel2abs( $archivedir ); -} -$dn = "dn: cn=$taskname, cn=restore, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$nsarchivedir = "nsArchiveDir: $archivedir\n"; -$nsdbtype = "nsDatabaseType: $dbtype\n"; -$entry = "${dn}${misc}${cn}${nsarchivedir}${nsdbtype}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/cl-dump.pl b/ldap/admin/src/scripts/cl-dump.pl deleted file mode 100755 index e56c803..0000000 --- a/ldap/admin/src/scripts/cl-dump.pl +++ /dev/null @@ -1,323 +0,0 @@ -#!/usr/bin/env perl -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -################################################################################### -# -# FILE: cl-dump.pl -# -# SYNOPSIS: -# cl-dump.pl [-h host] [-p port] [-D bind-dn] -w bind-password | -P bind-cert -# [-r replica-roots] [-o output-file] [-c] [-l] [-v] -# -# cl-dump.pl -i changelog-ldif-file-with-base64encoding [-o output-file] [-c] -# -# DESCRIPTION: -# Dump and decode Directory Server replication change log -# -# OPTIONS: -# -c Dump and interpret CSN only. This option can be used with or -# without -i option. -# -# -D bind-dn -# Directory server's bind DN. Default to "cn=Directory Manager" if -# the option is omitted. -# -# -h host -# Directory server's host. Default to the server where the script -# is running. -# -# -l Preserve generated ldif.done files from changelogdir -# -# -i changelog-ldif-file-with-base64encoding -# If you already have a ldif-like changelog, but the changes -# in that file are encoded, you may use this option to -# decode that ldif-like changelog. -# -# -o output-file -# Path name for the final result. Default to STDOUT if omitted. -# -# -p port -# Directory server's port. Default to 389. -# -# -P bind-cert -# Pathname of binding certificate DB -# -# -r replica-roots -# Specify replica roots whose changelog you want to dump. The replica -# roots may be seperated by comma. All the replica roots would be -# dumped if the option is omitted. -# -# -v Print the version of this script. -# -# -w bind-password -# Password for the bind DN -# -# RESTRICTION: -# If you are not using -i option, the script should be run when the server -# is running, and from where the server's changelog directory is accessible. -# -# DIAGNOSIS: -# For environment variable issues, see script repl-monitor.pl under bindir -# -################################################################################ -# enable the use of our bundled perldap with our bundled ldapsdk libraries -# all of this nonsense can be omitted if the mozldapsdk and perldap are -# installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5) - -$usage="Usage: $0 [-h host] [-p port] [-D bind-dn] [-w bind-password | -P bind-cert] [-r replica-roots] [-o output-file] [-c] [-l] [-v]\n\n $0 -i changelog-ldif-file-with-base64encoding [-o output-file] [-c]\n"; - -use Getopt::Std; # Parse command line arguments -use Mozilla::LDAP::Conn; # LDAP module for Perl -use Mozilla::LDAP::Utils; # LULU, utilities. -use Mozilla::LDAP::API; # Used to parse LDAP URL -use MIME::Base64; # Decode - -# Global variables - -$version = "Directory Server Changelog Dump - Version 1.0"; - -#main -{ - # Turn off buffered I/O - $| = 1; - - # Check for legal options - if (!getopts('h:p:D:w:P:r:o:clvi:')) { - print $usage; - exit -1; - } - - exit -1 if &validateArgs; - - if ($opt_v) { - print OUTPUT "$version\n"; - exit; - } - - if (!$opt_i) { - $rc = &cl_dump_and_decode; - } - elsif ($opt_c) { - $rc = &grep_csn ($opt_i); - } - else { - $rc = &cl_decode ($opt_i); - } - - close (OUTPUT); - exit($rc); -} - -# Validate the parameters -sub validateArgs -{ - my ($rc) = 0; - - %ld = Mozilla::LDAP::Utils::ldapArgs(); - chop ($ld{host} = `hostname`) if !$opt_h; - $ld{bind} = "cn=Directory Manager" if !$opt_D; - @allreplicas = ($opt_r) if ($opt_r); - if ($opt_o && ! open (OUTPUT, ">$opt_o")) { - print "Can't create output file $opt_o\n"; - $rc = -1; - } - # Open STDOUT if option -o is missing - open (OUTPUT, ">-") if !$opt_o; - - return $rc; -} - -# Dump and decode changelog -# OUTPUT should have been opened before this call -sub cl_dump_and_decode -{ - # Open the connection - my ($conn) = new Mozilla::LDAP::Conn (\%ld); - if (!$conn) { - print OUTPUT qq/Can't connect to $ld{host}:$ld{port} as "$ld{bind}"\n/; - return -1; - } - - # Get the changelog dir - my ($changelogdir); - my ($entry) = $conn->search ("cn=changelog5,cn=config", "sub", "(objectClass=*)"); - while ($entry) { - $changelogdir = $entry->{"nsslapd-changelogdir"}[0]; - last if $changelogdir; - $entry = $conn->nextEntry (); - } - - # Get all the replicas on the server if -r option is not specified - if (!$opt_r) { - $entry = $conn->search ("cn=mapping tree,cn=config", "sub", - "(objectClass=nsDS5Replica)"); - while ($entry) { - push (@allreplicas, "$entry->{nsDS5ReplicaRoot}[0]"); - $entry = $conn->nextEntry (); - } - } - - # Dump the changelog for the replica - my (@ldifs); - my ($replica); - my ($gotldif); - my ($ldif); - foreach (@allreplicas) { - # Reset the script's start time - $^T = time; - - $replica = $_; - $gotldif = 0; - - # Can't move this line before entering the loop: - # no ldif file generated other than for the first - # replica. - $entry = $conn->newEntry(); - $entry->setDN ("cn=replica,cn=\"$_\",cn=mapping tree,cn=config"); - $entry->setValues('nsDS5Task', 'CL2LDIF'); - $conn->update ($entry); - - #Decode the dumped changelog - @ldifs = <$changelogdir/*.ldif>; - foreach (@ldifs) { - # Skip older ldif files - next if ($#ldifs > 0 && (-M $_ > 0)); - $ldif = $_; - $gotldif = 1; - &print_header ($replica, 0); - if ($opt_c) { - &grep_csn ($_); - } - else { - &cl_decode ($_); - } - # Test op -M doesn't work well so we use rename/remove - # here to avoid reading the same ldif file more - # than once. - if ($opt_l) { - rename ($ldif, "$ldif.done"); - } else { - # Remove the file - default behaviou when '-l' is not specified - unlink ($ldif) - } - } - &print_header ($replica, "Not Found") if !$gotldif; - } - $conn->close; - return 0; -} - -sub print_header -{ - my ($replica, $ldif) = @_; - print OUTPUT "\n# Replica Root: $replica" if $replica; - print OUTPUT "\n# LDIF File : $ldif\n" if $ldif; -} - -# Grep and interpret CSNs -# OUTPUT should have been opened before this call -sub grep_csn -{ - open (INPUT, "@_") || return; - &print_header (0, @_); - - my ($csn, $maxcsn, $modts); - while () { - next if ($_ !~ /(csn:)|(ruv:)/i); - if (/ruv:\s*{.+}\s+(\w+)\s+(\w+)\s+(\w*)/i) { - # - # RUV with two CSNs and an optional lastModifiedTime - # - $csn = &csn_to_string($1); - $maxcsn = &csn_to_string($2); - $modts = $3; - if ( $modts =~ /^0+$/ ) { - $modts = ""; - } - else { - $modts = &csn_to_string($modts); - } - } - elsif (/csn:\s*(\w+)\s+/i || /ruv:\s*{.+}\s+(\w+)\s+/i) { - # - # Single CSN - # - $csn = &csn_to_string($1); - $maxcsn = ""; - $modts = ""; - } - else { - printf OUTPUT; - next; - } - chop; - printf OUTPUT "$_ ($csn"; - printf OUTPUT "; $maxcsn" if $maxcsn; - printf OUTPUT "; $modts" if $modts; - printf OUTPUT ")\n"; - } - return 0; -} - -sub csn_to_string -{ - my ($csn, $tm, $seq, $masterid, $subseq); - my ($sec, $min, $hour, $mday, $mon, $year); - - $csn = "@_"; - return $csn if !$csn; - - ($tm, $seq, $masterid, $subseq) = unpack("a8 a4 a4 a4", $csn); - $tm = hex($tm); - $seq = hex($seq); - $masterid = hex($masterid); - $subseq = hex($subseq); - ($sec, $min, $hour, $mday, $mon, $year) = localtime ($tm); - $mon++; - $year += 1900; - foreach ($sec, $min, $hour, $mday, $mon) { - $_ = "0".$_ if ($_ < 10); - } - $csn = "$mon/$mday/$year $hour:$min:$sec"; - $csn .= " $seq $subseq" if ( $seq != 0 || $subseq != 0 ); - - return $csn; -} - -# Decode the changelog -# OUTPUT should have been opened before this call -sub cl_decode -{ - open (INPUT, "@_") || return; - &print_header (0, @_); - - my ($encoded); - undef $encoded; - while () { - # Try to accomodate "changes" in 4.X and "change" in 6.X - if (/^changes?::\s*(\S*)/i) { - print OUTPUT "change::\n"; - $encoded = $1; - next; - } - if (!defined ($encoded)) { - print OUTPUT; - next; - } - if ($_ eq "\n") { - print OUTPUT MIME::Base64::decode($encoded); - print OUTPUT "\n"; - undef $encoded; - next; - } - /^\s*(\S+)\s*\n/; - $encoded .= $1; - } - return 0; -} diff --git a/ldap/admin/src/scripts/cleanallruv.pl.in b/ldap/admin/src/scripts/cleanallruv.pl.in deleted file mode 100644 index 781d8d4..0000000 --- a/ldap/admin/src/scripts/cleanallruv.pl.in +++ /dev/null @@ -1,118 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$i = 0; - -sub usage { - print(STDERR "Usage: cleanallruv.pl [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j filename }\n"); - print(STDERR " -b basedn -r rid [-A] [-P protocol] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -b basedn - DN of the replica root you want to clean\n"); - print(STDERR " -r rid - The replica id that you want to clean\n"); - print(STDERR " -A - Abort an existing cleanallruv task(must use with -b and -r args\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) -{ - if ("$ARGV[$i]" eq "-b"){ - # Base DN - $i++; $basedn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-r"){ - # rid - $i++; $rid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-A"){ - # abort - $abort = "yes"; - } elsif ("$ARGV[$i]" eq "-D"){ - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w"){ - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j"){ - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z"){ - # server instance identifer - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-P"){ - # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h"){ - # help - &usage; exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; -if ($basedn eq "" || $rid eq ""){ - &usage; - exit(1); -} - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -if($abort eq ""){ - # Build the task entry to add - $taskname = "cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}"; - $dn = "dn: cn=$taskname, cn=cleanallruv, cn=tasks, cn=config\n"; -} else { - $taskname = "abort_cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}"; - $dn = "dn: cn=$taskname, cn=abort cleanallruv, cn=tasks, cn=config\n"; -} -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$basedn = "replica-base-dn: $basedn\n"; -$rid = "replica-id: $rid\n"; -$entry = "${dn}${misc}${cn}${basedn}${rid}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in deleted file mode 100755 index d7552bd..0000000 --- a/ldap/admin/src/scripts/db2bak.in +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage() -{ - echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-V] [-v] [-h]" - echo "Options:" - echo " archivedir - Directory where the backup should be stored" - echo " -Z serverID - Server instance identifier" - echo " -q - Quiet mode - suppresses output" - echo " -V - Verbose output" - echo " -v - Display version" - echo " -h - Display usage" -} - -if [ $# -gt 4 ] -then - usage - exit 1 -fi -if [ "$#" -gt 0 ] -then - if [[ $1 != -* ]] - then - bak_dir=$1 - shift - fi -fi - -while getopts "hqVd:Z:vi:a:SD" flag -do - case $flag in - h) usage - exit 0;; - q) args=$args" -q";; - V) args=$args" -V";; - v) args=$args" -v";; - S) args=$args" -S";; - D) args=$args" -D \"$OPTARG\"";; - i) args=$args" -i \"$OPTARG\"";; - a) $bakdir=$OPTARG;; - d) args=$args" -d \"$OPTARG\"";; - Z) servid=$OPTARG;; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -if [ -z "$bak_dir" ] -then - bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$instance/bak/$instance-`date +%Y_%m_%d_%H_%M_%S` -fi - -echo "Back up directory: $bak_dir" -eval @sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args diff --git a/ldap/admin/src/scripts/db2bak.pl.in b/ldap/admin/src/scripts/db2bak.pl.in deleted file mode 100644 index ef37f81..0000000 --- a/ldap/admin/src/scripts/db2bak.pl.in +++ /dev/null @@ -1,148 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use File::Basename; -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$dbtype = "ldbm database"; -$i = 0; - -sub usage { - print(STDERR "Usage: db2bak.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-a backupdir]\n"); - print(STDERR " [-t dbtype] [-P protocol] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -A backupdir - Backup directory symlink(backupdir/ID-)\n"); - print(STDERR " -a backupdir - Backup directory symlink\n"); - print(STDERR " -t dbtype - Database type (default: ldbm database)\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -$nestit = 0; -while ($i <= $#ARGV) { - if ("$ARGV[$i]" eq "-a") { # backup directory - $i++; $archivedir = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-A") { # backup directory - $nestit = 1; - $i++; $archivedir = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-t") { # database type - $i++; $dbtype = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z") { # Server identifier - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-P") { # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h") { # help - &usage; exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; - -$mybakdir = "@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak"; - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "backup_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$symname = ""; -$dirname = ""; -if ($archivedir eq "") { - $archivedir = "${mybakdir}/$servid-${yr}_${mn}_${dy}_${h}_${m}_${s}"; - print("Back up directory: $archivedir\n"); -} else { - if ($nestit == 1) { - $archivebase = "${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}"; - $dirname = "${archivedir}"; - $archivedir = "${dirname}/${archivebase}"; - } else { - my @archivedirs = split(/\//, $archivedir); - $archivebase = $archivedirs[-1]; - $dirname = dirname(${archivedir}); - } - if ($mybakdir =~ /^$dirname/) { # $mybakdir is parent; no symlink needed - $symname = ""; - } else { - $symname = $archivedir; - } - if ($symname eq "") { - print("Back up directory: $archivedir\n"); - } else { - print("Back up directory: $archivedir -> $mybakdir/$archivebase\n"); - } - - # If an archive dir is specified, create it as a symlink pointing - # to the default backup dir not to violate the selinux policy. - $archivedir = "${mybakdir}/${archivebase}"; -} - -$dn = "dn: cn=$taskname, cn=backup, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$nsarchivedir = "nsArchiveDir: $archivedir\n"; -$nsdbtype = "nsDatabaseType: $dbtype\n"; -$entry = "${dn}${misc}${cn}${nsarchivedir}${nsdbtype}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; - if (($symname ne "") && ($dirname ne "")) { - if (!(-d $dirname)) { - mkdir ($dirname); - } - if (-e $symname) { - unlink ($symname); - } - if (!symlink($archivedir, $symname)) { - print "Failed to create a symlink from $archivedir to $symname\n"; - exit(1); - } - } -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in deleted file mode 100755 index a6e585f..0000000 --- a/ldap/admin/src/scripts/db2index.in +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: db2index [-Z serverID] [-n backend | {-s includesuffix}* -t attribute[:indextypes[:matchingrules]]" - echo " -T vlvTag] [-v] [-h]" - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -n backend - Backend database name. Example: userRoot" - echo " -s includeSuffix - The suffix to index" - echo " -t attribute[:indextypes[:matchingrules]]" - echo " - attributeName: name of the attribute to be indexed"; - echo " If omitted, all the indexes defined for that instance are generated." - echo " - indextypes: comma separated index types" - echo " - matchingrules: comma separated matrules" - echo " Example: -t foo:eq,pres" - echo " -T vlvTag - VLV index name" - echo " -v - Display version" - echo " -h - Display usage" -} - -while getopts "hZ:n:s:t:T:vd:a:SD:x:" flag -do - case $flag in - h) usage - exit 0;; - Z) servid=$OPTARG;; - n) args=$args" -n \"$OPTARG\"" - benameopt="set";; - s) args=$args" -s \"$OPTARG\"" - includeSuffix="set";; - t) args=$args" -t "\"$OPTARG\";; - T) args=$args" -T "\"$OPTARG\";; - d) args=$args" -d \"$OPTARG\"";; - a) args=$args" -a \"$OPTARG\"";; - x) args=$args" -x \"$OPTARG\"";; - v) args=$args" -v";; - S) args=$args" -S";; - D) args=$args" -D $OPTARG";; - ?) usage - exit 1;; - esac -done - -argnum=$# -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -idxall=0 -print_usage=0 -if [ -z $servid ] && [ $argnum -eq 0 ]; then - idxall=1 -elif [ "$servid" ] && [ $argnum -eq 2 ]; then - idxall=1 -elif [ -z $benameopt ] && [ -z $includeSuffix ]; then - print_usage=1 -fi -if [ -z $servid ] && [ $argnum -lt 2 ]; then - print_usage=1 -elif [ -n "$servid" ] && [ $argnum -lt 4 ]; then - print_usage=1 -elif [ -n "$servid" ] && [ $argnum -eq 4 ]; then - idxall=1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -if [ $idxall -eq 1 ] -then - bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$instance/bak/reindex_`date +%Y_%m_%d_%H_%M_%S` - @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -a "$bak_dir" -f |& egrep -v "util_info_sys_page|check_and_set_import_cache|WARNING|Backing up" | sed -e "s/upgrade DB/Reindex/" | sed -e "s/upgradedb/reindexing/" -elif [ $print_usage -eq 1 ] -then - usage - exit 1 -else - eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args |& egrep -v "util_info_sys_page|check_and_set_import_cache|WARNING|Backing up" | sed -e "s/upgrade DB/Reindex/" | sed -e "s/upgradedb/reindexing/" -fi diff --git a/ldap/admin/src/scripts/db2index.pl.in b/ldap/admin/src/scripts/db2index.pl.in deleted file mode 100644 index f53a32c..0000000 --- a/ldap/admin/src/scripts/db2index.pl.in +++ /dev/null @@ -1,178 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; -use Getopt::Std; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$i = 0; -$attr_count = 0; -$vlv_count = 0; - -sub usage { - print(STDERR "Usage: db2index.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-P protocol]\n"); - print(STDERR " -n backendname [-t attributeName[:indextypes[:matchingrules]]] [-T vlvTag] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -Z serverID - Server instance identifer\n"); - print(STDERR " -n backendname - Backend database name. Example: userRoot\n"); - print(STDERR " -t attributeName[:indextypes[:matchingrules]]\n"); - print(STDERR " - attributeName: name of the attribute to be indexed\n"); - print(STDERR " If omitted, all the indexes defined for that instance are generated.\n"); - print(STDERR " - indextypes: comma separated index types\n"); - print(STDERR " - matchingrules: comma separated matrules\n"); - print(STDERR " Example: -t foo:eq,pres\n"); - print(STDERR " -T vlvTag - VLV index name\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) { - if ("$ARGV[$i]" eq "-t") { # attribute - $i++; $attr[$attr_count] = $ARGV[$i]; $attr_count++; - } elsif ("$ARGV[$i]" eq "-T") { # VLV index - $i++; $vlv_attr[$vlv_count] = $ARGV[$i]; $vlv_count++; - } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-n") { # backend instance name - $i++; $instance = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z") { # server instance name - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-P") { # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h") { # help - &usage; exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; -if ($instance eq ""){ - &usage; - exit(1); -} - -# -# No attribute name has been specified: let's get them from the configuration -# -chdir("/usr/bin"); -if ( $#attr == -1 && $#vlv_attr == -1 ) -{ - # Get the list of indexes from the entry - $info{base} = "cn=index,cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config"; - $info{filter} = "(&(objectclass=*)(nsSystemIndex=false))"; - $info{scope} = "one"; - $info{attrs} = "cn"; - $info{srch_args} = $vstr; - $indexes_list=DSUtil::ldapsrch(%info); - - # build the values of the attribute nsIndexAttribute - open(LDAP1, "$indexes_list |"); - while (){ - s/\n //g; - if (/^cn: (.*)\n/) { - $IndexAttribute="nsIndexAttribute"; - $attribute="$attribute$IndexAttribute: $1\n"; - } - } - close(LDAP1); - if($? != 0){ - $ret=$?>>8; - print(STDERR "Failed to search the server for indexes, error ($ret)\n"); - exit($ret); - } - if ( $attribute eq "" ){ - # No attribute to index, just exit - print "Failed to add task entry - no attributes found for backend \"$instance\"\n"; - exit(1); - } - - # Get the list of indexes from the entry - $info{base} = "cn=\"$instance\",cn=ldbm database,cn=plugins,cn=config"; - $info{filter} = "objectclass=vlvIndex"; - $info{scope} = "sub"; - $info{attrs} = "cn"; - $info{srch_args} = $vstr; - $vlvindexes_list=DSUtil::ldapsrch(%info); - - # build the values of the attribute nsIndexVlvAttribute - open(LDAP1, "$vlvindexes_list |"); - while () { - s/\n //g; - if (/^cn: (.*)\n/) { - $vlvIndexAttribute="nsIndexVlvAttribute"; - $vlvattribute="$vlvattribute$vlvIndexAttribute: $1\n"; - } - } - close(LDAP1); - if($? != 0){ - $ret=$?>>8; - print(STDERR "Failed to search the server for VLV indexes, error ($ret)\n"); - exit($ret); - } -} -else -{ - foreach $arg (@attr){ - $attribute = $attribute . "nsIndexAttribute: $arg\n"; - } - foreach $arg (@vlv_attr){ - $vlvattribute = $vlvattribute . "nsIndexVlvAttribute: $arg\n"; - } -} - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "db2index_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=index, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$nsinstance = "nsInstance: ${instance}\n"; -$entry = "${dn}${misc}${cn}${nsinstance}${attribute}${vlvattribute}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in deleted file mode 100755 index f1b0826..0000000 --- a/ldap/admin/src/scripts/db2ldif.in +++ /dev/null @@ -1,171 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -cwd=`pwd` - -usage() -{ - echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}* [{-x excludesuffix}*] [-a outputfile]" - echo " [-E] [-r] [-u] [-U] [-m] [-1] [-q] [-V] [-v] [-h]" - echo "Note: either \"-n backend\" or \"-s includesuffix\" is required." - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -n backend - Backend database name. Example: userRoot" - echo " -s inclduesuffix - Suffix to include" - echo " -x - Suffix to exclude" - echo " -a outputfile - Name of the exported LDIF file" - echo " -r - Include replication data" - echo " -E - Decrypt attributes" - echo " -u - Do not export the nsUniqueId attribute" - echo " -U - Do not wrap long lines" - echo " -m - Do not base64 encode values" - echo " -1 - Do not include version text" - echo " -q - Quiet mode - suppresses output" - echo " -V - Verbose output" - echo " -v - Display version" - echo " -h - Display usage" -} - -make_ldiffile() -{ - be="" - while [ "$1" != "" ] - do - if [ "x$1" = "x-a" ]; then - shift - if [ `expr "$1" : "/.*"` -gt 0 ]; then - if [ `expr "$1" : "/.*"` -gt 0 ]; then - # full path - echo $1 - return 1 - else - echo $cwd/$1 - shift - return 0 - fi - else - echo $cwd/$1 - shift - return 0 - fi - elif [ "x$1" = "x-n" ]; then - shift - if [ -z "$be" ]; then - be="$1" - else - tmpbe="$be" - be="${tmpbe}-$1" - fi - elif [ "x$1" = "x-s" ]; then - shift - if [ -n "$1" ]; then - rdn=`echo $1 | awk -F, '{print $1}'` - rdnval=`echo $rdn | awk -F= '{print $2}'` - if [ "$be" = "" ]; then - be="$rdnval" - else - tmpbe="$be" - be="${tmpbe}-$rdnval" - fi - fi - elif [ "x$1" = "x-M" ]; then - be="" - fi - if [ -n "$1" ]; then - shift - fi - done - - if [ -z "$be" ]; then - echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-`date +%Y_%m_%d_%H%M%S`.ldif - else - echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-${be}-`date +%Y_%m_%d_%H%M%S`.ldif - fi - return 0 -} - -if [ $# -lt 2 ]; -then - usage - exit 1 -fi - -while getopts "hZ:vd:D:ENa:rs:x:CSut:n:UmMo1qVc:" flag -do - case $flag in - h) usage - exit 0;; - Z) servid=$OPTARG;; - n) benameopt=$benameopt" -n $OPTARG" - required_param="yes";; - s) includeSuffix=$includeSuffix" -s \"$OPTARG\"" - required_param="yes";; - x) excludeSuffix=$excludeSuffix" -x \"$OPTARG\"";; - a) outputFile="-a \"$OPTARG\"";; - d) args=$args" -d \"$OPTARG\"";; - D) args=$args" -D \"$OPTARG\"";; - N) args=$args" -N";; - E) args=$args" -E";; - S) args=$args" -S";; - v) args=$args" -v";; - r) args=$args" -r";; - C) args=$args" -C";; - u) args=$args" -u";; - U) args=$args" -U";; - m) args=$args" -m";; - M) args=$args" -M";; - 1) args=$args" -1";; - q) args=$args" -q";; - V) args=$args" -V";; - c) cwd=$OPTARG;; - ?) usage - exit 1;; - esac -done - -ARGS=$@ -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -if [ "$required_param" != "yes" ] -then - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -ldif_file=`make_ldiffile $ARGS` -rn=$? - -echo "Exported ldif file: $ldif_file" -if [ $rn -eq 1 ] -then - eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args -else - eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file -fi diff --git a/ldap/admin/src/scripts/db2ldif.pl.in b/ldap/admin/src/scripts/db2ldif.pl.in deleted file mode 100644 index 10ecc63..0000000 --- a/ldap/admin/src/scripts/db2ldif.pl.in +++ /dev/null @@ -1,259 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; -use Cwd; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$maxidx = 50; -$nowrap = 0; -$nobase64 = 0; -$noversion = 0; -$nouniqueid = 0; -$useid2entry = 0; -$onefile = 1; -$printkey = 1; -$doreplica = 0; -$verbose = 0; -$i = 0; -$insti = 0; -$incli = 0; -$excli = 0; -$decrypt_on_export = 0; -$cwd = cwd(); - -sub usage { - print(STDERR "Usage: db2ldif.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j pwfilename }\n"); - print(STDERR " [-P protocol] {-n backendname}* | {-s include}* [{-x exclude}*] [-h]\n"); - print(STDERR " [-a filename] [-m] [-M] [-r] [-u] [-C] [-N] [-U] [-E] [-1] [-a filename]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j pwfilename - Read Directory Manager's password from file\n"); - print(STDERR " -n backendname - Backend database name. Example: userRoot\n"); - print(STDERR " -a filename - Output ldif file\n"); - print(STDERR " -s include - Included suffix(es)\n"); - print(STDERR " -x exclude - Excluded suffix(es)\n"); - print(STDERR " -m - Minimal base64 encoding\n"); - print(STDERR " -M - Output ldif is stored in multiple files\n"); - print(STDERR " these files are named : _\n"); - print(STDERR " by default, all instances are stored in \n"); - print(STDERR " -r - Export replication data\n"); - print(STDERR " -u - Do not export unique id\n"); - print(STDERR " -C - Use main db file only\n"); - print(STDERR " -N - Suppress printing sequential number\n"); - print(STDERR " -U - Output ldif is not folded\n"); - print(STDERR " -E - Decrypt encrypted data when exporting\n"); - print(STDERR " -1 - Do not print version line\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -@instances = ( - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "" -); -@included = ( - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "" -); -@excluded = ( - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "" -); - -while ($i <= $#ARGV) { - if ( "$ARGV[$i]" eq "-n" ) { # instances - $i++; - if ($insti < $maxidx) { - $instances[$insti] = $ARGV[$i]; $insti++; - } else { - &usage; exit(1); - } - } elsif ("$ARGV[$i]" eq "-s") { # included suffix - $i++; - if ($incli < $maxidx) { - $included[$incli] = $ARGV[$i]; $incli++; - } else { - &usage; exit(1); - } - } elsif ("$ARGV[$i]" eq "-x") { # excluded suffix - $i++; - if ($excli < $maxidx) { - $excluded[$excli] = $ARGV[$i]; $excli++; - } else { - &usage; exit(1); - } - } elsif ("$ARGV[$i]" eq "-a") { # ldif file - $i++; $ldiffile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-M") { # multiple ldif file - $onefile = 0; - } elsif ("$ARGV[$i]" eq "-o") { # one ldif file - $onefile = 1; - } elsif ("$ARGV[$i]" eq "-u") { # no dump unique id - $nouniqueid = 1; - } elsif ("$ARGV[$i]" eq "-C") { # use id2entry - $useid2entry = 1; - } elsif ("$ARGV[$i]" eq "-N") { # does not print key - $printkey = 0; - } elsif ("$ARGV[$i]" eq "-r") { # export replica - $doreplica = 1; - } elsif ("$ARGV[$i]" eq "-m") { # no base64 - $nobase64 = 1; - } elsif ("$ARGV[$i]" eq "-U") { # no wrap - $nowrap = 1; - } elsif ("$ARGV[$i]" eq "-1") { # no version line - $noversion = 1; - } elsif ("$ARGV[$i]" eq "-E") { # decrypt - $decrypt_on_export = 1; - } elsif ("$ARGV[$i]" eq "-Z") { # server instance - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h") { # help - &usage; exit(0); - } elsif ("$ARGV[$i]" eq "-P") { # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-c") { # cwd - $i++; $cwd = $ARGV[$i]; - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$ldifdir = "@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif"; -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; -if ($instances[0] eq "" && $included[0] eq ""){ - &usage; - exit(1); -} - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "export_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=export, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$i = 0; -$be = ""; -$nsinstance = ""; -while ("" ne "$instances[$i]") { - $nsinstance = "${nsinstance}nsInstance: $instances[$i]\n"; - if ( "" eq "$be" ) { - $be = "$instances[$i]"; - } else { - $be = "${be}-$instances[$i]"; - } - $i++; -} -$i = 0; -$nsincluded = ""; -while ("" ne "$included[$i]") { - $nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n"; - my ($rdn, $rest) = split(/,/, $included[$i]); - my ($rest, $tmpbe) = split(/=/, $rdn); - if ( "" eq "$be" ) { - $be = "$tmpbe"; - } else { - $be = "${be}-$tmpbe"; - } - $i++; -} -$i = 0; -$nsexcluded = ""; -while ("" ne "$excluded[$i]") { - $nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n"; - $i++; -} -if ($ldiffile eq "") { - if ($onefile == 0) { - $ldiffile = "${ldifdir}/${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif"; - } else { - $ldiffile = "${ldifdir}/${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif"; - } -} elsif ($ldiffile =~ "^/") { - ; # full path -} else { - $ldiffile = $cwd . "/" . $ldiffile; -} -$nsreplica = ""; -if ($doreplica != 0) { $nsreplica = "nsExportReplica: true\n"; } -$nsnobase64 = ""; -if ($nobase64 != 0) { $nsnobase64 = "nsMinimalEncoding: true\n"; } -$nsnowrap = ""; -if ($nowrap != 0) { $nsnowrap = "nsNoWrap: true\n"; } -$nsnoversion = ""; -if ($noversion != 0) { $nsnoversion = "nsNoVersionLine: true\n"; } -$nsnouniqueid = ""; -if ($nouniqueid != 0) { $nsnouniqueid = "nsDumpUniqId: false\n"; } -$nsuseid2entry = ""; -if ($useid2entry != 0) { $nsuseid2entry = "nsUseId2Entry: true\n"; } -$nsonefile = ""; -if ($onefile != 0) { $nsonefile = "nsUseOneFile: true\n"; } -if ($onefile == 0) { $nsonefile = "nsUseOneFile: false\n"; } -$nsexportdecrypt = ""; -if ($decrypt_on_export != 0) { $nsexportdecrypt = "nsExportDecrypt: true\n"; } -$nsprintkey = ""; -if ($printkey == 0) { $nsprintkey = "nsPrintKey: false\n"; } -$nsldiffile = "nsFilename: ${ldiffile}\n"; -$ttl = "ttl: 86400"; -$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsreplica}${nsnobase64}${nsnowrap}${nsnoversion}${nsnouniqueid}${nsuseid2entry}${nsonefile}${nsexportdecrypt}${nsprintkey}${nsldiffile}${ttl}"; - -print("Exporting to ldif file: ${ldiffile}\n"); -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); - diff --git a/ldap/admin/src/scripts/dbmon.sh.in b/ldap/admin/src/scripts/dbmon.sh.in deleted file mode 100644 index aa4cb23..0000000 --- a/ldap/admin/src/scripts/dbmon.sh.in +++ /dev/null @@ -1,271 +0,0 @@ -#!/bin/sh -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2014 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -. @datadir@/@package_name@/data/DSSharedLib - -DURATION=${DURATION:-0} -INCR=${INCR:-1} -SERVID=${SERVID} -BINDDN=${BINDDN:-"cn=directory manager"} -BINDPW=${BINDPW:-"secret"} -DBLIST=${DBLIST:-all} -ldbmdn="cn=ldbm database,cn=plugins,cn=config" -VERBOSE=${VERBOSE:-0} - -parseldif() { - awk -v dblist="$DBLIST" -v verbose=$VERBOSE -v indexlist="$INDEXLIST" -F '[:,= ]+' ' - function printary(ary) { - for (ii in ary) { print ii, "=", ary[ii] } - } - BEGIN { - pagesize=8192 ; CONVFMT="%.3f" ; OFMT=CONVFMT ; SUBSEP="," - alldb=0 - if (dblist == "all") { - alldb=1 - } else { - split(dblist, dbnames) - for (key in dbnames) { val=dbnames[key] ; dbnames[tolower(val)]=val; delete dbnames[key] } - } - allindex=0 - if (indexlist == "all") { - allindex=1 - } else { - split(indexlist, idxnames) - for (key in idxnames) { val=idxnames[key] ; idxnames[tolower(val)]=val; delete idxnames[key] } - } - fn="entcur entmax entcnt dncur dnmax dncnt" - split(fn, fields) - havednstats=0 - havendnstats=0 - maxdbnamelen=0 - } - /^[^ ]|^$/ {origline = $0; $0 = unwrapline; unwrapline = origline} - /^ / {sub(/^ /, ""); unwrapline = unwrapline $0; next} - /^nsslapd-db-cache-size-bytes/ { dbcachesize=$2 } - /^nsslapd-db-page-size/ { pagesize=$2 } - /^dbcachehitratio/ { dbhitratio=$2 } - /^dbcachepagein/ { dbcachepagein=$2 } - /^dbcachepageout/ { dbcachepageout=$2 } - /^nsslapd-db-page-ro-evict-rate/ { dbroevict=$2 } - /^nsslapd-db-pages-in-use/ { dbpages=$2 } - /^normalizeddncachehitratio/ { ndnratio=$2 } - /^currentnormalizeddncachesize/ { ndncursize=$2 ; havendnstats=1 } - /^maxnormalizeddncachesize/ { ndnmaxsize=$2 } - /^currentnormalizeddncachecount/ { ndncount=$2 } - /^dn: cn=monitor, *cn=[a-zA-Z0-9][a-zA-Z0-9_\.\-]*, *cn=ldbm database, *cn=plugins, *cn=config/ { - idxnum=-1 - idxname="" - dbname=tolower($5) - if ((dbname in dbnames) || alldb) { - len=length(dbname) ; if (len > maxdbnamelen) { maxdbnamelen=len } - if (!(dbname in dbnames)) { dbnames[dbname] = dbname } - } - } - /^currententrycachesize/ { stats[dbname,"entcur"]=$2 } - /^maxentrycachesize/ { stats[dbname,"entmax"]=$2 } - /^currententrycachecount/ { stats[dbname,"entcnt"]=$2 } - /^entrycachehitratio/ { stats[dbname,"entratio"]=$2 } - /^currentdncachesize/ { stats[dbname,"dncur"]=$2 ; havednstats=1 } - /^maxdncachesize/ { stats[dbname,"dnmax"]=$2 } - /^currentdncachecount/ { stats[dbname,"dncnt"]=$2 } - /^dncachehitratio/ { stats[dbname,"dnratio"]=$2 } - - /^dbfilename-/ { - #rhds - #dbfilename-3: userRoot/id2entry.db4 - #sunds - #dbfilename-id2entry: /full/path/to/db/dbname/dbname_id2entry.dbX - if (dbname in dbnames) { - split($0, idxline, /[ :/.-]+/) - idxname=tolower(idxline[4]) - dbn=tolower(idxline[3]) - ilen=length(idxline) - sundbn=tolower(idxline[ilen-2]) - sunidxname=tolower(idxline[2]) - if ((dbn == dbname) && (allindex || (idxname in idxnames))) { - idxnum=idxline[2] - if (!(idxname in idxnames)) { idxnames[idxname] = idxname } - len = length(idxname) - if (len > idxmaxlen[dbn]) { idxmaxlen[dbn] = len } - } else if ((sundbn == dbname) && (allindex || (sunidxname in idxnames))) { - idxname=sunidxname - idxnum=1 # no index number just index name - if (!(idxname in idxnames)) { idxnames[idxname] = idxname } - len = length(idxname) - if (len > idxmaxlen[sundbn]) { idxmaxlen[sundbn] = len } - } else { - # print "index", idxline[4], "not in idxnames" - } - } else { - # print "dbname", dbname, "not in dbnames" - } - } - /^dbfilepagein-/ { if (idxnum >= 0) { idxstats[dbname,idxname,"pagein"] = $2 } } - /^dbfilepageout-/ { if (idxnum >= 0) { idxstats[dbname,idxname,"pageout"] = $2 } } - END { - free=(dbcachesize-(pagesize*dbpages)) - freeratio=free/dbcachesize - if (verbose > 1) { - print "# dbcachefree - free bytes in dbcache" - print "# free% - percent free in dbcache" - print "# roevicts - number of read-only pages dropped from cache to make room for other pages" - print "# if this is non-zero, it means the dbcache is maxed out and there is page churn" - print "# hit% - percent of requests that are served by cache" - print "# pagein - number of pages read into the cache" - print "# pageout - number of pages dropped from the cache" - } - print "dbcachefree", free, "free%", (freeratio*100), "roevicts", dbroevict, "hit%", dbhitratio, "pagein", dbcachepagein, "pageout", dbcachepageout - if (verbose > 1) { - print "# dbname - name of database instance - the row shows the entry cache stats" - print "# count - number of entries in cache" - print "# free - number of free bytes in cache" - print "# free% - percent free in cache" - print "# size - average size of date in cache in bytes (current size/count)" - if (havednstats) { - print "# DNcache - the line below the entry cache stats are the DN cache stats" - print "# count - number of dns in dn cache" - print "# free - number of free bytes in dn cache" - print "# free% - percent free in dn cache" - print "# size - average size of dn in dn cache in bytes (currentdncachesize/currentdncachecount)" - print "# hit_ratio - cache hit ratio" - print "# under each db are the list of selected indexes specified with INDEXLIST" - } - } - if (havednstats || havendnstats) { # make sure there is enough room for dbname:ent and dbname:dn - maxdbnamelen += 4 # :ent - dbentext = ":ent" - dbdnext = ":dn " - if (havendnstats) { - dbndnext = ":ndn" - } - } else { - dbentext = "" - dbdnext = "" - } - - if (maxdbnamelen < 6) { # len of "dbname" - maxdbnamelen = 6 - } - - if (verbose > 0) { - fmtstr = sprintf("%%%d.%ds %%10.10s %%13.13s %%6.6s %%7.7s %%10.9s\n", maxdbnamelen, maxdbnamelen) - printf fmtstr, "dbname", "count", "free", "free%", "size", "hit_ratio%" - } - - fmtstr = sprintf("%%%d.%ds %%10d %%13d %%6.1f %%7.1f %%10.1f\n", maxdbnamelen, maxdbnamelen) - if (havendnstats) { - # normalized dn cache - ndnfree=ndnmaxsize-ndncursize - ndnfreep=ndnfree/ndnmaxsize*100 - ndnsize=(ndncount == 0) ? 0 : ndncursize/ndncount - printf fmtstr, "global" dbndnext, ndncount, ndnfree, ndnfreep, ndnsize, ndnratio - } - - for (dbn in dbnames) { - cur=stats[dbn,"entcur"] - max=stats[dbn,"entmax"] - cnt=stats[dbn,"entcnt"] - eratio=stats[dbname,"entratio"] - free=max-cur - freep=free/max*100 - size=(cnt == 0) ? 0 : cur/cnt - printf fmtstr, dbnames[dbn] dbentext, cnt, free, freep, size, eratio - if (havednstats) { - dcur=stats[dbn,"dncur"] - dmax=stats[dbn,"dnmax"] - dcnt=stats[dbn,"dncnt"] - dratio=stats[dbn,"dnratio"] - dfree=dmax-dcur - dfreep=dfree/dmax*100 - dsize=(dcnt == 0) ? 0 : dcur/dcnt - printf fmtstr, dbnames[dbn] dbdnext, dcnt, dfree, dfreep, dsize, dratio - } - - if (indexlist) { - len = idxmaxlen[dbn] - fmtstr = sprintf("%%%d.%ds %%%d.%ds pagein %%8d pageout %%8d\n", maxdbnamelen, maxdbnamelen, len, len) - for (idx in idxnames) { - ipi = idxstats[dbn,idx,"pagein"] - ipo = idxstats[dbn,idx,"pageout"] - # not every db will have every index - if (ipi != "" && ipo != "") { - printf fmtstr, "+", idxnames[idx], ipi, ipo - } - } - } - } - } - ' -} - -dodbmon() { - instance=$(get_slapd_instance "@instconfigdir@" $SERVID) - if [ $? -eq 1 ] - then - echo "You must supply a valid server instance identifier (via SERVID)." - echo "Available instances: $instance" - exit 1 - fi - - CONFIG_DIR="@instconfigdir@/slapd-$instance" - - process_dse $CONFIG_DIR $$ - file="/tmp/DSSharedLib.$$" - port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' ) - host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' ) - security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' ) - certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' ) - rm $file - - if [ -n "$ldapiURL" ] - then - ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'` - ldapiURL="ldapi://"$ldapiURL - fi - - client_type=`ldapsearch -V 2>&1`; - echo "$client_type" | grep -q "OpenLDAP" - if [ $? -eq 0 ] - then - openldap="yes" - export LDAPTLS_CACERTDIR=$certdir - fi - - if [ -z $security ]; then - security="off" - fi - - while [ 1 ] ; do - date - if [ "$security" = "on" ]; then - # STARTTLS - if [ "$openldap" = "yes" ]; then - ldapsearch -x -LLL -ZZ -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ - | parseldif - else - ldapsearch -ZZZ -P $certdir -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ - | parseldif - fi - else - # LDAP - if [ "$openldap" = "yes" ]; then - ldapsearch -x -LLL -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ - | parseldif - else - ldapsearch -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ - | parseldif - fi - fi - echo "" - sleep $INCR - done -} - -dodbmon diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in deleted file mode 100755 index 0f71c6b..0000000 --- a/ldap/admin/src/scripts/dbverify.in +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH -PATH=$PATH:/bin - -usage() -{ - echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-a db_directory ] [-V] [-v] [-d debuglevel] [-h]" - echo "Note if \"-n backend\" is not passed, verify all DBs." - echo "Options:" - echo " -Z - Server instance identifier" - echo " -n backend - Backend database name. Example: userRoot" - echo " -a db_directory - Database directory" - echo " -V - Verbose output" - echo " -d debuglevel - Debugging level" - echo " -v - Display version" - echo " -h - Display usage" -} - -display_version="no" -while getopts "Z:n:hVvfd:n:D:a:" flag -do - case $flag in - h) usage - exit 0;; - Z) servid=$OPTARG;; - n) args=$args" -n \"$OPTARG\"";; - d) args=$args" -d \"$OPTARG\"";; - V) args=$args" -V";; - v) args=$args" -v" - display_version="yes";; - f) args=$args" -f";; - D) args=$args" -D \"$OPTARG\"";; - a) args=$args" -a \"$OPTARG\"";; - ?) usage - exit 1;; - esac -done - - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -eval @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args -if [ $display_version = "yes" ]; then - exit 0 -fi -if [ $? -eq 0 ]; then - echo "DB verify: Passed" - exit 0 -else - echo "DB verify: Failed" - exit 1 -fi diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in deleted file mode 100755 index 3974b00..0000000 --- a/ldap/admin/src/scripts/dn2rdn.in +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: dn2rdn [-Z serverID] [-h] [-f] [-v] [-d debuglevel]" - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -f - Force upgrade" - echo " -v - Display version" - echo " -d debuglevel - Debugging level" - echo " -h - Display usage" -} - -while getopts "Z:d:ha:vfr:D:" flag -do - case $flag in - h) usage - exit 0;; - Z) servid=$OPTARG;; - d) arg=$arg" -d \"$OPTARG\"";; - a) arg=$arg" -a \"$OPTARG\"" - archive="provided";; - v) arg=$arg" -v";; - f) arg=$arg" -f";; - D) arg=$arg" -D \"$OPTARG\"";; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -if [ "$archive" != "provided" ]; then - bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$instance/bak/reindex_`date +%Y_%m_%d_%H_%M_%S` - args=$args"-a $bak_dir" -fi - -eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args diff --git a/ldap/admin/src/scripts/dnaplugindepends.ldif b/ldap/admin/src/scripts/dnaplugindepends.ldif deleted file mode 100644 index 403158d..0000000 --- a/ldap/admin/src/scripts/dnaplugindepends.ldif +++ /dev/null @@ -1,7 +0,0 @@ -dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config -changetype: modify -add: nsslapd-plugin-depends-on-type -nsslapd-plugin-depends-on-type: database -- -replace: nsslapd-pluginType -nsslapd-pluginType: bepreoperation diff --git a/ldap/admin/src/scripts/ds_selinux_enabled.in b/ldap/admin/src/scripts/ds_selinux_enabled.in index 6720660..54a79b0 100755 --- a/ldap/admin/src/scripts/ds_selinux_enabled.in +++ b/ldap/admin/src/scripts/ds_selinux_enabled.in @@ -13,13 +13,11 @@ import sys +import selinux +import semanage # Returns 1 for true, 0 for false. -try: - import selinux - sys.exit(selinux.is_selinux_enabled()) -except ImportError: - sys.exit(0) +sys.exit(selinux.is_selinux_enabled()) diff --git a/ldap/admin/src/scripts/dscreate.map.in b/ldap/admin/src/scripts/dscreate.map.in deleted file mode 100644 index 4c47b08..0000000 --- a/ldap/admin/src/scripts/dscreate.map.in +++ /dev/null @@ -1,41 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# -# [Parameter resolution rules] -# * If the right-hand value is in ` (backquote), the value is eval'ed by perl. -# The output should be stored in $returnvalue to pass to the internal hash. -# * If the right-hand value is in " (doublequote), the value is passed as is. -# * If the right-hand value is not in any quote, the value should be found -# in either of the setup inf file (static) or the install inf file (dynamic). -# * Variables surrounded by @ (e.g., @configdir@) are replaced with the -# system path at the compile time. -# * The right-hand value can contain variables surrounded by % (e.g., %asid%) -# which refers the right-hand value (key) of this map file. -# -fqdn = FullMachineName -dsid = ServerIdentifier -ds_user = SuiteSpotUserID -ds_port = ServerPort -rootdn = RootDN -ds_suffix = Suffix -ds_bename = ds_bename -ds_passwd = HashedRootDNPwd - -schema_dir = schema_dir -lock_dir = lock_dir -tmp_dir = tmp_dir -cert_dir = cert_dir -ldif_dir = ldif_dir -bak_dir = bak_dir -inst_dir = inst_dir -log_dir = log_dir -config_dir = config_dir -db_dir = db_dir -db_home_dir = db_home_dir -run_dir = run_dir -instance_name = ServerIdentifier diff --git a/ldap/admin/src/scripts/dsorgentries.map.in b/ldap/admin/src/scripts/dsorgentries.map.in deleted file mode 100644 index 295bb9b..0000000 --- a/ldap/admin/src/scripts/dsorgentries.map.in +++ /dev/null @@ -1,22 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# -# [Parameter resolution rules] -# * If the right-hand value is in ` (backquote), the value is eval'ed by perl. -# The output should be stored in $returnvalue to pass to the internal hash. -# * If the right-hand value is in " (doublequote), the value is passed as is. -# * If the right-hand value is not in any quote, the value should be found -# in either of the setup inf file (static) or the install inf file (dynamic). -# * Variables surrounded by @ (e.g., @configdir@) are replaced with the -# system path at the compile time. -# * The right-hand value can contain variables surrounded by % (e.g., %asid%) -# which refers the right-hand value (key) of this map file. -# -ds_suffix = Suffix -naming_value = naming_value -rootdn = RootDN diff --git a/ldap/admin/src/scripts/dsupdate.map.in b/ldap/admin/src/scripts/dsupdate.map.in deleted file mode 100644 index f6912b6..0000000 --- a/ldap/admin/src/scripts/dsupdate.map.in +++ /dev/null @@ -1,37 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2009 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# -# [Parameter resolution rules] -# * If the right-hand value is in ` (backquote), the value is eval'ed by perl. -# The output should be stored in $returnvalue to pass to the internal hash. -# * If the right-hand value is in " (doublequote), the value is passed as is. -# * If the right-hand value is not in any quote, the value should be found -# in either of the setup inf file (static) or the install inf file (dynamic). -# * Variables surrounded by @ (e.g., @configdir@) are replaced with the -# system path at the compile time. -# * The right-hand value can contain variables surrounded by % (e.g., %asid%) -# which refers the right-hand value (key) of this map file. -# -fqdn = FullMachineName -dsid = ServerIdentifier -ds_user = SuiteSpotUserID -ds_port = ServerPort -rootdn = RootDN - -schema_dir = schema_dir -lock_dir = lock_dir -tmp_dir = tmp_dir -cert_dir = cert_dir -ldif_dir = ldif_dir -bak_dir = bak_dir -inst_dir = inst_dir -log_dir = log_dir -config_dir = config_dir -db_dir = db_dir -db_home_dir = db_home_dir -run_dir = run_dir diff --git a/ldap/admin/src/scripts/exampleupdate.ldif b/ldap/admin/src/scripts/exampleupdate.ldif deleted file mode 100644 index 94b1e98..0000000 --- a/ldap/admin/src/scripts/exampleupdate.ldif +++ /dev/null @@ -1,11 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2009 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -# These files work the same way as the LDIF templates in -# /usr/share/dirsrv/data/template-*.ldif diff --git a/ldap/admin/src/scripts/exampleupdate.pl b/ldap/admin/src/scripts/exampleupdate.pl deleted file mode 100644 index 1c7de1f..0000000 --- a/ldap/admin/src/scripts/exampleupdate.pl +++ /dev/null @@ -1,27 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2009 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -sub pre { - my ($inf, $configdir) = @_; -} - -sub preinst { - my ($inf, $inst, $dseldif, $conn) = @_; -} -sub runinst { - my ($inf, $inst, $dseldif, $conn) = @_; -} - -sub postinst { - my ($inf, $inst, $dseldif, $conn) = @_; -} - -sub post { - my ($inf, $configdir) = @_; -} diff --git a/ldap/admin/src/scripts/exampleupdate.sh b/ldap/admin/src/scripts/exampleupdate.sh deleted file mode 100644 index 6d8f5d7..0000000 --- a/ldap/admin/src/scripts/exampleupdate.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2009 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -# There are several environment variables passed in: -PRE_STAGE="pre"; -PREINST_STAGE="preinst"; -RUNINST_STAGE="runinst"; -POSTINST_STAGE="postinst"; -POST_STAGE="post"; - -# $DS_UPDATE_STAGE - the current stage of the update - one of -# pre - called at the beginning of the update -# preinst - called before processing an instance -# runinst - the main update stage for an instance -# postinst - called after processing an instance -# post - called the the end of the update -# you should definitely check the stage to make sure you only perform -# your actions during the correct stage e.g. - -if [ "$DS_UPDATE_STAGE" != "pre" ] ; then - exit 0 -fi - -# $DS_UPDATE_DIR - the main config directory containing the schema dir -# the config dir and the instance specific (slapd-instance) directories -# $DS_UPDATE_INST - the name of the instance (slapd-instance), if one of the instance specific stages -# $DS_UPDATE_DSELDIF - the full path ane filename of the dse.ldif file for the instance diff --git a/ldap/admin/src/scripts/fixup-linkedattrs.pl.in b/ldap/admin/src/scripts/fixup-linkedattrs.pl.in deleted file mode 100644 index 599e640..0000000 --- a/ldap/admin/src/scripts/fixup-linkedattrs.pl.in +++ /dev/null @@ -1,104 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$i = 0; - -sub usage { - print(STDERR "Usage: fixed-linkedupattrs.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename }\n"); - print(STDERR " [-l linkDN] [-P protocol] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STRERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -l linkDN - DN of link config entry that you want to fix\n"); - print(STDERR " up the links for. If omitted, all configured\n"); - print(STDERR " linked attributes will be fixed up.\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) -{ - if ("$ARGV[$i]" eq "-l"){ - # link DN - $i++; $linkdn_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D"){ - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w"){ - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j"){ - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z"){ - # Server instance identifier - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h"){ - # help - &usage; exit(0); - } elsif ("$ARGV[$i]" eq "-P") { - # protocol preference - $i++; $protocol = $ARGV[$i]; - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "linked_attrs_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=fixup linked attributes, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -if ($linkdn_arg ne "") -{ - $linkdn = "linkdn: $linkdn_arg\n"; -} -$entry = "${dn}${misc}${cn}${basedn}${linkdn}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/fixup-memberof.pl.in b/ldap/admin/src/scripts/fixup-memberof.pl.in deleted file mode 100644 index aeec957..0000000 --- a/ldap/admin/src/scripts/fixup-memberof.pl.in +++ /dev/null @@ -1,117 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$i = 0; - -sub usage { - print(STDERR "Usage: fixup-memberof.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename }\n"); - print(STDERR " [-P protocol] -b baseDN [-f filter] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -b baseDN - Base DN that contains entries to fix up.\n"); - print(STDERR " -f filter - Filter for entries to fix up\n"); - print(STDERR " If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the\n"); - print(STDERR " specified base will have their memberOf attribute regenerated.\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) -{ - if ("$ARGV[$i]" eq "-b"){ - # base DN - $i++; $basedn_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-f"){ - # filter - $i++; $filter_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D"){ - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w"){ - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j"){ - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z"){ - # server instance identifier - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-P"){ - # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h"){ - # help - &usage; exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -if ($verbose == 1){ - $info{args} = "-v -a"; -} else { - $info{args} = "-a"; -} -if ( $basedn_arg eq "" ){ - &usage; - exit(1); -} - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "memberOf_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=memberOf task, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$basedn = "basedn: $basedn_arg\n"; -if ( $filter_arg ne "" ) -{ - $filter = "filter: $filter_arg\n"; -} - -$entry = "${dn}${misc}${cn}${basedn}${filter}"; -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in deleted file mode 100755 index e5ba43d..0000000 --- a/ldap/admin/src/scripts/ldif2db.in +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage() -{ - echo "Usage: ldif2db [-Z serverID] -n backendname {-s includesuffix}* [{-x excludesuffix}*] {-i ldiffile}*" - echo " [-c chunksize] [-g [string]] [-G namespace_id] [-O] [-E] [-q] [-V] [-v] [-h]" - echo "Note: either \"-n backend\", \"-s includesuffix\", and \"-i ldiffile\" are required." - echo "Options:" - echo " -Z serverID - The server instance identifier" - echo " -n backend - Backend database name. Example: userRoot" - echo " -s inclduesuffix - Suffix to include" - echo " -x excludesuffix - Suffix to exclude" - echo " -i ldiffile - LDIF file name" - echo " -c chunksize - Number of entries to process before starting a new pass" - echo " -g [string] - String is \"none\" or \"deterministic\"" - echo " \"none\" - unique id is not generated" - echo " \"deterministic\" - generate name based unique id (-G name)" - echo " By default - generate time based unique id" - echo " -G name - Namespace id for name based uniqueid (-g deterministic)" - echo " -O - Do not index the attributes" - echo " -E - Encrypt attributes" - echo " -q - Quiet mode - suppresses output" - echo " -V - Verbose output" - echo " -v - Display version" - echo " -h - Display usage" -} - -handleopts() -{ - while [ "$1" != "" ] - do - if [ "$1" = "-q" ]; then - return 1 - elif [ "$1" = "-Z" ]; then - shift - servid=$1 - elif [ "$1" = "-h" ]; then - usage - exit 0 - fi - shift - done - return 0 -} - -while getopts "Z:vhd:i:g:G:n:s:x:NOCc:St:D:EqV" flag -do - case $flag in - h) usage - exit 0;; - Z) servid=$OPTARG;; - n) args=$args" -n \"$OPTARG\"";; - i) args=$args" -i \"$OPTARG\"";; - s) args=$args" -s \"$OPTARG\"";; - x) args=$args" -x \"$OPTARG\"";; - c) args=$args" -c \"$OPTARG\"";; - d) args=$args" -d \"$OPTARG\"";; - g) args=$args" -g \"$OPTARG\"";; - G) args=$args" -G \"$OPTARG\"";; - t) args=$args" -t \"$OPTARG\"";; - D) args=$args" -D \"$OPTARG\"";; - E) args=$args" -E";; - v) args=$args" -v";; - N) args=$args" -N";; - C) args=$args" -C";; - S) args=$args" -S";; - O) args=$args" -O";; - q) args=$args" -q";; - V) args=$args" -V";; - ?) usage - exit 1;; - esac -done - -if [ $# -lt 4 ] -then - usage - exit 1 -fi - -ARGS=$@ -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -handleopts $ARGS -quiet=$? -if [ $quiet -eq 0 ]; then - echo importing data ... -fi - -eval @sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1 - -exit $? diff --git a/ldap/admin/src/scripts/ldif2db.pl.in b/ldap/admin/src/scripts/ldif2db.pl.in deleted file mode 100644 index 144dbba..0000000 --- a/ldap/admin/src/scripts/ldif2db.pl.in +++ /dev/null @@ -1,209 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$maxidx = 50; -$noattrindexes = 0; -$mergechunksiz = 0; -$genuniqid = "time"; -$i = 0; -$ldifi = 0; -$incli = 0; -$excli = 0; -$encrypt_on_import = 0; - -sub usage { - print(STDERR "Usage: ldif2db.pl -n backend [-Z serverID] [-D rootdn] { -w password | -w - | -j filename }\n"); - print(STDERR " [-P protocol] {-s include}* [{-x exclude}*] [-O] [-c chunksize] [-h]\n"); - print(STDERR " [-E] [-g [string] [-G namespace_id]] {-i filename}*\n"); - print(STDERR "Note: either \"-n backend\", \"-s includesuffix\", and \"-i ldiffile\" are required.\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -n backend - Backend database name. Example: userRoot\n"); - print(STDERR " -i filename - Input ldif file(s)\n"); - print(STDERR " -s include - Included suffix\n"); - print(STDERR " -x exclude - Excluded suffix(es)\n"); - print(STDERR " -O - Only create core db, no attr indexes\n"); - print(STDERR " -c chunksize - Number of entries to process before starting a new pass\n"); - print(STDERR " -g [string] - String is \"none\" or \"deterministic\"\n"); - print(STDERR " \"none\" - unique id is not generated\n"); - print(STDERR " \"deterministic\" - generate name based unique id (-G name)\n"); - print(STDERR " By default - generate time based unique id\n"); - print(STDERR " -G name - Namespace id for name based uniqueid (-g deterministic)\n"); - print(STDERR " -E - Encrypt data when importing\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -@ldiffiles = ( - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "" -); -@included = ( - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "" -); -@excluded = ( - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "", "", "", "", "", "", "", "", "", "", - "" -); - -while ($i <= $#ARGV) { - if ( "$ARGV[$i]" eq "-i" ) { # ldiffiles - $i++; - if ($ldifi < $maxidx) { - $ldiffiles[$ldifi] = $ARGV[$i]; $ldifi++; - } else { - &usage; exit(1); - } - } elsif ("$ARGV[$i]" eq "-s") { # included suffix - $i++; - if ($incli < $maxidx) { - $included[$incli] = $ARGV[$i]; $incli++; - } else { - &usage; exit(1); - } - } elsif ("$ARGV[$i]" eq "-x") { # excluded suffix - $i++; - if ($excli < $maxidx) { - $excluded[$excli] = $ARGV[$i]; $excli++; - } else { - &usage; exit(1); - } - } elsif ("$ARGV[$i]" eq "-n") { # instance - $i++; $instance = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-O") { # no attr indexes - $noattrindexes = 1; - } elsif ("$ARGV[$i]" eq "-c") { # merge chunk size - $i++; $mergechunksiz = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-g") { # generate uniqueid - if (("$ARGV[$i+1]" ne "") && !("$ARGV[$i+1]" =~ /^-/)) { - $i++; - if ("$ARGV[$i]" eq "none") { - $genuniqid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "deterministic") { - $genuniqid = $ARGV[$i]; - } - } - } elsif ("$ARGV[$i]" eq "-G") { # namespace id - $i++; $uniqidname = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z") { # server id - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h") { # help - &usage; exit(0); - } elsif ("$ARGV[$i]" eq "-E") { # encrypt on import - $encrypt_on_import = 1; - } elsif ("$ARGV[$i]" eq "-P") { # protocol preference - $i++; $protocol = $ARGV[$i]; - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; -if (($instance eq "" && $included[0] eq "") || $ldiffiles[0] eq "" ){ - &usage; - exit(1); -} - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "import_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=import, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -if ($instance ne "") { - $nsinstance = "nsInstance: ${instance}\n"; -} -$i = 0; -$nsldiffiles = ""; -while ("" ne "$ldiffiles[$i]") { - $nsldiffiles = "${nsldiffiles}nsFilename: $ldiffiles[$i]\n"; - $i++; -} -$i = 0; -$nsincluded = ""; -while ("" ne "$included[$i]") { - $nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n"; - $i++; -} -$i = 0; -$nsexcluded = ""; -while ("" ne "$excluded[$i]") { - $nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n"; - $i++; -} -$nsnoattrindexes = ""; -if ($noattrindexes != 0) { $nsnoattrindexes = "nsImportIndexAttrs: false\n"; } -$nsimportencrypt = ""; -if ($encrypt_on_import != 0) { $nsimportencrypt = "nsImportEncrypt: true\n"; } -$nsmergechunksiz = "nsImportChunkSize: ${mergechunksiz}\n"; -$nsgenuniqid = "nsUniqueIdGenerator: ${genuniqid}\n"; -$nsuniqidname = ""; -if ($uniqidname ne "") { $nsuniqidname = "nsUniqueIdGeneratorNamespace: ${uniqidname}\n"; } -$ttl = "ttl: 86400"; -$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsldiffiles}${nsnoattrindexes}${nsimportencrypt}${nsmergechunksiz}${nsgenuniqid}${nsuniqidname}${ttl}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); - diff --git a/ldap/admin/src/scripts/ldif2ldap.in b/ldap/admin/src/scripts/ldif2ldap.in deleted file mode 100755 index 7c83c5e..0000000 --- a/ldap/admin/src/scripts/ldif2ldap.in +++ /dev/null @@ -1,180 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@" -libpath_add "@nss_libdir@" -libpath_add "@libdir@/@package_name@/" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH -PATH=$PATH:@ldaptool_bindir@:@ldaptool_bindir@:/usr/bin - -usage () -{ - echo "Usage: ldif2ldap [-Z serverID] [-D ] -w -f [-P protocol] [-h]" - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -D rootdn - Directory Manager DN" - echo " -w passwd - Directory Manager password" - echo " -f file - File containing LDAP entries to add to the server" - echo " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP" - echo " -h - Display usage" -} - -while getopts "Z:D:w:f:hP:" flag -do - case $flag in - Z) servid=$OPTARG;; - P) protocol=$OPTARG;; - D) rootdn=$OPTARG;; - w) passwd=$OPTARG;; - f) args=$args"-f $OPTARG" - input_file=$OPTARG;; - h) usage - exit 0;; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -if [ -z "$input_file" ] -then - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -process_dse $CONFIG_DIR $$ -file="/tmp/DSSharedLib.$$" -port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' ) -host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' ) -security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' ) -secure_port=$(grep -i 'nsslapd-secureport' $file | awk '{print $2}' ) -ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' ) -ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' ) -certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' ) -autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' ) -if [ -z "$rootdn" ]; then - value=$(grep -i 'nsslapd-rootdn' $file) - rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'` -fi -rm $file - -if [ -n "$ldapiURL" ]; then - ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'` - ldapiURL="ldapi://"$ldapiURL -fi - -client_type=`ldapmodify -V 2>&1`; -echo "$client_type" | grep -q "OpenLDAP" -if [ $? -eq 0 ] -then - openldap="yes" - export LDAPTLS_CACERTDIR=$certdir -fi - -if [ -z "$security" ]; then - security="off" -fi -revised_protocol=$(check_protocol $protocol $security $ldapi $openldap) -if [ "$revised_protocol" != "$protocol" ]; then - echo Protocol $protocol requested, but this protocol is not supported - error="yes" -fi -protocol=$revised_protocol - -# -# STARTTLS -# -if [ "$security" = "on" ]; then - if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(STARTTLS)" - fi - if [ "$openldap" = "yes" ]; then - ldapmodify -x -ZZ -p $port -h $host -D $rootdn -w $passwd -a -f $input_file - else - ldapmodify -ZZZ -P $certdir -p $port -h $host -D $rootdn -w $passwd -a -f $input_file - fi - exit $? - fi -fi - -# -# LDAPS -# -if [ "$security" = "on" ]; then - if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPS)" - fi - if [ "$openldap" = "yes" ]; then - ldapmodify -x -H "ldaps://$host:$secure_port" -D $rootdn -w $passwd -a -f $input_file - else - ldapmodify -Z -P $certdir -p $secure_port -h $host -D $rootdn -w $passwd -a -f $input_file - fi - exit $? - fi -fi - -# -# LDAPI -# -if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then - if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then - if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI/AUTOBIND)" - fi - ldapmodify -H $ldapiURL -Y EXTERNAL -a -f $input_file 2>/dev/null - else - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI)" - fi - ldapmodify -x -H $ldapiURL -D $rootdn -w $passwd -a -f $input_file - fi - rc=$? - if [ $rc -ne 0 ] - then - echo "Operation failed (error $rc)" - fi - exit $rc - fi -fi - -# -# LDAP -# -if [ "$protocol" = "LDAP" ] || [ -z "$protocol" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAP)" - fi - if [ "$openldap" = "yes" ]; then - ldapmodify -x -p $port -h $host -D $rootdn -w $passwd -a -f $input_file - else - ldapmodify -p $port -h $host -D $rootdn -w $passwd -a -f $input_file - fi - exit $? -fi - -echo ERROR $protocol diff --git a/ldap/admin/src/scripts/migrate-ds.pl.in b/ldap/admin/src/scripts/migrate-ds.pl.in deleted file mode 100644 index 7c139c6..0000000 --- a/ldap/admin/src/scripts/migrate-ds.pl.in +++ /dev/null @@ -1,52 +0,0 @@ -#!@perlexec@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -########################### -# -# This perl module provides a way to set up a new installation after -# the binaries have already been extracted. This is typically after -# using native packaging support to install the package e.g. RPM, -# pkgadd, depot, etc. This script will show the license, readme, -# dsktune, then run the usual setup pre and post installers. -# -########################## - -use lib qw(@perlpath@); - -use strict; - -use DSMigration; -use Migration; -use Resource; - -my $res = new Resource("@propertydir@/migrate-ds.res", - "@propertydir@/setup-ds.res"); - -my $mig = new Migration($res); - -$mig->msg('begin_ds_migration', $mig->{oldsroot}); -if (!migrateDS($mig)) { - $mig->doExit(1); -} -$mig->msg('end_ds_migration'); -$mig->doExit(0); - -END { - if ($mig and $mig->{keep}) { - $mig->{inf}->write("__temp__"); - } -} - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/migrate-ds.res b/ldap/admin/src/scripts/migrate-ds.res deleted file mode 100644 index d58649b..0000000 --- a/ldap/admin/src/scripts/migrate-ds.res +++ /dev/null @@ -1,35 +0,0 @@ -begin_ds_migration = Beginning migration of directory server instances in %s . . .\n -end_ds_migration = Directory server migration is complete. Please check output and log files for details.\n -migration_exiting = Exiting . . .\nLog file is '%s'\n\n -instance_already_exists = The target directory server instance already exists at %s. Skipping migration. Note that if you want to migrate the old instance you will have to first remove the new one of the same name.\n\n -error_reading_entry = Could not read the entry '%s'. Error: %s\n -error_updating_merge_entry = Could not %s the migrated entry '%s' in the target directory server. Error: %s\n -error_importing_migrated_db = Could not import the LDIF file '%s' for the migrated database. Error: %s. Output: %s\n -error_reading_olddbconfig = Could not read the old database configuration information. Error: %s\n -error_migrating_schema = Could not copy old schema file '%s'. Error: %s\n -error_opening_schema = Could not open new schema file '%s'. Error: %s\n -error_schema_permissions = Could not reset permissions on schema file '%s'. Error: %s\n -error_copying_dbdir = Could not copy database directory '%s' to '%s'. Error: %s\n -error_copying_dbfile = Could not copy database file '%s' to '%s'. Error: %s\n -error_dbsrcdir_not_exist = Could not copy from the database source directory '%s' because it does not exist. Please check your configuration.\n -error_no_instances = Could not find any instances in the old directory '%s' to migrate.\n -error_removing_temp_db_files = Could not remove the temporary db files in '%s' to clear the directory in preparation for the migrated db files. Error: %s\n -error_copying_certdb = Could not copy the certificate database file '%s' to '%s'. Error: %s\n -error_copying_keydb = Could not copy the private key database file '%s' to '%s'. Error: %s\n -error_copying_secmoddb = Could not copy the security module database file '%s' to '%s'. Error: %s\n -error_copying_pinfile = Could not copy the key database PIN file '%s' to '%s'. Error: %s\n -error_copying_certmap = Could not copy the client certificate mapping file '%s' to '%s'. Error: %s\n -ldif_required_for_cross_platform = No LDIF files were found in %s.\n -LDIF files are required in order to do cross platform migration. The\ -database files are not binary compatible, and the new databases must\ -be initialized from an LDIF export of the old databases. Please refer\ -to the migration instructions for help with how to do this.\n\n -fixing_integer_attr_index = The index for the attribute '%s' in the database directory '%s' will be removed and re-created.\n\n -error_removing_index_file = Could not remove the index file '%s'. Error: %s\n\n -error_recreating_index_file = Could not re-create the index file '%s'. Error: %s\n\n -error_reading_dbversion = Could not read the old database version information from '%s'. Error: %s\n\n -error_database_too_old = The database at '%s' is too old to be migrated as a binary copy. You must export to LDIF.\n\n -This version cannot be migrated using the database binaries. You must\ -first convert the databases to LDIF format and use the cross platform\ -migration procedure. This procedure is documented in the migration\ -guide and in the help for this script.\n\n diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in deleted file mode 100755 index 8796342..0000000 --- a/ldap/admin/src/scripts/monitor.in +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@libdir@" -libpath_add "@nss_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH -PATH=$PATH:@ldaptool_bindir@:@ldaptool_bindir@:/usr/bin/ - -protocol="" - -usage () -{ - echo "Usage: monitor [ -Z serverID ] [ -D rootdn ] [ -w password ] [ -b basedn ] [-P protocol] [-h]" - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -D rootdn - Directory Manager DN" - echo " -w passwd - Directory Manager password" - echo " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP" - echo " -h - Display usage" -} - -while getopts "Z:b:hP:D:w:" flag -do - case $flag in - Z) servid=$OPTARG;; - P) protocol=$OPTARG;; - b) MDN=$OPTARG;; - D) rootdn=$OPTARG;; - w) passwd=$OPTARG;; - h) usage - exit 0;; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -if [ -z "$MDN" ] -then - MDN="cn=monitor" -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -process_dse $CONFIG_DIR $$ -file="/tmp/DSSharedLib.$$" -port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' ) -host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' ) -security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' ) -secure_port=$(grep -i 'nsslapd-secureport' $file | awk '{print $2}' ) -ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' ) -ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' ) -certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' ) -autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' ) -if [ -z "$rootdn" ]; then - value=$(grep -i 'nsslapd-rootdn' $file) - rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'` -fi -rm $file - -if [ -n "$passwd" ]; then - dn="-D \"$rootdn\"" - passwd="-w \"$passwd\"" -fi -if [ -n "$ldapiURL" ] -then - ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'` - ldapiURL="ldapi://"$ldapiURL -fi - -client_type=`ldapsearch -V 2>&1`; -echo "$client_type" | grep -q "OpenLDAP" -if [ $? -eq 0 ] -then - openldap="yes" - export LDAPTLS_CACERTDIR=$certdir -fi - -if [ -z $security ]; then - security="off" -fi -revised_protocol=$(check_protocol $protocol $security $ldapi $openldap) -if [ "$revised_protocol" != "$protocol" ]; then - echo Protocol $protocol requested, but this protocol is not supported - error="yes" -fi -protocol=$revised_protocol - -# -# STARTTLS -# -if [ "$security" = "on" ]; then - if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(STARTTLS)" - fi - if [ "$openldap" = "yes" ]; then - eval ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - else - eval ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - fi - exit $? - fi -fi - -# -# LDAPS -# -if [ "$security" = "on" ]; then - if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPS)" - fi - if [ "$openldap" = "yes" ]; then - ldapsearch -x -LLL -H "ldaps://$host:$secure_port" -b "$MDN" -s base $dn $passwd "objectClass=*" - else - ldapsearch -Z -P $certdir -p $secure_port -b "$MDN" -s base $dn $passwd "objectClass=*" - fi - exit $? - fi -fi - -# -# LDAPI -# -if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then - if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then - if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI/AUTOBIND)" - fi - ldapsearch -LLL -H "$ldapiURL" -b "$MDN" -s base -Y EXTERNAL "objectClass=*" 2>/dev/null - else - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI)" - fi - ldapsearch -x -LLL -H "$ldapiURL" -b "$MDN" -s base $dn $passwd "objectClass=*" - fi - exit $? - fi -fi - -# -# LDAP -# -if [ "$protocol" = "LDAP" ] || [ "$protocol" = "" ]; then - if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAP)" - fi - if [ "$openldap" = "yes" ]; then - ldapsearch -x -LLL -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - else - ldapsearch -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - fi - exit $? -fi diff --git a/ldap/admin/src/scripts/ns-accountstatus.pl.in b/ldap/admin/src/scripts/ns-accountstatus.pl.in deleted file mode 100644 index 8397766..0000000 --- a/ldap/admin/src/scripts/ns-accountstatus.pl.in +++ /dev/null @@ -1,1045 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2016 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; -use Time::Local; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -my $single = 0; -my $role = 0; -my $verbose = 0; - -############################### -# SUB-ROUTINES -############################### - -sub usage -{ - print (STDERR "ns-accountstatus.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename }\n"); - print (STDERR " [-p port] [-h host] [-P protocol] {-I DN | -b basedn -f filter [-s scope]}\n"); - print (STDERR " [-i] [-g seconds]\n\n"); - print (STDERR "May be used to get the status a user or a domain of users\n\n"); - print (STDERR "Arguments:\n"); - print (STDERR " -? - Display usage\n"); - print (STDERR " -D rootdn - Provide a Directory Manager DN\n"); - print (STDERR " -w password - Provide a password for the Directory Manager DN\n"); - print (STDERR " -w - - Prompt for the Directory Manager's password\n"); - print (STDERR " -Z serverID - Server instance identifier\n"); - print (STDERR " -j filename - Read the Directory Manager's password from file\n"); - print (STDERR " -p port - Provide a port\n"); - print (STDERR " -h host - Provide a host name\n"); - print (STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print (STDERR " -I DN - Single entry DN or role DN to get status\n"); - print (STDERR " -b basedn - Search base for finding entries**\n"); - print (STDERR " -f filter - Search filter for finding entries**\n"); - print (STDERR " -s scope - Search scope (base, one, sub - default is sub)**\n"); - print (STDERR " -i - Only display inactivated entries\n"); - print (STDERR " -g seconds - Only display entries that will become inactive within the timeframe\n"); - print (STDERR " -V - Display verbose information\n"); -} - -sub debug -{ -# print " ==> @_"; -} - -sub out -{ - print "@_"; -} - -# -------------------------- -# Check if the entry is part of a locked role: -# i.e.: for each role member (nsroledn) of nsdisabledrole, check if -# * it is the same as the entry -# * the entry is member of role (==has nsroledn attributes), compare each of -# them with the nsroledn of nsdisabledrole -# * if nsroledn of nsdisabledrole are complex, go through each of them -# argv[0] is the local file handler -# argv[1] is the entry (may be a single entry DN or a role DN) -# argv[2] is the base for the search -# -------------------------- - -$throughRole=""; - -sub indirectLock -{ - # For recursivity, file handler must be local - my $L_filehandle=$_[0]; - $L_filehandle++; - - my $L_entry=$_[1]; - # Remove useless space - my @L_intern=split /([,])/,$L_entry; - my $L_result=""; - foreach $L_part (@L_intern){ - $L_part=~s/^ +//; - $L_part=~ tr/A-Z/a-z/; - $L_result="$L_result$L_part"; - } - $L_entry=$L_result; - - my $L_base=$_[2]; - my $L_search; - my $L_currentrole; - my $L_retCode; - my $L_local; - - $info{base} = $L_base; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $info{scope} = "base"; - $info{attrs} = "nsroledn"; - $info{redirect} = ">> /dev/null 2>&1"; - DSUtil::ldapsrch_ext(%info); - $info{redirect} = ""; - $retCode=$?; - if ( $retCode != 0 ){ - $retCode=$?>>8; - return 1; - } - - # Check if the role is a nested role - $info{filter} = "(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))"; - $info{attrs} = ""; - @L_Nested=DSUtil::ldapsrch(%info); - # L_isNested == 1 means that we are going through a nested role, so for each member of that - # nested role, check that the member is below the scope of the nested - $L_isNested=@L_Nested; - - # Not Direct Lock, Go through roles if any - $info{attrs} = "nsroledn"; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $L_search=DSUtil::ldapsrch(%info); - - debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n"); - - unless (open ($L_filehandle, "$L_search |")){ - out("Can't open file $L_filehandle\n"); - exit; - } - while (<$L_filehandle>) { - - s/\n //g; - if (/^nsroledn: (.*)\n/) { - $L_currentrole = $1; - - # Remove useless space - my @L_intern=split /([,])/,$L_currentrole; - my $L_result=""; - foreach $L_part (@L_intern){ - $L_part=~s/^ +//; - $L_part=~ tr/A-Z/a-z/; - $L_result="$L_result$L_part"; - } - $L_currentrole=$L_result; - - debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n"); - if ( $L_isNested == 1 ){ - if ( checkScope($L_currentrole, $L_base) == 0 ){ - # Scope problem probably a bad conf, skip the currentrole - next; - } - } - - if ( $L_currentrole eq $L_entry ){ - # the entry is a role that is directly locked - # i.e, nsroledn of nsdisabledrole contains the entry - $throughRole=$L_base; - $throughRole=~ tr/A-Z/a-z/; - - # skipDisabled means that we've just found that the entry (which is a role) - # is locked directly (==its DN is part of nsroledn attributes) - # we just want to know now, if it is locked through another role - # at least, one - if ( $skipDisabled == 1 ){ - # direct inactivation - $directLocked=1; - # just go through that test once - $skipDisabled=0; - next; - } - debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n"); - return 0; - } - - $L_retCode=memberOf($L_currentrole, $L_entry); - if ( $L_retCode == 0 && $single == 1 ){ - $throughRole=$L_currentrole; - $throughRole=~ tr/A-Z/a-z/; - if ( $skipManaged == 1 ){ - if ( $L_currentrole eq $nsManagedDisabledRole){ - # Try next nsroledn - $directLocked=1; - $skipManaged=0; - next; - } - } - debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n"); - return 0; - } - - # Only for the first iteration - # the first iteration is with nsdisabledrole as base, other - # loops are deeper - $L_local=$skipDisabled; - $skipDisabled=0; - - # the current nsroledn may be a complex role, just go through - # its won nsroledn - $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole); - - # Because of recursivity, to keep the initial value for the first level - $skipDisabled=$L_local; - - if ( $L_retCode == 0 ){ - $throughRole=$L_currentrole; - $throughRole=~ tr/A-Z/a-z/; - debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n"); - return 0; - } - } - } - - close($L_filehandle); - - debug("\t<--indirectLock: no more nsroledn to process\n"); - return 1; -} - -# -------------------------- -# Check if nsroledn is part of the entry attributes -# argv[0] is a role DN (nsroledn attribute) -# argv[1] is the entry -# -------------------------- -sub memberOf -{ - my $L_nsroledn=$_[0]; - $L_nsroledn =~ tr/A-Z/a-z/; - my $L_entry=$_[1]; - my $L_search; - my $L_currentrole; - - $info{base} = $L_entry; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $info{scope} = "base"; - $info{attrs} = "nsrole"; - $L_search = DSUtil::ldapsrch(%info); - - debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n"); - - open (LDAP2, "$L_search |"); - while () { - s/\n //g; - if (/^nsrole: (.*)\n/) { - $L_currentrole = $1; - $L_currentrole=~ tr/A-Z/a-z/; - if ( $L_currentrole eq $L_nsroledn ){ - # the parm is part of the $L_entry nsroledn - debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n"); - return 0; - } - } - } - close(LDAP2); - - # the parm is not part of the $L_entry nsroledn - debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n"); - return 1; -} - - -# -------------------------- -# Remove the rdn of a DN -# argv[0] is a DN -# -------------------------- -sub removeRdn -{ - $L_entry=$_[0]; - - @L_entryToTest=split /([,])/,$L_entry; - debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n"); - - $newDN=""; - $removeRDN=1; - foreach $part (@L_entryToTest){ - $part=~ s/^ +//; - $part=~ tr/A-Z/a-z/; - if ( $removeRDN <= 2 ){ - $removeRDN=$removeRDN+1; - } else { - $newDN="$newDN$part"; - } - } - - debug("removeRdn: new DN **$newDN**\n"); -} - -# -------------------------- -# Check if L_current is below the scope of -# L_nestedRole -# argv[0] is a role -# argv[1] is the nested role -# -------------------------- -sub checkScope -{ - $L_current=$_[0]; - $L_nestedRole=$_[1]; - - debug("checkScope: check if $L_current is below $L_nestedRole\n"); - - removeRdn($L_nestedRole); - $L_nestedRoleSuffix=$newDN; - debug("checkScope: nested role based: $L_nestedRoleSuffix\n"); - - $cont=1; - while ( ($cont == 1) && ($L_current ne "") ){ - removeRdn($L_current); - $currentDn=$newDN; - debug("checkScope: current DN to check: $currentDn\n"); - - if ( $currentDn eq $L_nestedRoleSuffix ){ - debug("checkScope: DN match!!!\n"); - $cont = 0; - } else { - $L_current=$currentDn; - } - } - - if ( $cont == 1 ){ - debug("checkScope: $_[0] and $_[1] are not compatible\n"); - return 0; - } else { - debug("checkScope: $_[0] and $_[1] are compatible\n"); - return 1; - } -} - -# -# Check if an account is locked by inactivity -# Take the lastlogintime (which is in Generalized Time), and convert it to its -# EPOCH time. Then compare this to the current time and the inactivity limit -# -sub checkForInactivity -{ - my $gentime_lastlogin = shift; - my $limit = shift; - - if ($limit == 0){ - return 0; - } - my ($year, $mon, $day, $hour, $min, $sec) = - ($gentime_lastlogin =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); - my $lastlogin = timegm($sec, $min, $hour, $day, ($mon-1), $year); # EPOCH time - my $now = time(); # EPOCH time - - if (($now - $lastlogin) > $limit){ - # Account has be inactive for too long - return 1; - } - # Account is fine and active - return 0; -} - -sub checkForUpcomingInactivity -{ - my $gentime_lastlogin = shift; - my $limit = shift; - my $timeframe = shift; - - if ($limit == 0){ - return 0; - } - my ($year, $mon, $day, $hour, $min, $sec) = - ($gentime_lastlogin =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); - my $lastlogin = timegm($sec, $min, $hour, $day, ($mon-1), $year); # EPOCH time - my $now = time(); # EPOCH time - my $time_to_inactive = ($limit - ($now - $lastlogin)); - if ($time_to_inactive <= $timeframe){ - return 1; - } else { - return 0; - } -} - -# -# Return the time in seconds until the account reaches the limit -# -sub getTimeToInactivity -{ - my $gentime_lastlogin = shift; - my $limit = shift; - - my ($year, $mon, $day, $hour, $min, $sec) = - ($gentime_lastlogin =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); - my $lastlogin = timegm($sec, $min, $hour, $day, ($mon-1), $year); # EPOCH time - my $now = time(); # EPOCH time - - return ($limit - ($now - $lastlogin)); -} - -# -# Return the time in seconds until the account reaches the limit -# -sub getTimeSinceInactive -{ - my $gentime_lastlogin = shift; - my $limit = shift; - - my ($year, $mon, $day, $hour, $min, $sec) = - ($gentime_lastlogin =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); - my $lastlogin = timegm($sec, $min, $hour, $day, ($mon-1), $year); # EPOCH time - my $now = time(); # EPOCH time - - return ($now - ($lastlogin + $limit)); - #return (($now - $lastlogin) - limit); -} - -# -# Return various components of the acct policy -# -sub getAcctPolicy -{ - my %srch = %{$_[0]}; - my $entry = $_[1]; - - my $enabled = 0; - my $stateattr = 0; - my $altstateattr = 0; - my $cosspecattr = 0; - my $limitattr = 0; - my $limit = 0; - my $configentry = 0; - my $templateDN = ""; - - $srch{base} = "cn=Account Policy Plugin,cn=plugins,cn=config"; - $srch{filter} = "(&(objectclass=top)(nsslapd-pluginarg0=*))"; - $srch{scope} = "base"; - $srch{attrs} = "nsslapd-pluginEnabled nsslapd-pluginarg0"; - - # - # Get the main plugin entry - # - $searchAccPolicy = DSUtil::ldapsrch(%srch); - open (LDAP1, "$searchAccPolicy |"); - while () { - s/\n //g; - if( /^nsslapd-pluginenabled: on/i) { - $enabled = 1; - } elsif (/^nsslapd-pluginarg0: (.*)/i) { - $configentry = $1; - } - } - close(LDAP1); - - if ($enabled == 0){ - # Not using acct policy plugin, no reason to continue. - return (0, 0, 0, 0); - } - - # - # Get the plugin config entry - # - $srch{base} = $configentry; - $srch{filter} = "(objectclass=top)"; - $srch{scope} = "base"; - $srch{attrs} = "stateattrname altstateattrname specattrname limitattrname"; - $searchAccPolicy = DSUtil::ldapsrch(%srch); - open (LDAP1, "$searchAccPolicy |"); - while () { - s/\n //g; - if( /^stateattrname: (.*)/i) { - $stateattr = $1; - } elsif (/^altstateattrname: (.*)/i) { - $altstateattr = $1; - } elsif (/^specattrname: (.*)/i) { - $cosspecattr = $1; - } elsif (/^limitattrname: (.*)/i) { - $limitattr = $1; - } - } - close(LDAP1); - - # - # Now, get the DN for the account policy subEntry from the entry (if available) - # - $srch{base} = $entry; - $srch{filter} = "(objectclass=*)"; - $srch{scope} = "base"; - $srch{attrs} = "$cosspecattr"; - $searchAccPolicy= DSUtil::ldapsrch(%srch); - open (LDAP1, "$searchAccPolicy |"); - while () { - s/\n //g; - if (/^$cosspecattr: (.*)/i){ - $templateDN = $1; - break; - } - } - close(LDAP1); - - # - # Get the inactivity limit - # - $srch{base} = $configentry; - if ($templateDN){ - # Use subEntry DN - $srch{base} = $templateDN; - } - $srch{filter} = "($limitattr=*)"; - $srch{scope} = "base"; - $srch{attrs} = "$limitattr"; - my @result = DSUtil::ldapsrch_ext(%srch); - if ($#result > 1){ - if ($result[1] =~ /^$limitattr: *([0-9]+)/i){ - $limit = $1; - } - } - - return ($enabled, $stateattr, $altstateattr, $limit); -} - -# -# Return a friendly time string for the client -# -sub get_time_from_epoch -{ - my $sec = shift; - my $result = ""; - my $add_space = 0; - - if (int($sec/(24*60*60))){ - $result = int($sec/(24*60*60)) . " days"; - $add_space = 1; - } - if (($sec/(60*60))%24){ - if ($add_space){ - $result = $result . ", "; - } - $add_space = 1; - $result = $result . ($sec/(60*60))%24 . " hours"; - } - if ( ($sec/60)%60){ - if ($add_space){ - $result = $result . ", "; - } - $add_space = 1; - $result = $result . ($sec/60)%60 . " minutes"; - } - if ($sec%60){ - if ($add_space){ - $result = $result . ", "; - } - $result = $result . $sec%60 . " seconds"; - } - return $result; -} - -# -# Given a string in generalized time format, convert it to ascii time -# -sub get_time_from_gentime -{ - my $zstr = shift; - return "n/a" if (! $zstr); - my ($year, $mon, $day, $hour, $min, $sec) = - ($zstr =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); - my $time = timegm($sec, $min, $hour, $day, ($mon-1), $year); - ($sec, $min, $hour, $day, $mon, $year) = localtime($time); - $mon++; - $year += 1900; - foreach ($sec, $min, $hour, $day, $mon) { - $_ = "0".$_ if ($_ < 10); - } - - return "$mon/$day/$year $hour:$min:$sec"; -} - -# -# Print Verbose output about the entry -# -sub printVerbose -{ - my %dsinfo = %{$_[0]}; - my $suffix = $_[1]; - my $entry = $_[2]; - my $createtime = $_[3]; - my $modifytime = $_[4]; - my $lastlogintime = $_[5]; - my $state = $_[6]; - my $limit = $_[7]; - my $usingAcct = $_[8]; - - out("Entry: $entry\n"); - out("Entry Creation Date: $createtime (" . get_time_from_gentime($createtime) . ")\n"); - out("Entry Modification Date: $modifytime (" . get_time_from_gentime($modifytime) . ")\n"); - if ($lastlogintime ne ""){ - out("Last Login Date: $lastlogintime (" . get_time_from_gentime($lastlogintime) . ")\n"); - } - if($usingAcct){ - if ($limit){ - out("Inactivity Limit: $limit seconds (" . get_time_from_epoch($limit) . ")\n"); - if ($lastlogintime ne ""){ - my $remaining_time = getTimeToInactivity($lastlogintime, $limit); - if($remaining_time < 0){ - out("Time Until Inactive: -\n"); - # We only display elapsed time if the account was locked by inactivity - if($state =~ /inactivity limit exceeded/){ - my $elapsed_time = getTimeSinceInactive($lastlogintime, $limit); - out("Time Since Inactivated: $elapsed_time seconds (" . get_time_from_epoch($elapsed_time) . ")\n"); - } else { - out("Time Since Inactive: -\n"); - } - } else { - out("Time Until Inactive: $remaining_time seconds (" . get_time_from_epoch($remaining_time) . ")\n"); - out("Time Since Inactive: -\n"); - } - } - } - } - out("Entry State: $state\n\n"); -} - -# -# Just strip any unneeded spaces from the DN -# -sub normalizeDN -{ - my $entry = shift; - my $result = ""; - my $part = ""; - - @suffix=split /([,])/,$entry; - $result=""; - foreach $part (@suffix){ - $part =~ s/^\s+|\s+$//g; - $part=~ tr/A-Z/a-z/; - $result="$result$part"; - } - return $result; -} - -# -# Get the suffix from the entry -# -sub getSuffix -{ - my $entry = shift; - my $cont = 0; - my @suffixN = normalizeDN($entry); - my @suffix = split /([,])/,$entry; - - while ($cont == 0){ - # Look if suffix is the suffix of the entry - # ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,dc=example,dc=com\"" - # - my $filter = normalizeDN("@suffix"); - - debug("\tSuffix from the entry: #@suffixN#\n"); - $info{base} = "cn=mapping tree, cn=config"; - $info{filter} = "cn=$filter"; - $info{scope} = "one"; - $info{attrs} = "cn"; - @mapping = DSUtil::ldapsrch_ext(%info); - my $retCode = $?; - if ( $retCode != 0 ){ - $retCode = $?>>8; - exit $retCode; - } - - # If we get a result, remove the dn: - # dn: cn="o=sun.com",cn=mapping tree,cn=config - # cn: "dc=example,dc=com" - # - shift @mapping; - - foreach $res (@mapping){ - # Break the string cn: "o=sun.com" into pieces - @cn = split(/ /,$res); - - # And remove the cn: part - shift @cn; - - # Now compare the suffix we extract from the mapping tree - # with the suffix derived from the entry - debug("\tSuffix from mapping tree: #@cn#\n"); - if ( @cn eq @suffixN ){ - debug("Found matching suffix\n"); - $cont = 1; - } - } - - if ( $cont == 0 ){ - # Remove the current rdn to try another suffix - shift @suffix; - - my $result=""; - foreach $part (@suffix){ - $part =~ s/^ +//; - $part =~ tr/A-Z/a-z/; - $result = "$result$part"; - } - @suffixN = $result; - - debug("\t\tNothing found => go up one level in rdn #@suffix#\n"); - $len = @suffix; - if ( $len == 0 ){ - debug("Can not find suffix. Problem\n"); - $cont=2; - } - } - } # while cont = 0 - if ( $cont == 2){ - out("Can not find suffix for entry $entry\n"); - exit 100; - } - return @suffixN -} - -############################### -# MAIN ROUTINE -############################### - - -my $state="activated"; -my $acct_policy_enabled; -my $stateattr; -my $altstateattr; -my $limit; -my $filter = 0; -my $basedn = 0; -my $scope = "sub"; -my $keep_processing = 0; -my $only_inactive = 0; -my $inactive_timeframe = 0; -my @entries; - -# Process the command line arguments -while( $arg = shift){ - if($arg eq "-?"){ - usage(); - exit 0; - } elsif($arg eq "-D"){ - $rootdn= shift @ARGV; - } elsif($arg eq "-w"){ - $rootpw= shift @ARGV; - } elsif($arg eq "-j"){ - $pwfile= shift @ARGV; - } elsif($arg eq "-p"){ - $port= shift @ARGV; - } elsif($arg eq "-h"){ - $host= shift @ARGV; - } elsif($arg eq "-I"){ - $entry= shift @ARGV; - } elsif($arg eq "-Z"){ - $servid= shift @ARGV; - } elsif($arg eq "-b"){ - $basedn= shift @ARGV; - } elsif($arg eq "-s"){ - $scope= shift @ARGV; - } elsif($arg eq "-f"){ - $filter= shift @ARGV; - } elsif($arg eq "-i"){ - $only_inactive = 1; - } elsif($arg eq "-g"){ - $inactive_timeframe = shift @ARGV; - } elsif($arg eq "-V"){ - $verbose = 1; - } elsif ($arg eq "-P") { - $protocol = shift @ARGV; - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - usage(); - exit 1 - } -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($rootpw, $pwfile); -$info{protocol} = $protocol; -$info{args} = "-c -a"; -if($entry eq "" and (!$basedn or !$filter)){ - usage(); - exit 1; -} - -# -# Check if we have a filter, and gather the dn's -# -if ($basedn && $filter){ - $info{base} = $basedn; - $info{filter} = $filter; - $info{scope} = $scope; - $info{attrs} = "dn"; - - @users=DSUtil::ldapsrch_ext(%info); - $retCode1=$?; - if ( $retCode1 != 0 ){ - $retCode1=$?>>8; - exit $retCode1; - } - my $i = 0; - my $c = 0; - while($#users > 0 && $users[$i]){ - if($users[$i] =~ /^dn: (.*)/i){ - $entries[$c] = $1; - $c++; - } - $i++; - } - if ($c > 1){ - # Mark that we are processing multiple entries - $keep_processing = 1; - } -} else { - # Single entry - # - # Check the actual existence of the entry - # and at the same time, validate the various - # parm: port, host, rootdn, rootpw - # - $info{base} = $entry; - $info{filter} = "(objectclass=*)"; - $info{scope} = "base"; - $info{attrs} = "dn"; - @exist=DSUtil::ldapsrch_ext(%info); - $retCode1=$?; - if ( $retCode1 != 0 ){ - $retCode1=$?>>8; - exit $retCode1; - } - $entries[0] = $entry; -} - -for(my $i = 0; $i <= $#entries; $i++){ - # - # Process each entry - # - $entry = $entries[$i]; - - # - # Determine if we are deadling with a entry or a role - # - $info{base} = $entry; - $info{filter} = "(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))"; - @isRole = DSUtil::ldapsrch_ext(%info); - $nbLineRole=@isRole; - $retCode2=$?; - if ( $retCode2 != 0 ){ - $retCode2=$?>>8; - exit $retCode2; - } - - if ( $nbLineRole > 0 ){ - debug("Groups of users\n"); - $role=1; - } else { - debug("Single user\n"); - $single=1; - } - - # - # Gather the Account Policy Plugin information (if available) - # - ($acct_policy_enabled, $stateattr, $altstateattr, $limit) = getAcctPolicy(\%info, $entry); - - # - # First of all, check the existence of the nsaccountlock attribute in the entry - # - $isLocked = 0; - my $lastlogintime = ""; - my $altlogintime = ""; - my $createtime = ""; - my $modifytime = ""; - - if ( $single == 1 ){ - $info{filter} = "(objectclass=*)"; - $info{attrs} = "nsaccountlock lastLoginTime createtimestamp modifytimestamp"; - $info{scope} = "base"; - $searchAccountLock= DSUtil::ldapsrch(%info); - open (LDAP1, "$searchAccountLock |"); - while () { - s/\n //g; - if (/^nsaccountlock: (.*)\n/i) { - $L_currentvalue = $1; - $L_currentvalue=~ tr/A-Z/a-z/; - if ( $L_currentvalue eq "true"){ - $isLocked=1; - } elsif ( $L_currentvalue eq "false" ){ - $isLocked=0; - } - } - if (/^$stateattr: (.*)\n/i) { - $lastlogintime = $1; - } - if (/^$altstateattr: (.*)\n/i) { - $altlogintime = $1; - } - if (/^createtimestamp: (.*)\n/i) { - $createtime = $1; - } - if (/^modifyTimeStamp: (.*)\n/i) { - $modifytime = $1; - } - } - close(LDAP1); - - if($lastlogintime eq ""){ - $lastlogintime = $altlogintime; - } - } - debug("Is the entry already locked? ==> $isLocked\n"); - - # - # Get the suffix of the entry - # - @suffixN = getSuffix($entry); - - $skipManaged = $single; - $skipDisabled = $role; - $directLocked = 0; - $nsDisabledRole = "cn=nsDisabledRole,@suffixN"; - $nsDisabledRole =~ tr/A-Z/a-z/; - $nsManagedDisabledRole = "cn=nsManagedDisabledRole,@suffixN"; - $nsManagedDisabledRole =~ tr/A-Z/a-z/; - - $ret = indirectLock("LDAP00", $entry, $nsDisabledRole); - if ( $ret == 0 && $inactive_timeframe == 0){ - # indirectly locked - if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole ){ - if ($verbose){ - printVerbose(\%info, "@suffixN", $entry, $createtime, - $modifytime, $lastlogintime, - "inactivated (indirectly through role: $throughRole)", $limit, - $acct_policy_enabled); - } else { - out("$entry - inactivated (indirectly through role: $throughRole).\n"); - } - if($keep_processing){ - next; - } - exit 104; - } - debug("$entry locked individually\n"); - if ($verbose){ - printVerbose(\%info, "@suffixN", $entry, $createtime, - $modifytime, $lastlogintime, "inactivated (directly locked)", $limit, - $acct_policy_enabled); - } else { - out("$entry - inactivated (directly locked).\n"); - } - if($keep_processing){ - next; - } - exit 103; - } elsif ( $directLocked == 0 ){ - if ( $isLocked != 1 ){ - # - # We are not locked by account lockout, but we could be locked by - # the Account Policy Plugin (inactivity) - # - if($acct_policy_enabled && $lastlogintime ne ""){ - # - # Now check the Acount Policy Plugin inactivity limits - # - if(checkForInactivity($lastlogintime, $limit)){ - if ($inactive_timeframe > 0){ - # We are only looking for active entries that are about to expire - next; - } - # Account is inactive by inactivity! - if($verbose){ - printVerbose(\%info, "@suffixN", $entry, $createtime, - $modifytime, $lastlogintime, - "inactivated (inactivity limit exceeded)", - $limit, $acct_policy_enabled); - } else { - out("$entry - inactivated (inactivity limit exceeded).\n"); - } - if($keep_processing){ - next; - } - exit 103; - } elsif (checkForUpcomingInactivity($lastlogintime, $limit, $inactive_timeframe)){ - if($verbose){ - printVerbose(\%info, "@suffixN", $entry, $createtime, - $modifytime, $lastlogintime, - "activated", - $limit, $acct_policy_enabled); - } else { - out("$entry - activated\n"); - } - if($keep_processing){ - next; - } - exit 0; - } - } - if(!$only_inactive and $inactive_timeframe == 0){ - if($verbose){ - printVerbose(\%info, "@suffixN", $entry, $createtime, - $modifytime, $lastlogintime, $state, $limit, - $acct_policy_enabled); - } else { - out("$entry - $state.\n"); - } - } - if($keep_processing){ - next; - } - exit 102; - } else { - # not locked using our schema, but nsaccountlock is probably present - if ($inactive_timeframe > 0){ - # We are only looking for active entries that are about to expire, - # so move on to the next entry - next; - } - if($verbose){ - printVerbose(\%info, "@suffixN", $entry, $createtime, - $modifytime, $lastlogintime, - "inactivated (probably directly)", $limit, - $acct_policy_enabled); - } else { - out("$entry - inactivated (probably directly).\n"); - } - if($keep_processing){ - next; - } - exit 103; - } - } else { - if ($inactive_timeframe > 0){ - # We are only looking for active entries that are about to expire - next; - } - if($verbose){ - printVerbose(\%info, "@suffixN", $entry, $createtime, - $modifytime, $lastlogintime, "inactivated (directly locked)", $limit, - $acct_policy_enabled); - } else { - out("$entry - inactivated (directly locked).\n"); - } - if($keep_processing){ - next; - } - exit 103; - } -} diff --git a/ldap/admin/src/scripts/ns-activate.pl.in b/ldap/admin/src/scripts/ns-activate.pl.in deleted file mode 100644 index 4188d05..0000000 --- a/ldap/admin/src/scripts/ns-activate.pl.in +++ /dev/null @@ -1,749 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2016 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; -use Time::Local; -use POSIX qw(strftime); - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -my $single = 0; -my $role = 0; - -############################### -# SUB-ROUTINES -############################### - -sub usage -{ - print (STDERR "ns-activate.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n"); - print (STDERR " [-p port] [-h host] [-P protocol] -I DN-to-activate\n\n"); - print (STDERR "May be used to activate a user or a domain of users\n\n"); - print (STDERR "Arguments:\n"); - print (STDERR " -? - Display usage\n"); - print (STDERR " -D rootdn - Provide a Directory Manager DN\n"); - print (STDERR " -w password - Provide a password for the Directory Manager DN\n"); - print (STDERR " -w - - Prompt for the Directory Manager's password\n"); - print (STDERR " -Z serverID - Server instance identifier\n"); - print (STDERR " -j filename - Read the Directory Manager's password from file\n"); - print (STDERR " -p port - Provide a port\n"); - print (STDERR " -h host - Provide a host name'\n"); - print (STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print (STDERR " -I DN-to-activate - Single entry DN or role DN to activate\n"); -} - -sub debug -{ -# print " ==> @_"; -} - -sub out -{ - print "@_"; -} - -# -------------------------- -# Check if the entry is part of a locked role: -# i.e.: for each role member (nsroledn) of nsdisabledrole, check if -# * it is the same as the entry -# * the entry is member of role (==has nsroledn attributes), compare each of -# them with the nsroledn of nsdisabledrole -# * if nsroledn of nsdisabledrole are complex, go through each of them -# argv[0] is the local file handler -# argv[1] is the entry (may be a single entry DN or a role DN) -# argv[2] is the base for the search -# -------------------------- - -$throughRole=""; - -sub indirectLock -{ - # For recursivity, file handler must be local - my $L_filehandle=$_[0]; - $L_filehandle++; - - my $L_entry=$_[1]; - # Remove useless space - my @L_intern=split /([,])/,$L_entry; - my $L_result=""; - foreach $L_part (@L_intern){ - $L_part=~s/^ +//; - $L_part=~ tr/A-Z/a-z/; - $L_result="$L_result$L_part"; - } - $L_entry=$L_result; - - my $L_base=$_[2]; - my $L_search; - my $L_currentrole; - my $L_retCode; - my $L_local; - - $info{base} = $L_base; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $info{scope} = "base"; - $info{attrs} = "nsroledn"; - $info{redirect} = ">> /dev/null 2>&1"; - DSUtil::ldapsrch_ext(%info); - $info{redirect} = ""; - $retCode=$?; - if ( $retCode != 0 ){ - $retCode=$?>>8; - return 1; - } - - # Check if the role is a nested role - $info{filter} = "(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))"; - $info{attrs} = ""; - @L_Nested=DSUtil::ldapsrch(%info); - # L_isNested == 1 means that we are going through a nested role, so for each member of that - # nested role, check that the member is below the scope of the nested - $L_isNested=@L_Nested; - - # Not Direct Lock, Go through roles if any - $info{attrs} = "nsroledn"; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $L_search=DSUtil::ldapsrch(%info); - - debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n"); - - unless (open ($L_filehandle, "$L_search |")){ - out("Can't open file $L_filehandle\n"); - exit; - } - while (<$L_filehandle>) { - s/\n //g; - if (/^nsroledn: (.*)\n/) { - $L_currentrole = $1; - - # Remove useless space - my @L_intern=split /([,])/,$L_currentrole; - my $L_result=""; - foreach $L_part (@L_intern){ - $L_part=~s/^ +//; - $L_part=~ tr/A-Z/a-z/; - $L_result="$L_result$L_part"; - } - $L_currentrole=$L_result; - - debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n"); - if ( $L_isNested == 1 ){ - if ( checkScope($L_currentrole, $L_base) == 0 ){ - # Scope problem probably a bad conf, skip the currentrole - next; - } - } - - if ( $L_currentrole eq $L_entry ){ - # the entry is a role that is directly locked - # i.e, nsroledn of nsdisabledrole contains the entry - $throughRole=$L_base; - $throughRole=~ tr/A-Z/a-z/; - - # skipDisabled means that we've just found that the entry (which is a role) - # is locked directly (==its DN is part of nsroledn attributes) - # we just want to know now, if it is locked through another role - # at least, one - if ( $skipDisabled == 1 ){ - # direct inactivation - $directLocked=1; - # just go through that test once - $skipDisabled=0; - next; - } - debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n"); - return 0; - } - - $L_retCode=memberOf($L_currentrole, $L_entry); - if ( $L_retCode == 0 && $single == 1 ){ - $throughRole=$L_currentrole; - $throughRole=~ tr/A-Z/a-z/; - if ( $skipManaged == 1 ){ - if ( $L_currentrole eq $nsManagedDisabledRole){ - # Try next nsroledn - $directLocked=1; - $skipManaged=0; - next; - } - } - debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n"); - return 0; - } - - # Only for the first iteration - # the first iteration is with nsdisabledrole as base, other - # loops are deeper - $L_local=$skipDisabled; - $skipDisabled=0; - - # the current nsroledn may be a complex role, just go through - # its won nsroledn - $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole); - - # Because of recursivity, to keep the initial value for the first level - $skipDisabled=$L_local; - - if ( $L_retCode == 0 ){ - $throughRole=$L_currentrole; - $throughRole=~ tr/A-Z/a-z/; - debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n"); - return 0; - } - } - } - - close($L_filehandle); - - debug("\t<--indirectLock: no more nsroledn to process\n"); - return 1; -} - -# -------------------------- -# Check if nsroledn is part of the entry attributes -# argv[0] is a role DN (nsroledn attribute) -# argv[1] is the entry -# -------------------------- -sub memberOf -{ - my $L_nsroledn=$_[0]; - $L_nsroledn=~ tr/A-Z/a-z/; - my $L_entry=$_[1]; - my $L_search; - my $L_currentrole; - - $info{base} = $L_entry; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $info{scope} = "base"; - $info{attrs} = "nsrole"; - $L_search = DSUtil::ldapsrch(%info); - - debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n"); - - open (LDAP2, "$L_search |"); - while () { - s/\n //g; - if (/^nsrole: (.*)\n/) { - $L_currentrole = $1; - $L_currentrole=~ tr/A-Z/a-z/; - if ( $L_currentrole eq $L_nsroledn ){ - # the parm is part of the $L_entry nsroledn - debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n"); - return 0; - } - } - } - close(LDAP2); - - # the parm is not part of the $L_entry nsroledn - debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n"); - return 1; -} - - -# -------------------------- -# Remove the rdn of a DN -# argv[0] is a DN -# -------------------------- -sub removeRdn -{ - $L_entry=$_[0]; - - @L_entryToTest=split /([,])/,$L_entry; - debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n"); - - $newDN=""; - $removeRDN=1; - foreach $part (@L_entryToTest){ - $part=~ s/^ +//; - $part=~ tr/A-Z/a-z/; - if ( $removeRDN <= 2 ){ - $removeRDN=$removeRDN+1; - } else { - $newDN="$newDN$part"; - } - } - - debug("removeRdn: new DN **$newDN**\n"); -} - -# -------------------------- -# Check if L_current is below the scope of -# L_nestedRole -# argv[0] is a role -# argv[1] is the nested role -# -------------------------- -sub checkScope -{ - $L_current=$_[0]; - $L_nestedRole=$_[1]; - - debug("checkScope: check if $L_current is below $L_nestedRole\n"); - - removeRdn($L_nestedRole); - $L_nestedRoleSuffix=$newDN; - debug("checkScope: nested role based: $L_nestedRoleSuffix\n"); - - $cont=1; - while ( ($cont == 1) && ($L_current ne "") ){ - removeRdn($L_current); - $currentDn=$newDN; - debug("checkScope: current DN to check: $currentDn\n"); - - if ( $currentDn eq $L_nestedRoleSuffix ){ - debug("checkScope: DN match!!!\n"); - $cont = 0; - } else { - $L_current=$currentDn; - } - } - - if ( $cont == 1 ){ - debug("checkScope: $_[0] and $_[1] are not compatible\n"); - return 0; - } else { - debug("checkScope: $_[0] and $_[1] are compatible\n"); - return 1; - } -} - -# -# Check if an account is locked by inactivity -# Take the lastlogintime (which is in Generalized Time), and convert it to its -# EPOCH time. Then compare this to the current time and the inactivity limit -# -sub checkForInactivity -{ - my $gentime_lastlogin = shift; - my $limit = shift; - - if ($limit == 0){ - return 0; - } - my ($year, $mon, $day, $hour, $min, $sec) = - ($gentime_lastlogin =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); - my $lastlogin = timegm($sec, $min, $hour, $day, ($mon-1), $year); # EPOCH time - my $now = time(); # EPOCH time - - if (($now - $lastlogin) > $limit){ - # Account has be inactive for too long - return 1; - } - # Account is fine and active - return 0; -} - -# -# Return various components of the acct policy -# -sub getAcctPolicy -{ - my %srch = %{$_[0]}; - my $entry = $_[1]; - - my $enabled = 0; - my $stateattr = 0; - my $altstateattr = 0; - my $cosspecattr = 0; - my $limitattr = 0; - my $limit = 0; - my $configentry = 0; - my $templateDN = ""; - - $srch{base} = "cn=Account Policy Plugin,cn=plugins,cn=config"; - $srch{filter} = "(&(objectclass=top)(nsslapd-pluginarg0=*))"; - $srch{scope} = "base"; - $srch{attrs} = "nsslapd-pluginEnabled nsslapd-pluginarg0"; - - # - # Get the main plugin entry - # - $searchAccPolicy = DSUtil::ldapsrch(%srch); - open (LDAP1, "$searchAccPolicy |"); - while () { - s/\n //g; - if( /^nsslapd-pluginenabled: on/i) { - $enabled = 1; - } elsif (/^nsslapd-pluginarg0: (.*)/i) { - $configentry = $1; - } - } - close(LDAP1); - - if ($enabled == 0){ - # Not using acct policy plugin, no reason to continue. - return (0, 0, 0, 0); - } - - # - # Get the plugin config entry - # - $srch{base} = $configentry; - $srch{filter} = "(objectclass=top)"; - $srch{scope} = "base"; - $srch{attrs} = "stateattrname altstateattrname specattrname limitattrname"; - $searchAccPolicy = DSUtil::ldapsrch(%srch); - open (LDAP1, "$searchAccPolicy |"); - while () { - s/\n //g; - if( /^stateattrname: (.*)/i) { - $stateattr = $1; - } elsif (/^altstateattrname: (.*)/i) { - $altstateattr = $1; - } elsif (/^specattrname: (.*)/i) { - $cosspecattr = $1; - } elsif (/^limitattrname: (.*)/i) { - $limitattr = $1; - } - } - close(LDAP1); - - # - # Now, get the DN for the cos template from the entry - # - $srch{base} = $entry; - $srch{filter} = "(objectclass=*)"; - $srch{scope} = "base"; - $srch{attrs} = "$cosspecattr"; - $searchAccPolicy= DSUtil::ldapsrch(%srch); - open (LDAP1, "$searchAccPolicy |"); - while () { - s/\n //g; - if (/^$cosspecattr: (.*)/i){ - $templateDN = $1; - } - } - close(LDAP1); - - # - # Get the inactivity limit from the template] - # - $srch{base} = $templateDN; - $srch{filter} = "($limitattr=*)"; - $srch{scope} = "base"; - $srch{attrs} = "$limitattr"; - my @result = DSUtil::ldapsrch_ext(%srch); - if ($#result > 1){ - if ($result[1] =~ /^$limitattr: *([0-9]+)/i){ - $limit = $1; - } - } - - return ($enabled, $stateattr, $altstateattr, $limit); -} - -############################### -# MAIN ROUTINE -############################### - -# Generated variable - -my $state="activated"; -my $already="already"; -my $acct_policy_enabled; -my $stateattr; -my $altstateattr; -my $limit; - -# Process the command line arguments -while( $arg = shift) -{ - if($arg eq "-?"){ - usage(); - exit(0); - } elsif($arg eq "-D"){ - $rootdn = shift @ARGV; - } elsif($arg eq "-w"){ - $rootpw = shift @ARGV; - } elsif($arg eq "-j"){ - $pwfile = shift @ARGV; - } elsif($arg eq "-p"){ - $port = shift @ARGV; - } elsif($arg eq "-h"){ - $host = shift @ARGV; - } elsif($arg eq "-I"){ - $entry = shift @ARGV; - } elsif($arg eq "-Z"){ - $servid = shift @ARGV; - } elsif ($arg eq "-P") { - $protocol = shift @ARGV; - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - usage(); - exit(1); - } -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($rootpw, $pwfile); -$info{protocol} = $protocol; -$info{args} = "-c"; -if($entry eq ""){ - usage(); - exit 1; -} - -# -# Gather the Account Ppoliy PLugin information(if available) -# -($acct_policy_enabled, $stateattr, $altstateattr, $limit) = getAcctPolicy(\%info, $entry); - -# -# Check the actual existence of the entry to inactivate/activate -# and at the same time, validate the various parm: port, host, rootdn, rootpw -# -$info{base} = $entry; -$info{filter} = "(objectclass=*)"; -$info{scope} = "base"; -$info{attrs} = "dn"; -@exist=DSUtil::ldapsrch_ext(%info); -$retCode1=$?; -if ( $retCode1 != 0 ){ - $retCode1=$?>>8; - exit $retCode1; -} - -$info{filter} = "(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))"; -@isRole = DSUtil::ldapsrch_ext(%info); -$nbLineRole=@isRole; -$retCode2=$?; -if ( $retCode2 != 0 ){ - $retCode2=$?>>8; - exit $retCode2; -} - -if ( $nbLineRole > 0 ){ - debug("Groups of users\n"); - $role=1; -} else { - debug("Single user\n"); - $single=1; -} - -# -# First of all, check the existence of the nsaccountlock attribute in the entry -# -$isLocked=0; -my $lastlogintime = ""; -my $altlogintime = ""; - -if ( $single == 1 ){ - $info{filter} = "(objectclass=*)"; - $info{attrs} = "nsaccountlock $stateattr $altstateattr"; - $searchAccountLock= DSUtil::ldapsrch(%info); - open (LDAP1, "$searchAccountLock |"); - while () { - s/\n //g; - if (/^nsaccountlock: (.*)\n/i) { - $L_currentvalue = $1; - $L_currentvalue=~ tr/A-Z/a-z/; - if ( $L_currentvalue eq "true"){ - $isLocked=1; - } elsif ( $L_currentvalue eq "false" ){ - $isLocked=0; - } - } elsif (/^$stateattr: (.*)\n/i) { - $lastlogintime = $1; - } elsif (/^$altstateattr: (.*)\n/i) { - $altlogintime = $1; - } - } - close(LDAP1); -} -debug("Is the entry already locked? ==> $isLocked\n"); - -# -# Get the suffix name of that entry -# - -# Remove the space at the beginning (just in case...) -# -I "uid=jvedder , ou=People , o=sun.com" -@suffix=split /([,])/,$entry; -$result=""; -foreach $part (@suffix){ - $part=~s/^ +//; - $part=~ tr/A-Z/a-z/; - $result="$result$part"; -} -@suffixN=$result; - -debug("Entry to activate: #@suffix#\n"); -debug("Entry to activate: #@suffixN#\n"); - -# Get the suffix -$cont=0; -while ($cont == 0){ - # Look if suffix is the suffix of the entry - # ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\"" - # - debug("\tSuffix from the entry: #@suffixN#\n"); - $info{base} = "cn=mapping tree, cn=config"; - $info{filter} = "cn=\"@suffixN\""; - $info{scope} = "one"; - $info{attrs} = "cn"; - @mapping = DSUtil::ldapsrch_ext(%info); - $retCode=$?; - if ( $retCode != 0 ){ - $retCode=$?>>8; - exit $retCode; - } - - # If we get a result, remove the dn: - # dn: cn="o=sun.com",cn=mapping tree,cn=config - # cn: "o=sun.com" - # - shift @mapping; - - foreach $res (@mapping){ - # Break the string cn: "o=sun.com" into pieces - @cn= split(/ /,$res); - - # And remove the cn: part - shift @cn; - - # Now compare the suffix we extract from the mapping tree - # with the suffix derived from the entry - debug("\tSuffix from mapping tree: #@cn#\n"); - if ( @cn eq @suffixN ) { - debug("Found matching suffix\n"); - $cont=1; - } - } - - if ( $cont == 0 ){ - # Remove the current rdn to try another suffix - shift @suffix; - - $result=""; - foreach $part (@suffix){ - $part=~ s/^ +//; - $part=~ tr/A-Z/a-z/; - $result="$result$part"; - } - @suffixN=$result; - - debug("\t\tNothing found => go up one level in rdn #@suffix#\n"); - $len=@suffix; - if ( $len == 0 ){ - debug("Can not find suffix. Problem\n"); - $cont=2; - } - } -} -if ( $cont == 2){ - out("Can not find suffix for entry $entry\n"); - exit 100; -} - -$skipManaged=0; -$skipDisabled=0; -$directLocked=0; -$inactiveLocked = 0; -$nsDisabledRole="cn=nsDisabledRole,@suffixN"; -$nsDisabledRole=~ tr/A-Z/a-z/; -$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN"; -$nsManagedDisabledRole=~ tr/A-Z/a-z/; -$skipManaged=$single; -$skipDisabled=$role; - -$ret = indirectLock("LDAP00",$entry, $nsDisabledRole); -if ( $ret == 0 ){ - # indirectly locked - if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole ){ - out("$entry inactivated through $throughRole. Can not activate it individually.\n"); - exit 100; - } - debug("$entry locked individually\n"); -} elsif ( $directLocked == 0 ){ - if ( $isLocked != 1 ){ - # The user is not "inactivated", but we need to check for account - # inactivity before saying the account is actually active - if($acct_policy_enabled){ - # - # Now check the Acount Policy Plugin inactivity limits - # - my $logintime; - if ($lastlogintime ne ""){ - $logintime = $lastlogintime; - } else { - $logintime = $altlogintime; - } - if(checkForInactivity($logintime, $limit) == 0){ - # The user truly is active - out("$entry $already $state.\n"); - exit 100; - } - $inactiveLocked = 1; - } - } -} -# else Locked directly, just unlock it! -debug("$entry locked individually\n"); - -if($inactiveLocked == 0 and $acct_policy_enabled){ - # - # Now check the Acount Policy Plugin inactivity limits - # - my $logintime; - if ($lastlogintime ne ""){ - $logintime = $lastlogintime; - } else { - $logintime = $altlogintime; - } - if(checkForInactivity($logintime, $limit)){ - $inactiveLocked = 1; - } -} - -# -# Activate the entry -# -if ( $single == 1 ){ - $record = "dn: $entry\n" . "changetype: modify\n"; - if ($isLocked or $directLocked){ - # Remove the role - $record = $record . "delete: nsRoleDN\n" . "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n-\n"; - } - if ($inactiveLocked) { - # Reset the lastlogintime to active the user - my $newlogintime = strftime "%Y%m%d%H%M%SZ", gmtime; - $record = $record . "replace: lastlogintime\n" . "lastlogintime: " . $newlogintime . "\n"; - } -} else { - $record = "dn: cn=nsDisabledRole,@suffixN\n" . "changetype: modify\n" . "delete: nsRoleDN\n" . "nsRoleDN: $entry\n"; -} - -$info{args} = "-c"; -$info{redirect} = "> /dev/null 2>&1"; -DSUtil::ldapmod($record, %info); -if( $? != 0 ){ - debug("delete, $entry\n"); - $retCode=$?>>8; - if ($retCode == "16") { # Error 16 (no such attr) - already activated - out("$entry already $state.\n"); - exit 100; - } else { - out("Failed to activate $entry, error $retCode\n"); - exit $retCode; - } -} - -out("$entry $state.\n"); -exit 0; diff --git a/ldap/admin/src/scripts/ns-inactivate.pl.in b/ldap/admin/src/scripts/ns-inactivate.pl.in deleted file mode 100644 index eea1228..0000000 --- a/ldap/admin/src/scripts/ns-inactivate.pl.in +++ /dev/null @@ -1,625 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; -use File::Spec; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$single = 0; -$role = 0; - -############################### -# SUB-ROUTINES -############################### - -sub usage -{ - print (STDERR "ns-inactivate.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \n"); - print (STDERR " [-p port] [-h host] [-P] -I DN-to-inactivate\n\n"); - print (STDERR "May be used to $operation a user or a domain of users\n\n"); - print (STDERR "Arguments:\n"); - print (STDERR " -? - Display usage\n"); - print (STDERR " -D rootdn - Provide a Directory Manager DN\n"); - print (STDERR " -w password - Provide a password for the Directory Manager DN\n"); - print (STDERR " -w - - Prompt for the Directory Manager's password\n"); - print (STDERR " -Z serverID - Server instance identifier\n"); - print (STDERR " -j filename - Read the Directory Manager's password from file\n"); - print (STDERR " -p port - Provide a port\n"); - print (STDERR " -h host - Provide a host name\n"); - print (STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print (STDERR " -I DN-to-inactivate - Single entry DN or role DN to inactivate\n"); -} - -sub debug -{ -# print " ==> @_"; -} - -sub out -{ - print "@_"; -} - -# -------------------------- -# Check if the entry is part of a locked role: -# i.e.: for each role member (nsroledn) of nsdisabledrole, check if -# * it is the same as the entry -# * the entry is member of role (==has nsroledn attributes), compare each of -# them with the nsroledn of nsdisabledrole -# * if nsroledn of nsdisabledrole are complex, go through each of them -# argv[0] is the local file handler -# argv[1] is the entry (may be a single entry DN or a role DN) -# argv[2] is the base for the search -# -------------------------- - -$throughRole=""; - -sub indirectLock -{ - # For recursivity, file handler must be local - my $L_filehandle=$_[0]; - $L_filehandle++; - - my $L_entry=$_[1]; - # Remove useless space - my @L_intern=split /([,])/,$L_entry; - my $L_result=""; - foreach $L_part (@L_intern){ - $L_part=~s/^ +//; - $L_part=~ tr/A-Z/a-z/; - $L_result="$L_result$L_part"; - } - $L_entry=$L_result; - - my $L_base=$_[2]; - my $L_search; - my $L_currentrole; - my $L_retCode; - my $L_local; - - $info{base} = $L_base; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $info{scope} = "base"; - $info{attrs} = "nsroledn"; - $info{redirect} = ">> /dev/null 2>&1"; - DSUtil::ldapsrch_ext(%info); - $info{redirect} = ""; - $retCode=$?; - if ( $retCode != 0 ){ - $retCode=$?>>8; - return 1; - } - - # Check if the role is a nested role - $info{filter} = "(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))"; - $info{attrs} = ""; - @L_Nested=DSUtil::ldapsrch(%info); - # L_isNested == 1 means that we are going through a nested role, so for each member of that - # nested role, check that the member is below the scope of the nested - $L_isNested=@L_Nested; - - # Not Direct Lock, Go through roles if any - $info{attrs} = "nsroledn"; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $L_search=DSUtil::ldapsrch(%info); - - debug("\t-->indirectLock: check if $L_entry is part of a locked role from base $L_base\n\n"); - - unless (open ($L_filehandle, "$L_search |")){ - out("Can't open file $L_filehandle\n"); - exit; - } - while (<$L_filehandle>) { - s/\n //g; - if (/^nsroledn: (.*)\n/){ - $L_currentrole = $1; - - # Remove useless space - my @L_intern=split /([,])/,$L_currentrole; - my $L_result=""; - foreach $L_part (@L_intern){ - $L_part=~s/^ +//; - $L_part=~ tr/A-Z/a-z/; - $L_result="$L_result$L_part"; - } - $L_currentrole=$L_result; - - debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base $L_base\n"); - if ( $L_isNested == 1 ){ - if ( checkScope($L_currentrole, $L_base) == 0 ){ - # Scope problem probably a bad conf, skip the currentrole - next; - } - } - - if ( $L_currentrole eq $L_entry ){ - # the entry is a role that is directly locked - # i.e, nsroledn of nsdisabledrole contains the entry - $throughRole=$L_base; - $throughRole=~ tr/A-Z/a-z/; - - # skipDisabled means that we've just found that the entry (which is a role) - # is locked directly (==its DN is part of nsroledn attributes) - # we just want to know now, if it is locked through another role - # at least, one - if ( $skipDisabled == 1 ){ - # direct inactivation - $directLocked=1; - # just go through that test once - $skipDisabled=0; - next; - } - debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == $throughRole\n"); - return 0; - } - - $L_retCode=memberOf($L_currentrole, $L_entry); - if ( $L_retCode == 0 && $single == 1 ){ - $throughRole=$L_currentrole; - $throughRole=~ tr/A-Z/a-z/; - if ( $skipManaged == 1 ){ - if ( $L_currentrole eq $nsManagedDisabledRole){ - # Try next nsroledn - $directLocked=1; - $skipManaged=0; - next; - } - } - debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == $throughRole\n"); - return 0; - } - - # Only for the first iteration - # the first iteration is with nsdisabledrole as base, other - # loops are deeper - $L_local=$skipDisabled; - $skipDisabled=0; - - # the current nsroledn may be a complex role, just go through - # its won nsroledn - $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole); - - # Because of recursivity, to keep the initial value for the first level - $skipDisabled=$L_local; - - if ( $L_retCode == 0 ){ - $throughRole=$L_currentrole; - $throughRole=~ tr/A-Z/a-z/; - debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n"); - return 0; - } - } - } - - close($L_filehandle); - - debug("\t<--indirectLock: no more nsroledn to process\n"); - return 1; -} - -# -------------------------- -# Check if nsroledn is part of the entry attributes -# argv[0] is a role DN (nsroledn attribute) -# argv[1] is the entry -# -------------------------- -sub memberOf -{ - my $L_nsroledn=$_[0]; - $L_nsroledn=~ tr/A-Z/a-z/; - my $L_entry=$_[1]; - my $L_search; - my $L_currentrole; - - $info{base} = $L_entry; - $info{filter} = "(|(objectclass=*)(objectclass=ldapsubentry))"; - $info{scope} = "base"; - $info{attrs} = "nsrole"; - $L_search = DSUtil::ldapsrch(%info); - - debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn attribute\n"); - - open (LDAP2, "$L_search |"); - while () { - s/\n //g; - if (/^nsrole: (.*)\n/) { - $L_currentrole = $1; - $L_currentrole=~ tr/A-Z/a-z/; - if ( $L_currentrole eq $L_nsroledn ){ - # the parm is part of the $L_entry nsroledn - debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n"); - return 0; - } - } - } - close(LDAP2); - - # the parm is not part of the $L_entry nsroledn - debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n"); - return 1; -} - - -# -------------------------- -# Remove the rdn of a DN -# argv[0] is a DN -# -------------------------- -sub removeRdn -{ - $L_entry=$_[0]; - - @L_entryToTest=split /([,])/,$L_entry; - debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n"); - - $newDN=""; - $removeRDN=1; - foreach $part (@L_entryToTest){ - $part=~ s/^ +//; - $part=~ tr/A-Z/a-z/; - if ( $removeRDN <= 2 ){ - $removeRDN=$removeRDN+1; - } else { - $newDN="$newDN$part"; - } - } - - debug("removeRdn: new DN **$newDN**\n"); -} - -# -------------------------- -# Check if L_current is below the scope of -# L_nestedRole -# argv[0] is a role -# argv[1] is the nested role -# -------------------------- -sub checkScope -{ - $L_current=$_[0]; - $L_nestedRole=$_[1]; - - debug("checkScope: check if $L_current is below $L_nestedRole\n"); - - removeRdn($L_nestedRole); - $L_nestedRoleSuffix=$newDN; - debug("checkScope: nested role based: $L_nestedRoleSuffix\n"); - - $cont=1; - while ( ($cont == 1) && ($L_current ne "") ){ - removeRdn($L_current); - $currentDn=$newDN; - debug("checkScope: current DN to check: $currentDn\n"); - - if ( $currentDn eq $L_nestedRoleSuffix ){ - debug("checkScope: DN match!!!\n"); - $cont = 0; - } else { - $L_current=$currentDn; - } - } - - if ( $cont == 1 ){ - debug("checkScope: $_[0] and $_[1] are not compatible\n"); - return 0; - } else { - debug("checkScope: $_[0] and $_[1] are compatible\n"); - return 1; - } -} - - -############################### -# MAIN ROUTINE -############################### - -# Generated variable - -$cmd="ns-inactivate.pl"; -$state="inactivated"; -$modrole="add"; -$already="already"; - -# Process the command line arguments -while( $arg = shift) -{ - if($arg eq "-?"){ - usage(); - exit(0); - } elsif($arg eq "-D"){ - $rootdn = shift @ARGV; - } elsif($arg eq "-w"){ - $rootpw = shift @ARGV; - } elsif($arg eq "-j"){ - $pwfile = shift @ARGV; - } elsif($arg eq "-p"){ - $port = shift @ARGV; - } elsif($arg eq "-h"){ - $host = shift @ARGV; - } elsif($arg eq "-I"){ - $entry = shift @ARGV; - } elsif($arg eq "-Z"){ - $servid = shift @ARGV; - } elsif ($arg eq "-P") { - $protocol = shift @ARGV; - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - usage(); - exit(1); - } -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($rootpw, $pwfile); -$info{protocol} = $protocol; -$info{args} = "-c"; -if($entry eq ""){ - usage(); - exit(1); -} - -# -# Check the actual existence of the entry to inactivate/activate -# and at the same time, validate the various parm: port, host, rootdn, rootpw -# -$info{base} = $entry; -$info{filter} = "(objectclass=*)"; -$info{scope} = "base"; -$info{attrs} = "dn"; -@exist=DSUtil::ldapsrch_ext(%info); -$retCode1=$?; -if ( $retCode1 != 0 ){ - $retCode1=$?>>8; - exit $retCode1; -} - -$info{filter} = "(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))"; -@isRole = DSUtil::ldapsrch_ext(%info); -$nbLineRole=@isRole; -$retCode2=$?; -if ( $retCode2 != 0 ){ - $retCode2=$?>>8; - exit $retCode2; -} - -if ( $nbLineRole > 0 ){ - debug("Groups of users\n"); - $role=1; -} else { - debug("Single user\n"); - $single=1; -} - -# -# First of all, check the existence of the nsaccountlock attribute in the entry -# -$isLocked=0; -if ( $single == 1 ){ - $info{filter} = "(objectclass=*)"; - $info{attrs} = "nsaccountlock"; - $searchAccountLock= DSUtil::ldapsrch(%info); - open (LDAP1, "$searchAccountLock |"); - while () { - s/\n //g; - if (/^nsaccountlock: (.*)\n/) { - $L_currentvalue = $1; - $L_currentvalue=~ tr/A-Z/a-z/; - if ( $L_currentvalue eq "true") - { - $isLocked=1; - } - elsif ( $L_currentvalue eq "false" ) - { - $isLocked=0; - } - } - } - close(LDAP1); -} -debug("Is the entry already locked? ==> $isLocked\n"); - -# -# Get the suffix name of that entry -# - -# Remove the space at the beginning (just in case...) -# -I "uid=jvedder , ou=People , o=sun.com" -@suffix=split /([,])/,$entry; -$result=""; -foreach $part (@suffix){ - $part=~s/^ +//; - $part=~ tr/A-Z/a-z/; - $result="$result$part"; -} -@suffixN=$result; - -debug("Entry to $operation: #@suffix#\n"); -debug("Entry to $operation: #@suffixN#\n"); - -# Get the suffix -$cont=0; -while ($cont == 0){ - # Look if suffix is the suffix of the entry - # ldapsearch -s one -b "cn=mapping tree,cn=config" "cn=\"uid=jvedder,ou=People,o=sun.com\"" - # - debug("\tSuffix from the entry: #@suffixN#\n"); - $info{base} = "cn=mapping tree, cn=config"; - $info{filter} = "cn=\"@suffixN\""; - $info{scope} = "one"; - $info{attrs} = "cn"; - @mapping = DSUtil::ldapsrch_ext(%info); - $retCode=$?; - if ( $retCode != 0 ){ - $retCode=$?>>8; - exit $retCode; - } - - # If we get a result, remove the dn: - # dn: cn="o=sun.com",cn=mapping tree,cn=config - # cn: "o=sun.com" - # - shift @mapping; - - foreach $res (@mapping){ - # Break the string cn: "o=sun.com" into pieces - @cn= split(/ /,$res); - - # And remove the cn: part - shift @cn; - - # Now compare the suffix we extract from the mapping tree - # with the suffix derived from the entry - debug("\tSuffix from mapping tree: #@cn#\n"); - if ( @cn eq @suffixN ) { - debug("Found matching suffix\n"); - $cont=1; - } - } - - if ( $cont == 0 ){ - # Remove the current rdn to try another suffix - shift @suffix; - - $result=""; - foreach $part (@suffix){ - $part=~ s/^ +//; - $part=~ tr/A-Z/a-z/; - $result="$result$part"; - } - @suffixN=$result; - - debug("\t\tNothing found => go up one level in rdn #@suffix#\n"); - $len=@suffix; - if ( $len == 0 ){ - debug("Can not find suffix. Problem\n"); - $cont=2; - } - } -} -if ( $cont == 2){ - out("Can not find suffix for entry $entry\n"); - exit 100; -} - -# -# Now that we have the suffix and we know if we deal with a single entry or -# a role, just try to create the COS and roles associated. -# -$role1="dn: cn=nsManagedDisabledRole,@suffixN\n" . - "objectclass: LDAPsubentry\n" . - "objectclass: nsRoleDefinition\n" . - "objectclass: nsSimpleRoleDefinition\n" . - "objectclass: nsManagedRoleDefinition\n" . - "cn: nsManagedDisabledRole\n\n"; -$role2="dn: cn=nsDisabledRole,@suffixN\n" . - "objectclass: top\n" . - "objectclass: LDAPsubentry\n" . - "objectclass: nsRoleDefinition\n" . - "objectclass: nsComplexRoleDefinition\n" . - "objectclass: nsNestedRoleDefinition\n" . - "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n" . - "cn: nsDisabledRole\n\n"; -$cos1="dn: cn=nsAccountInactivationTmp,@suffixN\n" . - "objectclass: top\n" . - "objectclass: nsContainer\n\n"; -$cos2="dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n" . - "objectclass: top\n" . - "objectclass: extensibleObject\n" . - "objectclass: costemplate\n" . - "objectclass: ldapsubentry\n" . - "cosPriority: 1\n" . - "nsAccountLock: true\n\n"; -$cos3="dn: cn=nsAccountInactivation_cos,@suffixN\n" . - "objectclass: top\n" . - "objectclass: LDAPsubentry\n" . - "objectclass: cosSuperDefinition\n" . - "objectclass: cosClassicDefinition\n" . - "cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n" . - "cosSpecifier: nsRole\n" . - "cosAttribute: nsAccountLock operational\n\n"; -$all=$role1 . $role2 . $cos1 . $cos2 . $cos3; - -# Turn off stderr for now to stop error 68's from printing during the ldapmod -open my $saveout, ">&STDERR"; -open STDERR, '>', File::Spec->devnull(); - -$info{args} = "-c -a"; -DSUtil::ldapmod($all, %info); - -# Turn STDERR back on -open STDERR, ">&", $saveout; - -if ( $? != 0 ){ - $retCode=$?>>8; - if ( $retCode == 68 ){ - debug("Entry already exists, ignore error\n"); - } else { - # Probably a more serious problem. - # Exit with LDAP error - exit $retCode; - } -} else { - debug("Roles/cos entries created\n"); -} - -$skipManaged=0; -$skipDisabled=0; -$directLocked=0; - -$nsDisabledRole="cn=nsDisabledRole,@suffixN"; -$nsDisabledRole=~ tr/A-Z/a-z/; - -$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN"; -$nsManagedDisabledRole=~ tr/A-Z/a-z/; - -# Go through all the roles part of nsdisabledrole to check if the entry -# is a member of one of those roles -$ret = indirectLock("LDAP00", $entry, $nsDisabledRole); -if ( $ret == 0 ){ - if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole ){ - # indirect lock - out("$entry already $state through $throughRole.\n"); - } else { - # direct lock - out("$entry already $state.\n"); - } - exit 100; -} elsif ( $isLocked == 1 ){ - # the entry is not locked through a role, may be nsaccountlock is "hardcoded" ? - out("$entry already $state (probably directly).\n"); - exit 103; -} - -# -# Inactivate the entry -# -if ( $single == 1 ){ - $record = "dn: $entry\n" . "changetype: modify\n" . "$modrole: nsRoleDN\n" . "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n"; -} else { - $record = "dn: cn=nsDisabledRole,@suffixN\n" . "changetype: modify\n" . "$modrole: nsRoleDN\n" . "nsRoleDN: $entry\n"; -} -$info{args} = "-c"; -DSUtil::ldapmod($record, %info); -if( $? != 0 ){ - debug("$modrole, $entry\n"); - $retCode=$?>>8; - exit $retCode; -} - -out("$entry $state.\n"); -exit 0; diff --git a/ldap/admin/src/scripts/ns-newpwpolicy.pl.in b/ldap/admin/src/scripts/ns-newpwpolicy.pl.in deleted file mode 100755 index fd670c4..0000000 --- a/ldap/admin/src/scripts/ns-newpwpolicy.pl.in +++ /dev/null @@ -1,188 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -# enable the use of our bundled perldap with our bundled ldapsdk libraries -# all of this nonsense can be omitted if the mozldapsdk and perldap are -# installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5) - -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); - -# Add new password policy specific entries - -############################################################################# -# enable the use of Perldap functions -require DynaLoader; - -use Getopt::Std; -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(:all); -use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API - -############################################################################# -# Default values of the variables - -$opt_D = ""; -$opt_p = ""; -$opt_h = ""; -$opt_Z = ""; -$opt_v = 0; - -############################################################################# - -sub usage { - print (STDERR "ns-newpwpolicy.pl [-Z serverID] [-v] [-D rootdn] { -w password | -j filename } [-P protocol]\n"); - print (STDERR " [-p port] [-h host] -U UserDN -S SuffixDN\n\n"); - print (STDERR "Arguments:\n"); - print (STDERR " -? - Display usage\n"); - print (STDERR " -Z serverID - Server instance identifier\n"); - print (STDERR " -v - Verbose output\n"); - print (STDERR " -D rootdn - Directory Manager DN\n"); - print (STDERR " -w rootpw - password for the Directory Manager DN\n"); - print (STDERR " -j filename - Read the Directory Manager's password from file\n"); - print (STDERR " -p port - Port\n"); - print (STDERR " -h host - Hostname\n"); - print (STDERR " -U userDN - User entry DN\n"); - print (STDERR " -S suffixDN - Suffix entry DN\n"); - print (STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - exit 1; -} - -# Process the command line arguments -{ - usage() if (!getopts('vD:w:j:p:P:h:U:S:Z:')); - - ($opt_Z, $confdir) = DSUtil::get_server_id($opt_Z, "@instconfigdir@"); - %info = DSUtil::get_info($confdir, $opt_h, $opt_p, $opt_D); - $info{rootdnpw} = $opt_w; - $info{protocol} = $opt_P; - if ($opt_j ne ""){ - die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j)); - $opt_w = ; - $info{rootdnpw} = chomp($opt_w); - close(RPASS); - } - - usage() if( $opt_w eq "" ); - if ($opt_U eq "" && $opt_S eq "") { - print (STDERR "Please provide at least -S or -U option.\n\n"); - } - - # Now, check if the user/group exists - - if ($opt_S) { - my $esc_opt_S = $opt_S; - $esc_opt_S =~ s/,/\\,/g; - $esc_opt_S =~ s/=/\\=/g; - print (STDERR "host = $info{host}, port = $info{port}, suffixDN = \"$opt_S\"\n\n") if $opt_v; - - $container="dn: cn=nsPwPolicyContainer,$opt_S\nobjectclass: top\nobjectclass: nsContainer\n\n"; - $pwpolicy="dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n" . - "objectclass: top\nobjectclass: ldapsubentry\nobjectclass: passwordpolicy\n\n"; - $template="dn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n" . - "objectclass: top\nobjectclass: extensibleObject\nobjectclass: costemplate\n" . - "objectclass: ldapsubentry\ncosPriority: 1\n" . - "pwdpolicysubentry: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n\n"; - $cos="dn: cn=nsPwPolicy_cos,$opt_S\nobjectclass: top\nobjectclass: LDAPsubentry\n" . - "objectclass: cosSuperDefinition\nobjectclass: cosPointerDefinition\n" . - "cosTemplateDn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n" . - "cosAttribute: pwdpolicysubentry default operational-default\n\n"; - $entries = $container . $pwpolicy . $template . $cos; - - $info{args} = "-c -a"; - $retcode = DSUtil::ldapmod($entries, %info); - if ( $retcode != 0 && $retcode != 68 ) { - print( STDERR "Error $retcode while adding pwpolicy entries. Exiting.\n" ); - exit ($retcode); - } else { - print( STDERR "Successfully added pwpolicy entries\n\n") if $opt_v; - } - - $info{args} = ""; - $modConfig = "dn:cn=config\nchangetype: modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n"; - $retcode = DSUtil::ldapmod($modConfig, %info); - if ( $retcode != 0 ) { - print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" ); - exit ($retcode); - } else { - print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v; - } - } # end of $opt_S - - if ($opt_U) { - my $norm_opt_U = normalizeDN($opt_U); - my $esc_opt_U = $norm_opt_U; - $esc_opt_U =~ s/,/\\,/g; - $esc_opt_U =~ s/=/\\=/g; - print (STDERR "host = $info{host}, port = $info{port}, userDN = \"$norm_opt_U\"\n\n") if $opt_v; - $info{base} = $norm_opt_U; - $info{filter} = ""; - $info{scope} = "base"; - $info{attrs} = ""; - $retcode = DSUtil::ldapsrch_ext(%info); - if ($retcode != 0 ) { - print( STDERR "the user entry $norm_opt_U does not exist. Error $retcode\n"); - exit ($retcode); - } - - print( STDERR "the user entry $norm_opt_U found..\n\n") if $opt_v; - - # Now, get the parentDN - @rdns = ldap_explode_dn($norm_opt_U, 0); - shift @rdns; - $parentDN = join(',', @rdns); - - print (STDERR "parentDN is $parentDN\n\n") if $opt_v; - - $info{args} = "-c -a"; - my $containers="dn: cn=nsPwPolicyContainer,$parentDN\n" . - "objectclass: top\n" . - "objectclass: nsContainer\n\n" . - "dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN\n" . - "objectclass: top\n" . - "objectclass: ldapsubentry\nobjectclass: passwordpolicy\n"; - $retcode = DSUtil::ldapmod($containers, %info); - if ( $retcode != 0 && $retcode != 68 ) { - print( STDERR "Error $retcode while adding container entries.\n" ); - exit ($retcode); - } else { - print (STDERR "Container entries added.\n"); - } - - $info{args} = ""; - $target = "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN"; - $modConfig = "dn: $norm_opt_U\nchangetype: modify\nreplace:pwdpolicysubentry\npwdpolicysubentry: $target\n\n"; - $retcode = DSUtil::ldapmod($modConfig, %info); - if ( $retcode != 0 ) { - print( STDERR "Error $retcode while modifing $norm_opt_U. Exiting.\n" ); - exit ($retcode); - } else { - print( STDERR "Entry \"$norm_opt_U\" modified\n\n") if $opt_v; - } - - $modConfig = "dn:cn=config\nchangetype: modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n"; - $retcode = DSUtil::ldapmod($modConfig, %info); - if( $retcode != 0 ) { - print( STDERR "Error $retcode while modifing \"cn=config\"." ); - exit ($retcode); - } else { - print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v; - } - } # end of $opt_U -} diff --git a/ldap/admin/src/scripts/readnsstate.in b/ldap/admin/src/scripts/readnsstate.in deleted file mode 100644 index 2b3c464..0000000 --- a/ldap/admin/src/scripts/readnsstate.in +++ /dev/null @@ -1,100 +0,0 @@ -#!@pythonexec@ - -import sys -from struct import pack, unpack, calcsize -import base64 -import time -from datetime import timedelta - -def flipend(end): - if end == '<': - return '>' - if end == '>': - return '<' - -def printGenState(dn, nsstate, flip): - if pack('h', 1) == pack('=h',1): - print("Big Endian") - end = '>' - if flip: - end = flipend(end) - else: - print("Unknown Endian") - sys.exit(-1) # blow up - print("For replica", dn) - thelen = len(nsstate) - if thelen <= 20: - pad = 2 # padding for short H values - timefmt = 'I' # timevals are unsigned 32-bit int - else: - pad = 6 # padding for short H values - timefmt = 'Q' # timevals are unsigned 64-bit int - - base_fmtstr = "H%dx3%sH%dx" % (pad, timefmt, pad) - print(" fmtstr=[%s]" % base_fmtstr) - print(" size=%d" % calcsize(base_fmtstr)) - print(" len of nsstate is", thelen) - fmtstr = end + base_fmtstr - (rid, sampled_time, local_offset, remote_offset, seq_num) = unpack(fmtstr, nsstate) - now = int(time.time()) - tdiff = now-sampled_time - wrongendian = False - try: - tdelta = timedelta(seconds=tdiff) - wrongendian = tdelta.days > 10*365 - except OverflowError: # int overflow - wrongendian = True - # if the sampled time is more than 20 years off, this is - # probably the wrong endianness - if wrongendian: - print("The difference in days is", tdiff/86400) - print("This is probably the wrong bit-endianness - flipping") - end = flipend(end) - fmtstr = end + base_fmtstr - (rid, sampled_time, local_offset, remote_offset, seq_num) = unpack(fmtstr, nsstate) - tdiff = now-sampled_time - tdelta = timedelta(seconds=tdiff) - print(""" CSN generator state: - Replica ID : %d - Sampled Time : %d - Gen as csn : %08x%04d%04d0000 - Time as str : %s - Local Offset : %d - Remote Offset : %d - Seq. num : %d - System time : %s - Diff in sec. : %d - Day:sec diff : %d:%d -""" % (rid, sampled_time, sampled_time, seq_num, rid, time.ctime(sampled_time), local_offset, - remote_offset, seq_num, time.ctime(now), tdiff, tdelta.days, tdelta.seconds)) - -def main(): - dn = '' - nsstate = '' - if len(sys.argv) < 2: - print("Usage: readnsstate.py /path/to/dse.ldif") - sys.exit(1) - if len(sys.argv) > 2: - flip = True - else: - flip = False - for line in open(sys.argv[1]): - if line.startswith("dn: "): - dn = line[4:].strip() - if line.lower().startswith("nsstate:: ") and dn.startswith("cn=replica"): - b64val = line[10:].strip() - print("nsState is", b64val) - nsstate = base64.decodestring(b64val.encode()) - printGenState(dn, nsstate, flip) - if not nsstate: - print("Error: nsstate not found in file for cn=replica", sys.argv[1]) - sys.exit(1) - -if __name__ == '__main__': - main() - diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in deleted file mode 100755 index 252f3f9..0000000 --- a/ldap/admin/src/scripts/remove-ds.pl.in +++ /dev/null @@ -1,79 +0,0 @@ -#!@perlexec@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use strict; - -use lib qw(@perlpath@); -use Getopt::Long; -use Resource; -use DSCreate qw(removeDSInstance); - -# process command line options -Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd - -my $res = new Resource("@propertydir@/setup-ds.res"); - -sub usage { - print(STDERR "Usage: $0 [-a] [-f] [-d -d ... -d] -i instance\n\n"); - print(STDERR " Opts: -a - remove all\n"); - print(STDERR " -f - force removal\n"); - print(STDERR " -i instance - instance name to remove (e.g. - slapd-example)\n"); - print(STDERR " -d - turn on debugging output\n"); -} - -my $force = ""; -my $instname = ""; -my $initconfig_dir = ""; -my $all = ""; - -GetOptions('help|h|?' => sub { &usage; exit(0); }, - 'debug|d+' => \$DSUtil::debuglevel, - 'instance|i=s' => \$instname, - 'initconfig_dir|c=s' => \$initconfig_dir, - 'force|f' => \$force, - 'all|a' => \$all - ); - -# Make sure the instance name option was provided. -unless ($instname) { - &usage; exit(1); -} - -# Make sure a full instance name was provided. -my ($slapd, $inst) = split(/-/, $instname, 2); -unless ($inst) { - print STDERR "Full instance name must be specified (e.g. - slapd-example)\n"; - exit 1; -} -unless ($slapd eq "slapd") { - print STDERR "Error: Invalid instance name \"$instname\"\n"; - exit 1; -} - -my @errs = removeDSInstance($inst, $force, $all, $initconfig_dir); -if (@errs) { - print STDERR "The following errors occurred during removal:\n"; - for (@errs) { - print STDERR $res->getText($_); - } - print STDERR "Error: could not remove directory server $inst\n"; - exit 1; -} - -# if we got here, report success -print "Instance $instname removed.\n"; -exit 0; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/repl-monitor.pl.in b/ldap/admin/src/scripts/repl-monitor.pl.in deleted file mode 100755 index 17708bd..0000000 --- a/ldap/admin/src/scripts/repl-monitor.pl.in +++ /dev/null @@ -1,1343 +0,0 @@ -#!@perlexec@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -############################################################################## -# -# FILE: repl-monitor.pl -# -# SYNOPSIS: -# repl-monitor.pl [-f configuration-file] [-h host] [-p port] [-r] -# [-c connection] [-a alias] [-k color] [-u refresh-url] -# [-t refresh-interval] [-s] [-W] -# -# repl-monitor.pl -v -# -# DESCRIPTION: -# Given an LDAP replication "supplier" server, crawl over all the ldap -# servers via direct or indirect replication agreements. -# For each master replica discovered, display the maxcsn of the master -# and the replication status of all its lower level replicas. -# All output is in HTML. -# -# OPTIONS: -# -f configuration-file -# The configuration file contains the sections for the connection -# parameters, the server alias, and the thresholds for different colors -# when display the time lags between consumers and master. -# If the Admin Server is running on Windows, the configuration-file -# name may have format "D:/opt/replmon.conf". -# -# The connection parameter section consists of the section name -# followed by one of more connection parameter entries: -# -# [connection] -# host:port:binddn:bindpwd:bindcert -# host:port=shadowport:binddn:bindpwd:bindcert -# ... -# -# where host:port default (*:*) to that in a replication agreement, -# binddn default (*) to "cn=Directory Manager", and bindcert is the -# pathname of cert db if you want the script to connect to the server -# via SSL. If bindcert is omitted, the connection will be simple -# bind. -# "port=shadowport" means to use shadowport instead of port if port -# is specified in the replication agreement. This is useful when -# for example, ssl port is specified in a replication agreement, -# but you can't access the cert db from the machine where this -# script is running. So you could let the script to map the ssl -# port to a non-ssl port and use the simple bind. -# -# A server may have a dedicated or a share entry in the connection -# section. The script will find out the most matched entry for a given -# server. For example, if all the ldap servers except host1 share the -# same binddn and bindpassword, the connection section then just need -# two entries: -# -# [connection] -# *:*:binddn:bindpassword: -# host1:*:binddn:bindpassword: -# -# If a host:port is assigned an alias, then the alias instead of -# host:port will be displayed in The output file. Each host:port -# can have only one alias. But each alias may be used by more than -# one host:port. -# -# [alias] -# alias = host:port -# ... -# -# CSN time lags between masters and consumers might be displayed in -# different colors based on their range. The thresholds for different -# colors may be specified in color section: -# -# [color] -# lowmark (in minutes) = color -# ... -# -# If the color section or color entry is missing, the default color -# set is: green for [0-5) minutes lag, yellow [5-60), and red 60 and more. -# -# The following three options (-c, -a, -k) are used if not providing a -# configuration file: -# -# -c connection -# The connection value is the same as the configuration file value(see above): -# -c "host:port:binddn:bindpwd:bindcert" -# -# -a alias -# The alias value is the same as the configuration file value(see above): -# -a "alias=host:port" -# -# -k color -# The color value is written as "lowmark:color". Where the lowmark is in minutes. -# This option is ignored if printing a plain text report. -# -k "5=#ccffcc" -# -# -h host -# Initial replication supplier's host. Default to the current host. -# -# -p port -# Initial replication supplier's port. Default to 389. -# -# -r If specified, -r causes the routine to be entered without printing -# HTML header information. This is suitable when making multiple calls -# to this routine (e.g. when specifying multiple, different, "unrelated" -# supplier servers) and expecting a single HTML output. -# -# -t refresh-interval -# Specify the refresh interval in seconds. This option has to be -# jointly used with option -u. -# -# -u refresh-url -# The output HTML file may invoke a CGI program periodically. If -# this CGI program in turn calls this script, the effect is that -# the output HTML file would automatically refresh itself. This -# is useful for continuing monitoring. See also option -t. -# -# -s Print output in plain text, instead of HTML. -# -# -W Prompt for connection passwords. -# -# -?, --help -# Print usage. -# -# -v Print out the version of this script -# -# DIAGNOSTICS: -# There are several ways to invoke this script if you got error -# "Can't locate Mozilla/LDAP/Conn.pm in @INC", or -# "usage: Undefined variable": -# -# 0. Prerequisite: NSPR, NSS, Mozilla LDAP C SDK, PerLDAP -# -# 1. Run this perl script via repl-monitor, which sets up LD_LIBRARY_PATH -# $ repl-monitor -# -# 2. If 1 does not work, try invoking this script as follows. -# Assuming contains Mozilla/LDAP: -# perl -I repl-monitor.pl -# -############################################################################# -# enable the use of our bundled perldap with our bundled ldapsdk libraries -# all of this nonsense can be omitted if the mozldapsdk and perldap are -# installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5) -# this script is always invoked by repl-monitor-cgi.pl, which sets all of these -# If using this script standalone, be sure to set the shared lib path and -# the path to the perldap modules. - -use strict; -use warnings; -use lib qw(@perlpath@); - -my $usage = "\nusage: $0 [-f configuration-file | --configfile configuration-file] " . - "[-c connection, --conn connection] [-a alias, --alias alias] [-k color, --color color] " . - "[-h host, --host host] [-p port, --port port] [-r, --skip-header] [-s, --text] " . - "[-u refresh-url, --url refresh-url] [-t refresh-interval, --interval refresh-interval ] " . - "[-W, --prompt] [-?, --help] [-v | --version]\n"; - -use Getopt::Long; # parse command line arguments -use Mozilla::LDAP::Conn; # LDAP module for Perl -use Mozilla::LDAP::Utils qw(normalizeDN); # LULU, utilities. -use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API -use Time::Local; # to convert GMT Z strings to localtime -use POSIX; - -# -# Global variables -# -my $product = "Directory Server Replication Monitor"; -my $version = "Version 1.1"; - -# ldap servers given or discovered from the replication agreements: -my @servers; # = (host:port=shadowport:binddn:password:cert_db) -my $serveridx; - -# entries read from the connection section of the configuration file: -my @allconnections; # = (host:port=shadowport:binddn:password:cert_db) - -# aliases of ldap servers read from the configuration file: -my %allaliases; # = {$host:$port} = (alias) - -# colors -my %allcolors; -my @colorkeys; - -# replicas discovered on all ldap servers -my @allreplicas; # = (server#:replicaroot:replicatype:serverid:replicadn) - -# ruvs retrieved from all replicas -my %allruvs; # = {replica#:masterid} = (rawcsn:decimalcsn;mon/day/year hh:mi:ss) - -# agreements discovered on all ldap supplier servers: -my @allagreements; # = (supplier_replica#:consumer#:conntype:schedule:status) -# the array may take another format after the consumer replicas are located: -# @allagreements; # = (supplier_replica#:consumer_replica#:conntype:schedule:status) - -# agmt maxcsns hash -my %agmtmaxcsn = (); - -# ldap connection hash -my %ld; - -my ($opt_f, $opt_h, $opt_p, $opt_u, $opt_t, $opt_r, $opt_s); -my (@conns, @alias, @color); -my ($section, $interval, $now, $mm, $dd, $tt, $yy, $wday); -my ($fn, $rc, $prompt, $last_sidx); -my $supplierUrl = ""; -my %passwords = (); -my $passwd = ""; -$prompt = ""; - -#main -{ - # turn off buffered I/O - $| = 1; - - # Check for legal options - GetOptions( - 'h|host=s' => \$opt_h, - 'p|port=s' => \$opt_p, - 'f|configfile=s' => \$opt_f, - 'c|conn=s' => \@conns, - 'a|alias=s' => \@alias, - 'k|color=s' => \@color, - 'u|url=s' => \$opt_u, - 't|interval=s' => \$opt_t, - 'W|prompt' => sub { $prompt = "yes"; }, - 'r|skip-header' => sub { $opt_r = "1"; }, - 's|text' => sub {$opt_s = "1"; }, - 'help|?' => sub { print $usage; exit 0;}, - 'v|version' => sub { print "$product - $version\n"; exit 0;} - ) or die "Usage error: $usage\n"; - - exit -1 if &validateArgs < 0; - exit if &read_cfg_file ($opt_f) < 0; - - $interval = $opt_t; - $interval = 300 if ( !$interval || $interval <= 0 ); - - # Get current date/time - $now = strftime "%a %b %e %Y %H:%M:%S", localtime; - - # if no -r (Reenter and skip html header), print html header - if (!$opt_r) { - # print the HTML header - &print_html_header; - } else { - if($opt_s){ - print"\n"; - } else { - # print separator for new replication set - print "

\n"; - } - } - - # Start with the given host and port - # The index names in %ld are defined in Mozilla::LDAP::Utils::ldapArgs() - &set_server_params(); - &add_server ("$ld{host}:$ld{port}:$ld{bind}:$ld{pswd}:$ld{cert}"); - - $serveridx = 0; - while ($serveridx <= $#servers) { - if (&get_replicas ($serveridx) != 0 && $serveridx == 0) { - my ($host, $port, $binddn) = split (/:/, $servers[$serveridx]); - print("Login to $host:$port as \"$binddn\" failed\n"); - exit; - } - $serveridx++; - } - - &find_consumer_replicas; - &process_suppliers; - - # All done! - well, for the current invokation only - # print "\n"; - exit; -} - -sub validateArgs -{ - $rc = 0; - - %ld = Mozilla::LDAP::Utils::ldapArgs(); - if (!$opt_f && $#conns < 0) { - if($opt_s){ - print "Error: Missing configuration file or connection parameter.\n"; - print $usage; - } else { - print "

Error: Missing configuration file or connection paramater.\n"; - print "

If you need help on the configuration file, or script usage, " . - "Please go back and click the Help button.\n"; - #print $usage; # Don't show usage in CGI - } - $rc = -1; - } - elsif (!$opt_h) { - chop ($ld{"host"} = `hostname`); - } - - return $rc; -} - -sub read_cfg_file -{ - ($fn) = @_; - my $tmp; - - # process the command line config params - @allconnections = @conns; - - if($#alias >= 0){ - foreach $tmp (@alias){ - $tmp =~ m/^\s*(\S.*)\s*=\s*(\S+)/; - $allaliases{$2} = $1; - } - } - if($#color >= 0){ - foreach $tmp (@color){ - $tmp =~ m/^\s*(-?\d+)\s*=\s*(\S+)/; - $allcolors{$1} = $2; - } - } - - if($opt_f){ - unless (open(CFGFILEHANDLE, $fn)) { - if($opt_s){ - print "Error: Can't open configuration file\"$fn\": $!.\n"; - } else { - print "

Error: Can't open configuration file\"$fn\": $!.\n"; - print "

If you need help on the configuration file, Please go back and click the Help button.\n"; - } - return -1; - } - $section = 0; - while () { - next if (/^\s*\#/ || /^\s*$/); - chop ($_); - if (m/^\[(.*)\]/) { - $section = $1; - } - else { - if ( $section =~ /conn/i ) { - push (@allconnections, $_); - } - elsif ( $section =~ /alias/i ) { - m/^\s*(\S.*)\s*=\s*(\S+)/; - $allaliases {$2} = $1; - } - elsif ( $section =~ /color/i ) { - m/^\s*(-?\d+)\s*=\s*(\S+)/; - $allcolors {$1} = $2; - } - } - } - close (CFGFILEHANDLE); - } - if ( ! keys (%allcolors) ) { - $allcolors {0} = "#ccffcc"; #apple green - $allcolors {5} = "#ffffcc"; #cream yellow - $allcolors {60} = "#ffcccc"; #pale pink - } - @colorkeys = sort ({ $a <=> $b } keys (%allcolors)); - - return 0; -} - -sub get_replicas -{ - $serveridx = $_[0]; - my ($conn, $host, $port, $shadowport, $binddn, $bindpwd, $bindcert); - my ($others); - my ($replica, $replicadn); - my ($ruv, $replicaroot, $replicatype, $serverid, $masterid, $maxcsn); - my ($type, $flag, $i); - my ($myridx, $ridx, $cidx); - my ($lastmodifiedat, $agreement); - - # - # Bind to the server - # - if($#servers < 0 || $serveridx > $#servers + 1){ - return -1; - } - - ($host, $port, $binddn, $bindpwd, $bindcert) = split (/:/, "$servers[$serveridx]", 5); - ($port, $shadowport) = split (/=/, $port); - $shadowport = $port if !$shadowport; - - $conn = new Mozilla::LDAP::Conn ($host, $shadowport, "$binddn", $bindpwd, $bindcert); - return -1 if (!$conn); - - # - # Get all the replica on the server - # - $myridx = $#allreplicas + 1; - $replica = $conn->search ("cn=mapping tree,cn=config", - "sub", - "(objectClass=nsDS5Replica)", 0, - qw(nsDS5ReplicaRoot nsDS5ReplicaType nsDS5Flags nsDS5ReplicaId)); - while ($replica) { - $replicadn = $replica->getDN; - $replicaroot = normalizeDN ($replica->{nsDS5ReplicaRoot}[0]); - $type = $replica->{nsDS5ReplicaType}[0]; - $flag = $replica->{nsDS5Flags}[0]; - $serverid = $replica->{nsDS5ReplicaId}[0]; - - # flag = 0: change log is not created - # type = 2: read only replica - # type = 3: updatable replica - $replicatype = $flag == 0 ? "consumer" : ($type == 2 ? "hub" : "master"); - - push (@allreplicas, "$serveridx:$replicaroot:$replicatype:$serverid:$replicadn"); - - $replica = $conn->nextEntry (); - } - - # - # Get ruv for each replica - # - for ($ridx = $myridx; $ridx <= $#allreplicas; $ridx++) { - my @agmtParts; - - $replicaroot = $1 if ($allreplicas[$ridx] =~ /^\d+:([^:]*)/); - # do a one level search with nsuniqueid in the filter - this will force the use of the - # nsuniqueid index instead of the entry dn index, which seems to be unreliable in - # heavily loaded servers - $ruv = $conn->search($replicaroot, "sub", - "(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectClass=nsTombstone))", - 0, qw(nsds50ruv nsruvReplicaLastModified nsds5AgmtMaxCSN)); - next if !$ruv; # this should be an error case . . . - - for ($ruv->getValues('nsds50ruv')) { - if (m/\{replica\s+(\d+).+?\}\s*\S+\s*(\S+)/i) { - $masterid = $1; - $maxcsn = &to_decimal_csn ($2); - $allruvs {"$ridx:$masterid"} = "$2:$maxcsn"; - } - } - - for ($ruv->getValues('nsds5AgmtMaxCSN')) { - # nsds5AgmtMaxCSN = "replica index(ridx);suffix;agmtname;host;port;rid;maxcsn" - @agmtParts = split ( ";", $_); - $agmtParts[0] =~ s/ //; # remove spaces - $agmtParts[0] =~ lc $agmtParts[0]; - if($agmtParts[4] eq "unavailable"){ - $agmtmaxcsn{"$ridx;$agmtParts[0];$agmtParts[1];$agmtParts[2];$agmtParts[3]"} = "Unavailable"; - } else { - $agmtmaxcsn{"$ridx;$agmtParts[0];$agmtParts[1];$agmtParts[2];$agmtParts[3]"} = $agmtParts[5]; - } - } - - for ($ruv->getValues('nsruvReplicaLastModified')) { - if (m/\{replica\s+(\d+).+?\}\s*(\S+)/i) { - $masterid = $1; - $lastmodifiedat = hex($2); - my ($sec, $min, $hour, $mday, $mon, $year) = localtime ($lastmodifiedat); - $mon++; - $year += 1900; - $hour = "0".$hour if ($hour < 10); - $min = "0".$min if ($min < 10); - $sec = "0".$sec if ($sec < 10); - $allruvs {"$ridx:$masterid"} .= ";$mon/$mday/$year $hour:$min:$sec"; - } - } - } - - # - # Get all agreements for each supplier replica - # - for ($ridx = $myridx; $ridx <= $#allreplicas; $ridx++) { - $_ = $allreplicas[$ridx]; - - # Skip consumers - next if m/:consumer:/i; - - m/:([^:]*)$/; - $replicadn = $1; - my @attrlist = qw(cn nsds5BeginReplicaRefresh nsds5replicaUpdateInProgress - nsds5ReplicaLastInitStatus nsds5ReplicaLastInitStart - nsds5ReplicaLastInitEnd nsds5replicaReapActive - nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd - nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus - nsds5ReplicaHost nsDS5ReplicaRoot - nsds5ReplicaPort nsDS5ReplicaBindMethod nsds5ReplicaUpdateSchedule); - $agreement = $conn->search("$replicadn", "sub", "(objectClass=nsDS5ReplicationAgreement)", - 0, @attrlist); - while ($agreement) { - - my %agmt = (); - # Push consumer to server stack if we have not already - $host = ($agreement->getValues('nsDS5ReplicaHost'))[0]; - $port = ($agreement->getValues('nsDS5ReplicaPort'))[0]; - $cidx = &add_server ("$host:$port"); - for (@attrlist) { - $agmt{$_} = ($agreement->getValues($_))[0]; - } - if ($agmt{nsDS5ReplicaBindMethod} =~ /simple/i) { - $agmt{nsDS5ReplicaBindMethod} = 'n'; - } - if (!$agmt{nsds5ReplicaUpdateSchedule} || - ($agmt{nsds5ReplicaUpdateSchedule} eq '0000-2359 0123456') || - ($agmt{nsds5ReplicaUpdateSchedule} eq '*') || - ($agmt{nsds5ReplicaUpdateSchedule} eq '* *')) - { - $agmt{nsds5ReplicaUpdateSchedule} = 'always in sync'; - } - $agmt{ridx} = $ridx; - $agmt{cidx} = $cidx; - push @allagreements, \%agmt; - - $agreement = $conn->nextEntry (); - } - } - - $conn->close; - - return 0; -} - -# -# Initially, the agreements have consumer host:port info instead of -# replica info. This routine will find the consumer replica info -# -sub find_consumer_replicas -{ - my ($m_ridx); # index of master's replica - my ($s_ridx); # index of supplier's replica - my ($c_ridx); # index of consumer's replica - my ($c_sidx); # index of consumer server - my ($remainder); # - my ($s_replicaroot); # supplier replica root - my ($c_replicaroot); # consumer replica root - my ($j, $val); - - # - # Loop through every agreement defined on the current supplier replica - # - foreach (@allagreements) { - $s_ridx = $_->{ridx}; - $c_sidx = $_->{cidx}; - $s_replicaroot = $1 if ($allreplicas[$s_ridx] =~ /^\d+:([^:]*)/); - $c_replicaroot = ""; - - # $c_ridx will be assigned to -$c_sidx - # if the condumer is not accessible - # $c_sidx will not be zero since it's - # not the first server. - $c_ridx = -$c_sidx; # $c_sidx will not be zero - - # Loop through consumer's replicas and find - # the counter part for the current supplier - # replica - for ($j = 0; $j <= $#allreplicas; $j++) { - - # Get a replica on consumer - # I'm not sure what's going on here, but possibly could be made - # much simpler with normalizeDN and/or ldap_explode_dn - if ($allreplicas[$j] =~ /^$c_sidx:([^:]*)/) { - $val = $1; - - # We need to find out the consumer - # replica that matches the supplier - # replicaroot most. - if ($s_replicaroot =~ /^.*$val$/i && - length ($val) >= length ($c_replicaroot)) { - $c_ridx = $j; - - # Avoid case-sensitive comparison - last if (length($s_replicaroot) == length($val)); - $c_replicaroot = $val; - } - } - } - $_->{ridx} = $s_ridx; - $_->{cidx} = $c_ridx; - } -} - -sub process_suppliers -{ - my ($ridx, $mid, $maxcsn, $ismaster); - $ismaster = 0; - $mid = ""; - - $last_sidx = -1; # global variable for print html page - - for ($ridx = 0; $ridx <= $#allreplicas; $ridx++) { - # Handle masters and hubs - if ($allreplicas[$ridx] =~ /:master:(\d+):/i) { - $mid = $1; - # Skip replicas without agreements defined yet - next if (! grep {$_->{ridx} == $ridx} @allagreements); - $maxcsn = &print_master_header ($ridx, $mid); - if ( "$maxcsn" ne "Unavailable" ) { - &print_consumer_header (); - &print_consumers ($ridx, $mid); - } - $ismaster = 1; - } elsif (($ismaster == 0) && ($allreplicas[$ridx] =~ /:hub:(\d+):/i)) { - $mid = $1; - - # Skip replicas without agreements defined yet - next if (! grep {$_->{ridx} == $ridx} @allagreements); - - foreach my $key (keys %allruvs) { - if ( $key =~ /$ridx:/) { - my ($myridx, $mymid) = split ( /:/, "$key" ); - $maxcsn = &print_hub_header($myridx, $mymid); - &print_consumer_header (); - &print_consumers ($myridx, $mymid); - } - } - } - &print_supplier_end; - } - - if ($mid eq "") { - if($opt_s){ - print "The server is not a master or a hub or it has no replication agreement\n"; - } else { - print "

The server is not a master or a hub or it has no replication agreement\n"; - } - } - if($opt_s){ - print "\n"; - } -} - -sub print_master_header -{ - my ($ridx, $mid) = @_; - my ($myruv) = $allruvs {"$ridx:$mid"}; - my ($maxcsnval) = split ( /;/, "$myruv" ); - my ($maxcsn) = &to_string_csn ($maxcsnval); - my ($sidx, $replicaroot, $replicatype, $serverid) = split (/:/, $allreplicas[$ridx]); - my ($sline, $slen, $ii); - - if ( $maxcsn eq "" ) { - return $maxcsn; - } - - # Print the master name - if ( $last_sidx ne $sidx ) { - my ($ldapurl) = $supplierUrl = &get_ldap_url ($sidx, "n/a"); - &print_legend if ( $last_sidx < 0); - if($opt_s){ - $sline = "Supplier: $ldapurl"; - $slen = length $sline; - print "\n$sline\n"; - for ($ii = 0; $ii < $slen; $ii++){ - print "-"; - } - print "\n"; - } else { - print "

\n"; - print "\n

\n"; - print "Supplier:  $ldapurl
\n"; - } - $last_sidx = $sidx; - } else { - print "\n"; - } - - # Print the current replica info on the master - if($opt_s){ - print "Replica Root: $replicaroot\n"; - print "Replica ID: $serverid\n"; - print "Max CSN: $maxcsn\n"; - } else { - print "\n

\n"; - print "\n
\n"; - print "Replica ID: "; - print "$serverid\n"; - print "Replica Root: "; - print "$replicaroot\n"; - print "Max CSN: "; - print "$maxcsn\n"; - } - return $maxcsn; -} - -sub print_hub_header -{ - my ($ridx, $mid) = @_; - my ($myruv) = $allruvs {"$ridx:$mid"}; - my ($maxcsnval) = split ( /;/, "$myruv" ); - my ($maxcsn) = &to_string_csn ($maxcsnval); - my ($sidx, $last_sidx, $replicaroot, $replicatype, $serverid) = split (/:/, $allreplicas[$ridx]); - - # Print the master name - if ( $last_sidx != $sidx ) { - my ($ldapurl) = &get_ldap_url ($sidx, $sidx); - &print_legend if ( $last_sidx < 0); - if($opt_s){ - print "Hub: $ldapurl\n"; - } else { - print "

\n"; - print "\n

\n"; - print "Hub:  $ldapurl
\n"; - } - $last_sidx = $sidx; - } - - # Print the current replica info on the master - if($opt_s){ - print "\nReplica Root: $replicaroot\n"; - print "Replica ID: $serverid\n"; - print "Max CSN: $maxcsn\n-\n"; - } else { - print "\n

\n"; - print "\n\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; -} - -sub print_consumers -{ - my ($m_ridx, $mid) = @_; - my ($ignore, $m_replicaroot) = split (/:/, $allreplicas[$m_ridx]); - my (@consumers, @ouragreements, @myagreements); - my ($s_ridx, $c_ridx, $s_sidx, $conntype, $schedule, $status); - my ($c_maxcsn, $c_maxcsn_str, $c_lastmodified, $c_sidx, $lag, $markcolor); - my ($c_replicaroot, $c_replicatype); - my ($first_entry, $s_ldapurl, $c_ldapurl); - my $supplier_maxcsn = "Unavailable"; - my ($nrows); - my ($found); - - undef @ouragreements; - $c_lastmodified = "Unavailable"; - - # Collect all the consumer replicas for the current master replica - push (@consumers, $m_ridx); - foreach (@consumers) { - $s_ridx = $_; - for (@allagreements) { - next if ($_->{ridx} != $s_ridx); - $c_ridx = $_->{cidx}; - next if $c_ridx == $m_ridx; - push @ouragreements, $_; - $found = 0; - foreach (@consumers) { - if ($_ == $c_ridx) { - $found = 1; - last; - } - } - push (@consumers, $c_ridx) if !$found; - } - } - - # Print each consumer replica - my ($myruv) = $allruvs {"$m_ridx:$mid"}; - my ($m_maxcsn) = split ( /;/, "$myruv" ); - foreach (@consumers) { - $c_ridx = $_; - next if $c_ridx == $m_ridx; - - if ($c_ridx >= 0) { - $myruv = $allruvs {"$c_ridx:$mid"}; - if ($myruv) { - ($c_maxcsn, $c_lastmodified) = split ( /;/, $myruv ); - ($c_sidx, $c_replicaroot, $c_replicatype) = split (/:/, $allreplicas[$c_ridx]); - $c_replicaroot = "same as master" if $m_replicaroot eq $c_replicaroot; - } - } - else { - # $c_ridx is actually -$c_sidx when c is not available - $c_sidx = -$c_ridx; - $c_maxcsn_str = "Unavailable"; - $lag = "n/a"; - $markcolor = "red"; - $c_replicaroot = "Unavailable"; - $c_replicatype = "Unavailable"; - } - - $nrows = 0; - foreach (@ouragreements) { - $s_ridx = $_->{ridx}; - $s_sidx = $1 if $allreplicas [$s_ridx] =~ /^(\d+):/; - $s_ldapurl = &get_ldap_url ($s_sidx, "n/a"); - next if ($_->{cidx} != $c_ridx || $supplierUrl ne $s_ldapurl); - $nrows++; - } - - $first_entry = 1; - foreach (@ouragreements) { - $s_ridx = $_->{ridx}; - $s_sidx = $1 if $allreplicas [$s_ridx] =~ /^(\d+):/; - $s_ldapurl = &get_ldap_url ($s_sidx, "n/a"); - next if ($_->{cidx} != $c_ridx || $supplierUrl ne $s_ldapurl); - $conntype = $_->{nsDS5ReplicaBindMethod}; - $status = $_->{nsds5replicaLastUpdateStatus}; - $schedule = $_->{nsds5ReplicaUpdateSchedule}; - - # Print out the consumer's replica and ruvs - if(!$opt_s){ print "\n\n"; } - if ($first_entry) { - $first_entry = 0; - $c_ldapurl = &get_ldap_url ($c_sidx, $conntype); - if ($c_ridx >= 0) { - ($c_maxcsn_str, $lag, $markcolor, $supplier_maxcsn) = - &cacl_time_lag ($_->{nsDS5ReplicaRoot}, - $_->{cn}, - $_->{nsds5ReplicaHost}, - $_->{nsds5ReplicaPort}, - $s_ridx, - $m_maxcsn, - $c_maxcsn); - if(!$opt_s){ $c_maxcsn_str =~ s/ /\/; } - } - if($opt_s){ - print "-\nConsumer: $c_ldapurl\nType: $c_replicatype\n"; - print "Time Lag: $lag\n"; - print "Supplier Max CSN: $supplier_maxcsn\n"; - print "Consumer Max CSN: $c_maxcsn_str\n"; - print "Last Modify Time: $c_lastmodified\n"; - } else { - print "\n"; - print "\n"; - print "\n"; - print "\n"; - print "\n"; - } - } - if($opt_s){ - print "Supplier: $s_ldapurl\n"; - } else { - print "\n"; - } - my $changecount = $_->{nsds5replicaChangesSentSinceStartup}; - if ( $changecount =~ /^$mid:(\d+)\/(\d+) / || $changecount =~ / $mid:(\d+)\/(\d+) / ) { - $changecount = "$1 / $2"; - } - elsif ( $changecount =~ /^(\d+)$/ ) { - $changecount = $changecount . " / " . "$_->{nsds5replicaChangesSkippedSinceStartup}"; - } - else { - $changecount = "0 / 0"; - } - if($opt_s){ - print "Sent/Skipped: $changecount\n"; - } else { - print "\n"; - } - my $redfontstart = ""; - my $redfontend = ""; - if ($status !~ /Error \(0\)/i) { - $redfontstart = ""; - $redfontend = ""; - } - elsif ($status =~ /^(\d+) /) { - if ( $1 != 0 ) { - # warning - $redfontstart = ""; - $redfontend = ""; - } - } - if($opt_s){ - print "Update Status: $status\n"; - print "Update Started: ", &format_z_time($_->{nsds5replicaLastUpdateStart}), "\n"; - print "Update Ended: ", &format_z_time($_->{nsds5replicaLastUpdateEnd}), "\n"; - } else { - print "\n"; - print "\n"; - print "\n"; - } - if ( $schedule =~ /always/i ) { - if($opt_s){ - print "Schedule: $schedule\n"; - } else { - print "\n"; - } - } - else { - my ($ndays, @days); - $schedule =~ /(\d\d)(\d\d)-(\d\d)(\d\d) (\d+)/; - if($opt_s){ - print "Schedule: $1:$2-$3:$4 "; - } else { - print "\n"; - } - $ndays = $5; - $ndays =~ s/(\d)/$1,/g; - @days = ("Sun","Mon","Tue","Wed","Thu","Fri","Sat")[eval $ndays]; - if($opt_s){ - print "@days\n"; - } else { - print "\n"; - } - } - if($opt_s){ - print "SSL: $conntype\n"; - } else { - print "\n"; - } - } - } -} - -sub get_supplier_maxcsn -{ - my ($ridx, $s, $cn, $h, $p) = @_; - my $decimalcsn; - my $csn = "Unavailable"; - # normalize suffix - $s =~ s/ //; - $s =~ lc $s; - my $agmt = "$ridx;$s;$cn;$h;$p"; - - foreach my $key (keys %agmtmaxcsn){ - if ($key eq $agmt){ - $csn = $agmtmaxcsn{$key}; - last; - } - } - if($csn && $csn ne "Unavailable"){ - $decimalcsn = &to_decimal_csn ($csn); - return "$csn:$decimalcsn"; - } - - return $csn; -} - -sub cacl_time_lag -{ - my ($s, $cn, $h, $p, $ridx, $s_maxcsn, $c_maxcsn) = @_; - my ($markcolor); - my ($m_maxcsn, $csn_str, $supplier_csn_str); - my ($s_tm, $c_tm, $lag_tm, $lag_str, $hours, $minutes); - - $m_maxcsn = get_supplier_maxcsn($ridx,$s, $cn, $h, $p); - if($m_maxcsn ne ""){ - $s_maxcsn = $m_maxcsn; - } - $supplier_csn_str = &to_string_csn ($s_maxcsn); - $csn_str = &to_string_csn ($c_maxcsn); - - if (!$s_maxcsn || $s_maxcsn eq "Unavailable" || - !$c_maxcsn || $c_maxcsn eq "Unavailable") { - $lag_str = "?:??:??"; - $markcolor = "white"; # True status unknown - } - elsif ($s_maxcsn le $c_maxcsn) { - $lag_str = "0:00:00"; - $markcolor = &get_color (0); - } - else { - my ($rawcsn, $decimalcsn) = split (/:/, $s_maxcsn); - ($s_tm) = split(/ /, $decimalcsn); - - ($rawcsn, $decimalcsn) = split (/:/, $c_maxcsn); - ($c_tm) = split(/ /, $decimalcsn); - if ($s_tm > $c_tm) { - $lag_tm = $s_tm - $c_tm; - $lag_str = "- "; - $markcolor = &get_color ($lag_tm); - } - else { - $lag_tm = $c_tm - $s_tm; - $lag_str = "+ "; - $markcolor = $allcolors{ $colorkeys[0] }; # no delay - } - $hours = int ($lag_tm / 3600); - $lag_str .= "$hours:"; - - $lag_tm = $lag_tm % 3600; - $minutes = int ($lag_tm / 60); - $minutes = "0".$minutes if ($minutes < 10); - $lag_str .= "$minutes:"; - - $lag_tm = $lag_tm % 60; - $lag_tm = "0".$lag_tm if ($lag_tm < 10); - $lag_str .= "$lag_tm"; - } - return ($csn_str, $lag_str, $markcolor, $supplier_csn_str); -} - -sub set_server_params -{ - my ($host, $port, $binddn, $bindpwd, $bindcert); - - ($host, $port, $binddn, $bindpwd, $bindcert) = split (/:/, $allconnections[0]); - if($opt_p && $opt_p ne ""){ - $ld{port} = $opt_p - } elsif(!$port || $port eq ""){ - $ld{port} = "389"; - } else { - $ld{port} = $port; - } - if($host && $host ne ""){ - $ld{host} = $host; - } - if($binddn){ - $ld{bind} = $binddn; - } - if($bindpwd){ - $ld{pswd} = $bindpwd; - } - if($bindcert){ - $ld{cert} = $bindcert; - } -} - -# -# The subroutine would append a new entry to the end of -# @servers if the host and port are new to @servers. -# -sub add_server -{ - my ($host, $port, $binddn, $bindpwd, $bindcert) = split (/:/, "$_[0]"); - my ($shadowport) = $port; - my ($domainpattern) = '\.[^:]+'; - my ($i); - - for ($i = 0; $i <= $#servers; $i++) { - return $i if ($servers[$i] =~ /$host:\d*=$shadowport\D/i); - return $i if ($servers[$i] =~ /$host:$port\D/i); - } - - # Remove the domain name from the host name - my ($hostnode) = $host; - $hostnode = $1 if $host =~ /^(.+?)\./; - if ($hostnode eq "*") { - # handle wild card correctly for regex - $hostnode = ""; - } - - # new host:port - if (!$binddn || $binddn eq "" || $binddn eq "*" || - !$bindpwd || $bindpwd eq "" || $bindpwd eq "*" || - !$bindcert || $bindcert eq "" || $bindcert eq "*" ) - { - # - # Look up connection parameter in the order of - # host:port - # host:* - # *:port - # *:* - # - my (@myconfig, $h, $p, $d, $w, $c); - $h = ""; $p = ""; $d = ""; $w = ""; $c = ""; - (@myconfig = grep (/^$hostnode($domainpattern)*:[0-9]+\D/i, @allconnections)) || - (@myconfig = grep (/^$hostnode($domainpattern)*:\*:/i, @allconnections)) || - (@myconfig = grep (/^\*:$port\D/, @allconnections)) || - (@myconfig = grep (/^\*:\*\D/, @allconnections)); - if ($#myconfig >= 0) { - ($h, $p, $d, $w, $c) = split (/:/, $myconfig[0]); - ($p, $shadowport) = split (/=/, $p); - if(!$p || $p eq "*"){ - $p = ""; - } - if(!$c || $c eq "*"){ - $c = ""; - } - if(!$w || $w eq "*"){ - $w = ""; - } - } - if (!$binddn || $binddn eq "" || $binddn eq "*") { - if ($d eq "" || $d eq "*") { - $binddn = "cn=Directory Manager"; - } else { - $binddn = $d; - } - } - if($prompt eq "yes" && ($w eq "" || (!$bindpwd || $bindpwd eq "" || $bindpwd eq "*"))){ - $bindpwd = passwdPrompt($h, $p); - } elsif ($passwd ne ""){ - $bindpwd = $passwd; - } else { - $bindpwd = $w if (!$bindpwd || $bindpwd eq "" || $bindpwd eq "*"); - } - $bindcert = $c if (!$bindcert || $bindcert eq "" || $bindcert eq "*"); - } - - if ($shadowport) { - push (@servers, "$host:$port=$shadowport:$binddn:$bindpwd:$bindcert"); - } else { - push (@servers, "$host:$port:$binddn:$bindpwd:$bindcert"); - } - return $i; -} - -sub -passwdPrompt -{ - my ($h, $p) = @_; - my $key = "$h:$p"; - my $pw = ""; - - if ($passwords{$key}){ - # we already have a password for this replica - return $passwords{$key}; - } - # Disable console echo - system("@sttyexec@ -echo") if -t STDIN; - - while ($pw eq ""){ - if($passwd ne ""){ - print "Enter password for ($h:$p) : "; - chomp($pw = <>); - if ($pw eq ""){ - $pw = $passwd; - } else { - $passwords{$key} = $pw; - $passwd = $pw; - } - } else { - print "Enter password for ($h:$p): "; - chomp($pw = <>); - $passwords{$key} = $pw; - $passwd = $pw; - } - } - # Enable console echo - system("@sttyexec@ echo") if -t STDIN; - - return $pw; -} - -sub get_ldap_url -{ - my ($sidx, $conntype) = @_; - my ($host, $port) = split(/:/, $servers[$sidx]); - my ($shadowport); - ($port, $shadowport) = split (/=/, $port); - my ($protocol, $ldapurl); - - if ($port == 636 && $conntype eq "0" || $conntype =~ /SSL/i) { - $protocol = "ldaps"; - } - else { - $protocol = "ldap"; - } - my ($instance) = $allaliases { "$host:$port" }; - $instance = "$host:$port" if !$instance; - if ($conntype eq "n/a") { - $ldapurl = $instance; - } else { - if($opt_s){ - $ldapurl = "$instance $protocol://$host:$port/"; - } else { - $ldapurl = "$instance"; - } - } - return $ldapurl; -} - -sub to_decimal_csn -{ - my ($maxcsn) = @_; - if (!$maxcsn || $maxcsn eq "" || $maxcsn eq "Unavailable") { - return "Unavailable"; - } - - my ($tm, $seq, $masterid, $subseq) = unpack("a8 a4 a4 a4", $maxcsn); - - $tm = hex($tm); - $seq = hex($seq); - $masterid = hex($masterid); - $subseq = hex($subseq); - - return "$tm $seq $masterid $subseq"; -} - -sub to_string_csn -{ - my $str = shift; - if (!defined($str)){ - return "Unavailable"; - } - my ($rawcsn, $decimalcsn) = split(/:/, "$str"); - if (!$rawcsn || $rawcsn eq "") { - return "Unavailable"; - } - if ($rawcsn eq "Unavailable"){ - return $rawcsn; - } - my ($tm, $seq, $masterid, $subseq) = split(/ /, $decimalcsn); - my ($sec, $min, $hour, $mday, $mon, $year) = localtime($tm); - $mon++; - $year += 1900; - foreach ($sec, $min, $hour, $mday, $mon) { - $_ = "0".$_ if ($_ < 10); - } - my ($csnstr) = "$mon/$mday/$year $hour:$min:$sec"; - $csnstr .= " $seq $subseq" if ( $seq != 0 || $subseq != 0 ); - - return "$rawcsn ($csnstr)"; -} - -sub get_color -{ - my ($lag_minute) = @_; - $lag_minute /= 60; - my ($color) = $allcolors { $colorkeys[0] }; - - foreach ( sort { $a <=> $b } keys %allcolors) { - if ($lag_minute >= $_){ - $color = $allcolors {$_}; - } - } - return $color; -} - -# subroutine to remove escaped encoding - -sub unescape -{ - #my ($_) = @_; - tr/+/ /; - s/%(..)/pack("c",hex($1))/ge; - $_; -} - -sub print_html_header -{ - if(!$opt_s){ - # print the HTML header - - print "\n"; - print "\n"; - print "Replication Status\n"; - # print "\n"; - print "\n\n"; - - if ($opt_u) { - print "\n"; - } - - print "
\n"; - print "Replica ID: "; - print "$serverid\n"; - print "Replica Root: "; - print "$replicaroot\n"; - print "Max CSN: "; - print "$maxcsn\n"; - } - return $maxcsn; -} - -sub print_consumer_header -{ - if($opt_s) { return; } # we'll do the text printing in "print_consumers" - - #Print the header of consumer - print "\n
ConsumerTime LagSupplier Max CSNConsumer Max CSNLast Modify TimeSupplierSent/SkippedUpdate StatusUpdate StartedUpdate EndedScheduleSSL?
$c_ldapurl
Type: $c_replicatype
$lag
$supplier_maxcsn$c_maxcsn_str$c_lastmodified
$s_ldapurl
$changecount$redfontstart$status$redfontend", &format_z_time($_->{nsds5replicaLastUpdateStart}), "", &format_z_time($_->{nsds5replicaLastUpdateEnd}), "$schedule$1:$2-$3:$4@days$conntype
\n"; - print "\n"; - print "
$now"; - print "Directory Server Replication Status\n"; - - if ($opt_u) { - print "
(This page updates every $interval seconds)\n"; - } - - print "		$version"; - print "
\n"; - } else { - print "Directory Server Replication Status ($version)\n\n"; - print "Time: $now"; - if ($opt_u) { - print " - This report updates every $interval seconds\n\n"; - } else { - print "\n"; - } - } -} - -sub print_legend -{ - my ($nlegends) = $#colorkeys + 1; - if($opt_s){ return; } - print "\n

Time Lag Legend:

\n"; - print "\n\n"; - print "\n\n"; - my ($i, $j); - for ($i = 0; $i < $nlegends - 1; $i++) { - $j = $colorkeys[$i]; - print "\n\n"; - } - $j = $colorkeys[$i]; - print "\n\n"; - print "\n\n"; - print "
Unknown
Within $colorkeys[$i+1] minutes
Over $colorkeys[$i] minutes
Server n/a

\n"; -} - -sub print_supplier_end -{ - if(!$opt_s){ print "
\n"; } -} - -# given a string in generalized time format, convert to ascii time -sub format_z_time -{ - my $zstr = shift; - return "n/a" if (! $zstr); - my ($year, $mon, $day, $hour, $min, $sec) = - ($zstr =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/); - my $time = timegm($sec, $min, $hour, $day, ($mon-1), $year); - ($sec, $min, $hour, $day, $mon, $year) = localtime($time); - $mon++; - $year += 1900; - foreach ($sec, $min, $hour, $day, $mon) { - $_ = "0".$_ if ($_ < 10); - } - - return "$mon/$day/$year $hour:$min:$sec"; -} diff --git a/ldap/admin/src/scripts/restart-dirsrv.in b/ldap/admin/src/scripts/restart-dirsrv.in deleted file mode 100644 index 5132d5d..0000000 --- a/ldap/admin/src/scripts/restart-dirsrv.in +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -# Script that restarts the ns-slapd server. -# Exit status can be: -# 0: Server restarted successfully -# 1: Server could not be started -# 2: Server started successfully (was not running) -# 3: Server could not be stopped - -. @datadir@/@package_name@/data/DSSharedLib - -restart_instance() { - SERV_ID=$1 - - server_already_stopped=0 - @sbindir@/stop-dirsrv $SERV_ID - status=$? - if [ $status -eq 1 ] ; then - return 3; - else - if [ $status -eq 2 ] ; then - server_already_stopped=1 - fi - fi - @sbindir@/start-dirsrv $SERV_ID - status=$? - if [ $server_already_stopped -eq 1 ] && [ $status -eq 0 ] ; then - return 2; - fi - return $status -} - -while getopts "d:" flag -do - case "$flag" in - d) initconfig_dir="$OPTARG";; - esac -done -shift $(($OPTIND-1)) - -if [ "$#" -eq 0 ]; then - # We're restarting all instances. - ret=0 - instances=`get_slapd_instances @instconfigdir@` || { echo No instances found in @instconfigdir@ ; exit 1 ; } - for i in $instances; do - inst=`normalize_server_id $i` - echo Restarting instance \"$inst\" - restart_instance $inst - rv=$? - if [ "$rv" -ne 0 ]; then - ret=$rv - fi - done - exit $ret -else - # We're restarting a single instance. - restart_instance $* - exit $? -fi diff --git a/ldap/admin/src/scripts/restoreconfig.in b/ldap/admin/src/scripts/restoreconfig.in deleted file mode 100755 index 90f8ae8..0000000 --- a/ldap/admin/src/scripts/restoreconfig.in +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: restoreconfig [-Z serverID] [-h]" - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -h - Display usage" -} - -while getopts "Z:h" flag -do - case $flag in - Z) servid=$OPTARG;; - h) usage - exit 0;; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -conf_ldif=`ls -1t @localstatedir@/lib/@PACKAGE_NAME@/slapd-$instance/bak/$instance-*.ldif 2>/dev/null | head -1 ` -if [ -z "$conf_ldif" ] -then - echo No configuration to restore in @localstatedir@/lib/@PACKAGE_NAME@/slapd-$instance/bak/ ; exit 1 -fi -echo Restoring $conf_ldif... -@sbindir@/ns-slapd ldif2db -D $CONFIG_DIR -i $conf_ldif -n NetscapeRoot 2>&1 -exit $? diff --git a/ldap/admin/src/scripts/saveconfig.in b/ldap/admin/src/scripts/saveconfig.in deleted file mode 100755 index 67c7ac8..0000000 --- a/ldap/admin/src/scripts/saveconfig.in +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@libdir@" -libpath_add "@nss_libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: saveconfig [-Z serverID] [-h]" - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -h - Display Usage" -} - -while getopts "Z:h" flag -do - case $flag in - Z) servid=$OPTARG;; - h) usage - exit 0;; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -echo saving configuration... -conf_ldif=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$instance/bak/$instance-`date +%Y_%m_%d_%H%M%S`.ldif -@sbindir@/ns-slapd db2ldif -N -D $CONFIG_DIR -s "o=NetscapeRoot" -a $conf_ldif -n NetscapeRoot 2>&1 -if [ $? -ge 1 ] -then - echo Error occurred while saving configuration - exit 1 -fi -exit 0 diff --git a/ldap/admin/src/scripts/schema-reload.pl.in b/ldap/admin/src/scripts/schema-reload.pl.in deleted file mode 100644 index abf5bea..0000000 --- a/ldap/admin/src/scripts/schema-reload.pl.in +++ /dev/null @@ -1,103 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; - -$i = 0; - -sub usage { - print(STDERR "Usage: schema-reload.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } [-P protocol] [-d schemadir] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -d schemadir - Directory where schema files are located\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) -{ - if ("$ARGV[$i]" eq "-d"){ - # schemadir - $i++; $schemadir = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D"){ - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w"){ - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j"){ - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z"){ - # server instance identifier - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h"){ - # help - &usage; - exit(0); - } elsif ("$ARGV[$i]" eq "-P") { - # protocol preference - $i++; $protocol = $ARGV[$i]; - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; - exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "schema_reload_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=schema reload task, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -if ( $schemadir ne "" ) -{ - $schemadir = "schemadir: $schemadir\n"; -} -$entry = "${dn}${misc}${cn}${schemadir}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/setup-ds.pl.in b/ldap/admin/src/scripts/setup-ds.pl.in deleted file mode 100644 index 0803a41..0000000 --- a/ldap/admin/src/scripts/setup-ds.pl.in +++ /dev/null @@ -1,94 +0,0 @@ -#!@perlexec@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); - -use strict; - -use Setup; -use SetupLog; -use Inf; -use Resource; -use DialogManager; -use DSUtil; -use DSCreate; -use DSUpdate; - -my $res = new Resource("@propertydir@/setup-ds.res"); - -my $setup = new Setup($res); - -if (!$setup->{silent}) { - my $dialogmgr = new DialogManager($setup, $res, $TYPICAL); - - my @dialogs; - if ($setup->{update}) { - require DSUpdateDialogs; - push @dialogs, DSUpdateDialogs->getDialogs(); - } else { - require SetupDialogs; - require DSDialogs; - push @dialogs, SetupDialogs->getDialogs(); - push @dialogs, DSDialogs->getDialogs(); - } - - $dialogmgr->addDialog(@dialogs); - - my $rc = $dialogmgr->run(); - if ($rc) { - $setup->doExit(); - } -} - -my @errs; -if ($setup->{update}) { - @errs = updateDS($setup); -} else { - @errs = createDSInstance($setup->{inf}); -} - -if (@errs) { - $setup->msg(@errs); - if ($setup->{update}) { - $setup->msg($FATAL, 'error_updating'); - } else { - if($setup->{inf}->{slapd}->{ServerIdentifier} eq "admin"){ - # 'admin' is reserved for the admin server - log the correct error - $setup->msg($FATAL, 'error_creating_dsinstance_adminid', - $setup->{inf}->{slapd}->{ServerIdentifier}); - } else { - $setup->msg($FATAL, 'error_creating_dsinstance', - $setup->{inf}->{slapd}->{ServerIdentifier}); - } - } - $setup->doExit(1); -} else { - if ($setup->{update}) { - $setup->msg('update_successful'); - } else { - $setup->msg('created_dsinstance', - $setup->{inf}->{slapd}->{ServerIdentifier}); - } -} - -$setup->doExit(0); - -END { - if ($setup and $setup->{keep}) { - $setup->{inf}->write("__temp__"); - } -} - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: diff --git a/ldap/admin/src/scripts/setup-ds.res.in b/ldap/admin/src/scripts/setup-ds.res.in deleted file mode 100644 index 864e0b4..0000000 --- a/ldap/admin/src/scripts/setup-ds.res.in +++ /dev/null @@ -1,205 +0,0 @@ -# ------------ Global Resources ----------- -brand = @capbrand@ -yes = yes -no = no -yes_no_error = Please answer "yes" or "no"\n\n -setup_err_exit = Setup cannot proceed. Exiting.\n\n -dialog_use_different_type = When using Silent or Express mode, some of the\ndialogs are skipped, but validation is still performed\non the default or given answers. You should run this program again and\nchoose Typical or Custom mode in order to provide a valid input\nfor the problem dialog.\n\n - -# ------------ Welcome Dialog Resource ------------ -dialog_welcome_text = This program will set up the %s Directory Server.\n\nIt is recommended that you have "root" privilege to set up the software.\nTips for using this program:\n - Press "Enter" to choose the default and go to the next screen\n - Type "Control-B" or the word "back" then "Enter" to go back to the previous screen\n - Type "Control-C" to cancel the setup program\n\n -# %s -> brand - -dialog_welcome_prompt = Would you like to continue with set up? - -# ----------- Setup Type Dialog Resource ---------------- -dialog_setuptype_text = Choose a setup type:\n\n 1. Express\n Allows you to quickly set up the servers using the most\n common options and pre-defined defaults. Useful for quick\n evaluation of the products.\n\n 2. Typical\n Allows you to specify common defaults and options.\n\n 3. Custom\n Allows you to specify more advanced options. This is \n recommended for experienced server administrators only.\n\nTo accept the default shown in brackets, press the Enter key.\n\n - -dialog_setuptype_prompt = Choose a setup type - -dialog_setuptype_error = Invalid setup type\n\n - - -# ----------- HostName Dialog Resource ---------------- -dialog_hostname_text = Enter the fully qualified domain name of the computer\non which you're setting up server software. Using the form\n.\nExample: eros.example.com.\n\nTo accept the default shown in brackets, press the Enter key.\n\nWarning: This step may take a few minutes if your DNS servers\ncan not be reached or if DNS is not configured correctly. If\nyou would rather not wait, hit Ctrl-C and run this program again\nwith the following command line option to specify the hostname:\n\n General.FullMachineName=your.hostname.domain.name\n\n - -dialog_hostname_prompt = Computer name - -# ----------- SSUser Dialog Resource ---------------- -dialog_ssuser_text = The server must run as a specific user in a specific group.\nIt is strongly recommended that this user should have no privileges\non the computer (i.e. a non-root user). The setup procedure\nwill give this user/group some permissions in specific paths/files\nto perform server-specific operations.\n\nIf you have not yet created a user and group for the server,\ncreate this user and group using your native operating\nsystem utilities.\n\n - -dialog_ssuser_prompt = System User -dialog_ssuser_error = The user '%s' is invalid.\n\n -dialog_ssuser_must_be_same = Since you are not running setup as root, the System User must be the same as your userid '%s'.\n\n -dialog_ssuser_root_warning = You are strongly encouraged to use a non-root user for the server uid.\nIf you feel you have made a mistake,\nplease go back to this dialog and enter another system user.\n\n -dialog_ssgroup_prompt = System Group -dialog_ssgroup_error = The group '%s' is invalid.\n\n -dialog_ssgroup_no_match = The system user '%s' does not belong to the group '%s'.\n\nThis is the list of users of the given group: %s\n\n -dialog_ssgroup_no_user = The system user '%s' does not belong to the group '%s'.\n\n - -# ----------- DS port Dialog Resource ---------------- -dialog_dsport_text = The standard directory server network port number is 389. However, if\nyou are not logged as the superuser, or port 389 is in use, the\ndefault value will be a random unused port number greater than 1024.\nIf you want to use port 389, make sure that you are logged in as the\nsuperuser, that port 389 is not in use.\n\n -dialog_dsport_prompt = Directory server network port -dialog_dsport_error = The port %s is in use or not available. Please choose another port.\n\n -dialog_dsport_invalid = The port %s is not a valid port. Please choose a valid port.\n\n - -# ----------- DS server ID Dialog Resource ---------------- -dialog_dsserverid_text = Each instance of a directory server requires a unique identifier.\nThis identifier is used to name the various\ninstance specific files and directories in the file system,\nas well as for other uses as a server instance identifier.\n\n -dialog_dsserverid_prompt = Directory server identifier -dialog_dsserverid_error = The server identifier '%s' is not valid. Please choose another one.\n\n -dialog_dsserverid_inuse = The server identifier '%s' is already in use. Please choose another one.\n\n - -# ----------- DS suffix Dialog Resource ---------------- -dialog_dssuffix_text = The suffix is the root of your directory tree. The suffix must be a valid DN.\nIt is recommended that you use the dc=domaincomponent suffix convention.\nFor example, if your domain is example.com,\nyou should use dc=example,dc=com for your suffix.\nSetup will create this initial suffix for you,\nbut you may have more than one suffix.\nUse the directory server utilities to create additional suffixes.\n\n -dialog_dssuffix_prompt = Suffix -dialog_dssuffix_error = The suffix '%s' is not a valid DN. Please choose another one.\n\n - -# ----------- DS Root DN and password Dialog Resource ---------------- -dialog_dsrootdn_text = Certain directory server operations require an administrative user.\nThis user is referred to as the Directory Manager and typically has a\nbind Distinguished Name (DN) of cn=Directory Manager.\nYou will also be prompted for the password for this user. The password must\nbe at least 8 characters long, and contain no spaces.\nPress Control-B or type the word "back", then Enter to back up and start over.\n\n -dialog_dsrootdn_prompt = Directory Manager DN -dialog_dsrootdn_error = The input '%s' is not a valid DN. Please choose another one.\n\n -dialog_dsrootpw_prompt1 = Password -dialog_dsrootpw_prompt2 = Password (confirm) -dialog_dsrootpw_invalid = The password contains invalid characters. Please choose another one.\n\n -dialog_dsrootpw_tooshort = The password must be at least %s characters long. Please choose another one.\n\n -dialog_dsrootpw_nomatch = The passwords do not match. Please try again.\n\n - -# ----------- DS Sample Data Dialog Resource ---------------- -dialog_dssample_text = You may install some sample entries in this directory instance. These\nentries will be installed in a separate suffix and will not interfere\nwith the normal operation of the directory server.\n\n -dialog_dssample_prompt = Do you want to install the sample entries? - -# ----------- DS Populate Data Dialog Resource ---------------- -dialog_dspopulate_text = You may wish to populate your new directory instance with some data.\n"You may already have a file in LDIF format to use or some suggested\nentries can be added. If you want to import entries from an LDIF\nfile, you may type in the full path and filename at the prompt. If\nyou want the setup program to add the suggested entries, type the\nword suggest at the prompt. The suggested entries are common\ncontainer entries under your specified suffix, such as ou=People and\nou=Groups, which are commonly used to hold the entries for the persons\nand groups in your organization. If you do not want to add any of\nthese entries, type the word none at the prompt.\n\n -dialog_dspopulate_prompt = Type the full path and filename, the word suggest, or the word none -dialog_dspopulate_error = The file '%s' was not found. Please choose another one.\n\n - -# ----------- miscellaneous ---------------- -backend_already_exists = A database backend with the name '%s' already exists. Config entry DN '%s'. Please choose another backend name. addSuffix can generate a unique backend name if you do not specify a backend name.\n\n -suffix_already_exists = The suffix '%s' already exists. Config entry DN '%s'.\n\n -error_creating_suffix_backend = Could not create the suffix '%s'. There was an error creating the backend database named '%s' for the suffix. Error: %s\n\n -error_creating_suffix = Could not create the suffix '%s'. Error: %s\n\n - -setup_exiting = Exiting . . .\nLog file is '%s'\n\n -error_creating_dsinstance = Error: Could not create directory server instance '%s'.\n -error_creating_dsinstance_adminid = Error: Could not create directory server instance '%s', instance name 'admin' reserved for the Administration Server.\n -created_dsinstance = Your new DS instance '%s' was successfully created.\n -no_mapvalue_for_key = The map value '%s' for key '%s' did not map to a value in any of the given information files.\n -error_opening_ldiftmpl = Could not open the LDIF template file '%s'. Error: %s\n -error_mapping_token_ldiftmpl = The entry '%s' in LDIF file '%s' contains a token '%s' for which there is no mapper.\nPlease check the file and your mapper to make sure all tokens are handled correctly.\n -error_deleteall_entries = Error deleting entry '%s' and all children. Error: %s\n -error_adding_entry = Error adding entry '%s'. Error: %s\n -error_updating_entry = Error updating entry '%s'. Error: %s\n - -error_invalid_param = The parameter '%s' has an invalid value '%s'.\n -error_port_invalid = The port %s is not a valid port. Please choose a valid port.\n -error_port_available = The port number '%s' is not available for use. This may be due to an\ -invalid port number, or the port already being in use by another\ -program, or low port restriction. Please choose another value for\ -ServerPort. Error: $!\n -error_invalid_serverid = The ServerIdentifier '%s' contains invalid characters. It must\ -contain only alphanumeric characters and the following: #%:@_-\n\n -error_reserved_serverid = The ServerIdentifier '%s' is reserved for the Administration Server, please choose a different server identifier.\n -error_opening_scripttmpl = Could not open the script template file '%s'. Error: %s\n -error_creating_directory = Could not create directory '%s'. Error: %s\n -error_chowning_directory = Could not change ownership of directory '%s' to userid '%s': Error: %s\n -error_chowning_file = Could not change ownership of '%s' to userid '%s': Error: %s\n -error_chmoding_file = Could not change permissions of '%s': Error: %s\n -error_chgrping_directory = Could not change group of directory '%s' to group '%s': Error: %s\n -error_creating_file = Could not create file '%s'. Error: %s\n -error_copying_file = Could not copy file '%s' to '%s'. Error: %s\n -error_enabling_feature = Could not enable the directory server feature '%s'. Error: %s\n -error_importing_ldif = Could not import LDIF file '%s'. Error: %s. Output: %s\n -error_invalid_boolean = Could not convert value '%s' to boolean. Valid values are true or false.\n -error_starting_server = Could not start the directory server using command '%s'. The last line from the error log was '%s'. Error: %s\n -error_stopping_server = Could not stop the directory server '%s'. Error: %s\n -error_missing_userid = The SuiteSpotUserID is missing. This must be set to valid user\n -error_missing_port_and_ldapi = Either ServerPort or ldapifilepath must be specified. The server must listen to something.\n -error_missing_port = No ServerPort specified. The server must have a port number to listen to (default 389).\n -error_server_already_exists = Error: the server already exists at '%s'\ -Please remove it first if you really want to recreate it,\ -or use a different ServerIdentifier to create another instance.\n -error_opening_init_ldif = Could not open the initial LDIF file '%s'.\ -The file was not found or could not be read.\n -error_opening_dseldif = Could not open the DSE config file '%s'. Error: %s\n -error_opening_tempinf = Could not create temporary .inf file for config. Error: %s\n -error_writing_ldif = Could not write the LDIF file '%s'. Error: %s\n -error_creating_templdif = Could not create temporary LDIF file. Error: %s\n -error_no_such_instance = Error: could not find directory server configuration directory '%s'. Error: %s\n -error_finding_config_entry = Error: could not find the config entry '%s' in '%s'. Error: %s\n -error_removing_path = Error: could not remove path '%s'. Error: %s\n -error_removing_port_label = Error: could not remove selinux label from port '%s'. Error: %s\n -error_loading_update = Error: not applying update '%s'. Error: %s\n -error_unknown_update = Error: cannot apply update '%s'. Not a recognized update type.\n -error_executing_update = Error: update '%s' returned code '%s': %s\n -error_updating = Error: could not update the directory server.\n -update_successful = Finished successful update of directory server.\nPlease restart your directory servers.\n - -update_dialog_first = This program will update the %s Directory Server.\n\nIt is recommended that you have "root" privilege to perform the update.\nTips for using this program:\n - Press "Enter" to choose the default and go to the next screen\n - Type "Control-B" or the word "back" then "Enter" to go back to the previous screen\n - Type "Control-C" to cancel the update\n\n -# %s -> brand - -update_dialog_first_prompt = Would you like to continue with update? - -update_dialog_mode =\ -The update process can work in one of two modes:\ -\ - - Online: The changes are made to the running directory servers using LDAP.\ - The operations must be performed as an administrative user.\ - You must provide the name and password, for each instance\ - if there is more than one instance of directory server.\ - Some operations may require a directory server restart to take\ - effect. The update script will notify you if you need to restart\ - the server.\ -\ - - Offline: The changes are made to the server configuration files. The\ - servers MUST FIRST BE SHUTDOWN BY YOU. The script will not\ - shutdown the servers for you. You MUST shutdown the\ - servers in order to use this mode. A username and password\ - are not required to use Offline mode. If the servers are not\ - shutdown, CHANGES WILL BE LOST.\ -\ -To summarize:\ - Online - servers remain running - you must provide admin name and password\ - for each server - servers may need to be restarted\ - Offline - servers must be shutdown - no username or password required\n\n - -update_dialog_mode_prompt = Which update mode do you want to use? - -update_admin_dialog = Please specify the authentication data for '%s'\n\n -update_admin_id_prompt = Full DN of administrative user -update_admin_pwd_prompt = Password for this user -error_renaming_schema = Could not rename schema file '%s' to '%s'. Error: %s\n -error_reading_schema_file = Schema file '%s' does not exist or is not readable. Error: %s\n -error_reading_schema_dir = Schema directory '%s' does not exist or is not readable\n -error_writing_schema_file = Schema file '%s' could not be opened for writing. Error: %s\n -error_reading_config_dir = Config directory '%s' does not exist or is not readable\n -error_renaming_config = Could not rename config file '%s' to '%s'. Error: %s\n -error_online_update = Could not open a connection to the server at %s port %s as '%s'.\ -Please make sure the server is up and running before using online mode,\ -or use offline mode.\n\n -error_offline_update = Could not read the server config file '%s'. Error: %s\n\n -error_no_mapping_tree_entries = Could not find a mapping tree entry. Error: %s\n -error_no_configuration_entry = Could not find a configuration entry. Error: %s\n -error_no_backend_entry = Could not find a backend entry. Error: %s\n -error_invalid_dbinst_dir = Invalid database instance dir '%s'.\n -error_cant_backup_db = Failed to back up backend instance '%s'. Error: %s\n -error_cant_convert_db = Failed to convert backend instance '%s'. Error: %s\n -error_missing_entrydn = Backend instance '%s' does not have database files to upgrade.\n -warning_hostname_not_fully_qualified = The hostname '%s' does not look like a\nfully qualified host and domain name.\n -warning_no_such_hostname = Could not find an address for hostname '%s'.\n -warning_reverse_resolve = Hostname '%s' is valid, but none of the IP addresses\ -resolve back to %s\n -warning_reverse_resolve_sub = - address %s resolves to host %s\n -dialog_hostname_warning = \nWARNING: There are problems with the hostname.\n%s\ -Please check the spelling of the hostname and/or your network configuration.\ -If you proceed with this hostname, you may encounter problems.\ -\ -Do you want to proceed with hostname '%s'? -error_import_check_log = Error: unable to import file '%s' for backend '%s' - %s. Check the errors log for additional information\n -error_could_not_parse_nsstate = Error: could not parse nsState from %s. Value: %s\n -error_linking_file = Error: could not link '%s' to '%s': %s -error_running_command = Error: command '%s' failed - output [%s] error [%s] -error_opening_file = Opening file '%s' failed. Error: %s\n -error_format_error = '%s' has invalid format.\n -error_update_not_offline = Error: offline mode selected but the server [%s] is still running.\n -error_update_all = Failed to update all the Directory Server instances.\n -error_reindexing = Failed to reindex '%s' in backend '%s'. Error: %s\n diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in deleted file mode 100755 index c1ed5f7..0000000 --- a/ldap/admin/src/scripts/start-dirsrv.in +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/sh - -# Script that starts the ns-slapd server. -# Exit status can be: -# 0: Server started successfully -# 1: Server could not be started -# 2: Server already running - -. @datadir@/@package_name@/data/DSSharedLib - -RUN_DIR="@localrundir@/@PACKAGE_NAME@"; - -# Starts a single instance -start_instance() { - # The first argument is the server ID. Anything - # after that is an argument to ns-slapd. - SERV_ID=$1 - shift - - prefix="$DS_ROOT" - - libpath_add "$prefix$SERVER_DIR" - libpath_add "$prefix@nss_libdir@" - libpath_add "$prefix@libdir@" - libpath_add "@nss_libdir@" - libpath_add "$prefix@pcre_libdir@" - - export LD_LIBRARY_PATH - SHLIB_PATH=$LD_LIBRARY_PATH - export SHLIB_PATH - - DS_CONFIG_DIR=$CONFIG_DIR - export DS_CONFIG_DIR - # - # Use systemctl if available and running as root, - # otherwise start the instance the old way. - # - if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then - @bindir@/systemctl start @package_name@@$SERV_ID.service -l - if [ $? -ne 0 ]; then - return 1 - fi - else - instance=`get_slapd_instance @instconfigdir@ $SERV_ID` || { echo Instance $SERV_ID not found. ; return 1 ; } - - CONFIG_DIR="@instconfigdir@/slapd-$instance"; - PIDFILE=@localstatedir@$RUN_DIR/slapd-$SERV_ID.pid - - if test -f $PIDFILE ; then - PID=`cat $PIDFILE` - if kill -s 0 $PID > /dev/null 2>&1 ; then - echo There is an ns-slapd running: $PID - return 2; - else - rm -f $PIDFILE - fi - fi - if test 1 -eq @enable_asan@; then - echo "NOTICE: Starting instance ${SERV_ID} with ASAN options." - echo "This is probably not what you want. Please contact support." - : ${ASAN_LOG_PATH:=@localstatedir@$RUN_DIR/ns-slapd-${SERV_ID}.asan} - echo "Asan errors will go to ${ASAN_LOG_PATH}*" - export ASAN_OPTIONS="detect_leaks=1 symbolize=1 detect_deadlocks=1 log_path=${ASAN_LOG_PATH}" - export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer - fi - @sbindir@/ns-slapd -D $CONFIG_DIR -i $PIDFILE "$@" - if [ $? -ne 0 ]; then - return 1 - fi - loop_counter=1 - # wait for 10 minutes (600 times 1 seconds) - max_count=${PID_TIME:-600} - while test $loop_counter -le $max_count; do - loop_counter=`expr $loop_counter + 1` - if test -f $PIDFILE ; then - PID=`cat $PIDFILE` - # if kill -s 0 $PID > /dev/null 2>&1 ; then - if kill -s 0 $PID ; then - return 0; - else - echo Server failed to start !!! Please check errors log for problems - return 1 - fi - else - sleep 1 - fi - done - echo Server not running!! Failed to start ns-slapd process. Please check the errors log for problems. - return 1 - fi -} - -while getopts "d:" flag -do - case "$flag" in - d) initconfig_dir="$OPTARG";; - esac -done -shift $(($OPTIND-1)) - - -found=0 -if [ $# -eq 0 ]; then - # We're starting all instances. - ret=0 - # - # Use systemctl if available and running as root, - # - instances=`get_slapd_instances @instconfigdir@` || { echo No instances found in @instconfigdir@ ; exit 1 ; } - for i in $instances; do - inst=`normalize_server_id $i` - echo Starting instance \"$inst\" - start_instance $inst - rv=$? - if [ $rv -ne 0 ]; then - ret=$rv - fi - done - exit $ret -else - # We're starting a single instance. - start_instance $@ - exit $? -fi diff --git a/ldap/admin/src/scripts/status-dirsrv.in b/ldap/admin/src/scripts/status-dirsrv.in deleted file mode 100755 index 86b7d4a..0000000 --- a/ldap/admin/src/scripts/status-dirsrv.in +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/sh - -# Script that reports the status of the ns-slapd server. - -. @datadir@/@package_name@/data/DSSharedLib - -# Get the status of a single instance -status_instance() { - # The first argument is the server ID. Anything - # after that is an argument to ns-slapd. - SERV_ID=$1 - shift - - prefix="$DS_ROOT" - - libpath_add "$prefix$SERVER_DIR" - libpath_add "$prefix@nss_libdir@" - libpath_add "$prefix@libdir@" - libpath_add "@nss_libdir@" - libpath_add "$prefix@pcre_libdir@" - - export LD_LIBRARY_PATH - SHLIB_PATH=$LD_LIBRARY_PATH - export SHLIB_PATH - - # - # Use systemctl if available. - # - if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then - @bindir@/systemctl status @package_name@@$SERV_ID.service -l --no-pager - rv=$? - if [ $rv -ne 0 ]; then - return 1 - fi - else - initfile=`get_init_file $initconfig_dir $SERV_ID` || { echo Instance $SERV_ID not found. ; return 255 ; } - - # source env. for this instance - if [ -f $initfile ] ; then - . $initfile - else - echo Instance $SERV_ID not found. - return 255 - fi - fi - return 0 -} - -# source env. for all instances -[ -f @initconfigdir@/@package_name@ ] && . @initconfigdir@/@package_name@ - -while getopts "d:" flag -do - case "$flag" in - d) initconfig_dir="$OPTARG";; - esac -done -shift $(($OPTIND-1)) - -if [ -z "$initconfig_dir" ]; then - initconfig_dir=@initconfigdir@ -fi - -found=0 -if [ $# -eq 0 ]; then - # We're reporting the status of all instances. - ret=0 - # - # Use systemctl if available and running as root, - # - if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then - @bindir@/systemctl status @package_name@@*.service -l --no-pager - ret=$? - if [ $? -ne 0 ]; then - return 1 - fi - else - initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; } - for i in $initfiles; do - inst=`normalize_server_id $i` - echo Status of instance \"$inst\" - status_instance $inst - rv=$? - #if one of them is successful, return 0. - if [ $rv -ne 0 ]; then - ret=`expr $ret + 1` - fi - done - fi - exit $ret -else - # We're getting the status of a single instance. - status_instance $@ - exit $? -fi diff --git a/ldap/admin/src/scripts/stop-dirsrv.in b/ldap/admin/src/scripts/stop-dirsrv.in deleted file mode 100755 index 7c25034..0000000 --- a/ldap/admin/src/scripts/stop-dirsrv.in +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/sh - -# Script that stops the ns-slapd server. -# Exit status can be: -# 0: Server stopped successfully -# 1: Server could not be stopped -# 2: Server was not running - -. @datadir@/@package_name@/data/DSSharedLib - -RUN_DIR="@localrundir@/@PACKAGE_NAME@"; - -stop_instance() { - SERV_ID=$1 - - PIDFILE=@localstatedir@$RUN_DIR/slapd-$SERV_ID.pid - if test ! -f $PIDFILE ; then - echo No ns-slapd PID file found. Server is probably not running - return 2 - fi - PID=`cat $PIDFILE` - - # - # use systemctl if running as root - # - if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then - # - # Now, check if systemctl is aware of this running instance - # - @bindir@/systemctl is-active @package_name@@$SERV_ID.service > /dev/null 2>&1 - if [ $? -eq 0 ]; then - # - # systemctl sees the running process, so stop it correctly - # - @bindir@/systemctl stop @package_name@@$SERV_ID.service -l - else - # - # Have to kill it since systemctl doesn't think it's running - # - kill $PID - fi - else - instance=`get_slapd_instance @instconfigdir@ $SERV_ID` || { echo Instance $SERV_ID not found. ; return 1 ; } - - # see if the server is already stopped - kill -s 0 $PID > /dev/null 2>&1 || { - echo Server not running - if test -f $PIDFILE ; then - rm -f $PIDFILE - fi - return 2 - } - # server is running - kill it - kill $PID - fi - - # wait for 10 minutes (600 times 1 second) - loop_counter=1 - max_count=600 - while test $loop_counter -le $max_count; do - loop_counter=`expr $loop_counter + 1` - if kill -s 0 $PID > /dev/null 2>&1 ; then - sleep 1; - else - if test -f $PIDFILE ; then - rm -f $PIDFILE - fi - return 0 - fi - done - if test -f $PIDFILE ; then - echo Server still running!! Failed to stop the ns-slapd process: $PID. Please check the errors log for problems. - fi - return 1 -} - -while getopts "d:" flag -do - case "$flag" in - d) initconfig_dir="$OPTARG";; - esac -done -shift $(($OPTIND-1)) - -if [ $# -eq 0 ]; then - # We're stopping all instances. - ret=0 - instances=`get_slapd_instances @instconfigdir@` || { echo No instances found in @instconfigdir@ ; exit 1 ; } - for i in $instances; do - if [ ! -d "$i" ] ; then - echo No instances found in @instconfigdir@ - exit 1 - fi - inst=`normalize_server_id $i` - echo Stopping instance \"$inst\" - stop_instance $inst - rv=$? - if [ $rv -ne 0 ]; then - ret=$rv - fi - done - exit $ret -else - # We're stopping a single instance. - stop_instance $@ - exit $? -fi diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in deleted file mode 100755 index 2353479..0000000 --- a/ldap/admin/src/scripts/suffix2instance.in +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@libdir@" -libpath_add "@nss_libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: suffix2instance [-Z serverID] -s suffix [-h]" - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -s suffix - Suffix used to map to backend instance" - echo " -h - Display usage" -} - -while getopts "Z:s:h" flag -do - case $flag in - Z) servid=$OPTARG;; - s) args=$args" -s \"$OPTARG\"";; - h) usage - exit 0;; - ?) usage - exit 1;; - esac -done - -if [ -z "$args" ] -then - usage - exit 1 -fi - -if [ $# -lt 2 ] -then - echo Usage: suffix2instance [-Z serverID] {-s includesuffix}* - exit 1 -fi - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -eval @sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1 diff --git a/ldap/admin/src/scripts/syntax-validate.pl.in b/ldap/admin/src/scripts/syntax-validate.pl.in deleted file mode 100644 index 537228b..0000000 --- a/ldap/admin/src/scripts/syntax-validate.pl.in +++ /dev/null @@ -1,115 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$i = 0; - -sub usage { - print(STDERR "Usage: syntax-validate.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename }\n"); - print(STDERR " [-P protocol] -b baseDN [-f filter] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -b baseDN - Base DN that contains entries to validate\n"); - print(STDERR " -f filter - Filter for entries to validate\n"); - print(STDERR " If omitted, all entries under the specified\n"); - print(STDERR " base will have their attribute values validated.\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) -{ - if ("$ARGV[$i]" eq "-b"){ - # base DN - $i++; $basedn_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-f"){ - # filter - $i++; $filter_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D"){ - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w"){ - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j"){ - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z"){ - # Server instance identifier - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-P") { - # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h"){ - # help - &usage; - exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; - exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; -if ( $basedn_arg eq "" ){ - &usage; - exit(1); -} - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "syntax_validate_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=syntax validate, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$basedn = "basedn: $basedn_arg\n"; -if ( $filter_arg ne "" ) -{ - $filter = "filter: $filter_arg\n"; -} -$entry = "${dn}${misc}${cn}${basedn}${filter}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/template-bak2db.in b/ldap/admin/src/scripts/template-bak2db.in deleted file mode 100755 index 01a12fa..0000000 --- a/ldap/admin/src/scripts/template-bak2db.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/bak2db "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-bak2db.pl.in b/ldap/admin/src/scripts/template-bak2db.pl.in deleted file mode 100644 index 1df5e36..0000000 --- a/ldap/admin/src/scripts/template-bak2db.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/bak2db.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-cleanallruv.pl.in b/ldap/admin/src/scripts/template-cleanallruv.pl.in deleted file mode 100644 index 9781ca9..0000000 --- a/ldap/admin/src/scripts/template-cleanallruv.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/cleanallruv.pl @wrapperArgs -Z {{SERV-ID}}" - -exit ($?); diff --git a/ldap/admin/src/scripts/template-db2bak.in b/ldap/admin/src/scripts/template-db2bak.in deleted file mode 100755 index 70a4a2b..0000000 --- a/ldap/admin/src/scripts/template-db2bak.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/db2bak "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-db2bak.pl.in b/ldap/admin/src/scripts/template-db2bak.pl.in deleted file mode 100644 index c94623e..0000000 --- a/ldap/admin/src/scripts/template-db2bak.pl.in +++ /dev/null @@ -1,29 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/db2bak.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); - diff --git a/ldap/admin/src/scripts/template-db2index.in b/ldap/admin/src/scripts/template-db2index.in deleted file mode 100755 index 9c7c5ec..0000000 --- a/ldap/admin/src/scripts/template-db2index.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/db2index "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-db2index.pl.in b/ldap/admin/src/scripts/template-db2index.pl.in deleted file mode 100644 index 96d21f4..0000000 --- a/ldap/admin/src/scripts/template-db2index.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/db2index.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-db2ldif.in b/ldap/admin/src/scripts/template-db2ldif.in deleted file mode 100755 index 3881911..0000000 --- a/ldap/admin/src/scripts/template-db2ldif.in +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -cwd=`pwd` -{{SERVERBIN-DIR}}/db2ldif "$@" -Z {{SERV-ID}} -c $cwd -exit $? diff --git a/ldap/admin/src/scripts/template-db2ldif.pl.in b/ldap/admin/src/scripts/template-db2ldif.pl.in deleted file mode 100644 index 2afb226..0000000 --- a/ldap/admin/src/scripts/template-db2ldif.pl.in +++ /dev/null @@ -1,31 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); -use Cwd; - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -$cwd = cwd(); - -exec "{{SERVERBIN-DIR}}/db2ldif.pl -c $cwd @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-dbverify.in b/ldap/admin/src/scripts/template-dbverify.in deleted file mode 100755 index abcc58e..0000000 --- a/ldap/admin/src/scripts/template-dbverify.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/dbverify "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-dn2rdn.in b/ldap/admin/src/scripts/template-dn2rdn.in deleted file mode 100755 index 9ecae08..0000000 --- a/ldap/admin/src/scripts/template-dn2rdn.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/dn2rdn "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in b/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in deleted file mode 100644 index b02d897..0000000 --- a/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/fixup-linkedattrs.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-fixup-memberof.pl.in b/ldap/admin/src/scripts/template-fixup-memberof.pl.in deleted file mode 100644 index 90b76f1..0000000 --- a/ldap/admin/src/scripts/template-fixup-memberof.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/fixup-memberof.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-fixup-memberuid.pl.in b/ldap/admin/src/scripts/template-fixup-memberuid.pl.in deleted file mode 100644 index 7dfe689..0000000 --- a/ldap/admin/src/scripts/template-fixup-memberuid.pl.in +++ /dev/null @@ -1,154 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2014 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -sub usage { - print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n"); - print(STDERR " -b baseDN [-f filter]\n"); - print(STDERR " Opts: -D rootdn - Directory Manager\n"); - print(STDERR " : -w password - Directory Manager's password\n"); - print(STDERR " : -w - - Prompt for Directory Manager's password\n"); - print(STDERR " : -j filename - Read Directory Manager's password from file\n"); - print(STDERR " : -b baseDN - Base DN that contains entries to fix up.\n"); - print(STDERR " : -f filter - Filter for entries to fix up\n"); - print(STDERR " If omitted, all entries under the specified\n"); - print(STDERR " base will have their memberUid attribute\n"); - print(STDERR " regenerated.\n"); - print(STDERR " : -v - verbose\n"); -} - -$rootdn = ""; -$passwd = ""; -$passwdfile = ""; -$basedn_arg = ""; -$filter_arg = ""; -$filter = ""; -$verbose = 0; - -$prefix = "{{DS-ROOT}}"; - -$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin"; - -libpath_add("$prefix@nss_libdir@"); -libpath_add("$prefix/usr/lib"); -libpath_add("@nss_libdir@"); -libpath_add("/usr/lib"); - -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$i = 0; -while ($i <= $#ARGV) -{ - if ("$ARGV[$i]" eq "-b") - { - # base DN - $i++; $basedn_arg = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-f") - { - # filter - $i++; $filter_arg = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-D") - { - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-w") - { - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-j") - { - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } - elsif ("$ARGV[$i]" eq "-v") - { - # verbose - $verbose = 1; - } - else - { - &usage; exit(1); - } - $i++; -} - -if ($passwdfile ne ""){ -# Open file and get the password - unless (open (RPASS, $passwdfile)) { - die "Error, cannot open password file $passwdfile\n"; - } - $passwd = ; - chomp($passwd); - close(RPASS); -} elsif ($passwd eq "-"){ -# Read the password from terminal - print "Bind Password: "; - # Disable console echo - system("@sttyexec@ -echo") if -t STDIN; - # read the answer - $passwd = ; - # Enable console echo - system("@sttyexec@ echo") if -t STDIN; - print "\n"; - chop($passwd); # trim trailing newline -} - -if ( $rootdn eq "" || $passwd eq "" || $basedn_arg eq "" ) -{ - &usage; - exit(1); -} - -$vstr = ""; -if ($verbose != 0) -{ - $vstr = "-v"; -} - -# Use a timestamp as part of the task entry name -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "memberUid_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}"; - -# Build the task entry to add -$dn = "dn: cn=$taskname, cn=memberuid task, cn=tasks, cn=config\n"; -$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -$basedn = "basedn: $basedn_arg\n"; - -if ( $filter_arg ne "" ) -{ - $filter = "filter: $filter_arg\n"; -} - -$entry = "${dn}${misc}${cn}${basedn}${filter}"; -open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w shellEscape($passwd) -a" ); -print(FOO "$entry"); -close(FOO); - -sub libpath_add { - my $libpath = shift; - - if ($libpath) { - if ($ENV{'LD_LIBRARY_PATH'}) { - $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath"; - } else { - $ENV{'LD_LIBRARY_PATH'} = "$libpath"; - } - } -} diff --git a/ldap/admin/src/scripts/template-ldif2db.in b/ldap/admin/src/scripts/template-ldif2db.in deleted file mode 100755 index f38fce3..0000000 --- a/ldap/admin/src/scripts/template-ldif2db.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/ldif2db "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-ldif2db.pl.in b/ldap/admin/src/scripts/template-ldif2db.pl.in deleted file mode 100644 index 64bcfdf..0000000 --- a/ldap/admin/src/scripts/template-ldif2db.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/ldif2db.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-ldif2ldap.in b/ldap/admin/src/scripts/template-ldif2ldap.in deleted file mode 100755 index c785742..0000000 --- a/ldap/admin/src/scripts/template-ldif2ldap.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/ldif2ldap "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-monitor.in b/ldap/admin/src/scripts/template-monitor.in deleted file mode 100755 index c89bb8a..0000000 --- a/ldap/admin/src/scripts/template-monitor.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/monitor "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-ns-accountstatus.pl.in b/ldap/admin/src/scripts/template-ns-accountstatus.pl.in deleted file mode 100644 index 3eda54d..0000000 --- a/ldap/admin/src/scripts/template-ns-accountstatus.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/ns-accountstatus.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-ns-activate.pl.in b/ldap/admin/src/scripts/template-ns-activate.pl.in deleted file mode 100644 index 25a0742..0000000 --- a/ldap/admin/src/scripts/template-ns-activate.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/ns-activate.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-ns-inactivate.pl.in b/ldap/admin/src/scripts/template-ns-inactivate.pl.in deleted file mode 100644 index 55d7226..0000000 --- a/ldap/admin/src/scripts/template-ns-inactivate.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/ns-inactivate.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in b/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in deleted file mode 100755 index cd8cd65..0000000 --- a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/ns-newpwpolicy.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-restart-slapd.in b/ldap/admin/src/scripts/template-restart-slapd.in deleted file mode 100644 index 7933806..0000000 --- a/ldap/admin/src/scripts/template-restart-slapd.in +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -# DEPRECATED - use @sbindir@/restart-dirsrv instead -exec @sbindir@/restart-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@" diff --git a/ldap/admin/src/scripts/template-restoreconfig.in b/ldap/admin/src/scripts/template-restoreconfig.in deleted file mode 100755 index 5109561..0000000 --- a/ldap/admin/src/scripts/template-restoreconfig.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/restoreconfig "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-saveconfig.in b/ldap/admin/src/scripts/template-saveconfig.in deleted file mode 100755 index 7784e83..0000000 --- a/ldap/admin/src/scripts/template-saveconfig.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/saveconfig "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-schema-reload.pl.in b/ldap/admin/src/scripts/template-schema-reload.pl.in deleted file mode 100644 index 6a1b686..0000000 --- a/ldap/admin/src/scripts/template-schema-reload.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/schema-reload.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-start-slapd.in b/ldap/admin/src/scripts/template-start-slapd.in deleted file mode 100755 index be59404..0000000 --- a/ldap/admin/src/scripts/template-start-slapd.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# DEPRECATED - use @sbindir@/start-dirsrv instead -INSTANCE={{SERV-ID}} -exec @sbindir@/start-dirsrv -d {{INITCONFIG-DIR}} $INSTANCE "$@" diff --git a/ldap/admin/src/scripts/template-stop-slapd.in b/ldap/admin/src/scripts/template-stop-slapd.in deleted file mode 100755 index 3bf358d..0000000 --- a/ldap/admin/src/scripts/template-stop-slapd.in +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -# DEPRECATED - use @sbindir@/stop-dirsrv instead -exec @sbindir@/stop-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@" diff --git a/ldap/admin/src/scripts/template-suffix2instance.in b/ldap/admin/src/scripts/template-suffix2instance.in deleted file mode 100755 index e29408d..0000000 --- a/ldap/admin/src/scripts/template-suffix2instance.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/suffix2instance "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-syntax-validate.pl.in b/ldap/admin/src/scripts/template-syntax-validate.pl.in deleted file mode 100644 index e802010..0000000 --- a/ldap/admin/src/scripts/template-syntax-validate.pl.in +++ /dev/null @@ -1,28 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/syntax-validate.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-upgradedb.in b/ldap/admin/src/scripts/template-upgradedb.in deleted file mode 100755 index ae28ac2..0000000 --- a/ldap/admin/src/scripts/template-upgradedb.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/upgradedb "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-upgradednformat.in b/ldap/admin/src/scripts/template-upgradednformat.in deleted file mode 100755 index 74c18e8..0000000 --- a/ldap/admin/src/scripts/template-upgradednformat.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/upgradednformat "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in b/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in deleted file mode 100644 index 4f16f3e..0000000 --- a/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in +++ /dev/null @@ -1,27 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/usn-tombstone-cleanup.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-verify-db.pl.in b/ldap/admin/src/scripts/template-verify-db.pl.in deleted file mode 100644 index 8a52ded..0000000 --- a/ldap/admin/src/scripts/template-verify-db.pl.in +++ /dev/null @@ -1,27 +0,0 @@ -#{{PERL-EXEC}} -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(/usr/lib64/dirsrv/perl); -use DSUtil qw(shellEscape); - -# We lose args that are quoted when passing ARGV to a wrapper -while ($i <= $#ARGV) { - if($ARGV[$i] =~ /^-/){ - $wrapperArgs[$i] = $ARGV[$i]; - } else { - $wrapperArgs[$i] = shellEscape($ARGV[$i]); - } - $i++; -} - -exec "{{SERVERBIN-DIR}}/verify-db.pl @wrapperArgs -Z {{SERV-ID}}"; - -exit ($?); diff --git a/ldap/admin/src/scripts/template-vlvindex.in b/ldap/admin/src/scripts/template-vlvindex.in deleted file mode 100755 index a7ffb40..0000000 --- a/ldap/admin/src/scripts/template-vlvindex.in +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -{{SERVERBIN-DIR}}/vlvindex "$@" -Z {{SERV-ID}} -exit $? diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in deleted file mode 100755 index b61c227..0000000 --- a/ldap/admin/src/scripts/upgradedb.in +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@libdir@" -libpath_add "@nss_libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: upgradedb [-a archivedir] [-Z serverID] [-f] [-v] [-d debuglevel] [-h]" - echo "Options:" - echo " -a archivedir - Location of database backup" - echo " -Z serverID - Server instance identifier" - echo " -f - Force upgrade" - echo " -v - Display version" - echo " -d debuglevel - Debugging level" - echo " -h - Display usage" -} -while getopts "Z:vfrd:h" flag -do - case $flag in - Z) servid=$OPTARG;; - v) args=$args" -v";; - f) args=$args" -f";; - r) args=$args" -r";; - d) args=$args" -d \"$OPTARG\"";; - a) args=$args" -a \"$OPTARG\"" - archive_provided="yes";; - D) args=$args" -D \"$OPTARG\"";; - h) usage - exit 0;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -if [ "$archive_provided" != "yes" ] -then - bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$instance/bak/upgradedb_`date +%Y_%m_%d_%H_%M_%S` - args=$args" -a $bak_dir" -fi - -echo upgrade index files ... -eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in deleted file mode 100755 index 6a92169..0000000 --- a/ldap/admin/src/scripts/upgradednformat.in +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -# upgradednformat -- upgrade DN format to the new style (RFC 4514) -# Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory -# -N: dryrun -# exit code: 0 -- needs upgrade; 1 -- no need to upgrade; -1 -- error -# -n backend_instance -- instance name to be examined or upgraded -# -a db_instance_directory -- full path to the db instance dir -# e.g., /var/lib/dirsrv/slapd-ID/db/userRoot - -libpath_add "@libdir@/@package_name@/" -libpath_add "@nss_libdir@" -libpath_add "@libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: upgradednformat -n backendname -a database_directory [-Z serverID] [-N] [-h]" - echo "Options:" - echo " -n backendname - Backend name" - echo " -a database_directory - Path to database directory" - echo " -Z serverID - Server instance identifier" - echo " -N - Only checks if database has any DNs that need to be upgraded" - echo " -h - Display usage" -} - -while getopts "vhd:a:n:D:NZ:" flag -do - case $flag in - Z) servid=$OPTARG;; - v) args=$args" -v";; - N) args=$args" -N";; - d) args=$args" -d \"$OPTARG\"";; - a) args=$args" -a \"$OPTARG\"" - dir="set";; - n) args=$args" -n \"$OPTARG\"" - be="set";; - h) usage - exit 0;; - D) args=$args" -D \"$OPTARG\"";; - ?) usage - exit 1;; - esac -done - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -if [ -z "$be" ] || [ -z "$dir" ]; then - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -eval @sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args -rc=$? - -exit $rc diff --git a/ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in b/ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in deleted file mode 100644 index ac62315..0000000 --- a/ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in +++ /dev/null @@ -1,119 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@nss_libdir@"); -DSUtil::libpath_add("/usr/lib"); -DSUtil::libpath_add("/usr/lib64"); -$ENV{'PATH'} = "@ldaptool_bindir@:/usr/bin"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; - -$i = 0; - -sub usage { - print(STDERR "Usage: usn-tombstone-cleanup.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename }\n"); - print(STDERR " -s suffix -n backend [-m maxusn_to_delete] [-P protocol] [-h]\n"); - print(STDERR "Options:\n"); - print(STDERR " -D rootdn - Directory Manager\n"); - print(STDERR " -w password - Directory Manager's password\n"); - print(STDERR " -w - - Prompt for Directory Manager's password\n"); - print(STDERR " -Z serverID - Server instance identifier\n"); - print(STDERR " -j filename - Read Directory Manager's password from file\n"); - print(STDERR " -s suffix - Suffix where USN tombstone entries are cleaned up\n"); - print(STDERR " -n backend - Backend instance in which USN tombstone entries are cleaned up (alternative to suffix)\n"); - print(STDERR " -m maxusn_to_delete - USN tombstone entries are deleted up to the entry with maxusn_to_delete\n"); - print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); - print(STDERR " -h - Display usage\n"); -} - -while ($i <= $#ARGV) -{ - if ("$ARGV[$i]" eq "-s"){ - # suffix - $i++; $suffix_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-n"){ - # backend - $i++; $backend_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-m"){ - # max usn - $i++; $maxusn_arg = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-D"){ - # Directory Manager - $i++; $rootdn = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-w"){ - # Directory Manager's password - $i++; $passwd = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-j"){ - # Read Directory Manager's password from a file - $i++; $passwdfile = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-Z"){ - # Server instance identifier - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-P") { - # protocol preference - $i++; $protocol = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h"){ - # help - &usage; - exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; - exit(1); - } - $i++; -} - -# -# Gather all our config settings -# -($servid, $confdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); -%info = DSUtil::get_info($confdir, $host, $port, $rootdn); -$info{rootdnpw} = DSUtil::get_password_from_file($passwd, $passwdfile); -$info{protocol} = $protocol; -$info{args} = "-a"; -if ( $suffix_arg eq "" && $backend_arg eq "" ){ - &usage; - exit(1); -} - -# -# Construct the task entry -# -($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time); -$mn++; $yr += 1900; -$taskname = "usn_cleanup_${yr}_${mn}_${dy}_${h}_${m}_${s}"; -$dn = "dn: cn=$taskname, cn=USN tombstone cleanup task, cn=tasks, cn=config\n"; -$misc = "objectclass: top\nobjectclass: extensibleObject\n"; -$cn = "cn: $taskname\n"; -if ( $suffix_arg ne "" ){ - $args = "suffix: $suffix_arg\n"; -} else { - $args = "backend: $backend_arg\n"; -} -if ( $maxusn_arg ne "" ){ - $args = $args . "maxusn_to_delete: $maxusn_arg\n"; -} -$entry = "${dn}${misc}${cn}${args}"; - -$rc = DSUtil::ldapmod($entry, %info); - -$dn =~ s/^dn: //; -$dn =~ s/\n//; -if($rc == 0){ - print "Successfully added task entry \"$dn\"\n"; -} else { - print "Failed to add task entry \"$dn\" error ($rc)\n"; -} - -exit($rc); diff --git a/ldap/admin/src/scripts/verify-db.pl.in b/ldap/admin/src/scripts/verify-db.pl.in deleted file mode 100644 index acdbbe7..0000000 --- a/ldap/admin/src/scripts/verify-db.pl.in +++ /dev/null @@ -1,240 +0,0 @@ -#!@perlexec@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -use lib qw(@perlpath@); -use DSUtil; - -DSUtil::libpath_add("@db_libdir@"); -DSUtil::libpath_add("@libdir@"); -$ENV{'PATH'} = "@libdir@/@package_name@/slapd-$servid:@db_bindir@:/usr/bin:/"; -$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; -my $custom_dbdir = 0; -my $i = 0; - -sub usage -{ - print "Usage: verify-db.pl [-Z serverID] [ -a ] [-h]\n"; -} - -# getDbDir checks up to 4 levels of db dirs -# e.g., /db// -sub getDbDir -{ - (my $here) = @_; - my @dbdirs = (); - - opendir(DIR0, $here) or die "can't opendir $here : $!"; - while (defined(my $file0 = readdir(DIR0))) - { - if ( "$file0" eq "\." || "$file0" eq "\.\." ) - { - ; - } - elsif ( "$file0" eq "DBVERSION" ) - { - $#dbdirs++; - $dbdirs[$#dbdirs] = $here; - } - elsif ( -d $here . "/" . $file0 ) - { - opendir(DIR1, $here . "/" . $file0) or die "can't opendir $file0 : $!"; - while (defined(my $file1 = readdir(DIR1))) - { - if ( "$file1" eq "\." || "$file1" eq "\.\." ) - { - ; - } - elsif ( "$file1" eq "DBVERSION" ) - { - $#dbdirs++; - $dbdirs[$#dbdirs] = $here . "/" . $file0; - } - elsif ( -d $here . "/" . $file0 . "/" . $file1 ) - { - opendir(DIR2, $here . "/" . $file0 . "/" . $file1) or die "can't opendir $file1 : $!"; - while (defined(my $file2 = readdir(DIR2))) - { - if ( "$file2" eq "\." || "$file2" eq "\.\." ) - { - ; - } - elsif ("$file2" eq "DBVERSION") - { - $#dbdirs++; - $dbdirs[$#dbdirs] = $here . "/" . $file0 . "/" . $file1; - } - elsif ( -d $here . "/" . $file0 . "/" . $file1 . "/" . $file2 ) - { - opendir(DIR3, $here . "/" . $file0 . "/" . $file1 . "/" . $file2) or die "can't opendir $file1 : $!"; - while (defined(my $file3 = readdir(DIR3))) - { - if ( "$file3" eq "\." || "$file3" eq "\.\." ) - { - ; - } - elsif ("$file3" eq "DBVERSION") - { - $#dbdirs++; - $dbdirs[$#dbdirs] = $here . "/" . $file0 . "/" . $file1 . "/" . $file2; - } - } - closedir(DIR3); - } - } - closedir(DIR2); - } - } - closedir(DIR1); - } - } - closedir(DIR0); - - return \@dbdirs; -} - -sub getLastLogfile -{ - (my $here) = @_; - my $logfile = ""; - - opendir(DIR, $here) or die "can't opendir $here : $!"; - while (defined($file = readdir(DIR))) - { - if ($file =~ /log./) - { - $logfile = $file; - } - } - closedir(DIR); - - return \$logfile; -} - -$NULL = "/dev/null"; - -while ($i <= $#ARGV) { - if ( "$ARGV[$i]" eq "-a" ) { # path to search the db files - $i++; $startpoint = $ARGV[$i]; - } elsif ( "$ARGV[$i]" eq "-Z" ) { # server instance identifier - $i++; $servid = $ARGV[$i]; - } elsif ("$ARGV[$i]" eq "-h") { # help - &usage; exit(0); - } else { - print "ERROR - Unknown option: $ARGV[$i]\n"; - &usage; exit(1); - } - $i++; -} - -($servid, $notused_configdir) = DSUtil::get_server_id($servid, "@instconfigdir@"); - -print("*****************************************************************\n"); -print("verify-db: This tool should only be run if recovery start fails\n" . - "and the server is down. If you run this tool while the server is\n" . - "running, you may get false reports of corrupted files or other\n" . - "false errors.\n"); -print("*****************************************************************\n"); - -if ( "$startpoint" eq "" ) { - $startpoint = "@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/db"; -} else { - $custom_dbdir = 1; -} -# get dirs having DBVERSION -my $dbdirs = getDbDir($startpoint); - -# Check transaction logs by db_printlog -for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++) -{ - my $logfile = getLastLogfile($$dbdirs[$i]); - - if ( "$$logfile" ne "" ) - { - # run db_printlog -h for each - print "Verify log files in $$dbdirs[$i] ... "; - open(PRINTLOG, "db_printlog -h $$dbdirs[$i] 2>&1 1> $NULL |"); - sleep 1; - my $haserr = 0; - while ($l = ) - { - if ("$l" ne "") - { - if ($haserr == 0) - { - print "\n"; - } - print "LOG ERROR: $l"; - $haserr++; - } - } - close(PRINTLOG); - if ($haserr == 0 && $? == 0) - { - print "Good\n"; - } - else - { - print "Log file(s) in $$dbdirs[$i] could be corrupted.\n"; - print "Please delete a log file $$logfile, and try restarting the server.\n"; - } - } -} - -# Check db files by db_verify -print "Verify db files ... "; -if ($custom_dbdir){ - open(DBVERIFY, "@sbindir@/dbverify -Z $servid -a $startpoint 2>&1 1> $NULL |"); -} else { - open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |"); -} -sleep 1; -my $bad_index = 0; -my $bad_id2entry = 0; -my $isfirst = 1; -while ($l = ) -{ - if ($isfirst) - { - print "\n"; - $isfirst = 0; - } - if ("$l" =~ /verify failed/) - { - if ("$l" =~ /id2entry.db/) - { - $bad_id2entry++; - } - else - { - $bad_index++; - } - } - print "$l"; -} -close(DBVERIFY); - -if ($bad_id2entry > 0) -{ - print "\nFound the db was corrupted\n"; - print "Please restore your backup and recover the database.\n"; - exit(1); -} -elsif ($bad_index > 0) -{ - print "\nFound the index file(s) was corrupted\n"; - print "Please run db2index on the corrupted index\n"; - exit(1); -} -else -{ - print "Good\n"; - exit(0); -} diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in deleted file mode 100755 index 4de3c9a..0000000 --- a/ldap/admin/src/scripts/vlvindex.in +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh - -. @datadir@/@package_name@/data/DSSharedLib - -libpath_add "@libdir@/@package_name@/" -libpath_add "@libdir@" -libpath_add "@nss_libdir@" -libpath_add "@pcre_libdir@" - -export LD_LIBRARY_PATH -SHLIB_PATH=$LD_LIBRARY_PATH -export SHLIB_PATH - -usage () -{ - echo "Usage: vlvindex [-Z serverID] -n backendname | {-s includesuffix}* -T vlvTag [-d debuglevel] [-v] [-h]" - echo "Note: either \"-n backend\" or \"-s includesuffix\" are required." - echo "Options:" - echo " -Z serverID - Server instance identifier" - echo " -n backend - Backend database name. Example: userRoot" - echo " -s includessuffix - Suffix to index" - echo " -T vlvTag - VLV index name" - echo " -d debuglevel - Debugging level" - echo " -v - Display version" - echo " -h - Display usage" -} - -while getopts "Z:vd:a:T:Sn:s:x:hD:" flag -do - case $flag in - Z) servid=$OPTARG;; - v) args=$args" -v";; - s) args=$args" -s \"$OPTARG\"";; - d) args=$args" -d \"$OPTARG\"";; - a) args=$args" -a \"$OPTARG\"";; - T) args=$args" -T \"$OPTARG\"";; - S) args=$args" -S";; - n) args=$args" -n \"$OPTARG\"";; - x) args=$args" -x \"$OPTARG\"";; - D) args=$args" -D \"$OPTARG\"";; - h) usage - exit 0;; - ?) usage - exit 1;; - esac -done - -if [ $# -lt 4 ] -then - usage - exit 1 -fi - -shift $(($OPTIND - 1)) -if [ $1 ] -then - echo "ERROR - Unknown option: $1" - usage - exit 1 -fi - -instance=$(get_slapd_instance "@instconfigdir@" $servid) -if [ $? -eq 1 ] -then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $instance" - exit 1 -fi - -CONFIG_DIR="@instconfigdir@/slapd-$instance" - -eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args diff --git a/ldap/admin/src/upgradeServer b/ldap/admin/src/upgradeServer deleted file mode 100755 index 3f32ef4..0000000 --- a/ldap/admin/src/upgradeServer +++ /dev/null @@ -1,542 +0,0 @@ -#!/usr/bin/env perl -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# -# This script is used to copy over files from 'install' directory -# to the server instance. - -BEGIN { - $isNT = -d "\\"; - $PS = $isNT ? "\\" : "/"; - $SEP = $isNT ? ";" : ":" ; - $slapdExecName = $isNT ? "slapd.exe" : "ns-slapd"; - # NT needs quotes around some things unix doesn't - $quote = $isNT ? "\"" : ""; -} - -$sroot = $ARGV[0]; -$prefix = $ARGV[1]; -$installDir = sprintf("%s%s%s%s%s%s%s", $sroot, ${PS}, "bin", ${PS}, "slapd", ${PS}, "install"); - -push @INC, "$sroot/bin/slapd/admin/bin"; -require 'uname.lib'; - -my $os = &uname("-s"); -my $shlibsuf; -SWITCH: { - if ($os eq "AIX") { - $LIB_PATH = "LIBPATH" ; - $shlibsuf = ".so"; - last SWITCH ; - } - if ($os eq "HP-UX") { - $LIB_PATH = "SHLIB_PATH" ; - my $arch = &uname("-p"); - if ($arch eq "ia64") { - $shlibsuf = ".so"; - } else { - $shlibsuf = ".sl"; - } - last SWITCH ; - } - if ($isNT) { - $LIB_PATH = "PATH" ; - $shlibsuf = ".dll"; - last SWITCH ; - } - else { - $LIB_PATH = "LD_LIBRARY_PATH" ; - $shlibsuf = ".so"; - last SWITCH ; - } -} - -# This subroutine takes source directory and destination directory -# as the arguments. - -sub copy_files -{ - my $destDir = pop(@_); - my $srcDir = pop(@_); - my $buf = ""; - my $bufsize = 8192; - - opendir(SRCDIR, $srcDir) || die "Can not open source directory $src_dir\n"; - my @srcfiles = readdir(SRCDIR); - closedir(SRCDIR); - - my $count = 0; - while ($count <= $#srcfiles) { - if ($srcfiles[$count] eq "." || $srcfiles[$count] eq ".." - || $srcfiles[$count] eq "99user.ldif" ) { - $count++; - next; - } - my $fullpath_srcfile = sprintf("%s%s%s", $srcDir, ${PS}, $srcfiles[$count]); - my $fullpath_destfile = sprintf("%s%s%s", $destDir, ${PS}, $srcfiles[$count]); - - open( SRC, $fullpath_srcfile ) || die "Can't open $fullpath_srcfile: $!\n"; - open( DEST, ">$fullpath_destfile" ) || die "Can't create $fullpath_destfile: $!\n"; - while (read(SRC, $buf, $bufsize)) { - print DEST $buf; - } - close( SRC ); - close( DEST ); - - $count++; - } -} - -# Copy schema ldiffiles from /bin/slapd/install/schema to -# //config/schema - -sub copy_schema_files -{ - my $schema_bakdir = sprintf("%s%s%s%s%s%s%s", $sroot, ${PS}, ${prefix}, ${PS}, "config", ${PS}, "schema-bak"); - my $schema_srcdir = sprintf("%s%s%s", $installDir, ${PS}, "schema"); - my $schema_destdir = sprintf("%s%s%s%s%s%s%s", $sroot, ${PS}, ${prefix}, ${PS}, "config", ${PS}, "schema"); - - # First, back up the original schema ldiffiles under schema-bak directory - unless (-d $schema_bakdir) { - mkdir ($schema_bakdir, 0755) || - die "Cannot create directory $schema_bakdir: $!\n"; - } - copy_files( $schema_destdir, $schema_bakdir ); - - # Now, copy the latest schema ldiffiles - copy_files( $schema_srcdir, $schema_destdir ); -} - -sub modify_dse_ldif -{ - my $dse_ldiffile = sprintf("%s%s%s%s%s%s%s", $sroot, ${PS}, ${prefix}, ${PS}, "config", ${PS}, "dse.ldif"); - my $isOID = 0; - my $isJPEG = 0; - my $isSpInSt = 0; - my $reqNameChange = 0; - - open( DSE, "$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n"; - my $new_filename = "$dse_ldiffile"."_new"; - open( OUTFILE, "> $new_filename" ); - while($line = ) { - $isOID = 1 if ( $line =~ /^dn:\s*cn=OID Syntax,\s*cn=plugins,\s*cn=config/i); - $isJPEG = 1 if ( $line =~ /^dn:\s*cn=JPEG Syntax,\s*cn=plugins,\s*cn=config/i); - $isSpInSt = 1 if ( $line =~ /^dn:\s*cn=Space Insensitive String Syntax,\s*cn=plugins,\s*cn=config/i); - if( ($line =~ s/uid uniqueness/attribute uniqueness/) || - ($line =~ s/uid-plugin/attr-unique-plugin/) ){ - # the plugin name has changed - $reqNameChange = 1; - print OUTFILE $line; - } else { - print OUTFILE $line; - } - - } - close( DSE ); - close(OUTFILE); - - if ($isOID && $isJPEG && $isSpInSt && !$reqNameChange) { - # nothing to be done - just return - unlink($new_filename); - return; - } - - if($reqNameChange){ - # if the name change is required copy the contents of the edited dse.ldif_new to the dse.ldif - open( DSE, ">$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n"; - open( OUTFILE, "$new_filename" ) || die "Can't open $new_filename: $!\n"; - while($line = ) { - print DSE $line; - } - close( DSE ); - close(OUTFILE); - } - unlink($new_filename) or die "Cannot unlink $new_filename \n"; - - - open( DSE, ">>$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n"; - - unless ($isOID) { - # Add OID Syntax entry - print DSE "dn: cn=OID Syntax,cn=plugins,cn=config\n"; - print DSE "objectClass: top\n"; - print DSE "objectClass: nsSlapdPlugin\n"; - print DSE "objectClass: extensibleObject\n"; - print DSE "cn: OID Syntax\n"; - print DSE "nsslapd-pluginPath: $sroot/lib/syntax-plugin$shlibsuf\n"; - print DSE "nsslapd-pluginInitfunc: oid_init\n"; - print DSE "nsslapd-pluginType: syntax\n"; - print DSE "nsslapd-pluginEnabled: on\n"; - print DSE "nsslapd-pluginId: oid-syntax\n"; - print DSE "nsslapd-pluginVersion: 1.0.3\n"; - print DSE "nsslapd-pluginVendor: 389 Project\n"; - print DSE "nsslapd-pluginDescription: OID attribute syntax plugin\n"; - print DSE "\n"; - } - - unless ($isJPEG) { - # Add JPEG Syntax entry - print DSE "dn: cn=JPEG Syntax,cn=plugins,cn=config\n"; - print DSE "objectClass: top\n"; - print DSE "objectClass: nsSlapdPlugin\n"; - print DSE "objectClass: extensibleObject\n"; - print DSE "cn: JPEG Syntax\n"; - print DSE "nsslapd-pluginPath: $sroot/lib/syntax-plugin$shlibsuf\n"; - print DSE "nsslapd-pluginInitfunc: jpeg_init\n"; - print DSE "nsslapd-pluginType: syntax\n"; - print DSE "nsslapd-pluginEnabled: on\n"; - print DSE "nsslapd-pluginId: jpeg-syntax\n"; - print DSE "nsslapd-pluginVersion: 1.0.3\n"; - print DSE "nsslapd-pluginVendor: 389 Project\n"; - print DSE "nsslapd-pluginDescription: JPEG attribute syntax plugin\n"; - print DSE "\n"; - } - - unless ($isSpInSt) { - # Add Space Insensitive String Syntax entry - print DSE "dn: cn=Space Insensitive String Syntax,cn=plugins,cn=config\n"; - print DSE "objectClass: top\n"; - print DSE "objectClass: nsSlapdPlugin\n"; - print DSE "objectClass: extensibleObject\n"; - print DSE "cn: Space Insensitive String Syntax\n"; - print DSE "nsslapd-pluginPath: $sroot/lib/syntax-plugin$shlibsuf\n"; - print DSE "nsslapd-pluginInitfunc: sicis_init\n"; - print DSE "nsslapd-pluginType: syntax\n"; - print DSE "nsslapd-pluginEnabled: on\n"; - print DSE "nsslapd-pluginId: spaceinsensitivestring-syntax\n"; - print DSE "nsslapd-pluginVersion: 1.0.3\n"; - print DSE "nsslapd-pluginVendor: 389 Project\n"; - print DSE "nsslapd-pluginDescription: space insensitive string attribute syntax plugin\n"; - print DSE "\n"; - } - - close( DSE ); -} - -sub get_changelog_dir { - my $dse_ldiffile = sprintf("%s%s%s%s%s%s%s", $sroot, ${PS}, ${prefix}, ${PS}, "config", ${PS}, "dse.ldif"); - my $inClEntry = 0; - my $clDir; - - # first find the changelog dir, if any - open( DSE, "$dse_ldiffile" ) || die "Can't open $dse_ldiffile: $!\n"; - while() { - if (/^dn:\s*cn=changelog5,\s*cn=config/i) { - $inClEntry = 1; - next; - } - if (/^\s*$/ && $inClEntry) { - $inClEntry = 0; - last; # not found, just abort - } - if ($inClEntry && /^nsslapd-changelogdir:\s*/i) { - $clDir = $'; #' - chomp($clDir); - last; - } - } - close( DSE ); - return $clDir; -} - -sub fix_changelog { - my $clDir = shift; - my $newver = shift; - - # look for the region files and remove them - they are the files - # that start with "__" - like __db.001 - opendir CLDIR, $clDir || die "Error: can't open changelog db dir $clDir: $!"; - while (my $ff = readdir CLDIR) { - unlink $clDir."/".$ff if ($ff =~ /^__/); - } - closedir CLDIR; - - # change the dbversion - my $dbverfile = $clDir . "/DBVERSION"; - my $tmpverfile = $clDir . "/DBVERSION.tmp"; - open DBVER, $dbverfile or die "Error: could not read file $dbverfile: $!"; - open TMPVER, ">$tmpverfile" or die "Error: could not write file $tmpverfile: $!"; - while () { - s/\d+\.\d+$/$newver/; - print TMPVER; - } - close TMPVER; - close DBVER; - unlink $dbverfile; - rename $tmpverfile, $dbverfile; -} - -# get the new (current) version from slapd itself -# not currently used -sub getSlapdVersion { - my $dir = shift; - my $version = 0; # major version of e.g. 6.1 == 6 - my $minor = 0; # minor version of e.g. 6.1 == 1 - my $subminor = 0; # subminor version of e.g. 6.1.2 == 2 - my $buildNumber = 0; - my $progDir = "${PS}bin${PS}slapd${PS}server${PS}"; - - # find the slapd executable - $prog = $dir . $progDir . $slapdExecName; - if (! -f $prog) { - die "Could not run slapd program $prog: $!"; - } - else { - chdir($dir . $progDir); - } - - open(F, "${quote}${quote}$prog${quote} -v${quote} 2>&1 |") or - die "Could not run slapd program $prog: $!"; - sleep(1); # allow some data to accumulate in the pipe -# print "Output from $prog -v:\n"; - while () { - if (/^Red Hat-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { - $version = $1; - $minor = $2; - if ($4) { - $subminor = $3; - $buildNumber = $4; - } else { - $buildNumber = $3; - } - last; - } - elsif (/^389-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { - $version = $1; - $minor = $2; - if ($4) { - $subminor = $3; - $buildNumber = $4; - } else { - $buildNumber = $3; - } - last; - } - elsif (/^Fedora-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { - $version = $1; - $minor = $2; - if ($4) { - $subminor = $3; - $buildNumber = $4; - } else { - $buildNumber = $3; - } - last; - } - elsif (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { - $version = $1; - $minor = $2; - if ($4) { - $subminor = $3; - $buildNumber = $4; - } else { - $buildNumber = $3; - } - last; - } - elsif (/^Netscape-Directory\(restrict?ed-mode\)\/(\d+)\.(\d+)(?:\.(\d+))?\s+(\S+)/) { # we can have restricted-mode or restriced-mode ... - # version could be X.Y or X.Y.Z - $version = $1; - $minor = $2; - if ($4) { - $subminor = $3; - $buildNumber = $4; - } else { - $buildNumber = $3; - } - last; - } - elsif (/^iPlanet-Directory\/(\d+)\.(\d+)\s+(\S+)/i) { - $version = $1; - $minor = $2; - $buildNumber = $3; - last; - } - } - my $code = close(F); - - if ($version == 0) { - die "\nCould not determine version of the directory server in $dir: \n"; - } - - # distinguish the 4.1 and the 4.11 thanks to the buildNumber - if (($version == 4) && ($minor == 1)){ - if (! ($buildNumber =~ /^B99\.16/)) { - # it's not a 4.1 Netscape Directory Server => it's a 4.11 - $minor = 11 ; - } - } - return ( $version, $minor, $subminor ); -} - -# get the old version from the $sroot/setup/slapd/slapd.inf file -# not currently used -sub getInfVersion { - my $inffile = "$sroot/setup/slapd/slapd.inf"; - open INF, $inffile || die "Error: could not read file $inffile: $!"; - my $inslapdsection = 0; - while () { - if (/^\[slapd\]/) { - $inslapdsection = 1; - } elsif ($inslapdsection && /^\[/) { - $inslapdsection = 0; - last; - } elsif ($inslapdsection && /^\s*Version\s*=\s*(\d+)\.(\d+)(?:\.(\d+))?/) { - close INF; - return ($1, $2, $3); - } - } - close INF; - return ('0', '0'); -} - -sub getChangelogVersion { - my $cldir = shift; - my $versionfile = $cldir . "/DBVERSION"; - my $version = "0.0"; - open DBVER, $versionfile or return '0.0'; - while () { - if (/(\d+\.\d+)$/) { - $version = $1; - } - } - close DBVER; - return $version; -} - -sub instantiate_new_package_scripts { - - my @newtemplates = ( - "$sroot/bin/slapd/admin/scripts/template-cl-dump.pl", - "$sroot/bin/slapd/admin/scripts/template-migrate5to7", - "$sroot/bin/slapd/admin/scripts/template-migrate6to7", - "$sroot/bin/slapd/admin/scripts/template-migrateInstance7", - "$sroot/bin/slapd/admin/scripts/template-migrateTo7", - "$sroot/bin/slapd/admin/scripts/template-repl-monitor-cgi.pl", - ); - - foreach $src ( @newtemplates ) { - $dest = "$sroot/bin/slapd/admin/bin/$1" if $src =~ /.*template-(.*)$/; - # repl mon cgi script goes in bin/admin/admin/bin - if ($src =~ /repl-monitor-cgi.pl/) { - $dest =~ s@/bin/slapd/admin/bin/@/bin/admin/admin/bin/@; - } - unless ( open ( template, $src )) { - print "Can't open $src: $!\n"; - next; - } - unless ( open ( target, ">$dest" )) { - print "Can't open $dest: $!\n"; - close template; - next; - } - while (