Gordon Messmer
2008-Jan-15 03:00 UTC
[Fedora-directory-users] ConfigFile for silent install
The documentation doesn''t seem to be very clear about the expected contents of files specified via ConfigFile in the inf files used for silent installs. For example, I want to change the aci on the VLV feature, so if I try this in a ConfigFile: dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config objectClass: top objectClass: directoryServerFeature oid: 2.16.840.1.113730.3.4.9 cn: VLV Request Control aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///anyone";) ...the server setup fails. I get this output: Error adding entry ''oid=2.16.840.1.113730.3.4.9,cn=features,cn=config''. Error: No such object Error: Could not create directory server instance ''master1''. Exiting . . . If, instead, I use a format suitable for ldapmodify, like this: dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config changetype: modify replace: aci aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///anyone";) The server doesn''t complain, but it appears to have no effect at all. What should the ConfigFile look like?
Rich Megginson
2008-Jan-15 15:21 UTC
Re: [Fedora-directory-users] ConfigFile for silent install
Gordon Messmer wrote:> The documentation doesn''t seem to be very clear about the expected > contents of files specified via ConfigFile in the inf files used for > silent installs. > > For example, I want to change the aci on the VLV feature, so if I try > this in a ConfigFile: > > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > objectClass: top > objectClass: directoryServerFeature > oid: 2.16.840.1.113730.3.4.9 > cn: VLV Request Control > aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control"; > allow( read, search, compare, proxy ) userdn = "ldap:///anyone";) > > ...the server setup fails. I get this output: > > Error adding entry > ''oid=2.16.840.1.113730.3.4.9,cn=features,cn=config''. Error: No such > object > Error: Could not create directory server instance ''master1''. > Exiting . . .I think that entry is added dynamically at server startup. You may have to add the cn=features entry first in your LDIF file. Even then it may not work if the server is not expecting that entry to be there. So in your LDIF file: dn: cn=features, cn=config objectclass: top objectclass: nsContainer cn: features dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config ... If that still doesn''t work, then it is a bug.> > If, instead, I use a format suitable for ldapmodify, like this: > > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > changetype: modify > replace: aci > aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control"; > allow( read, search, compare, proxy ) userdn = "ldap:///anyone";) > > The server doesn''t complain, but it appears to have no effect at all. > > What should the ConfigFile look like? > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Gordon Messmer
2008-Jan-18 07:20 UTC
Re: [Fedora-directory-users] ConfigFile for silent install
Rich Megginson wrote:> I think that entry is added dynamically at server startup. You may > have to add the cn=features entry first in your LDIF file. Even then > it may not work if the server is not expecting that entry to be > there. So in your LDIF file: > > dn: cn=features, cn=config > objectclass: top > objectclass: nsContainer > cn: features > > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > ... > > > If that still doesn''t work, then it is a bug.It did work, mostly, except that I end up with both the aci that I wanted, and the default. I''m not sure yet what effect that will have. Would this be considered a bug?
Rich Megginson
2008-Jan-22 16:39 UTC
Re: [Fedora-directory-users] ConfigFile for silent install
Gordon Messmer wrote:> Rich Megginson wrote: >> I think that entry is added dynamically at server startup. You may >> have to add the cn=features entry first in your LDIF file. Even then >> it may not work if the server is not expecting that entry to be >> there. So in your LDIF file: >> >> dn: cn=features, cn=config >> objectclass: top >> objectclass: nsContainer >> cn: features >> >> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >> ... >> >> >> If that still doesn''t work, then it is a bug. > > It did work, mostly, except that I end up with both the aci that I > wanted, and the default. I''m not sure yet what effect that will > have. Would this be considered a bug?I suppose, but the ConfigFile thing wasn''t designed to modify existing entries, only to add entries (e.g. to add suffixes/databases, replication configuration, SSL configuration, etc.) during setup.> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users