[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-commits
Subject: [389-commits] ldap/admin ldap/servers Makefile.am Makefile.in
From: Mark Reynolds <mreynolds () fedoraproject ! org>
Date: 2013-02-19 22:21:20
Message-ID: 20130219222121.146B23261 () fedorahosted ! org
[Download RAW message or body]
Makefile.am | 53
Makefile.in | 53
ldap/admin/src/scripts/DSCreate.pm.in | 12
ldap/admin/src/scripts/DSMigration.pm.in | 4
ldap/admin/src/scripts/DSUtil.pm.in | 59
ldap/admin/src/scripts/bak2db.in | 118 +
ldap/admin/src/scripts/bak2db.pl.in | 191 ++
ldap/admin/src/scripts/cleanallruv.pl.in | 222 +++
ldap/admin/src/scripts/db2bak.in | 118 +
ldap/admin/src/scripts/db2bak.pl.in | 176 ++
ldap/admin/src/scripts/db2index.in | 117 +
ldap/admin/src/scripts/db2index.pl.in | 252 +++
ldap/admin/src/scripts/db2ldif.in | 190 ++
ldap/admin/src/scripts/db2ldif.pl.in | 319 ++++
ldap/admin/src/scripts/dbverify.in | 112 +
ldap/admin/src/scripts/dn2rdn.in | 95 +
ldap/admin/src/scripts/fixup-linkedattrs.pl.in | 207 ++
ldap/admin/src/scripts/fixup-memberof.pl.in | 219 ++
ldap/admin/src/scripts/ldif2db.in | 144 +
ldap/admin/src/scripts/ldif2db.pl.in | 277 +++
ldap/admin/src/scripts/ldif2ldap.in | 106 +
ldap/admin/src/scripts/monitor.in | 98 +
ldap/admin/src/scripts/ns-accountstatus.pl.in | 879 +++++++++++
ldap/admin/src/scripts/ns-activate.pl.in | 884 ++++++++++++
ldap/admin/src/scripts/ns-inactivate.pl.in | 884 ++++++++++++
ldap/admin/src/scripts/ns-newpwpolicy.pl.in | 330 ++++
ldap/admin/src/scripts/remove-ds.pl.in | 10
ldap/admin/src/scripts/restart-slapd.in | 92 +
ldap/admin/src/scripts/restoreconfig.in | 101 +
ldap/admin/src/scripts/saveconfig.in | 101 +
ldap/admin/src/scripts/schema-reload.pl.in | 206 ++
ldap/admin/src/scripts/setup-ds.pl.in | 2
ldap/admin/src/scripts/start-dirsrv.in | 1
ldap/admin/src/scripts/start-slapd.in | 82 +
ldap/admin/src/scripts/stop-dirsrv.in | 5
ldap/admin/src/scripts/stop-slapd.in | 83 +
ldap/admin/src/scripts/suffix2instance.in | 104 +
ldap/admin/src/scripts/syntax-validate.pl.in | 216 ++
ldap/admin/src/scripts/template-bak2db.in | 60
ldap/admin/src/scripts/template-bak2db.pl.in | 113 -
ldap/admin/src/scripts/template-cleanallruv.pl.in | 150 --
ldap/admin/src/scripts/template-db2bak.in | 54
ldap/admin/src/scripts/template-db2bak.pl.in | 103 -
ldap/admin/src/scripts/template-db2index.in | 32
ldap/admin/src/scripts/template-db2index.pl.in | 190 --
ldap/admin/src/scripts/template-db2ldif.in | 85 -
ldap/admin/src/scripts/template-db2ldif.pl.in | 247 ---
ldap/admin/src/scripts/template-dbverify.in | 48
ldap/admin/src/scripts/template-dn2rdn.in | 22
ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in | 135 -
ldap/admin/src/scripts/template-fixup-memberof.pl.in | 146 -
ldap/admin/src/scripts/template-ldif2db.in | 55
ldap/admin/src/scripts/template-ldif2db.pl.in | 205 --
ldap/admin/src/scripts/template-ldif2ldap.in | 26
ldap/admin/src/scripts/template-monitor.in | 25
ldap/admin/src/scripts/template-ns-accountstatus.pl.in | 827 -----------
ldap/admin/src/scripts/template-ns-activate.pl.in | 827 -----------
ldap/admin/src/scripts/template-ns-inactivate.pl.in | 827 -----------
ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in | 270 ---
ldap/admin/src/scripts/template-restart-slapd.in | 12
ldap/admin/src/scripts/template-restoreconfig.in | 27
ldap/admin/src/scripts/template-saveconfig.in | 28
ldap/admin/src/scripts/template-schema-reload.pl.in | 135 -
ldap/admin/src/scripts/template-start-slapd.in | 10
ldap/admin/src/scripts/template-stop-slapd.in | 9
ldap/admin/src/scripts/template-suffix2instance.in | 26
ldap/admin/src/scripts/template-syntax-validate.pl.in | 146 -
ldap/admin/src/scripts/template-upgradedb.in | 28
ldap/admin/src/scripts/template-upgradednformat.in | 62
ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in | 164 --
ldap/admin/src/scripts/template-verify-db.pl.in | 238 ---
ldap/admin/src/scripts/template-vlvindex.in | 27
ldap/admin/src/scripts/upgradedb.in | 100 +
ldap/admin/src/scripts/upgradednformat.in | 121 +
ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in | 237 +++
ldap/admin/src/scripts/verify-db.pl.in | 303 ++++
ldap/admin/src/scripts/vlvindex.in | 110 +
ldap/servers/slapd/entry.c | 4
78 files changed, 8154 insertions(+), 5202 deletions(-)
New commits:
commit cca2990b89dc2224be4522d7c8d6326cd244967f
Author: Mark Reynolds <mreynolds@redhat.com>
Date: Tue Feb 19 17:10:47 2013 -0500
Ticket 528 - RFE - get rid of instance specific scripts
RFE Description: Remove instance specific scripts, and create "global" scripts
for /usr/sbin/
Fix Description: Created the "global" scripts for /usr/sbin, and changed the
instance specific scripts(/usr/lib64/dirsrv/slapd-INSTANCE/*)
to be wrapper scripts. The new "global" scripts also have a \
new
option (-Z) to specify the server instance. The scripts use \
the
server id to grab host/port/rootdn information. If the -Z is
omitted, and there is only one instance installed, then the \
scripts
automatically grab the server identifer. If there is more than
one instance installed, or none, then report an error and list
all the available instances.
Also revised all the scripts to have a help/usage option.
https://fedorahosted.org/389/ticket/528
Reviewed by: nhosoi & richm(Thanks!)
diff --git a/Makefile.am b/Makefile.am
index 094d13c..06a4692 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -118,6 +118,23 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \
ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif \
ldap/ldif/template-org.ldif \ ldap/ldif/template-orgunit.ldif \
ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \ \
ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif \ \
+ ldap/admin/src/scripts/bak2db ldap/admin/src/scripts/db2bak \
ldap/admin/src/scripts/upgradedb \ + ldap/admin/src/scripts/db2index \
ldap/admin/src/scripts/db2ldif \ + ldap/admin/src/scripts/dn2rdn \
ldap/admin/src/scripts/ldif2db \ + ldap/admin/src/scripts/ldif2ldap \
ldap/admin/src/scripts/monitor \ + ldap/admin/src/scripts/restart-slapd \
ldap/admin/src/scripts/restoreconfig \ + ldap/admin/src/scripts/saveconfig \
ldap/admin/src/scripts/start-slapd \ + ldap/admin/src/scripts/stop-slapd \
ldap/admin/src/scripts/suffix2instance \ + ldap/admin/src/scripts/upgradednformat \
ldap/admin/src/scripts/vlvindex \ + ldap/admin/src/scripts/bak2db.pl \
ldap/admin/src/scripts/db2bak.pl \ + ldap/admin/src/scripts/db2index.pl \
ldap/admin/src/scripts/db2ldif.pl \ + ldap/admin/src/scripts/fixup-linkedattrs.pl \
ldap/admin/src/scripts/fixup-memberof.pl \ + ldap/admin/src/scripts/cleanallruv.pl \
ldap/admin/src/scripts/ldif2db.pl \ + ldap/admin/src/scripts/ns-accountstatus.pl \
ldap/admin/src/scripts/ns-activate.pl \ + ldap/admin/src/scripts/ns-inactivate.pl \
ldap/admin/src/scripts/ns-newpwpolicy.pl \ + ldap/admin/src/scripts/schema-reload.pl \
ldap/admin/src/scripts/syntax-validate.pl \ \
+ ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \
\ + ldap/admin/src/scripts/dbverify \
$(POSIX_WINSYNC_PLUGIN_LDIF)
clean-local:
@@ -319,7 +336,41 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
ldap/admin/src/scripts/start-dirsrv \
ldap/admin/src/scripts/stop-dirsrv \
ldap/admin/src/scripts/restart-dirsrv \
- wrappers/ldap-agent
+ ldap/admin/src/scripts/bak2db \
+ ldap/admin/src/scripts/db2bak \
+ ldap/admin/src/scripts/db2index \
+ ldap/admin/src/scripts/db2ldif \
+ ldap/admin/src/scripts/dn2rdn \
+ ldap/admin/src/scripts/ldif2db \
+ ldap/admin/src/scripts/ldif2ldap \
+ ldap/admin/src/scripts/monitor \
+ ldap/admin/src/scripts/restart-slapd \
+ ldap/admin/src/scripts/restoreconfig \
+ ldap/admin/src/scripts/saveconfig \
+ ldap/admin/src/scripts/start-slapd \
+ ldap/admin/src/scripts/stop-slapd \
+ ldap/admin/src/scripts/suffix2instance \
+ ldap/admin/src/scripts/upgradednformat \
+ ldap/admin/src/scripts/vlvindex \
+ ldap/admin/src/scripts/bak2db.pl \
+ ldap/admin/src/scripts/db2bak.pl \
+ ldap/admin/src/scripts/db2index.pl \
+ ldap/admin/src/scripts/db2ldif.pl \
+ ldap/admin/src/scripts/fixup-linkedattrs.pl \
+ ldap/admin/src/scripts/fixup-memberof.pl \
+ ldap/admin/src/scripts/cleanallruv.pl \
+ ldap/admin/src/scripts/ldif2db.pl \
+ ldap/admin/src/scripts/ns-accountstatus.pl \
+ ldap/admin/src/scripts/ns-activate.pl \
+ ldap/admin/src/scripts/ns-inactivate.pl \
+ ldap/admin/src/scripts/ns-newpwpolicy.pl \
+ ldap/admin/src/scripts/schema-reload.pl \
+ ldap/admin/src/scripts/syntax-validate.pl \
+ ldap/admin/src/scripts/usn-tombstone-cleanup.pl \
+ ldap/admin/src/scripts/verify-db.pl \
+ ldap/admin/src/scripts/dbverify \
+ ldap/admin/src/scripts/upgradedb \
+ wrappers/ldap-agent
bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
wrappers/dbscan \
diff --git a/Makefile.in b/Makefile.in
index 37e9486..3cce460 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1408,6 +1408,23 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \
ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif \
ldap/ldif/template-org.ldif \ ldap/ldif/template-orgunit.ldif \
ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \ \
ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif \ \
+ ldap/admin/src/scripts/bak2db ldap/admin/src/scripts/db2bak \
ldap/admin/src/scripts/upgradedb \ + ldap/admin/src/scripts/db2index \
ldap/admin/src/scripts/db2ldif \ + ldap/admin/src/scripts/dn2rdn \
ldap/admin/src/scripts/ldif2db \ + ldap/admin/src/scripts/ldif2ldap \
ldap/admin/src/scripts/monitor \ + ldap/admin/src/scripts/restart-slapd \
ldap/admin/src/scripts/restoreconfig \ + ldap/admin/src/scripts/saveconfig \
ldap/admin/src/scripts/start-slapd \ + ldap/admin/src/scripts/stop-slapd \
ldap/admin/src/scripts/suffix2instance \ + ldap/admin/src/scripts/upgradednformat \
ldap/admin/src/scripts/vlvindex \ + ldap/admin/src/scripts/bak2db.pl \
ldap/admin/src/scripts/db2bak.pl \ + ldap/admin/src/scripts/db2index.pl \
ldap/admin/src/scripts/db2ldif.pl \ + ldap/admin/src/scripts/fixup-linkedattrs.pl \
ldap/admin/src/scripts/fixup-memberof.pl \ + ldap/admin/src/scripts/cleanallruv.pl \
ldap/admin/src/scripts/ldif2db.pl \ + ldap/admin/src/scripts/ns-accountstatus.pl \
ldap/admin/src/scripts/ns-activate.pl \ + ldap/admin/src/scripts/ns-inactivate.pl \
ldap/admin/src/scripts/ns-newpwpolicy.pl \ + ldap/admin/src/scripts/schema-reload.pl \
ldap/admin/src/scripts/syntax-validate.pl \ \
+ ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \
\ + ldap/admin/src/scripts/dbverify \
$(POSIX_WINSYNC_PLUGIN_LDIF)
taskdir = $(datadir)@scripttemplatedir@
@@ -1547,7 +1564,41 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
ldap/admin/src/scripts/start-dirsrv \
ldap/admin/src/scripts/stop-dirsrv \
ldap/admin/src/scripts/restart-dirsrv \
- wrappers/ldap-agent
+ ldap/admin/src/scripts/bak2db \
+ ldap/admin/src/scripts/db2bak \
+ ldap/admin/src/scripts/db2index \
+ ldap/admin/src/scripts/db2ldif \
+ ldap/admin/src/scripts/dn2rdn \
+ ldap/admin/src/scripts/ldif2db \
+ ldap/admin/src/scripts/ldif2ldap \
+ ldap/admin/src/scripts/monitor \
+ ldap/admin/src/scripts/restart-slapd \
+ ldap/admin/src/scripts/restoreconfig \
+ ldap/admin/src/scripts/saveconfig \
+ ldap/admin/src/scripts/start-slapd \
+ ldap/admin/src/scripts/stop-slapd \
+ ldap/admin/src/scripts/suffix2instance \
+ ldap/admin/src/scripts/upgradednformat \
+ ldap/admin/src/scripts/vlvindex \
+ ldap/admin/src/scripts/bak2db.pl \
+ ldap/admin/src/scripts/db2bak.pl \
+ ldap/admin/src/scripts/db2index.pl \
+ ldap/admin/src/scripts/db2ldif.pl \
+ ldap/admin/src/scripts/fixup-linkedattrs.pl \
+ ldap/admin/src/scripts/fixup-memberof.pl \
+ ldap/admin/src/scripts/cleanallruv.pl \
+ ldap/admin/src/scripts/ldif2db.pl \
+ ldap/admin/src/scripts/ns-accountstatus.pl \
+ ldap/admin/src/scripts/ns-activate.pl \
+ ldap/admin/src/scripts/ns-inactivate.pl \
+ ldap/admin/src/scripts/ns-newpwpolicy.pl \
+ ldap/admin/src/scripts/schema-reload.pl \
+ ldap/admin/src/scripts/syntax-validate.pl \
+ ldap/admin/src/scripts/usn-tombstone-cleanup.pl \
+ ldap/admin/src/scripts/verify-db.pl \
+ ldap/admin/src/scripts/dbverify \
+ ldap/admin/src/scripts/upgradedb \
+ wrappers/ldap-agent
bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
wrappers/dbscan \
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in \
b/ldap/admin/src/scripts/DSCreate.pm.in index 46ca578..fefb3dc 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -31,7 +31,7 @@
# exception.
#
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
@@ -76,9 +76,11 @@ use strict;
use SetupLog;
sub get_initconfigdir {
+ my $prefix = shift;
+
# determine initconfig_dir
if (getLogin eq 'root') {
- return "@initconfigdir@";
+ return "$prefix@initconfigdir@";
} else {
return "$ENV{HOME}/.@package_name@";
}
@@ -290,7 +292,7 @@ sub createInstanceScripts {
my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL ");
# determine initconfig_dir
- my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir();
+ my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || \
get_initconfigdir($inf->{General}->{prefix});
my %maptable = (
"DS-ROOT" => $inf->{General}->{prefix},
@@ -513,7 +515,7 @@ sub makeOtherConfigFiles {
}
# determine initconfig_dir
- my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir();
+ my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || \
get_initconfigdir($inf->{General}->{prefix});
# install instance specific initconfig script
$src = "$inf->{General}->{prefix}@configdir@/template-initconfig";
@@ -1099,7 +1101,7 @@ sub updateSystemD {
}
my @errs = ();
- my $initconfigdir = $inf->{slapd}->{initconfigdir} || get_initconfigdir();
+ my $initconfigdir = $inf->{slapd}->{initconfigdir} || \
get_initconfigdir($inf->{General}->{prefix});
debug(1, "updating systemd files in $unitdir and $confdir for all directory \
server instances in $initconfigdir\n"); my $pkgname = "@package_name@";
my $changes = 0;
diff --git a/ldap/admin/src/scripts/DSMigration.pm.in \
b/ldap/admin/src/scripts/DSMigration.pm.in index 3a73f98..183c2f5 100644
--- a/ldap/admin/src/scripts/DSMigration.pm.in
+++ b/ldap/admin/src/scripts/DSMigration.pm.in
@@ -31,7 +31,7 @@
# exception.
#
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
@@ -1180,7 +1180,7 @@ sub migrateDS {
cleanup:
if (-d "$mig->{configdir}/$inst") {
- @errs = removeDSInstance($inf->{slapd}->{ServerIdentifier}, 1);
+ @errs = removeDSInstance($inf->{slapd}->{ServerIdentifier}, 1, "" ,"", \
$mig->{inf}->{General}->{prefix} ); if (@errs) {
$mig->msg(@errs);
}
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in \
b/ldap/admin/src/scripts/DSUtil.pm.in index 70df23a..b6b9b86 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -42,6 +42,8 @@ use Mozilla::LDAP::Conn;
use Mozilla::LDAP::Utils qw(normalizeDN);
use Mozilla::LDAP::API qw(:constant ldap_explode_dn ldap_err2string) ; # Direct \
access to C API use Mozilla::LDAP::LDIF;
+use File::Spec::Functions qw(rel2abs);
+use File::Basename;
require Exporter;
@ISA = qw(Exporter);
@@ -1182,6 +1184,63 @@ sub serverIsRunning
return 0; # no pid file - assume not running
}
+sub libpath_add {
+ my $libpath = shift;
+
+ if ($libpath) {
+ if ($ENV{'LD_LIBRARY_PATH'}) {
+ $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+ } else {
+ $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ }
+ }
+}
+
+# Get the installation prefix
+sub get_prefix {
+ my $prefix = dirname(rel2abs($0));
+
+ if ($prefix eq "/usr/sbin"){
+ $prefix = "";
+ } else {
+ $prefix =~ s/\/sbin//;
+ }
+
+ return $prefix;
+}
+
+# Grab the host, port, and rootDN from the config file of the server instance
+# if the values are missing
+sub get_missing_info {
+ my $prefix = shift;
+ my $servID = shift;
+ my $instances = shift;
+ my $host = shift;
+ my $port = shift;
+ my $rootdn = shift;
+
+ unless ( -e "$prefix/etc/dirsrv/slapd-$servID/dse.ldif" ){
+ print (STDERR "Invalid server identifer: $servID\n");
+ print (STDERR "Available instances: $instances\n");
+ exit (1);
+ }
+
+ open (DSE, "<$prefix/etc/dirsrv/slapd-$servID/dse.ldif") || die "Failed to open \
config file $prefix/etc/dirsrv/slapd-$servID/dse.ldif $!\n"; + while(<DSE>){
+ if ($host eq "" && $_ =~ /^nsslapd-localhost: (.*)/){
+ $host = $1;
+ }
+ if ($port eq "" && $_ =~ /^nsslapd-port: (.*)/){
+ $port = $1;
+ }
+ if ($rootdn eq "" && $_ =~ /^nsslapd-rootdn: (.*)/){
+ $rootdn = $1;
+ }
+ }
+ close (DSE);
+ return $host, $port, $rootdn;
+}
+
1;
# emacs settings
diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in
new file mode 100755
index 0000000..0fe5240
--- /dev/null
+++ b/ldap/admin/src/scripts/bak2db.in
@@ -0,0 +1,118 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "@nss_libdir@"
+libpath_add "@libdir@"
+libpath_add "@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+if [ $# -lt 1 ] || [ $# -gt 7 ]
+then
+ echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+ exit 1
+elif [ "$1" == "-*" ]
+then
+ echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+ exit 1
+else
+ archivedir=$1
+ shift
+fi
+
+first="yes"
+args=""
+while getopts "hn:Z:qd:vi:a:SD:" flag
+do
+ case $flag in
+ h) echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | \
[-h]" + exit 0;;
+ Z) servid=$OPTARG;;
+ n) args=$args" -n $OPTARG";;
+ q) args=$args" -q";;
+ d) args=$args" -d $OPTARG";;
+ v) args=$args" -v";;
+ D) args=$args" -D $OPTARG";;
+ i) args=$args" -i $OPTARG";;
+ a) archivedir=$OPTARG;;
+ S) args=$args" -S";;
+ ?) echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | \
[-h]" + exit 1;;
+ esac
+done
+
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ # server id not provided, check if there is only one instance
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: bak2db archivedir [-Z serverID] [-n backendname] [-q] | [-h]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+if [ 1 = `expr $archivedir : "\/"` ]
+then
+ archivedir=$archivedir
+else
+ # relative
+ archivedir=`pwd`/$archivedir
+fi
+
+cd $server_sbin
+./ns-slapd archive2db -D $configdir -a $archivedir $args
diff --git a/ldap/admin/src/scripts/bak2db.pl.in \
b/ldap/admin/src/scripts/bak2db.pl.in new file mode 100644
index 0000000..0352ed1
--- /dev/null
+++ b/ldap/admin/src/scripts/bak2db.pl.in
@@ -0,0 +1,191 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use File::Spec;
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } -a dirname [-t dbtype]\n"); + print(STDERR " Opts: -D rootdn - \
Directory Manager\n"); + print(STDERR " : -w password - Directory Manager's \
password\n"); + print(STDERR " : -w - - Prompt for Directory Manager's \
password\n"); + print(STDERR " : -Z serverID - name of the server instance\n");
+ print(STDERR " : -j filename - Read Directory Manager's password from file\n");
+ print(STDERR " : -a dirname - backup directory\n");
+ print(STDERR " : -t dbtype - database type (default: ldbm database)\n");
+ print(STDERR " : -n backend - name of backend instance to restore\n");
+ print(STDERR " : -v - verbose\n");
+}
+
+$taskname = "";
+$archivedir = "";
+$dbtype = "ldbm database";
+$instance = "";
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$host = "";
+$port = "";
+$i = 0;
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+ if ("$ARGV[$i]" eq "-a") { # backup directory
+ $i++; $archivedir = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-t") { # database type
+ $i++; $dbtype = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-n") { # backend instance name
+ $i++; $instance = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-Z") { # server instance name
+ $i++; $servid = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-h") { # help
+ &usage; exit(0);
+ } elsif ("$ARGV[$i]" eq "-v") { # verbose
+ $verbose = 1;
+ } else {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+if ($archivedir eq ""){
+ &usage;
+ exit(1);
+}
+
+$first = "yes";
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "restore_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+if ($archivedir eq "") {
+ &usage; exit(1);
+}
+
+$isabs = File::Spec->file_name_is_absolute( $archivedir );
+if (!$isabs) {
+ $archivedir = File::Spec->rel2abs( $archivedir );
+}
+$dn = "dn: cn=$taskname, cn=restore, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+if ($instance ne "") {
+ $nsinstance = "nsInstance: ${instance}\n";
+}
+$nsarchivedir = "nsArchiveDir: $archivedir\n";
+$nsdbtype = "nsDatabaseType: $dbtype\n";
+$entry = "${dn}${misc}${cn}${nsinstance}${nsarchivedir}${nsdbtype}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D $info[2] -w \
\"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/cleanallruv.pl.in \
b/ldap/admin/src/scripts/cleanallruv.pl.in new file mode 100644
index 0000000..7cdfb2d
--- /dev/null
+++ b/ldap/admin/src/scripts/cleanallruv.pl.in
@@ -0,0 +1,222 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } [-b basedn | -r rid | -A]\n"); + print(STDERR " Opts: -D rootdn \
- Directory Manager\n"); + print(STDERR " : -w password - Directory \
Manager's password\n"); + print(STDERR " : -w - - Prompt for \
Directory Manager's password\n"); + print(STDERR " : -Z serverID - \
Server instance identifier\n"); + print(STDERR " : -j filename - Read \
Directory Manager's password from file\n"); + print(STDERR " : -b basedn \
- DN of the replica root you want to clean\n"); + print(STDERR " : -r rid \
- The replica id that you want to clean\n"); + print(STDERR " : -A \
- Abort an existing cleanallruv task(must use with -b and -r args\n"); + \
print(STDERR " : -v - verbose\n"); +}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$basedn = "";
+$rid = "";
+$abort = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV)
+{
+ if ("$ARGV[$i]" eq "-b")
+ {
+ # Base DN
+ $i++; $basedn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-r")
+ {
+ # rid
+ $i++; $rid = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-A")
+ {
+ # abort
+ $abort = "yes";
+ }
+ elsif ("$ARGV[$i]" eq "-D")
+ {
+ # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-w")
+ {
+ # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-j")
+ {
+ # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-Z")
+ {
+ # server instance identifer
+ $i++; $servid = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-v")
+ {
+ # verbose
+ $verbose = 1;
+ }
+ elsif ("$ARGV[$i]" eq "-h")
+ {
+ # help
+ &usage; exit(0);
+ }
+ else
+ {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" || $basedn eq "" || $rid eq "")
+{
+ &usage;
+ exit(1);
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+
+if($abort eq ""){
+ # Build the task entry to add
+ $taskname = "cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+ $dn = "dn: cn=$taskname, cn=cleanallruv, cn=tasks, cn=config\n";
+} else {
+ $taskname = "abort_cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+ $dn = "dn: cn=$taskname, cn=abort cleanallruv, cn=tasks, cn=config\n";
+}
+$misc = "objectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$basedn = "replica-base-dn: $basedn\n";
+$rid = "replica-id: $rid\n";
+
+$entry = "${dn}${misc}${cn}${basedn}${rid}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in
new file mode 100755
index 0000000..8e53722
--- /dev/null
+++ b/ldap/admin/src/scripts/db2bak.in
@@ -0,0 +1,118 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+if [ $# -gt 4 ]
+then
+ echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+ exit 1
+fi
+
+first="yes"
+bak_dir=""
+args=""
+cd $server_sbin
+if [ "$#" -gt 0 ]
+then
+ if ["$1" != "-*" ]
+ then
+ bak_dir=$1
+ shift
+ fi
+
+ while getopts "hqd:Z:vi:a:SD" flag
+ do
+ case $flag in
+ h) echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+ exit 0;;
+ q) args=$args" -g";;
+ v) args=$args" -v";;
+ S) args=$args" -S";;
+ D) args=$args" -D $OPTARG";;
+ i) args=$args" -i $OPTARG";;
+ a) $bakdir=$OPTARG;;
+ d) args=$args" -d $OPTARG";;
+ Z) servid=$OPTARG;;
+ ?) echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+ exit 1;;
+ esac
+ done
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: db2bak [archivedir] [-Z serverID] [-q] [-h]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+if [ -z $bak_dir ]
+then
+ bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/$servid-`date \
+%Y_%m_%d_%H_%M_%S` +fi
+
+echo "Back up directory: $bak_dir"
+./ns-slapd db2archive -D $configdir -a $bak_dir $args
diff --git a/ldap/admin/src/scripts/db2bak.pl.in \
b/ldap/admin/src/scripts/db2bak.pl.in new file mode 100644
index 0000000..f45a834
--- /dev/null
+++ b/ldap/admin/src/scripts/db2bak.pl.in
@@ -0,0 +1,176 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } [-a dirname] [-t dbtype]\n"); + print(STDERR " Opts: -D rootdn - \
Directory Manager\n"); + print(STDERR " : -w password - Directory Manager's \
password\n"); + print(STDERR " : -w - - Prompt for Directory Manager's \
password\n"); + print(STDERR " : -Z serverID - Server instance identifier\n");
+ print(STDERR " : -j filename - Read Directory Manager's password from file\n");
+ print(STDERR " : -a dirname - backup directory\n");
+ print(STDERR " : -t dbtype - database type (default: ldbm database)\n");
+ print(STDERR " : -v - verbose\n");
+}
+
+$taskname = "";
+$archivedir = "";
+$dbtype = "ldbm database";
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$i = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+ if ("$ARGV[$i]" eq "-a") { # backup directory
+ $i++; $archivedir = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-t") { # database type
+ $i++; $dbtype = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-Z") { # Server identifier
+ $i++; $servid = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-h") { # help
+ &usage; exit(0);
+ } elsif ("$ARGV[$i]" eq "-v") { # verbose
+ $verbose = 1;
+ } else {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+$mybakdir = "$prefix/var/lib/dirsrv/slapd-$servid/bak";
+
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+if ( $info[2] eq "" || $passwd eq "") { &usage; exit(1); }
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "backup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+if ($archivedir eq "") {
+ $archivedir = "${mybakdir}/$servid-${yr}_${mn}_${dy}_${h}_${m}_${s}";
+}
+$dn = "dn: cn=$taskname, cn=backup, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$nsarchivedir = "nsArchiveDir: $archivedir\n";
+$nsdbtype = "nsDatabaseType: $dbtype\n";
+$entry = "${dn}${misc}${cn}${nsarchivedir}${nsdbtype}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+print("Back up directory: $archivedir host: $info[0] port: $info[1] binddn: \
$info[2]\n"); +open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] \
-D \"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
new file mode 100755
index 0000000..f735cfc
--- /dev/null
+++ b/ldap/admin/src/scripts/db2index.in
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "hZ:n:s:t:T:vd:a:SD:x:" flag
+do
+ case $flag in
+ h) echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s \
includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]" + \
exit 0;; + Z) servid=$OPTARG;;
+ n) args=$args" -n $OPTARG"
+ benameopt="set";;
+ s) args=$args" -s $OPTARG"
+ includeSuffix="set";;
+ t) args=$args" -t $OPTARG";;
+ T) args=$args=" -T $OPTARG";;
+ d) args=$args=" -d $OPTARG";;
+ a) args=$args=" -a $OPTARG";;
+ x) args=$args=" -x $OPTARG";;
+ v) args=$args=" -v";;
+ S) args=$args=" -S";;
+ D) args=$args" -D $OPTARG";;
+ ?) echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s \
includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]" + \
exit 1;; + esac
+done
+
+if [ -z $benameopt ] && [ -z $includeSuffix ]
+then
+ echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s includesuffix}* \
-t attribute[:indextypes[:matchingrules]] -T vlvattribute]" + exit 1;
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: db2index [-Z serverID] [-n backend_instance | {-s \
includesuffix}* -t attribute[:indextypes[:matchingrules]] -T vlvattribute]" + \
echo "You must supply a server instance identifier. Use -Z to specify instance name" \
+ echo "Available instances: $instances" + exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+if [ $# -eq 0 ]
+then
+ bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/reindex_`date +%Y_%m_%d_%H_%M_%S`
+ ./ns-slapd upgradedb -D $configdir -a "$bak_dir"
+elif [ $# -lt 2 ]
+then
+ echo "Usage: db2index [-Z instance-name] [-n backend_instance | {-s includesuffix}* \
-t attribute[:indextypes[:matchingrules]] -T vlvattribute]" + exit 1
+else
+ ./ns-slapd db2index -D $configdir $args
+fi
diff --git a/ldap/admin/src/scripts/db2index.pl.in \
b/ldap/admin/src/scripts/db2index.pl.in new file mode 100644
index 0000000..a9acce5
--- /dev/null
+++ b/ldap/admin/src/scripts/db2index.pl.in
@@ -0,0 +1,252 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+use Getopt::Std;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } \n"); + print(STDERR " -n instance [-t \
attributeName[:indextypes[:matchingrules]]]\n"); + print(STDERR " Opts: -D rootdn \
- Directory Manager\n"); + print(STDERR " : -w password - Directory \
Manager's password\n"); + print(STDERR " : -w - - Prompt for \
Directory Manager's password\n"); + print(STDERR " : -j filename - \
Read Directory Manager's password from file\n"); + print(STDERR " : -Z \
serverID - Name of the server instance\n"); + print(STDERR " : -n \
backend name - instance to be indexed\n"); + print(STDERR " : -t \
attributeName[:indextypes[:matchingrules]]\n"); + print(STDERR " \
- attributeName: name of the attribute to be indexed\n"); + print(STDERR " \
If omitted, all the indexes defined \n"); + print(STDERR " \
for that instance are generated.\n"); + print(STDERR " - \
indextypes: comma separated index types\n"); + print(STDERR " \
- matchingrules: comma separated matrules\n"); + print(STDERR " \
Example: -t foo:eq,pres\n"); + print(STDERR " : -T vlvAttributeName - \
vlvAttributeName: name of the vlv attribute to be indexed\n"); + print(STDERR " \
: -v - verbose\n"); +}
+
+$opt_v = 0;
+$instance = "";
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$attribute_arg = "";
+$vlvattribute_arg = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+usage() if (!getopts('n:D:w:T:t:j:Z:vh'));
+
+if ($opt_j ne ""){
+ die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
+ $opt_w = <RPASS>;
+ chomp($opt_w);
+ close(RPASS);
+}
+
+if( $opt_w eq "" || $#ARGV ge 0){
+ usage();
+ exit (1);
+}
+if( $opt_h ){
+ usage();
+ exit (0);
+}
+
+$instance = $opt_n;
+$rootdn = $opt_D;
+$passwd = $opt_w;
+$attribute_arg = $opt_t;
+$vlvattribute_arg = $opt_T;
+$verbose = $opt_v;
+$servid = $opt_Z;
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" )
+{
+ &usage;
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "db2index_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+if ( $instance eq "" )
+{
+ &usage;
+}
+
+# No attribute name has been specified: let's get them from the configuration
+$attribute="";
+$indexes_list="";
+$vlvattribute="";
+$vlvindexes_list="";
+chdir("/usr/bin");
+if ( $attribute_arg eq "" && $vlvattribute_arg eq "" )
+{
+ # Get the list of indexes from the entry
+ $indexes_list="ldapsearch @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -s one " . + "-b \"cn=index,cn=\"$instance\", cn=ldbm \
database,cn=plugins,cn=config\" \"(&(objectclass=*)(nsSystemIndex=false))\" cn"; + \
# build the values of the attribute nsIndexAttribute + open(LDAP1, "$indexes_list \
|"); + while (<LDAP1>) {
+ s/\n //g;
+ if (/^cn: (.*)\n/) {
+ $IndexAttribute="nsIndexAttribute";
+ $attribute="$attribute$IndexAttribute: $1\n";
+ }
+ }
+ close(LDAP1);
+ if ( $attribute eq "" )
+ {
+ # No attribute to index, just exit
+ exit(0);
+ }
+
+ # Get the list of indexes from the entry
+ $vlvindexes_list="ldapsearch @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -s sub -b \"cn=\"$instance\", cn=ldbm \
database,cn=plugins,cn=config\" \"objectclass=vlvIndex\" cn"; +
+ # build the values of the attribute nsIndexVlvAttribute
+ open(LDAP1, "$vlvindexes_list |");
+ while (<LDAP1>) {
+ s/\n //g;
+ if (/^cn: (.*)\n/) {
+ $vlvIndexAttribute="nsIndexVlvAttribute";
+ $vlvattribute="$vlvattribute$vlvIndexAttribute: $1\n";
+ }
+ }
+ close(LDAP1);
+}
+else
+{
+ if ( $attribute_arg ne "" )
+ {
+ $attribute="nsIndexAttribute: $attribute_arg\n";
+ }
+ if ( $vlvattribute_arg ne "" )
+ {
+ $vlvattribute="nsIndexVlvAttribute: $vlvattribute_arg\n";
+ }
+}
+
+# Build the task entry to add
+
+$dn = "dn: cn=$taskname, cn=index, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$nsinstance = "nsInstance: ${instance}\n";
+
+$entry = "${dn}${misc}${cn}${nsinstance}${attribute}${vlvattribute}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
new file mode 100755
index 0000000..8df3e51
--- /dev/null
+++ b/ldap/admin/src/scripts/db2ldif.in
@@ -0,0 +1,190 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+make_ldiffile()
+{
+ be=""
+ while [ "$1" != "" ]
+ do
+ if [ "$1" = "-a" ]; then
+ shift
+ echo $1
+ return 1
+ elif [ "$1" = "-n" ]; then
+ shift
+ if [ "$be" = "" ]; then
+ be="$1"
+ else
+ tmpbe="$be"
+ be="${tmpbe}-$1"
+ fi
+ elif [ "$1" = "-s" ]; then
+ shift
+ if [ "$1" != "" ]; then
+ rdn=`echo $1 | awk -F, '{print $1}'`
+ rdnval=`echo $rdn | awk -F= '{print $2}'`
+ if [ "$be" = "" ]; then
+ be="$rdnval"
+ else
+ tmpbe="$be"
+ be="${tmpbe}-$rdnval"
+ fi
+ fi
+ elif [ "$1" = "-M" ]; then
+ be=""
+ fi
+ if [ "$1" != "" ]; then
+ shift
+ fi
+ done
+
+ if [ "$be" = "" ]; then
+ echo $prefix/var/lib/dirsrv/slapd-$servid/ldif/$servid-`date \
+%Y_%m_%d_%H%M%S`.ldif + else
+ echo $prefix/var/lib/dirsrv/slapd-$servid/ldif/$servid-${be}-`date \
+%Y_%m_%d_%H%M%S`.ldif + fi
+ return 0
+}
+
+cd $server_sbin
+if [ "$#" -lt 2 ];
+then
+ echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}*"
+ echo " [{-x excludesuffix}*] [-a outputfile]"
+ echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+ echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
+ exit 1
+fi
+
+first="yes"
+args=""
+while getopts "hZ:n:s:x:a:NrCuUmM1qvd:D:ESt:o" flag
+do
+ case $flag in
+ h) echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s \
includesuffix}*" + echo " [{-x excludesuffix}*] [-a \
outputfile]" + echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] \
[-1] [-q]" + echo "Note: either \"-n backend_instance\" or \"-s \
includesuffix\" is required." + exit 0;;
+ Z) servid=$OPTARG;;
+ n) benameopt="-n $OPTARG"
+ required_param="yes";;
+ s) includeSuffix="-s $OPTARG"
+ required_param="yes";;
+ x) excludeSuffix="-x $OPTARG";;
+ a) outputFile="-a $OPTARG";;
+ d) outputFile="-d $OPTARG";;
+ t) outputFile="-t $OPTARG";;
+ D) args=$args" -D $OPTARG";;
+ N) args=$args" -N";;
+ E) args=$args" -E";;
+ S) args=$args" -S";;
+ v) args=$args" -v";;
+ r) args=$args" -r";;
+ C) args=$args" -C";;
+ u) args=$args" -u";;
+ U) args=$args" -U";;
+ m) args=$args" -m";;
+ M) args=$args" -M";;
+ 1) args=$args" -1";;
+ q) args=$args" -q";;
+ ?) echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s \
includesuffix}*" + echo " [{-x excludesuffix}*] [-a \
outputfile]" + echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] \
[-1] [-q]" + echo "Note: either \"-n backend_instance\" or \"-s \
includesuffix\" is required." + exit 1;;
+ esac
+done
+
+if [ "$required_param" != "yes" ]
+then
+ echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s includesuffix}*"
+ echo " [{-x excludesuffix}*] [-a outputfile]"
+ echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+ echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
+ exit 1
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: db2ldif [-Z serverID] {-n backend_instance}* | {-s \
includesuffix}*" + echo " [{-x excludesuffix}*] [-a outputfile]"
+ echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+ldif_file=`make_ldiffile $@`
+rn=$?
+
+echo "Exported ldif file: $ldif_file"
+if [ $rn -eq 1 ]
+then
+./ns-slapd db2ldif -D $configdir $benameopt $includeSuffix $excludeSuffix \
$outputFile $args +else
+./ns-slapd db2ldif -D $configdir $benameopt $includeSuffix $excludeSuffix -a \
$ldif_file $args +fi
diff --git a/ldap/admin/src/scripts/db2ldif.pl.in \
b/ldap/admin/src/scripts/db2ldif.pl.in new file mode 100644
index 0000000..5b7e75c
--- /dev/null
+++ b/ldap/admin/src/scripts/db2ldif.pl.in
@@ -0,0 +1,319 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } \n"); + print(STDERR " {-n instance}* | {-s include}* [{-x \
exclude}*] \n"); + print(STDERR " [-m] [-M] [-u] [-C] [-N] [-U] [-a \
filename]\n"); + print(STDERR " Opts: -D rootdn - Directory Manager\n");
+ print(STDERR " : -w password - Directory Manager's password\n");
+ print(STDERR " : -w - - Prompt for Directory Manager's password\n");
+ print(STDERR " : -Z serverID - Server instance identifier\n");
+ print(STDERR " : -j filename - Read Directory Manager's password from file\n");
+ print(STDERR " : -n instance - instance to be exported\n");
+ print(STDERR " : -a filename - output ldif file\n");
+ print(STDERR " : -s include - included suffix(es)\n");
+ print(STDERR " : -x exclude - excluded suffix(es)\n");
+ print(STDERR " : -m - minimal base64 encoding\n");
+ print(STDERR " : -M - output ldif is stored in multiple files\n");
+ print(STDERR " these files are named : \
<instance>_<filename>\n"); + print(STDERR " by default, all \
instances are stored in <filename>\n"); + print(STDERR " : -r - export \
replica\n"); + print(STDERR " : -u - do not export unique id\n");
+ print(STDERR " : -C - use main db file only\n");
+ print(STDERR " : -N - suppress printing sequential number\n");
+ print(STDERR " : -U - output ldif is not folded\n");
+ print(STDERR " : -E - Decrypt encrypted data when exporting\n");
+ print(STDERR " : -1 - do not print version line\n");
+ print(STDERR " : -v - verbose\n");
+}
+
+@instances = (
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ ""
+);
+@included = (
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ ""
+);
+@excluded = (
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ ""
+);
+
+$prefix = DSUtil::get_prefix();
+$maxidx = 50;
+$nowrap = 0;
+$nobase64 = 0;
+$noversion = 0;
+$nouniqueid = 0;
+$useid2entry = 0;
+$onefile = 1;
+$printkey = 1;
+$taskname = "";
+$ldiffile = "";
+$doreplica = 0;
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$i = 0;
+$insti = 0;
+$incli = 0;
+$excli = 0;
+$decrypt_on_export = 0;
+$host = "";
+$port = "";
+$first = "yes";
+
+while ($i <= $#ARGV) {
+ if ( "$ARGV[$i]" eq "-n" ) { # instances
+ $i++;
+ if ($insti < $maxidx) {
+ $instances[$insti] = $ARGV[$i]; $insti++;
+ } else {
+ &usage; exit(1);
+ }
+ } elsif ("$ARGV[$i]" eq "-s") { # included suffix
+ $i++;
+ if ($incli < $maxidx) {
+ $included[$incli] = $ARGV[$i]; $incli++;
+ } else {
+ &usage; exit(1);
+ }
+ } elsif ("$ARGV[$i]" eq "-x") { # excluded suffix
+ $i++;
+ if ($excli < $maxidx) {
+ $excluded[$excli] = $ARGV[$i]; $excli++;
+ } else {
+ &usage; exit(1);
+ }
+ } elsif ("$ARGV[$i]" eq "-a") { # ldif file
+ $i++; $ldiffile = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-M") { # multiple ldif file
+ $onefile = 0;
+ } elsif ("$ARGV[$i]" eq "-o") { # one ldif file
+ $onefile = 1;
+ } elsif ("$ARGV[$i]" eq "-u") { # no dump unique id
+ $nouniqueid = 1;
+ } elsif ("$ARGV[$i]" eq "-C") { # use id2entry
+ $useid2entry = 1;
+ } elsif ("$ARGV[$i]" eq "-N") { # does not print key
+ $printkey = 0;
+ } elsif ("$ARGV[$i]" eq "-r") { # export replica
+ $doreplica = 1;
+ } elsif ("$ARGV[$i]" eq "-m") { # no base64
+ $nobase64 = 1;
+ } elsif ("$ARGV[$i]" eq "-U") { # no wrap
+ $nowrap = 1;
+ } elsif ("$ARGV[$i]" eq "-1") { # no version line
+ $noversion = 1;
+ } elsif ("$ARGV[$i]" eq "-E") { # decrypt
+ $decrypt_on_export = 1;
+ } elsif ("$ARGV[$i]" eq "-Z") { # server instance
+ $i++; $servid = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-h") { # help
+ &usage; exit(0);
+ } elsif ("$ARGV[$i]" eq "-v") { # verbose
+ $verbose = 1;
+ } else {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +$ldifdir = "$prefix/var/lib/dirsrv/slapd-$servid/ldif";
+
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+if (($instances[0] eq "" && $included[0] eq "") || $info[2] eq "" || $passwd eq "") \
{ &usage; exit(1); } +($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "export_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+$dn = "dn: cn=$taskname, cn=export, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$i = 0;
+$be = "";
+$nsinstance = "";
+while ("" ne "$instances[$i]") {
+ $nsinstance = "${nsinstance}nsInstance: $instances[$i]\n";
+ if ( "" eq "$be" ) {
+ $be = "$instances[$i]";
+ } else {
+ $be = "${be}-$instances[$i]";
+ }
+ $i++;
+}
+$i = 0;
+$nsincluded = "";
+while ("" ne "$included[$i]") {
+ $nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
+ my ($rdn, $rest) = split(/,/, $included[$i]);
+ my ($rest, $tmpbe) = split(/=/, $rdn);
+ if ( "" eq "$be" ) {
+ $be = "$tmpbe";
+ } else {
+ $be = "${be}-$tmpbe";
+ }
+ $i++;
+}
+$i = 0;
+$nsexcluded = "";
+while ("" ne "$excluded[$i]") {
+ $nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
+ $i++;
+}
+if ($ldiffile eq "") {
+ if ($onefile == 0) {
+ $ldiffile = "${ldifdir}/${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
+ } else {
+ $ldiffile = "${ldifdir}/${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
+ }
+}
+$nsreplica = "";
+if ($doreplica != 0) { $nsreplica = "nsExportReplica: true\n"; }
+$nsnobase64 = "";
+if ($nobase64 != 0) { $nsnobase64 = "nsMinimalEncoding: true\n"; }
+$nsnowrap = "";
+if ($nowrap != 0) { $nsnowrap = "nsNoWrap: true\n"; }
+$nsnoversion = "";
+if ($noversion != 0) { $nsnoversion = "nsNoVersionLine: true\n"; }
+$nsnouniqueid = "";
+if ($nouniqueid != 0) { $nsnouniqueid = "nsDumpUniqId: false\n"; }
+$nsuseid2entry = "";
+if ($useid2entry != 0) { $nsuseid2entry = "nsUseId2Entry: true\n"; }
+$nsonefile = "";
+if ($onefile != 0) { $nsonefile = "nsUseOneFile: true\n"; }
+if ($onefile == 0) { $nsonefile = "nsUseOneFile: false\n"; }
+$nsexportdecrypt = "";
+if ($decrypt_on_export != 0) { $nsexportdecrypt = "nsExportDecrypt: true\n"; }
+$nsprintkey = "";
+if ($printkey == 0) { $nsprintkey = "nsPrintKey: false\n"; }
+$nsldiffile = "nsFilename: ${ldiffile}\n";
+$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsreplica}${nsnob \
ase64}${nsnowrap}${nsnoversion}${nsnouniqueid}${nsuseid2entry}${nsonefile}${nsexportdecrypt}${nsprintkey}${nsldiffile}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+print("Exporting to ldif file: ${ldiffile}\n");
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
new file mode 100755
index 0000000..fb16086
--- /dev/null
+++ b/ldap/admin/src/scripts/dbverify.in
@@ -0,0 +1,112 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+PATH=$PATH:/bin
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:n:hVfd:n:D:" flag
+do
+ case $flag in
+ h) echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V]"
+ echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
+ echo " -Z : Server instance identifier"
+ echo " -V : verbose"
+ exit 0;;
+ Z) servid=$OPTARG;;
+ n) args=$args" -n $OPTARG";;
+ d) args=$args" -d $OPTARG";;
+ V) args=$args" -V";;
+ v) args=$args" -v";;
+ f) args=$args" -f";;
+ D) args=$args" -D $OPTARG";;
+ ?) echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V]"
+ echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
+ echo " -Z : Server instance identifier"
+ echo " -V : verbose"
+ exit 1;;
+ esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V]"
+ echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
+ echo " -Z : Server instance identifier"
+ echo " -V : verbose"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+./ns-slapd dbverify -D $configdir $args
+if [ $? -eq 0 ]; then
+ echo "DB verify: Passed"
+ exit 0
+else
+ echo "DB verify: Failed"
+ exit 1
+fi
diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in
new file mode 100755
index 0000000..bf078ef
--- /dev/null
+++ b/ldap/admin/src/scripts/dn2rdn.in
@@ -0,0 +1,95 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+arg=""
+while getopts "Z:d:ha:vfr:D:" flag
+do
+ case $flag in
+ h) echo "Usage: db2rdn [-Z serverID]"
+ exit 0;;
+ Z) servid=$OPTARG;;
+ d) arg=$arg" -d $OPTARG";;
+ a) arg=$arg" -a $OPTARG";;
+ v) arg=$arg" -v";;
+ f) arg=$arg" -f";;
+ r) arg=$arg" -r";;
+ D) arg=$arg" -D $OPTARG";;
+ ?) echo "Usage: db2rdn [-Z serverID]"
+ exit 1;;
+ esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: db2rdn [-Z serverID]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/reindex_`date +%Y_%m_%d_%H_%M_%S`
+./ns-slapd upgradedb -D $configdir -r -a "$bak_dir" $arg
diff --git a/ldap/admin/src/scripts/fixup-linkedattrs.pl.in \
b/ldap/admin/src/scripts/fixup-linkedattrs.pl.in new file mode 100644
index 0000000..187e588
--- /dev/null
+++ b/ldap/admin/src/scripts/fixup-linkedattrs.pl.in
@@ -0,0 +1,207 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } [-l linkDN]\n"); + print(STDERR " Opts: -D rootdn - Directory \
Manager\n"); + print(STDERR " : -w password - Directory Manager's \
password\n"); + print(STDERR " : -w - - Prompt for Directory \
Manager's password\n"); + print(STRERR " : -Z serverID - Server \
instance identifier\n"); + print(STDERR " : -j filename - Read \
Directory Manager's password from file\n"); + print(STDERR " : -l linkDN \
- DN of link config entry that you want to fix\n"); + print(STDERR " \
up the links for. If omitted, all configured\n"); + print(STDERR " \
linked attributes will be fixed up.\n"); + print(STDERR " : -v \
- verbose\n"); +}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$linkdn_arg = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV)
+{
+ if ("$ARGV[$i]" eq "-l")
+ {
+ # link DN
+ $i++; $linkdn_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-D")
+ {
+ # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-w")
+ {
+ # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-j")
+ {
+ # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-Z")
+ {
+ # Server instance identifier
+ $i++; $servid = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-h")
+ {
+ # help
+ &usage; exit(0);
+ }
+ elsif ("$ARGV[$i]" eq "-v")
+ {
+ # verbose
+ $verbose = 1;
+ }
+ else
+ {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" )
+{
+ &usage;
+ exit(1);
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "linked_attrs_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=fixup linked attributes, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+if ($linkdn_arg ne "")
+{
+ $linkdn = "linkdn: $linkdn_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${basedn}${linkdn}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/fixup-memberof.pl.in \
b/ldap/admin/src/scripts/fixup-memberof.pl.in new file mode 100644
index 0000000..923d2ad
--- /dev/null
+++ b/ldap/admin/src/scripts/fixup-memberof.pl.in
@@ -0,0 +1,219 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } \n"); + print(STDERR " -b baseDN [-f filter]\n");
+ print(STDERR " Opts: -D rootdn - Directory Manager\n");
+ print(STDERR " : -w password - Directory Manager's password\n");
+ print(STDERR " : -w - - Prompt for Directory Manager's \
password\n"); + print(STDERR " : -Z serverID - Server instance \
identifier\n"); + print(STDERR " : -j filename - Read Directory \
Manager's password from file\n"); + print(STDERR " : -b baseDN - \
Base DN that contains entries to fix up.\n"); + print(STDERR " : -f filter \
- Filter for entries to fix up\n"); + print(STDERR " \
If omitted, all entries under the specified\n"); + print(STDERR " \
base will have their memberOf attribute\n"); + print(STDERR " \
regenerated.\n"); + print(STDERR " : -v - verbose\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$basedn_arg = "";
+$filter_arg = "";
+$filter = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV)
+{
+ if ("$ARGV[$i]" eq "-b")
+ {
+ # base DN
+ $i++; $basedn_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-f")
+ {
+ # filter
+ $i++; $filter_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-D")
+ {
+ # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-w")
+ {
+ # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-j")
+ {
+ # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-Z")
+ {
+ # server instance identifier
+ $i++; $servid = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-h")
+ {
+ # help
+ &usage; exit(0);
+ }
+ elsif ("$ARGV[$i]" eq "-v")
+ {
+ # verbose
+ $verbose = 1;
+ }
+ else
+ {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" || $basedn_arg eq "" )
+{
+ &usage;
+ exit(1);
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "memberOf_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=memberOf task, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$basedn = "basedn: $basedn_arg\n";
+
+if ( $filter_arg ne "" )
+{
+ $filter = "filter: $filter_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${basedn}${filter}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in
new file mode 100755
index 0000000..fdf9230
--- /dev/null
+++ b/ldap/admin/src/scripts/ldif2db.in
@@ -0,0 +1,144 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+usage()
+{
+ echo "Usage: ldif2db [-Z serverID] -n backend_instance | {-s includesuffix}* \
[{-x excludesuffix}*]" + echo " {-i ldiffile}* [-O] [-q]"
+ echo "Note: either \"-Z serverID\", \"-n backend_instance\", \"-s \
includesuffix\" and \"-i ldiffile\" are required." +}
+
+handleopts()
+{
+ while [ "$1" != "" ]
+ do
+ if [ "$1" = "-q" ]; then
+ return 1
+ elif [ "$1" = "-Z" ]; then
+ shift
+ servid=$1
+ elif [ "$1" = "-h" ]; then
+ usage
+ exit 0
+ fi
+ shift
+ done
+ return 0
+}
+
+first="yes"
+args=""
+while getopts "Z:vd:i:g:G:n:s:x:NOCc:St:D:Eq" flag
+do
+ case $flag in
+ h) usage
+ exit 0;;
+ Z) servid=$OPTARG;;
+ n) args=$args" -n $OPTARG";;
+ i) args=$args" -i $OPTARG";;
+ s) args=$args" -s $OPTARG";;
+ x) args=$args" -x $OPTARG";;
+ c) args=$args" -c $OPTARG";;
+ d) args=$args" -d $OPTARG";;
+ g) args=$args" -g $OPTARG";;
+ G) args=$args" -G $OPTARG";;
+ t) args=$args" -t $OPTARG";;
+ D) args=$args" -D $OPTARG";;
+ E) args=$args" -E";;
+ v) args=$args" -v";;
+ N) args=$args" -N";;
+ C) args=$args" -C";;
+ S) args=$args" -S";;
+ O) args=$args" -O";;
+ q) args=$args" -q";;
+ ?) usage
+ exit 1;;
+ esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ usage
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+if [ $# -lt 5 ]
+then
+ usage
+ exit 1
+fi
+
+handleopts $@
+quiet=$?
+
+if [ $quiet -eq 0 ]; then
+ echo importing data ...
+fi
+./ns-slapd ldif2db -D $configdir $args 2>&1
+exit $?
diff --git a/ldap/admin/src/scripts/ldif2db.pl.in \
b/ldap/admin/src/scripts/ldif2db.pl.in new file mode 100644
index 0000000..379a264
--- /dev/null
+++ b/ldap/admin/src/scripts/ldif2db.pl.in
@@ -0,0 +1,277 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } \n"); + print(STDERR " -n instance | {-s include}* [{-x exclude}*] \
[-O] [-c]\n"); + print(STDERR " [-g [string]] [-G namespace_id] {-i \
filename}*\n"); + print(STDERR " Opts: -D rootdn - Directory Manager\n");
+ print(STDERR " : -w password - Directory Manager's password\n");
+ print(STDERR " : -w - - Prompt for Directory Manager's password\n");
+ print(STDERR " : -Z serverID - Server instance identifier\n");
+ print(STDERR " : -j filename - Read Directory Manager's password from \
file\n"); + print(STDERR " : -n instance - instance to be imported to\n");
+ print(STDERR " : -i filename - input ldif file(s)\n");
+ print(STDERR " : -s include - included suffix\n");
+ print(STDERR " : -x exclude - excluded suffix(es)\n");
+ print(STDERR " : -O - only create core db, no attr indexes\n");
+ print(STDERR " : -c size - merge chunk size\n");
+ print(STDERR " : -g [string] - string is \"none\" or \"deterministic\"\n");
+ print(STDERR " : none - unique id is not generated\n");
+ print(STDERR " : deterministic - generate name based unique id (-G name)\n");
+ print(STDERR " : by default - generate time based unique id\n");
+ print(STDERR " : -G name - namespace id for name based uniqueid (-g \
deterministic)\n"); + print(STDERR " : -E - Encrypt data when \
importing\n"); + print(STDERR " : -v - verbose\n");
+}
+
+@ldiffiles = (
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ ""
+);
+@included = (
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ ""
+);
+@excluded = (
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ "", "", "", "", "", "", "", "", "", "",
+ ""
+);
+$maxidx = 50;
+$instance = "";
+$noattrindexes = 0;
+$mergechunksiz = 0;
+$genuniqid = "time";
+$uniqidname = "";
+$taskname = "";
+$verbose = 0;
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$i = 0;
+$ldifi = 0;
+$incli = 0;
+$excli = 0;
+$encrypt_on_import = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+ if ( "$ARGV[$i]" eq "-i" ) { # ldiffiles
+ $i++;
+ if ($ldifi < $maxidx) {
+ $ldiffiles[$ldifi] = $ARGV[$i]; $ldifi++;
+ } else {
+ &usage; exit(1);
+ }
+ } elsif ("$ARGV[$i]" eq "-s") { # included suffix
+ $i++;
+ if ($incli < $maxidx) {
+ $included[$incli] = $ARGV[$i]; $incli++;
+ } else {
+ &usage; exit(1);
+ }
+ } elsif ("$ARGV[$i]" eq "-x") { # excluded suffix
+ $i++;
+ if ($excli < $maxidx) {
+ $excluded[$excli] = $ARGV[$i]; $excli++;
+ } else {
+ &usage; exit(1);
+ }
+ } elsif ("$ARGV[$i]" eq "-n") { # instance
+ $i++; $instance = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-O") { # no attr indexes
+ $noattrindexes = 1;
+ } elsif ("$ARGV[$i]" eq "-c") { # merge chunk size
+ $i++; $mergechunksiz = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-g") { # generate uniqueid
+ if (("$ARGV[$i+1]" ne "") && !("$ARGV[$i+1]" =~ /^-/)) {
+ $i++;
+ if ("$ARGV[$i]" eq "none") {
+ $genuniqid = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "deterministic") {
+ $genuniqid = $ARGV[$i];
+ }
+ }
+ } elsif ("$ARGV[$i]" eq "-G") { # namespace id
+ $i++; $uniqidname = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-Z") { # server id
+ $i++; $servid = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-v") { # verbose
+ $verbose = 1;
+ } elsif ("$ARGV[$i]" eq "-h") { # help
+ &usage; exit(0);
+ } elsif ("$ARGV[$i]" eq "-E") { # encrypt on import
+ $encrypt_on_import = 1;
+ } else {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print (STDERR "You must supply a server instance identifier. Use -Z to \
specify instance name\n"); + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+if (($instance eq "" && $included[0] eq "") || $ldiffiles[0] eq "" || $info[2] eq "" \
|| $passwd eq "") { &usage; exit(1); } +($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = \
localtime(time); +$mn++; $yr += 1900;
+$taskname = "import_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+$dn = "dn: cn=$taskname, cn=import, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+if ($instance ne "") {
+ $nsinstance = "nsInstance: ${instance}\n";
+}
+$i = 0;
+$nsldiffiles = "";
+while ("" ne "$ldiffiles[$i]") {
+ $nsldiffiles = "${nsldiffiles}nsFilename: $ldiffiles[$i]\n";
+ $i++;
+}
+$i = 0;
+$nsincluded = "";
+while ("" ne "$included[$i]") {
+ $nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
+ $i++;
+}
+$i = 0;
+$nsexcluded = "";
+while ("" ne "$excluded[$i]") {
+ $nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
+ $i++;
+}
+$nsnoattrindexes = "";
+if ($noattrindexes != 0) { $nsnoattrindexes = "nsImportIndexAttrs: false\n"; }
+$nsimportencrypt = "";
+if ($encrypt_on_import != 0) { $nsimportencrypt = "nsImportEncrypt: true\n"; }
+$nsmergechunksiz = "nsImportChunkSize: ${mergechunksiz}\n";
+$nsgenuniqid = "nsUniqueIdGenerator: ${genuniqid}\n";
+$nsuniqidname = "";
+if ($uniqidname ne "") { $nsuniqidname = "nsUniqueIdGeneratorNamespace: \
${uniqidname}\n"; } +$entry = \
"${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsldiffiles}${nsnoattrindexes}${nsimportencrypt}${nsmergechunksiz}${nsgenuniqid}${nsuniqidname}";
+$vstr = "";
+if ($verbose != 0) { $vstr = "-v"; }
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/ldif2ldap.in \
b/ldap/admin/src/scripts/ldif2ldap.in new file mode 100755
index 0000000..abfb5f4
--- /dev/null
+++ b/ldap/admin/src/scripts/ldif2ldap.in
@@ -0,0 +1,106 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$prefix@ldapsdk_libdir@"
+libpath_add "@ldapsdk_libdir@"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$server_dir"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+PATH=$PATH:$prefix@ldaptool_bindir@:@ldaptool_bindir@
+
+first="yes"
+args=""
+while getopts "Z:D:w:f:h" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ D) args=$args" -D $OPTARG"
+ binddn=$OPTARG;;
+ w) args=$args" -w $OPTARG"
+ passwd=$OPTARG;;
+ f) args=$args" -f $OPTARG"
+ input_file=$OPTARG;;
+ h) echo "Usage: ldif2ldap [-Z serverID] -D <bind dn> -w <password> -f \
<file>" + exit 0;;
+ ?) echo "Usage: ldif2ldap [-Z serverID] -D <bind dn> -w <password> -f \
<file>" + exit 1;;
+ esac
+done
+
+if [ "$binddn" == "" ] || [ "$passwd" == "" ] || [ "$input_file" == "" ]
+then
+ echo "Usage: ldif2ldap -D <bind dn> -w <password> -f <file>"
+ exit 1
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: ldif2ldap [-Z serverID] -D <bind dn> -w <password> -f <file>"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+if ! [ -a "$prefix/etc/dirsrv/slapd-$servid/dse.ldif" ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+port=$(grep 'nsslapd-port' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | awk '{print \
$2}' ) +host=$(grep 'nsslapd-localhost' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | \
awk '{print $2}' ) +
+ldapmodify @ldaptool_opts@ -a -p $port -h $host $args
diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in
new file mode 100755
index 0000000..6438331
--- /dev/null
+++ b/ldap/admin/src/scripts/monitor.in
@@ -0,0 +1,98 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@ldapsdk_libdir@"
+libpath_add "@ldapsdk_libdir@"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@nss_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+PATH=$PATH:$prefix@ldaptool_bindir@:@ldaptool_bindir@
+
+while getopts "Z:b:h" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ b) MDN=$OPTARG;;
+ h) echo "Usage: monitor [ -Z serverID ] [ -b basedn ]"
+ exit 0;;
+ ?) echo "Usage: monitor [ -Z serverID ] [ -b basedn ]"
+ exit 1;;
+ esac
+done
+
+first="yes"
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: monitor [ -Z serverID ] [ -b basedn ]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+if ! [ -a "$prefix/etc/dirsrv/slapd-$servid/dse.ldif" ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+port=$(grep 'nsslapd-port' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | awk '{print \
$2}' ) +host=$(grep 'nsslapd-localhost' $prefix/etc/dirsrv/slapd-$servid/dse.ldif | \
awk '{print $2}' ) +
+if [ -z $MDN ]
+then
+ MDN="cn=monitor";
+fi
+
+ldapsearch @ldaptool_opts@ -LLL -p $port -h $host -b "$MDN" -s base "objectClass=*"
diff --git a/ldap/admin/src/scripts/ns-accountstatus.pl.in \
b/ldap/admin/src/scripts/ns-accountstatus.pl.in new file mode 100644
index 0000000..eac9473
--- /dev/null
+++ b/ldap/admin/src/scripts/ns-accountstatus.pl.in
@@ -0,0 +1,879 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+$prefix = DSUtil::get_prefix();
+
+###############################
+# SUB-ROUTINES
+###############################
+
+sub usage
+{
+ print (STDERR "$cmd [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \
\n"); + print (STDERR " [-p port] [-h host] -I DN-to-$operation\n\n");
+ print (STDERR "May be used to $operation a user or a domain of users\n\n");
+ print (STDERR "Arguments:\n");
+ print (STDERR " -? - help\n");
+ print (STDERR " -D rootdn - Provide a Directory Manager DN\n");
+ print (STDERR " -w password - Provide a password for the \
Directory Manager DN\n"); + print (STDERR " -w - - Prompt \
for the Directory Manager's password\n"); + print (STDERR " -Z serverID \
- Server instance identifier\n"); + print (STDERR " -j filename - \
Read the Directory Manager's password from file\n"); + print (STDERR " -p \
port - Provide a port\n"); + print (STDERR " -h host \
- Provide a host name\n"); + print (STDERR " -I DN-to-$operation - Single \
entry DN or role DN to $operation\n"); +}
+
+sub debug
+{
+# print " ==> @_";
+}
+
+sub out
+{
+ print "@_";
+}
+
+# --------------------------
+# Check if the entry is part of a locked role:
+# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
+# * it is the same as the entry
+# * the entry is member of role (==has nsroledn attributes), compare each of
+# them with the nsroledn of nsdisabledrole
+# * if nsroledn of nsdisabledrole are complex, go through each of them
+# argv[0] is the local file handler
+# argv[1] is the entry (may be a single entry DN or a role DN)
+# argv[2] is the base for the search
+# --------------------------
+
+$throughRole="";
+
+sub indirectLock
+{
+ # For recursivity, file handler must be local
+ my $L_filehandle=$_[0];
+ $L_filehandle++;
+
+ my $L_entry=$_[1];
+ # Remove useless space
+ my @L_intern=split /([,])/,$L_entry;
+ my $L_result="";
+ foreach $L_part (@L_intern)
+ {
+ $L_part=~s/^ +//;
+ $L_part=~ tr/A-Z/a-z/;
+ $L_result="$L_result$L_part";
+ }
+ $L_entry=$L_result;
+
+ my $L_base=$_[2];
+ my $L_search;
+ my $L_currentrole;
+ my $L_retCode;
+ my $L_local;
+
+ `$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \
\"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> /dev/null \
2>&1 `; + $retCode=$?;
+ if ( $retCode != 0 )
+ {
+ $retCode=$?>>8;
+ return 1;
+ }
+
+ # Check if the role is a nested role
+ @L_Nested="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\" \
"; + # L_isNested == 1 means that we are going through a nested role, so for each \
member of that + # nested role, check that the member is below the scope of the \
nested + $L_isNested=@L_Nested;
+
+ # Not Direct Lock, Go through roles if any
+ $L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn "; +
+ debug("\t-->indirectLock: check if $L_entry is part of a locked role from base \
$L_base\n\n"); +
+ unless (open ($L_filehandle, "$L_search |"))
+ {
+ out("Can't open file $L_filehandle\n");
+ exit;
+ }
+ while (<$L_filehandle>) {
+
+ s/\n //g;
+ if (/^nsroledn: (.*)\n/) {
+ $L_currentrole = $1;
+
+ # Remove useless space
+ my @L_intern=split /([,])/,$L_currentrole;
+ my $L_result="";
+ foreach $L_part (@L_intern)
+ {
+ $L_part=~s/^ +//;
+ $L_part=~ tr/A-Z/a-z/;
+ $L_result="$L_result$L_part";
+ }
+ $L_currentrole=$L_result;
+
+ debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base \
$L_base\n"); + if ( $L_isNested == 1 )
+ {
+ if ( checkScope($L_currentrole, $L_base) == 0 )
+ {
+ # Scope problem probably a bad conf, skip the currentrole
+ next;
+ }
+ }
+
+ if ( $L_currentrole eq $L_entry )
+ {
+ # the entry is a role that is directly locked
+ # i.e, nsroledn of nsdisabledrole contains the entry
+ $throughRole=$L_base;
+ $throughRole=~ tr/A-Z/a-z/;
+
+ # skipDisabled means that we've just found that the entry (which is a role)
+ # is locked directly (==its DN is part of nsroledn attributes)
+ # we just want to know now, if it is locked through another role
+ # at least, one
+ if ( $skipDisabled == 1 )
+ {
+ # direct inactivation
+ $directLocked=1;
+ # just go through that test once
+ $skipDisabled=0;
+ next;
+ }
+ debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n"); + return 0;
+ }
+
+ $L_retCode=memberOf($L_currentrole, $L_entry);
+ if ( $L_retCode == 0 && $single == 1 )
+ {
+ $throughRole=$L_currentrole;
+ $throughRole=~ tr/A-Z/a-z/;
+ if ( $skipManaged == 1 )
+ {
+ if ( $L_currentrole eq $nsManagedDisabledRole)
+ {
+ # Try next nsroledn
+ $directLocked=1;
+ $skipManaged=0;
+ next;
+ }
+ }
+ debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n"); + return 0;
+ }
+
+ # Only for the first iteration
+ # the first iteration is with nsdisabledrole as base, other
+ # loops are deeper
+ $L_local=$skipDisabled;
+ $skipDisabled=0;
+
+ # the current nsroledn may be a complex role, just go through
+ # its won nsroledn
+ $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
+
+ # Because of recursivity, to keep the initial value for the first level
+ $skipDisabled=$L_local;
+
+ if ( $L_retCode == 0 )
+ {
+ $throughRole=$L_currentrole;
+ $throughRole=~ tr/A-Z/a-z/;
+ debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
+ return 0;
+ }
+ }
+ }
+
+ close($L_filehandle);
+
+ debug("\t<--indirectLock: no more nsroledn to process\n");
+ return 1;
+}
+
+# --------------------------
+# Check if nsroledn is part of the entry attributes
+# argv[0] is a role DN (nsroledn attribute)
+# argv[1] is the entry
+# --------------------------
+sub memberOf
+{
+ my $L_nsroledn=$_[0];
+ $L_nsroledn=~ tr/A-Z/a-z/;
+
+ my $L_entry=$_[1];
+
+ my $L_search;
+ my $L_currentrole;
+
+ $L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole"; +
+ debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn \
attribute\n"); +
+ open (LDAP2, "$L_search |");
+ while (<LDAP2>) {
+ s/\n //g;
+ if (/^nsrole: (.*)\n/) {
+ $L_currentrole = $1;
+ $L_currentrole=~ tr/A-Z/a-z/;
+ if ( $L_currentrole eq $L_nsroledn )
+ {
+ # the parm is part of the $L_entry nsroledn
+ debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
+ return 0;
+ }
+ }
+ }
+ close(LDAP2);
+
+ # the parm is not part of the $L_entry nsroledn
+ debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
+ return 1;
+}
+
+
+# --------------------------
+# Remove the rdn of a DN
+# argv[0] is a DN
+# --------------------------
+sub removeRdn
+{
+ $L_entry=$_[0];
+
+ @L_entryToTest=split /([,])/,$L_entry;
+ debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
+
+ $newDN="";
+ $removeRDN=1;
+ foreach $part (@L_entryToTest)
+ {
+ $part=~ s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ if ( $removeRDN <= 2 )
+ {
+ $removeRDN=$removeRDN+1;
+ }
+ else
+ {
+ $newDN="$newDN$part";
+ }
+ }
+
+ debug("removeRdn: new DN **$newDN**\n");
+}
+
+# --------------------------
+# Check if L_current is below the scope of
+# L_nestedRole
+# argv[0] is a role
+# argv[1] is the nested role
+# --------------------------
+sub checkScope
+{
+ $L_current=$_[0];
+ $L_nestedRole=$_[1];
+
+ debug("checkScope: check if $L_current is below $L_nestedRole\n");
+
+ removeRdn($L_nestedRole);
+ $L_nestedRoleSuffix=$newDN;
+ debug("checkScope: nested role based: $L_nestedRoleSuffix\n");
+
+ $cont=1;
+ while ( ($cont == 1) && ($L_current ne "") )
+ {
+ removeRdn($L_current);
+ $currentDn=$newDN;
+ debug("checkScope: current DN to check: $currentDn\n");
+
+ if ( $currentDn eq $L_nestedRoleSuffix )
+ {
+ debug("checkScope: DN match!!!\n");
+ $cont = 0;
+ }
+ else
+ {
+ $L_current=$currentDn;
+ }
+ }
+
+ if ( $cont == 1 )
+ {
+ debug("checkScope: $_[0] and $_[1] are not compatible\n");
+ return 0;
+ }
+ else
+ {
+ debug("checkScope: $_[0] and $_[1] are compatible\n");
+ return 1;
+ }
+}
+
+
+###############################
+# MAIN ROUTINE
+###############################
+
+# Determine which command we are running
+if ( $0 =~ /ns-inactivate(.pl)?$/ )
+{
+ $cmd="ns-inactivate.pl";
+ $operation="inactivate";
+ $state="inactivated";
+ $modrole="add";
+ $already="already";
+}
+elsif ( $0 =~ /ns-activate(.pl)?$/ )
+{
+ $cmd="ns-activate.pl";
+ $operation="activate";
+ $state="activated";
+ $modrole="delete";
+ $already="already";
+}
+elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
+{
+ $cmd="ns-accountstatus.pl";
+ $operation="get status of";
+ $state="activated";
+ # no need for $modrole as no operation is performed
+ $already="";
+
+}
+else
+{
+ out("$0: unknown command\n");
+ exit 100;
+}
+
+debug("Running ** $cmd ** $operation\n");
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+# User values
+$rootdn = "";
+$port = "";
+$host = "";
+$rootpw = "";
+$pwfile = "";
+$entry = "";
+$single = 0;
+$role = 0;
+$first = "yes";
+
+# Process the command line arguments
+while( $arg = shift)
+{
+ if($arg eq "-?")
+ {
+ usage();
+ exit 0
+ }
+ elsif($arg eq "-D")
+ {
+ $rootdn= shift @ARGV;
+ }
+ elsif($arg eq "-w")
+ {
+ $rootpw= shift @ARGV;
+ }
+ elsif($arg eq "-j")
+ {
+ $pwfile= shift @ARGV;
+ }
+ elsif($arg eq "-p")
+ {
+ $port= shift @ARGV;
+ }
+ elsif($arg eq "-h")
+ {
+ $host= shift @ARGV;
+ }
+ elsif($arg eq "-I")
+ {
+ $entry= shift @ARGV;
+ }
+ elsif($arg eq "-Z")
+ {
+ $servid= shift @ARGV;
+ }
+ else
+ {
+ print "$arg: Unknown command line argument.\n";
+ usage();
+ exit 1
+ }
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($pwfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $pwfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $rootpw = <RPASS>;
+ chomp($rootpw);
+ close(RPASS);
+} elsif ($rootpw eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $rootpw = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($rootpw); # trim trailing newline
+}
+
+if( $rootpw eq "" || $entry eq "")
+{
+ usage();
+ exit 1;
+}
+
+#
+# Check the actual existence of the entry to inactivate/activate
+# and at the same time, validate the various parm: port, host, rootdn, rootpw
+#
+@exist=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base \
-b \"$entry\" \"(objectclass=*)\" dn`; +$retCode1=$?;
+if ( $retCode1 != 0 )
+{
+ $retCode1=$?>>8;
+ exit $retCode1;
+}
+
+@isRole=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base \
-b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`; \
+$nbLineRole=@isRole; +$retCode2=$?;
+if ( $retCode2 != 0 )
+{
+ $retCode2=$?>>8;
+ exit $retCode2;
+}
+
+if ( $nbLineRole > 0 )
+{
+ debug("Groups of users\n");
+ $role=1;
+}
+else
+{
+ debug("Single user\n");
+ $single=1;
+}
+
+#
+# First of all, check the existence of the nsaccountlock attribute in the entry
+#
+$isLocked=0;
+if ( $single == 1 )
+{
+ $searchAccountLock="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \
\"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock"; + open (LDAP1, \
"$searchAccountLock |"); + while (<LDAP1>) {
+ s/\n //g;
+ if (/^nsaccountlock: (.*)\n/) {
+ $L_currentvalue = $1;
+ $L_currentvalue=~ tr/A-Z/a-z/;
+ if ( $L_currentvalue eq "true")
+ {
+ $isLocked=1;
+ }
+ elsif ( $L_currentvalue eq "false" )
+ {
+ $isLocked=0;
+ }
+ }
+ }
+ close(LDAP1);
+}
+debug("Is the entry already locked? ==> $isLocked\n");
+
+#
+# Get the suffix name of that entry
+#
+
+# Remove the space at the beginning (just in case...)
+# -I "uid=jvedder , ou=People , o=sun.com"
+@suffix=split /([,])/,$entry;
+$result="";
+foreach $part (@suffix)
+{
+ $part=~s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ $result="$result$part";
+}
+@suffixN=$result;
+
+debug("Entry to $operation: #@suffix#\n");
+debug("Entry to $operation: #@suffixN#\n");
+
+# Get the suffix
+$cont=0;
+while ($cont == 0)
+{
+ # Look if suffix is the suffix of the entry
+ # ldapsearch -s one -b "cn=mapping tree,cn=config" \
"cn=\"uid=jvedder,ou=People,o=sun.com\"" + #
+ debug("\tSuffix from the entry: #@suffixN#\n");
+ @mapping=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s one \
-b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `; +
+ $retCode=$?;
+ if ( $retCode != 0 )
+ {
+ $retCode=$?>>8;
+ exit $retCode;
+ }
+
+ # If we get a result, remove the dn:
+ # dn: cn="o=sun.com",cn=mapping tree,cn=config
+ # cn: "o=sun.com"
+ #
+ shift @mapping;
+
+ foreach $res (@mapping)
+ {
+ # Break the string cn: "o=sun.com" into pieces
+ @cn= split(/ /,$res);
+
+ # And remove the cn: part
+ shift @cn;
+
+ # Now compare the suffix we extract from the mapping tree
+ # with the suffix derived from the entry
+ debug("\tSuffix from mapping tree: #@cn#\n");
+ if ( @cn eq @suffixN ) {
+ debug("Found matching suffix\n");
+ $cont=1;
+ }
+ }
+
+ if ( $cont == 0 )
+ {
+ # Remove the current rdn to try another suffix
+ shift @suffix;
+
+ $result="";
+ foreach $part (@suffix)
+ {
+ $part=~ s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ $result="$result$part";
+ }
+ @suffixN=$result;
+
+ debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
+ $len=@suffix;
+ if ( $len == 0 )
+ {
+ debug("Can not find suffix. Problem\n");
+ $cont=2;
+ }
+ }
+}
+if ( $cont == 2)
+{
+ out("Can not find suffix for entry $entry\n");
+ exit 100;
+}
+
+if ( $operation eq "inactivate" )
+{
+ #
+ # Now that we have the suffix and we know if we deal with a single entry or
+ # a role, just try to create the COS and roles associated.
+ #
+ @base=(
+ "cn=nsManagedDisabledRole,@suffixN",
+ "cn=nsDisabledRole,@suffixN",
+ "cn=nsAccountInactivationTmp,@suffixN",
+ "\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
+ "cn=nsAccountInactivation_cos,@suffixN" );
+
+ $addrolescos="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c \
-a >> /dev/null 2>&1 "; + @role1=(
+ "dn: cn=nsManagedDisabledRole,@suffixN\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: nsRoleDefinition\n",
+ "objectclass: nsSimpleRoleDefinition\n",
+ "objectclass: nsManagedRoleDefinition\n",
+ "cn: nsManagedDisabledRole\n\n" );
+ @role2=(
+ "dn: cn=nsDisabledRole,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: nsRoleDefinition\n",
+ "objectclass: nsComplexRoleDefinition\n",
+ "objectclass: nsNestedRoleDefinition\n",
+ "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
+ "cn: nsDisabledRole\n\n" );
+ @cos1=(
+ "dn: cn=nsAccountInactivationTmp,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: nsContainer\n\n" );
+ @cos2=(
+ "dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: extensibleObject\n",
+ "objectclass: costemplate\n",
+ "objectclass: ldapsubentry\n",
+ "cosPriority: 1\n",
+ "nsAccountLock: true\n\n" );
+ @cos3=(
+ "dn: cn=nsAccountInactivation_cos,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: cosSuperDefinition\n",
+ "objectclass: cosClassicDefinition\n",
+ "cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
+ "cosSpecifier: nsRole\n",
+ "cosAttribute: nsAccountLock operational\n\n" );
+
+ @all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
+
+ $i=0;
+
+ foreach $current (@base)
+ {
+ debug("Creating $current ??\n");
+ open(FD,"| $addrolescos ");
+ print FD @{$all[$i]};
+ close(FD);
+ if ( $? != 0 )
+ {
+ $retCode=$?>>8;
+ if ( $retCode == 68 )
+ {
+ debug("Entry $current already exists, ignore error\n");
+ }
+ else
+ {
+ # Probably a more serious problem.
+ # Exit with LDAP error
+ exit $retCode;
+ }
+ }
+ else
+ {
+ debug("Entry $current created\n");
+ }
+ $i=$i+1;
+ }
+}
+
+$skipManaged=0;
+$skipDisabled=0;
+$directLocked=0;
+
+$nsDisabledRole="cn=nsDisabledRole,@suffixN";
+$nsDisabledRole=~ tr/A-Z/a-z/;
+
+$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
+$nsManagedDisabledRole=~ tr/A-Z/a-z/;
+
+if ( $operation eq "inactivate" )
+{
+ # Go through all the roles part of nsdisabledrole to check if the entry
+ # is a member of one of those roles
+ $ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
+ if ( $ret == 0 )
+ {
+ if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+ {
+ # indirect lock
+ out("$entry already $state through $throughRole.\n");
+ }
+ else
+ {
+ # direct lock
+ out("$entry already $state.\n");
+ }
+ exit 100;
+ }
+ elsif ( $isLocked == 1 )
+ {
+ # the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
+ out("$entry already $state (probably directly).\n");
+ exit 103;
+ }
+}
+elsif ( $operation eq "activate" || $operation eq "get status of" )
+{
+ $skipManaged=$single;
+ $skipDisabled=$role;
+
+ $ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
+
+ if ( $ret == 0 )
+ {
+ # undirectly locked
+ if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+ {
+ if ( $operation eq "activate" )
+ {
+ out("$entry inactivated through $throughRole. Can not activate it \
individually.\n"); + exit 100;
+ }
+ else
+ {
+ out("$entry inactivated through $throughRole.\n");
+ exit 104;
+ }
+ }
+ debug("$entry locked individually\n");
+
+ if ( $operation ne "activate" )
+ {
+ out("$entry inactivated.\n");
+ exit 103;
+ }
+ }
+ elsif ( $directLocked == 0 )
+ {
+ if ( $operation eq "activate" && $isLocked != 1 )
+ {
+ out("$entry $already $state.\n");
+ exit 100;
+ }
+ elsif ( $isLocked != 1 )
+ {
+ out("$entry $already $state.\n");
+ exit 102;
+ }
+ else
+ {
+ # not locked using our schema, but nsaccountlock is probably present
+ out("$entry inactivated (probably directly).\n");
+ exit 103;
+ }
+ }
+ elsif ( $operation ne "activate" )
+ {
+ out("$entry inactivated.\n");
+ exit 103;
+ }
+ # else Locked directly, juste unlock it!
+ debug("$entry locked individually\n");
+}
+
+#
+# Inactivate/activate the entry
+#
+$action="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c >> \
/dev/null 2>&1"; +if ( $single == 1 )
+{
+ @record=(
+ "dn: $entry\n",
+ "changetype: modify\n",
+ "$modrole: nsRoleDN\n",
+ "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
+}
+else
+{
+ @record=(
+ "dn: cn=nsDisabledRole,@suffixN\n",
+ "changetype: modify\n",
+ "$modrole: nsRoleDN\n",
+ "nsRoleDN: $entry\n\n" );
+}
+open(FD,"| $action ");
+print FD @record;
+close(FD);
+if ( $? != 0 )
+{
+debug("$modrole, $entry\n");
+ $retCode=$?>>8;
+ exit $retCode;
+}
+
+out("$entry $state.\n");
+exit 0;
diff --git a/ldap/admin/src/scripts/ns-activate.pl.in \
b/ldap/admin/src/scripts/ns-activate.pl.in new file mode 100644
index 0000000..3660aa4
--- /dev/null
+++ b/ldap/admin/src/scripts/ns-activate.pl.in
@@ -0,0 +1,884 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+###############################
+# SUB-ROUTINES
+###############################
+
+sub usage
+{
+ print (STDERR "$cmd [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \
\n"); + print (STDERR " [-p port] [-h host] -I DN-to-$operation\n\n");
+ print (STDERR "May be used to $operation a user or a domain of users\n\n");
+ print (STDERR "Arguments:\n");
+ print (STDERR " -? - help\n");
+ print (STDERR " -D rootdn - Provide a Directory Manager DN\n");
+ print (STDERR " -w password - Provide a password for the \
Directory Manager DN\n"); + print (STDERR " -w - - Prompt \
for the Directory Manager's password\n"); + print (STDERR " -Z serverID \
- Server instance identifier\n"); + print (STDERR " -j filename - \
Read the Directory Manager's password from file\n"); + print (STDERR " -p \
port - Provide a port\n"); + print (STDERR " -h host \
- Provide a host name'\n"); + print (STDERR " -I DN-to-$operation - Single \
entry DN or role DN to $operation\n"); +}
+
+sub debug
+{
+# print " ==> @_";
+}
+
+sub out
+{
+ print "@_";
+}
+
+# --------------------------
+# Check if the entry is part of a locked role:
+# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
+# * it is the same as the entry
+# * the entry is member of role (==has nsroledn attributes), compare each of
+# them with the nsroledn of nsdisabledrole
+# * if nsroledn of nsdisabledrole are complex, go through each of them
+# argv[0] is the local file handler
+# argv[1] is the entry (may be a single entry DN or a role DN)
+# argv[2] is the base for the search
+# --------------------------
+
+$throughRole="";
+
+sub indirectLock
+{
+ # For recursivity, file handler must be local
+ my $L_filehandle=$_[0];
+ $L_filehandle++;
+
+ my $L_entry=$_[1];
+ # Remove useless space
+ my @L_intern=split /([,])/,$L_entry;
+ my $L_result="";
+ foreach $L_part (@L_intern)
+ {
+ $L_part=~s/^ +//;
+ $L_part=~ tr/A-Z/a-z/;
+ $L_result="$L_result$L_part";
+ }
+ $L_entry=$L_result;
+
+ my $L_base=$_[2];
+
+ my $L_search;
+ my $L_currentrole;
+ my $L_retCode;
+
+ my $L_local;
+
+`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \
\"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> /dev/null \
2>&1 `; +$retCode=$?;
+if ( $retCode != 0 )
+{
+ $retCode=$?>>8;
+ return 1;
+}
+
+ # Check if the role is a nested role
+ @L_Nested="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\" \
"; + # L_isNested == 1 means that we are going through a nested role, so for each \
member of that + # nested role, check that the member is below the scope of the \
nested + $L_isNested=@L_Nested;
+
+ # Not Direct Lock, Go through roles if any
+ $L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn "; +
+ debug("\t-->indirectLock: check if $L_entry is part of a locked role from base \
$L_base\n\n"); +
+ unless (open ($L_filehandle, "$L_search |"))
+ {
+ out("Can't open file $L_filehandle\n");
+ exit;
+ }
+ while (<$L_filehandle>) {
+
+ s/\n //g;
+ if (/^nsroledn: (.*)\n/) {
+ $L_currentrole = $1;
+
+ # Remove useless space
+ my @L_intern=split /([,])/,$L_currentrole;
+ my $L_result="";
+ foreach $L_part (@L_intern)
+ {
+ $L_part=~s/^ +//;
+ $L_part=~ tr/A-Z/a-z/;
+ $L_result="$L_result$L_part";
+ }
+ $L_currentrole=$L_result;
+
+ debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base \
$L_base\n"); + if ( $L_isNested == 1 )
+ {
+ if ( checkScope($L_currentrole, $L_base) == 0 )
+ {
+ # Scope problem probably a bad conf, skip the currentrole
+ next;
+ }
+ }
+
+ if ( $L_currentrole eq $L_entry )
+ {
+ # the entry is a role that is directly locked
+ # i.e, nsroledn of nsdisabledrole contains the entry
+ $throughRole=$L_base;
+ $throughRole=~ tr/A-Z/a-z/;
+
+ # skipDisabled means that we've just found that the entry (which is a role)
+ # is locked directly (==its DN is part of nsroledn attributes)
+ # we just want to know now, if it is locked through another role
+ # at least, one
+ if ( $skipDisabled == 1 )
+ {
+ # direct inactivation
+ $directLocked=1;
+ # just go through that test once
+ $skipDisabled=0;
+ next;
+ }
+ debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n"); + return 0;
+ }
+
+ $L_retCode=memberOf($L_currentrole, $L_entry);
+ if ( $L_retCode == 0 && $single == 1 )
+ {
+ $throughRole=$L_currentrole;
+ $throughRole=~ tr/A-Z/a-z/;
+ if ( $skipManaged == 1 )
+ {
+ if ( $L_currentrole eq $nsManagedDisabledRole)
+ {
+ # Try next nsroledn
+ $directLocked=1;
+ $skipManaged=0;
+ next;
+ }
+ }
+ debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n"); + return 0;
+ }
+
+ # Only for the first iteration
+ # the first iteration is with nsdisabledrole as base, other
+ # loops are deeper
+ $L_local=$skipDisabled;
+ $skipDisabled=0;
+
+ # the current nsroledn may be a complex role, just go through
+ # its won nsroledn
+ $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
+
+ # Because of recursivity, to keep the initial value for the first level
+ $skipDisabled=$L_local;
+
+ if ( $L_retCode == 0 )
+ {
+ $throughRole=$L_currentrole;
+ $throughRole=~ tr/A-Z/a-z/;
+ debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
+ return 0;
+ }
+ }
+ }
+
+ close($L_filehandle);
+
+ debug("\t<--indirectLock: no more nsroledn to process\n");
+ return 1;
+}
+
+# --------------------------
+# Check if nsroledn is part of the entry attributes
+# argv[0] is a role DN (nsroledn attribute)
+# argv[1] is the entry
+# --------------------------
+sub memberOf
+{
+ my $L_nsroledn=$_[0];
+ $L_nsroledn=~ tr/A-Z/a-z/;
+
+ my $L_entry=$_[1];
+
+ my $L_search;
+ my $L_currentrole;
+
+ $L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole"; +
+ debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn \
attribute\n"); +
+ open (LDAP2, "$L_search |");
+ while (<LDAP2>) {
+ s/\n //g;
+ if (/^nsrole: (.*)\n/) {
+ $L_currentrole = $1;
+ $L_currentrole=~ tr/A-Z/a-z/;
+ if ( $L_currentrole eq $L_nsroledn )
+ {
+ # the parm is part of the $L_entry nsroledn
+ debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
+ return 0;
+ }
+ }
+ }
+ close(LDAP2);
+
+ # the parm is not part of the $L_entry nsroledn
+ debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
+ return 1;
+}
+
+
+# --------------------------
+# Remove the rdn of a DN
+# argv[0] is a DN
+# --------------------------
+sub removeRdn
+{
+ $L_entry=$_[0];
+
+ @L_entryToTest=split /([,])/,$L_entry;
+ debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
+
+ $newDN="";
+ $removeRDN=1;
+ foreach $part (@L_entryToTest)
+ {
+ $part=~ s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ if ( $removeRDN <= 2 )
+ {
+ $removeRDN=$removeRDN+1;
+ }
+ else
+ {
+ $newDN="$newDN$part";
+ }
+ }
+
+ debug("removeRdn: new DN **$newDN**\n");
+}
+
+# --------------------------
+# Check if L_current is below the scope of
+# L_nestedRole
+# argv[0] is a role
+# argv[1] is the nested role
+# --------------------------
+sub checkScope
+{
+ $L_current=$_[0];
+ $L_nestedRole=$_[1];
+
+ debug("checkScope: check if $L_current is below $L_nestedRole\n");
+
+ removeRdn($L_nestedRole);
+ $L_nestedRoleSuffix=$newDN;
+ debug("checkScope: nested role based: $L_nestedRoleSuffix\n");
+
+ $cont=1;
+ while ( ($cont == 1) && ($L_current ne "") )
+ {
+ removeRdn($L_current);
+ $currentDn=$newDN;
+ debug("checkScope: current DN to check: $currentDn\n");
+
+ if ( $currentDn eq $L_nestedRoleSuffix )
+ {
+ debug("checkScope: DN match!!!\n");
+ $cont = 0;
+ }
+ else
+ {
+ $L_current=$currentDn;
+ }
+ }
+
+ if ( $cont == 1 )
+ {
+ debug("checkScope: $_[0] and $_[1] are not compatible\n");
+ return 0;
+ }
+ else
+ {
+ debug("checkScope: $_[0] and $_[1] are compatible\n");
+ return 1;
+ }
+}
+
+
+###############################
+# MAIN ROUTINE
+###############################
+
+# Generated variable
+$prefix = DSUtil::get_prefix();
+
+# Determine which command we are running
+if ( $0 =~ /ns-inactivate(.pl)?$/ )
+{
+ $cmd="ns-inactivate.pl";
+ $operation="inactivate";
+ $state="inactivated";
+ $modrole="add";
+ $already="already";
+}
+elsif ( $0 =~ /ns-activate(.pl)?$/ )
+{
+ $cmd="ns-activate.pl";
+ $operation="activate";
+ $state="activated";
+ $modrole="delete";
+ $already="already";
+}
+elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
+{
+ $cmd="ns-accountstatus.pl";
+ $operation="get status of";
+ $state="activated";
+ # no need for $modrole as no operation is performed
+ $already="";
+
+}
+else
+{
+ out("$0: unknown command\n");
+ exit 100;
+}
+
+debug("Running ** $cmd ** $operation\n");
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+# User values
+$rootdn = "";
+$port = "";
+$host = "";
+$rootpw = "";
+$pwfile = "";
+$entry = "";
+$first = "yes";
+$single = 0;
+$role = 0;
+
+# Process the command line arguments
+while( $arg = shift)
+{
+ if($arg eq "-?")
+ {
+ usage();
+ exit(0);
+ }
+ elsif($arg eq "-D")
+ {
+ $rootdn= shift @ARGV;
+ }
+ elsif($arg eq "-w")
+ {
+ $rootpw= shift @ARGV;
+ }
+ elsif($arg eq "-j")
+ {
+ $pwfile= shift @ARGV;
+ }
+ elsif($arg eq "-p")
+ {
+ $port= shift @ARGV;
+ }
+ elsif($arg eq "-h")
+ {
+ $host= shift @ARGV;
+ }
+ elsif($arg eq "-I")
+ {
+ $entry= shift @ARGV;
+ }
+ elsif($arg eq "-Z")
+ {
+ $servid= shift @ARGV;
+ }
+ else
+ {
+ print "$arg: Unknown command line argument.\n";
+ usage();
+ exit(1);
+ }
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($pwfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $pwfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $rootpw = <RPASS>;
+ chomp($rootpw);
+ close(RPASS);
+} elsif ($rootpw eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $rootpw = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($rootpw); # trim trailing newline
+}
+
+if( $rootpw eq "" || $entry eq "")
+{
+ usage();
+ exit(1);
+}
+
+#
+# Check the actual existence of the entry to inactivate/activate
+# and at the same time, validate the various parm: port, host, rootdn, rootpw
+#
+@exist=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base \
-b \"$entry\" \"(objectclass=*)\" dn`; +$retCode1=$?;
+if ( $retCode1 != 0 )
+{
+ $retCode1=$?>>8;
+ exit $retCode1;
+}
+
+@isRole=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base \
-b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`; \
+$nbLineRole=@isRole; +$retCode2=$?;
+if ( $retCode2 != 0 )
+{
+ $retCode2=$?>>8;
+ exit $retCode2;
+}
+
+if ( $nbLineRole > 0 )
+{
+ debug("Groups of users\n");
+ $role=1;
+}
+else
+{
+ debug("Single user\n");
+ $single=1;
+}
+
+#
+# First of all, check the existence of the nsaccountlock attribute in the entry
+#
+$isLocked=0;
+if ( $single == 1 )
+{
+ $searchAccountLock="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \
\"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock"; + open (LDAP1, \
"$searchAccountLock |"); + while (<LDAP1>) {
+ s/\n //g;
+ if (/^nsaccountlock: (.*)\n/) {
+ $L_currentvalue = $1;
+ $L_currentvalue=~ tr/A-Z/a-z/;
+ if ( $L_currentvalue eq "true")
+ {
+ $isLocked=1;
+ }
+ elsif ( $L_currentvalue eq "false" )
+ {
+ $isLocked=0;
+ }
+ }
+ }
+ close(LDAP1);
+}
+debug("Is the entry already locked? ==> $isLocked\n");
+
+#
+# Get the suffix name of that entry
+#
+
+# Remove the space at the beginning (just in case...)
+# -I "uid=jvedder , ou=People , o=sun.com"
+@suffix=split /([,])/,$entry;
+$result="";
+foreach $part (@suffix)
+{
+ $part=~s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ $result="$result$part";
+}
+@suffixN=$result;
+
+debug("Entry to $operation: #@suffix#\n");
+debug("Entry to $operation: #@suffixN#\n");
+
+# Get the suffix
+$cont=0;
+while ($cont == 0)
+{
+ # Look if suffix is the suffix of the entry
+ # ldapsearch -s one -b "cn=mapping tree,cn=config" \
"cn=\"uid=jvedder,ou=People,o=sun.com\"" + #
+ debug("\tSuffix from the entry: #@suffixN#\n");
+ @mapping=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s one \
-b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `; +
+ $retCode=$?;
+ if ( $retCode != 0 )
+ {
+ $retCode=$?>>8;
+ exit $retCode;
+ }
+
+ # If we get a result, remove the dn:
+ # dn: cn="o=sun.com",cn=mapping tree,cn=config
+ # cn: "o=sun.com"
+ #
+ shift @mapping;
+
+ foreach $res (@mapping)
+ {
+ # Break the string cn: "o=sun.com" into pieces
+ @cn= split(/ /,$res);
+
+ # And remove the cn: part
+ shift @cn;
+
+ # Now compare the suffix we extract from the mapping tree
+ # with the suffix derived from the entry
+ debug("\tSuffix from mapping tree: #@cn#\n");
+ if ( @cn eq @suffixN ) {
+ debug("Found matching suffix\n");
+ $cont=1;
+ }
+ }
+
+ if ( $cont == 0 )
+ {
+ # Remove the current rdn to try another suffix
+ shift @suffix;
+
+ $result="";
+ foreach $part (@suffix)
+ {
+ $part=~ s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ $result="$result$part";
+ }
+ @suffixN=$result;
+
+ debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
+ $len=@suffix;
+ if ( $len == 0 )
+ {
+ debug("Can not find suffix. Problem\n");
+ $cont=2;
+ }
+ }
+}
+if ( $cont == 2)
+{
+ out("Can not find suffix for entry $entry\n");
+ exit 100;
+}
+
+if ( $operation eq "inactivate" )
+{
+ #
+ # Now that we have the suffix and we know if we deal with a single entry or
+ # a role, just try to create the COS and roles associated.
+ #
+ @base=(
+ "cn=nsManagedDisabledRole,@suffixN",
+ "cn=nsDisabledRole,@suffixN",
+ "cn=nsAccountInactivationTmp,@suffixN",
+ "\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
+ "cn=nsAccountInactivation_cos,@suffixN" );
+
+ $addrolescos="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c \
-a >> /dev/null 2>&1 "; + @role1=(
+ "dn: cn=nsManagedDisabledRole,@suffixN\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: nsRoleDefinition\n",
+ "objectclass: nsSimpleRoleDefinition\n",
+ "objectclass: nsManagedRoleDefinition\n",
+ "cn: nsManagedDisabledRole\n\n" );
+ @role2=(
+ "dn: cn=nsDisabledRole,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: nsRoleDefinition\n",
+ "objectclass: nsComplexRoleDefinition\n",
+ "objectclass: nsNestedRoleDefinition\n",
+ "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
+ "cn: nsDisabledRole\n\n" );
+ @cos1=(
+ "dn: cn=nsAccountInactivationTmp,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: nsContainer\n\n" );
+ @cos2=(
+ "dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: extensibleObject\n",
+ "objectclass: costemplate\n",
+ "objectclass: ldapsubentry\n",
+ "cosPriority: 1\n",
+ "nsAccountLock: true\n\n" );
+ @cos3=(
+ "dn: cn=nsAccountInactivation_cos,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: cosSuperDefinition\n",
+ "objectclass: cosClassicDefinition\n",
+ "cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
+ "cosSpecifier: nsRole\n",
+ "cosAttribute: nsAccountLock operational\n\n" );
+
+ @all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
+
+ $i=0;
+
+ foreach $current (@base)
+ {
+ debug("Creating $current ??\n");
+ open(FD,"| $addrolescos ");
+ print FD @{$all[$i]};
+ close(FD);
+ if ( $? != 0 )
+ {
+ $retCode=$?>>8;
+ if ( $retCode == 68 )
+ {
+ debug("Entry $current already exists, ignore error\n");
+ }
+ else
+ {
+ # Probably a more serious problem.
+ # Exit with LDAP error
+ exit $retCode;
+ }
+ }
+ else
+ {
+ debug("Entry $current created\n");
+ }
+ $i=$i+1;
+ }
+}
+
+$skipManaged=0;
+$skipDisabled=0;
+$directLocked=0;
+
+$nsDisabledRole="cn=nsDisabledRole,@suffixN";
+$nsDisabledRole=~ tr/A-Z/a-z/;
+
+$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
+$nsManagedDisabledRole=~ tr/A-Z/a-z/;
+
+if ( $operation eq "inactivate" )
+{
+ # Go through all the roles part of nsdisabledrole to check if the entry
+ # is a member of one of those roles
+ $ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
+ if ( $ret == 0 )
+ {
+ if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+ {
+ # indirect lock
+ out("$entry already $state through $throughRole.\n");
+ }
+ else
+ {
+ # direct lock
+ out("$entry already $state.\n");
+ }
+ exit 100;
+ }
+ elsif ( $isLocked == 1 )
+ {
+ # the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
+ out("$entry already $state (probably directly).\n");
+ exit 103;
+ }
+}
+elsif ( $operation eq "activate" || $operation eq "get status of" )
+{
+ $skipManaged=$single;
+ $skipDisabled=$role;
+
+ $ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
+
+ if ( $ret == 0 )
+ {
+ # undirectly locked
+ if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+ {
+ if ( $operation eq "activate" )
+ {
+ out("$entry inactivated through $throughRole. Can not activate it \
individually.\n"); + exit 100;
+ }
+ else
+ {
+ out("$entry inactivated through $throughRole.\n");
+ exit 104;
+ }
+ }
+ debug("$entry locked individually\n");
+
+ if ( $operation ne "activate" )
+ {
+ out("$entry inactivated.\n");
+ exit 103;
+ }
+ }
+ elsif ( $directLocked == 0 )
+ {
+ if ( $operation eq "activate" && $isLocked != 1 )
+ {
+ out("$entry $already $state.\n");
+ exit 100;
+ }
+ elsif ( $isLocked != 1 )
+ {
+ out("$entry $already $state.\n");
+ exit 102;
+ }
+ else
+ {
+ # not locked using our schema, but nsaccountlock is probably present
+ out("$entry inactivated (probably directly).\n");
+ exit 103;
+ }
+ }
+ elsif ( $operation ne "activate" )
+ {
+ out("$entry inactivated.\n");
+ exit 103;
+ }
+ # else Locked directly, juste unlock it!
+ debug("$entry locked individually\n");
+}
+
+#
+# Inactivate/activate the entry
+#
+$action="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c >> \
/dev/null 2>&1"; +if ( $single == 1 )
+{
+ @record=(
+ "dn: $entry\n",
+ "changetype: modify\n",
+ "$modrole: nsRoleDN\n",
+ "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
+}
+else
+{
+ @record=(
+ "dn: cn=nsDisabledRole,@suffixN\n",
+ "changetype: modify\n",
+ "$modrole: nsRoleDN\n",
+ "nsRoleDN: $entry\n\n" );
+}
+open(FD,"| $action ");
+print FD @record;
+close(FD);
+if ( $? != 0 )
+{
+debug("$modrole, $entry\n");
+ $retCode=$?>>8;
+ exit $retCode;
+}
+
+out("$entry $state.\n");
+exit 0;
diff --git a/ldap/admin/src/scripts/ns-inactivate.pl.in \
b/ldap/admin/src/scripts/ns-inactivate.pl.in new file mode 100644
index 0000000..9aa17e1
--- /dev/null
+++ b/ldap/admin/src/scripts/ns-inactivate.pl.in
@@ -0,0 +1,884 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+###############################
+# SUB-ROUTINES
+###############################
+
+sub usage
+{
+ print (STDERR "$cmd [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } \
\n"); + print (STDERR " [-p port] [-h host] -I DN-to-$operation\n\n");
+ print (STDERR "May be used to $operation a user or a domain of users\n\n");
+ print (STDERR "Arguments:\n");
+ print (STDERR " -? - help\n");
+ print (STDERR " -D rootdn - Provide a Directory Manager DN\n");
+ print (STDERR " -w password - Provide a password for the \
Directory Manager DN\n"); + print (STDERR " -w - - Prompt \
for the Directory Manager's password\n"); + print (STDERR " -Z serverID \
- Server instance identifier\n"); + print (STDERR " -j filename - \
Read the Directory Manager's password from file\n"); + print (STDERR " -p \
port - Provide a port\n"); + print (STDERR " -h host \
- Provide a host name\n"); + print (STDERR " -I DN-to-$operation - Single \
entry DN or role DN to $operation\n"); +}
+
+sub debug
+{
+# print " ==> @_";
+}
+
+sub out
+{
+ print "@_";
+}
+
+# --------------------------
+# Check if the entry is part of a locked role:
+# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
+# * it is the same as the entry
+# * the entry is member of role (==has nsroledn attributes), compare each of
+# them with the nsroledn of nsdisabledrole
+# * if nsroledn of nsdisabledrole are complex, go through each of them
+# argv[0] is the local file handler
+# argv[1] is the entry (may be a single entry DN or a role DN)
+# argv[2] is the base for the search
+# --------------------------
+
+$throughRole="";
+
+sub indirectLock
+{
+ # For recursivity, file handler must be local
+ my $L_filehandle=$_[0];
+ $L_filehandle++;
+
+ my $L_entry=$_[1];
+ # Remove useless space
+ my @L_intern=split /([,])/,$L_entry;
+ my $L_result="";
+ foreach $L_part (@L_intern)
+ {
+ $L_part=~s/^ +//;
+ $L_part=~ tr/A-Z/a-z/;
+ $L_result="$L_result$L_part";
+ }
+ $L_entry=$L_result;
+
+ my $L_base=$_[2];
+
+ my $L_search;
+ my $L_currentrole;
+ my $L_retCode;
+
+ my $L_local;
+
+`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base -b \
\"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> /dev/null \
2>&1 `; +$retCode=$?;
+if ( $retCode != 0 )
+{
+ $retCode=$?>>8;
+ return 1;
+}
+
+ # Check if the role is a nested role
+ @L_Nested="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_base\" \"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\" \
"; + # L_isNested == 1 means that we are going through a nested role, so for each \
member of that + # nested role, check that the member is below the scope of the \
nested + $L_isNested=@L_Nested;
+
+ # Not Direct Lock, Go through roles if any
+ $L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn "; +
+ debug("\t-->indirectLock: check if $L_entry is part of a locked role from base \
$L_base\n\n"); +
+ unless (open ($L_filehandle, "$L_search |"))
+ {
+ out("Can't open file $L_filehandle\n");
+ exit;
+ }
+ while (<$L_filehandle>) {
+
+ s/\n //g;
+ if (/^nsroledn: (.*)\n/) {
+ $L_currentrole = $1;
+
+ # Remove useless space
+ my @L_intern=split /([,])/,$L_currentrole;
+ my $L_result="";
+ foreach $L_part (@L_intern)
+ {
+ $L_part=~s/^ +//;
+ $L_part=~ tr/A-Z/a-z/;
+ $L_result="$L_result$L_part";
+ }
+ $L_currentrole=$L_result;
+
+ debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base \
$L_base\n"); + if ( $L_isNested == 1 )
+ {
+ if ( checkScope($L_currentrole, $L_base) == 0 )
+ {
+ # Scope problem probably a bad conf, skip the currentrole
+ next;
+ }
+ }
+
+ if ( $L_currentrole eq $L_entry )
+ {
+ # the entry is a role that is directly locked
+ # i.e, nsroledn of nsdisabledrole contains the entry
+ $throughRole=$L_base;
+ $throughRole=~ tr/A-Z/a-z/;
+
+ # skipDisabled means that we've just found that the entry (which is a role)
+ # is locked directly (==its DN is part of nsroledn attributes)
+ # we just want to know now, if it is locked through another role
+ # at least, one
+ if ( $skipDisabled == 1 )
+ {
+ # direct inactivation
+ $directLocked=1;
+ # just go through that test once
+ $skipDisabled=0;
+ next;
+ }
+ debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n"); + return 0;
+ }
+
+ $L_retCode=memberOf($L_currentrole, $L_entry);
+ if ( $L_retCode == 0 && $single == 1 )
+ {
+ $throughRole=$L_currentrole;
+ $throughRole=~ tr/A-Z/a-z/;
+ if ( $skipManaged == 1 )
+ {
+ if ( $L_currentrole eq $nsManagedDisabledRole)
+ {
+ # Try next nsroledn
+ $directLocked=1;
+ $skipManaged=0;
+ next;
+ }
+ }
+ debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n"); + return 0;
+ }
+
+ # Only for the first iteration
+ # the first iteration is with nsdisabledrole as base, other
+ # loops are deeper
+ $L_local=$skipDisabled;
+ $skipDisabled=0;
+
+ # the current nsroledn may be a complex role, just go through
+ # its won nsroledn
+ $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
+
+ # Because of recursivity, to keep the initial value for the first level
+ $skipDisabled=$L_local;
+
+ if ( $L_retCode == 0 )
+ {
+ $throughRole=$L_currentrole;
+ $throughRole=~ tr/A-Z/a-z/;
+ debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
+ return 0;
+ }
+ }
+ }
+
+ close($L_filehandle);
+
+ debug("\t<--indirectLock: no more nsroledn to process\n");
+ return 1;
+}
+
+# --------------------------
+# Check if nsroledn is part of the entry attributes
+# argv[0] is a role DN (nsroledn attribute)
+# argv[1] is the entry
+# --------------------------
+sub memberOf
+{
+ my $L_nsroledn=$_[0];
+ $L_nsroledn=~ tr/A-Z/a-z/;
+
+ my $L_entry=$_[1];
+
+ my $L_search;
+ my $L_currentrole;
+
+ $L_search="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s \
base -b \"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsrole"; +
+ debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn \
attribute\n"); +
+ open (LDAP2, "$L_search |");
+ while (<LDAP2>) {
+ s/\n //g;
+ if (/^nsrole: (.*)\n/) {
+ $L_currentrole = $1;
+ $L_currentrole=~ tr/A-Z/a-z/;
+ if ( $L_currentrole eq $L_nsroledn )
+ {
+ # the parm is part of the $L_entry nsroledn
+ debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
+ return 0;
+ }
+ }
+ }
+ close(LDAP2);
+
+ # the parm is not part of the $L_entry nsroledn
+ debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
+ return 1;
+}
+
+
+# --------------------------
+# Remove the rdn of a DN
+# argv[0] is a DN
+# --------------------------
+sub removeRdn
+{
+ $L_entry=$_[0];
+
+ @L_entryToTest=split /([,])/,$L_entry;
+ debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
+
+ $newDN="";
+ $removeRDN=1;
+ foreach $part (@L_entryToTest)
+ {
+ $part=~ s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ if ( $removeRDN <= 2 )
+ {
+ $removeRDN=$removeRDN+1;
+ }
+ else
+ {
+ $newDN="$newDN$part";
+ }
+ }
+
+ debug("removeRdn: new DN **$newDN**\n");
+}
+
+# --------------------------
+# Check if L_current is below the scope of
+# L_nestedRole
+# argv[0] is a role
+# argv[1] is the nested role
+# --------------------------
+sub checkScope
+{
+ $L_current=$_[0];
+ $L_nestedRole=$_[1];
+
+ debug("checkScope: check if $L_current is below $L_nestedRole\n");
+
+ removeRdn($L_nestedRole);
+ $L_nestedRoleSuffix=$newDN;
+ debug("checkScope: nested role based: $L_nestedRoleSuffix\n");
+
+ $cont=1;
+ while ( ($cont == 1) && ($L_current ne "") )
+ {
+ removeRdn($L_current);
+ $currentDn=$newDN;
+ debug("checkScope: current DN to check: $currentDn\n");
+
+ if ( $currentDn eq $L_nestedRoleSuffix )
+ {
+ debug("checkScope: DN match!!!\n");
+ $cont = 0;
+ }
+ else
+ {
+ $L_current=$currentDn;
+ }
+ }
+
+ if ( $cont == 1 )
+ {
+ debug("checkScope: $_[0] and $_[1] are not compatible\n");
+ return 0;
+ }
+ else
+ {
+ debug("checkScope: $_[0] and $_[1] are compatible\n");
+ return 1;
+ }
+}
+
+
+###############################
+# MAIN ROUTINE
+###############################
+
+# Generated variable
+$prefix = DSUtil::get_prefix();
+
+# Determine which command we are running
+if ( $0 =~ /ns-inactivate(.pl)?$/ )
+{
+ $cmd="ns-inactivate.pl";
+ $operation="inactivate";
+ $state="inactivated";
+ $modrole="add";
+ $already="already";
+}
+elsif ( $0 =~ /ns-activate(.pl)?$/ )
+{
+ $cmd="ns-activate.pl";
+ $operation="activate";
+ $state="activated";
+ $modrole="delete";
+ $already="already";
+}
+elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
+{
+ $cmd="ns-accountstatus.pl";
+ $operation="get status of";
+ $state="activated";
+ # no need for $modrole as no operation is performed
+ $already="";
+
+}
+else
+{
+ out("$0: unknown command\n");
+ exit 100;
+}
+
+debug("Running ** $cmd ** $operation\n");
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+# User values
+$rootdn = "";
+$rootpw = "";
+$pwfile = "";
+$host = "";
+$port = "";
+$entry = "";
+$first = "yes";
+$single = 0;
+$role = 0;
+
+# Process the command line arguments
+while( $arg = shift)
+{
+ if($arg eq "-?")
+ {
+ usage();
+ exit(0);
+ }
+ elsif($arg eq "-D")
+ {
+ $rootdn= shift @ARGV;
+ }
+ elsif($arg eq "-w")
+ {
+ $rootpw= shift @ARGV;
+ }
+ elsif($arg eq "-j")
+ {
+ $pwfile= shift @ARGV;
+ }
+ elsif($arg eq "-p")
+ {
+ $port= shift @ARGV;
+ }
+ elsif($arg eq "-h")
+ {
+ $host= shift @ARGV;
+ }
+ elsif($arg eq "-I")
+ {
+ $entry= shift @ARGV;
+ }
+ elsif($arg eq "-Z")
+ {
+ $servid= shift @ARGV;
+ }
+ else
+ {
+ print "$arg: Unknown command line argument.\n";
+ usage();
+ exit(1);
+ }
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($pwfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $pwfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $rootpw = <RPASS>;
+ chomp($rootpw);
+ close(RPASS);
+} elsif ($rootpw eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $rootpw = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($rootpw); # trim trailing newline
+}
+
+if( $rootpw eq "" || $entry eq "")
+{
+ usage();
+ exit(1);
+}
+
+#
+# Check the actual existence of the entry to inactivate/activate
+# and at the same time, validate the various parm: port, host, rootdn, rootpw
+#
+@exist=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base \
-b \"$entry\" \"(objectclass=*)\" dn`; +$retCode1=$?;
+if ( $retCode1 != 0 )
+{
+ $retCode1=$?>>8;
+ exit $retCode1;
+}
+
+@isRole=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s base \
-b \"$entry\" \"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`; \
+$nbLineRole=@isRole; +$retCode2=$?;
+if ( $retCode2 != 0 )
+{
+ $retCode2=$?>>8;
+ exit $retCode2;
+}
+
+if ( $nbLineRole > 0 )
+{
+ debug("Groups of users\n");
+ $role=1;
+}
+else
+{
+ debug("Single user\n");
+ $single=1;
+}
+
+#
+# First of all, check the existence of the nsaccountlock attribute in the entry
+#
+$isLocked=0;
+if ( $single == 1 )
+{
+ $searchAccountLock="$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \
\"$rootpw\" -s base -b \"$entry\" \"(objectclass=*)\" nsaccountlock"; + open (LDAP1, \
"$searchAccountLock |"); + while (<LDAP1>) {
+ s/\n //g;
+ if (/^nsaccountlock: (.*)\n/) {
+ $L_currentvalue = $1;
+ $L_currentvalue=~ tr/A-Z/a-z/;
+ if ( $L_currentvalue eq "true")
+ {
+ $isLocked=1;
+ }
+ elsif ( $L_currentvalue eq "false" )
+ {
+ $isLocked=0;
+ }
+ }
+ }
+ close(LDAP1);
+}
+debug("Is the entry already locked? ==> $isLocked\n");
+
+#
+# Get the suffix name of that entry
+#
+
+# Remove the space at the beginning (just in case...)
+# -I "uid=jvedder , ou=People , o=sun.com"
+@suffix=split /([,])/,$entry;
+$result="";
+foreach $part (@suffix)
+{
+ $part=~s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ $result="$result$part";
+}
+@suffixN=$result;
+
+debug("Entry to $operation: #@suffix#\n");
+debug("Entry to $operation: #@suffixN#\n");
+
+# Get the suffix
+$cont=0;
+while ($cont == 0)
+{
+ # Look if suffix is the suffix of the entry
+ # ldapsearch -s one -b "cn=mapping tree,cn=config" \
"cn=\"uid=jvedder,ou=People,o=sun.com\"" + #
+ debug("\tSuffix from the entry: #@suffixN#\n");
+ @mapping=`$ldapsearch -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -s one \
-b \"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `; +
+ $retCode=$?;
+ if ( $retCode != 0 )
+ {
+ $retCode=$?>>8;
+ exit $retCode;
+ }
+
+ # If we get a result, remove the dn:
+ # dn: cn="o=sun.com",cn=mapping tree,cn=config
+ # cn: "o=sun.com"
+ #
+ shift @mapping;
+
+ foreach $res (@mapping)
+ {
+ # Break the string cn: "o=sun.com" into pieces
+ @cn= split(/ /,$res);
+
+ # And remove the cn: part
+ shift @cn;
+
+ # Now compare the suffix we extract from the mapping tree
+ # with the suffix derived from the entry
+ debug("\tSuffix from mapping tree: #@cn#\n");
+ if ( @cn eq @suffixN ) {
+ debug("Found matching suffix\n");
+ $cont=1;
+ }
+ }
+
+ if ( $cont == 0 )
+ {
+ # Remove the current rdn to try another suffix
+ shift @suffix;
+
+ $result="";
+ foreach $part (@suffix)
+ {
+ $part=~ s/^ +//;
+ $part=~ tr/A-Z/a-z/;
+ $result="$result$part";
+ }
+ @suffixN=$result;
+
+ debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
+ $len=@suffix;
+ if ( $len == 0 )
+ {
+ debug("Can not find suffix. Problem\n");
+ $cont=2;
+ }
+ }
+}
+if ( $cont == 2)
+{
+ out("Can not find suffix for entry $entry\n");
+ exit 100;
+}
+
+if ( $operation eq "inactivate" )
+{
+ #
+ # Now that we have the suffix and we know if we deal with a single entry or
+ # a role, just try to create the COS and roles associated.
+ #
+ @base=(
+ "cn=nsManagedDisabledRole,@suffixN",
+ "cn=nsDisabledRole,@suffixN",
+ "cn=nsAccountInactivationTmp,@suffixN",
+ "\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
+ "cn=nsAccountInactivation_cos,@suffixN" );
+
+ $addrolescos="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c \
-a >> /dev/null 2>&1 "; + @role1=(
+ "dn: cn=nsManagedDisabledRole,@suffixN\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: nsRoleDefinition\n",
+ "objectclass: nsSimpleRoleDefinition\n",
+ "objectclass: nsManagedRoleDefinition\n",
+ "cn: nsManagedDisabledRole\n\n" );
+ @role2=(
+ "dn: cn=nsDisabledRole,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: nsRoleDefinition\n",
+ "objectclass: nsComplexRoleDefinition\n",
+ "objectclass: nsNestedRoleDefinition\n",
+ "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
+ "cn: nsDisabledRole\n\n" );
+ @cos1=(
+ "dn: cn=nsAccountInactivationTmp,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: nsContainer\n\n" );
+ @cos2=(
+ "dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: extensibleObject\n",
+ "objectclass: costemplate\n",
+ "objectclass: ldapsubentry\n",
+ "cosPriority: 1\n",
+ "nsAccountLock: true\n\n" );
+ @cos3=(
+ "dn: cn=nsAccountInactivation_cos,@suffixN\n",
+ "objectclass: top\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: cosSuperDefinition\n",
+ "objectclass: cosClassicDefinition\n",
+ "cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
+ "cosSpecifier: nsRole\n",
+ "cosAttribute: nsAccountLock operational\n\n" );
+
+ @all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
+
+ $i=0;
+
+ foreach $current (@base)
+ {
+ debug("Creating $current ??\n");
+ open(FD,"| $addrolescos ");
+ print FD @{$all[$i]};
+ close(FD);
+ if ( $? != 0 )
+ {
+ $retCode=$?>>8;
+ if ( $retCode == 68 )
+ {
+ debug("Entry $current already exists, ignore error\n");
+ }
+ else
+ {
+ # Probably a more serious problem.
+ # Exit with LDAP error
+ exit $retCode;
+ }
+ }
+ else
+ {
+ debug("Entry $current created\n");
+ }
+ $i=$i+1;
+ }
+}
+
+$skipManaged=0;
+$skipDisabled=0;
+$directLocked=0;
+
+$nsDisabledRole="cn=nsDisabledRole,@suffixN";
+$nsDisabledRole=~ tr/A-Z/a-z/;
+
+$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
+$nsManagedDisabledRole=~ tr/A-Z/a-z/;
+
+if ( $operation eq "inactivate" )
+{
+ # Go through all the roles part of nsdisabledrole to check if the entry
+ # is a member of one of those roles
+ $ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
+ if ( $ret == 0 )
+ {
+ if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+ {
+ # indirect lock
+ out("$entry already $state through $throughRole.\n");
+ }
+ else
+ {
+ # direct lock
+ out("$entry already $state.\n");
+ }
+ exit 100;
+ }
+ elsif ( $isLocked == 1 )
+ {
+ # the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
+ out("$entry already $state (probably directly).\n");
+ exit 103;
+ }
+}
+elsif ( $operation eq "activate" || $operation eq "get status of" )
+{
+ $skipManaged=$single;
+ $skipDisabled=$role;
+
+ $ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
+
+ if ( $ret == 0 )
+ {
+ # undirectly locked
+ if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
+ {
+ if ( $operation eq "activate" )
+ {
+ out("$entry inactivated through $throughRole. Can not activate it \
individually.\n"); + exit 100;
+ }
+ else
+ {
+ out("$entry inactivated through $throughRole.\n");
+ exit 104;
+ }
+ }
+ debug("$entry locked individually\n");
+
+ if ( $operation ne "activate" )
+ {
+ out("$entry inactivated.\n");
+ exit 103;
+ }
+ }
+ elsif ( $directLocked == 0 )
+ {
+ if ( $operation eq "activate" && $isLocked != 1 )
+ {
+ out("$entry $already $state.\n");
+ exit 100;
+ }
+ elsif ( $isLocked != 1 )
+ {
+ out("$entry $already $state.\n");
+ exit 102;
+ }
+ else
+ {
+ # not locked using our schema, but nsaccountlock is probably present
+ out("$entry inactivated (probably directly).\n");
+ exit 103;
+ }
+ }
+ elsif ( $operation ne "activate" )
+ {
+ out("$entry inactivated.\n");
+ exit 103;
+ }
+ # else Locked directly, juste unlock it!
+ debug("$entry locked individually\n");
+}
+
+#
+# Inactivate/activate the entry
+#
+$action="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$rootpw\" -c >> \
/dev/null 2>&1"; +if ( $single == 1 )
+{
+ @record=(
+ "dn: $entry\n",
+ "changetype: modify\n",
+ "$modrole: nsRoleDN\n",
+ "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
+}
+else
+{
+ @record=(
+ "dn: cn=nsDisabledRole,@suffixN\n",
+ "changetype: modify\n",
+ "$modrole: nsRoleDN\n",
+ "nsRoleDN: $entry\n\n" );
+}
+open(FD,"| $action ");
+print FD @record;
+close(FD);
+if ( $? != 0 )
+{
+debug("$modrole, $entry\n");
+ $retCode=$?>>8;
+ exit $retCode;
+}
+
+out("$entry $state.\n");
+exit 0;
diff --git a/ldap/admin/src/scripts/ns-newpwpolicy.pl.in \
b/ldap/admin/src/scripts/ns-newpwpolicy.pl.in new file mode 100755
index 0000000..4486ad1
--- /dev/null
+++ b/ldap/admin/src/scripts/ns-newpwpolicy.pl.in
@@ -0,0 +1,330 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+# enable the use of our bundled perldap with our bundled ldapsdk libraries
+# all of this nonsense can be omitted if the mozldapsdk and perldap are
+# installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5)
+$prefix = DSUtil::get_prefix();
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+# Add new password policy specific entries
+
+#############################################################################
+# enable the use of Perldap functions
+require DynaLoader;
+
+use Getopt::Std;
+use Mozilla::LDAP::Conn;
+use Mozilla::LDAP::Utils qw(:all);
+use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API
+
+#############################################################################
+# Default values of the variables
+
+$opt_D = "";
+$opt_p = "";
+$opt_h = "";
+$opt_Z = "";
+$opt_v = 0;
+
+# Variables
+$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
+$ldapmodify="ldapmodify @ldaptool_opts@";
+
+#############################################################################
+
+sub usage {
+ print (STDERR "ns-newpwpolicy.pl [-Z serverID] [-v] [-D rootdn] { -w password | -j \
filename } \n"); + print (STDERR " [-p port] [-h host] -U UserDN -S \
SuffixDN\n\n"); +
+ print (STDERR "Arguments:\n");
+ print (STDERR " -? - help\n");
+ print (STDERR " -Z serverID - Server instance identifier\n");
+ print (STDERR " -v - verbose output\n");
+ print (STDERR " -D rootdn - Directory Manager DN\n");
+ print (STDERR " -w rootpw - password for the Directory Manager DN\n");
+ print (STDERR " -j filename - Read the Directory Manager's password from file\n");
+ print (STDERR " -p port - port\n");
+ print (STDERR " -h host - host name\n");
+ print (STDERR " -U userDN - User entry DN\n");
+ print (STDERR " -S suffixDN - Suffix entry DN\n");
+ exit 1;
+}
+
+# Process the command line arguments
+{
+ usage() if (!getopts('vD:w:j:p:h:U:S:Z:'));
+
+ $first = "yes";
+
+ opendir(DIR, "$prefix/etc/sysconfig");
+ @files = readdir(DIR);
+ foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+ }
+
+ if($opt_Z eq ""){
+ if ($instance_count == 1){
+ $opt_Z = $name;
+ } else {
+ print (STDERR "You must supply a server instance identifier. Use -Z to \
specify instance name\n"); + print "Available instances: $instances\n";
+ exit (1);
+ }
+ } elsif ($opt_Z =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $opt_Z =~ s/^dirsrv-//;
+ } elsif ($opt_Z =~ /^slapd-/){
+ # strip off "slapd-"
+ $opt_Z =~ s/^slapd-//;
+ }
+ @info = DSUtil::get_missing_info($prefix, $opt_Z, $instances, $opt_h, $opt_p, \
$opt_D); +
+ if ($opt_j ne ""){
+ die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
+ $opt_w = <RPASS>;
+ chomp($opt_w);
+ close(RPASS);
+ }
+
+ usage() if( $opt_w eq "" );
+ if ($opt_U eq "" && $opt_S eq "") {
+ print (STDERR "Please provide at least -S or -U option.\n\n");
+ }
+
+ # Now, check if the user/group exists
+
+ if ($opt_S) {
+ my $esc_opt_S = $opt_S;
+ $esc_opt_S =~ s/,/\\,/g;
+ $esc_opt_S =~ s/=/\\=/g;
+ print (STDERR "host = $info[0], port = $info[1], suffixDN = \"$opt_S\"\n\n") if \
$opt_v; + @base=(
+ "cn=nsPwPolicyContainer,$opt_S",
+ "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
+ "cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
+ "cn=nsPwPolicy_cos,$opt_S"
+ );
+
+ $ldapadd="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$opt_w\" -c -a \
2>&1"; + $modifyCfg="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \
\"$opt_w\" -c 2>&1"; +
+ @container=(
+ "dn: cn=nsPwPolicyContainer,$opt_S\n",
+ "objectclass: top\n",
+ "objectclass: nsContainer\n\n" );
+ @pwpolicy=(
+ "dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
+ "objectclass: top\n",
+ "objectclass: ldapsubentry\n",
+ "objectclass: passwordpolicy\n\n" );
+ @template=(
+ "dn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
+ "objectclass: top\n",
+ "objectclass: extensibleObject\n",
+ "objectclass: costemplate\n",
+ "objectclass: ldapsubentry\n",
+ "cosPriority: 1\n",
+ "pwdpolicysubentry: \
cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n\n" ); + @cos=(
+ "dn: cn=nsPwPolicy_cos,$opt_S\n",
+ "objectclass: top\n",
+ "objectclass: LDAPsubentry\n",
+ "objectclass: cosSuperDefinition\n",
+ "objectclass: cosPointerDefinition\n",
+ "cosTemplateDn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
+ "cosAttribute: pwdpolicysubentry default operational-default\n\n" );
+
+ @all=(\@container, \@pwpolicy, \@template, \@cos);
+
+ $i=0;
+
+ foreach $current (@base)
+ {
+ open(FD,"| $ldapadd");
+ print FD @{$all[$i]};
+ close(FD);
+ if ( $? != 0 ) {
+ $retCode=$?>>8;
+ if ( $retCode == 68 ) {
+ print( STDERR "Entry \"$current\" already exists. Please ignore the \
error\n\n"); + }
+ else {
+ # Probably a more serious problem.
+ # Exit with LDAP error
+ print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
+ exit $retCode;
+ }
+ }
+ else {
+ print( STDERR "Entry \"$current\" created\n\n") if $opt_v;
+ }
+ $i=$i+1;
+ }
+
+ $modConfig = "dn:cn=config\nchangetype: \
modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n"; \
+ open(FD,"| $modifyCfg "); + print(FD $modConfig);
+ close(FD);
+ $retcode = $?;
+ if ( $retcode != 0 ) {
+ print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
+ exit ($retcode);
+ }
+ else {
+ print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
+ }
+ } # end of $opt_S
+
+ if ($opt_U) {
+ my $norm_opt_U = normalizeDN($opt_U);
+ my $esc_opt_U = $norm_opt_U;
+ $esc_opt_U =~ s/,/\\,/g;
+ $esc_opt_U =~ s/=/\\=/g;
+ print (STDERR "host = $info[0], port = $info[1], userDN = \"$norm_opt_U\"\n\n") if \
$opt_v; + $retcode = `$ldapsearch -h $info[0] -p $info[1] -b \"$norm_opt_U\" -s base \
\"\"`; + if ($retcode != 0 ) {
+ print( STDERR "the user entry $norm_opt_U does not exist. Exiting.\n");
+ exit ($retcode);
+ }
+
+ print( STDERR "the user entry $norm_opt_U found..\n\n") if $opt_v;
+
+ # Now, get the parentDN
+ @rdns = ldap_explode_dn($norm_opt_U, 0);
+ shift @rdns;
+ $parentDN = join(',', @rdns);
+
+ print (STDERR "parentDN is $parentDN\n\n") if $opt_v;
+
+ @base=(
+ "cn=nsPwPolicyContainer,$parentDN",
+ "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN"
+ );
+
+ $ldapadd="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \"$opt_w\" -c -a \
2>&1"; + $modifyCfg="$ldapmodify -h $info[0] -p $info[1] -D \"$info[2]\" -w \
\"$opt_w\" -c 2>&1"; +
+ @container=(
+ "dn: cn=nsPwPolicyContainer,$parentDN\n",
+ "objectclass: top\n",
+ "objectclass: nsContainer\n\n" );
+ @pwpolicy=(
+ "dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN\n",
+ "objectclass: top\n",
+ "objectclass: ldapsubentry\n",
+ "objectclass: passwordpolicy\n\n" );
+
+ @all=(\@container, \@pwpolicy);
+
+ $i=0;
+
+ foreach $current (@base)
+ {
+ open(FD,"| $ldapadd ");
+ print FD @{$all[$i]};
+ close(FD);
+ if ( $? != 0 ) {
+ $retCode=$?>>8;
+ if ( $retCode == 68 ) {
+ print( STDERR "Entry $current already exists. Please ignore the error\n\n");
+ }
+ else {
+ # Probably a more serious problem.
+ # Exit with LDAP error
+ print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
+ exit $retCode;
+ }
+ }
+ else {
+ print( STDERR "Entry $current created\n\n") if $opt_v;
+ }
+ $i=$i+1;
+ }
+
+ $target = "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN";
+ $modConfig = "dn: $norm_opt_U\nchangetype: \
modify\nreplace:pwdpolicysubentry\npwdpolicysubentry: $target\n\n"; + open(FD,"| \
$modifyCfg "); + print(FD $modConfig);
+ close(FD);
+ $retcode = $?;
+ if ( $retcode != 0 ) {
+ print( STDERR "Error $retcode while modifing $norm_opt_U. Exiting.\n" );
+ exit ($retcode);
+ }
+ else {
+ print( STDERR "Entry \"$norm_opt_U\" modified\n\n") if $opt_v;
+ }
+
+ $modConfig = "dn:cn=config\nchangetype: \
modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: on\n\n"; \
+ open(FD,"| $modifyCfg "); + print(FD $modConfig);
+ close(FD);
+ $retcode = $?;
+ if ( $retcode != 0 ) {
+ print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
+ exit ($retcode);
+ }
+ else {
+ print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
+ }
+ } # end of $opt_U
+}
diff --git a/ldap/admin/src/scripts/remove-ds.pl.in \
b/ldap/admin/src/scripts/remove-ds.pl.in index 5f42615..be3d903 100755
--- a/ldap/admin/src/scripts/remove-ds.pl.in
+++ b/ldap/admin/src/scripts/remove-ds.pl.in
@@ -12,19 +12,15 @@
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-use lib qw(@perlpath@);
-
use strict;
-use File::Basename;
-use File::Path;
+use lib qw(@perlpath@);
use Getopt::Long;
-use DSUtil;
use Resource;
use DSCreate qw(removeDSInstance);
@@ -45,7 +41,7 @@ my $instname = "";
my $initconfig_dir = "";
my $all = "";
-GetOptions('help|h|?' => sub { &usage; exit(1); },
+GetOptions('help|h|?' => sub { &usage; exit(0); },
'debug|d+' => \$DSUtil::debuglevel,
'instance|i=s' => \$instname,
'initconfig_dir|c=s' => \$initconfig_dir,
diff --git a/ldap/admin/src/scripts/restart-slapd.in \
b/ldap/admin/src/scripts/restart-slapd.in new file mode 100644
index 0000000..800c512
--- /dev/null
+++ b/ldap/admin/src/scripts/restart-slapd.in
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Script that restarts the ns-slapd server.
+# Exit status can be:
+# 0: Server restarted successfully
+# 1: Server could not be started
+# 2: Server started successfully (was not running)
+# 3: Server could not be stopped
+
+first="yes"
+args=""
+while getopts "Z:SvVhi:d:w:" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ d) args=$args" -d $OPTARG";;
+ v) args=$args" -v";;
+ V) args=$args" -V";;
+ i) args=$args" -i $OPTARG";;
+ w) args=$args" -w $OPTARG";;
+ S) args=$args" -S";;
+ h) echo "Usage: restart-slapd [-Z serverID]"
+ exit 0;;
+ ?) echo "Usage: restart-slapd [-Z serverID]"
+ exit 1;;
+ esac
+done
+
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: restart-slapd [-Z serverID]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+
+
+if ! [ -a "$prefix/etc/dirsrv/slapd-$servid/dse.ldif" ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+@sbindir@/restart-dirsrv -d $prefix/etc/sysconfig $servid $args
+if [ $? == 0 ]
+then
+ echo Sucessfully restarted instance $servid
+else
+ echo Failed to restart instance $servid
+fi
+exit $?
diff --git a/ldap/admin/src/scripts/restoreconfig.in \
b/ldap/admin/src/scripts/restoreconfig.in new file mode 100755
index 0000000..1f5ea8e
--- /dev/null
+++ b/ldap/admin/src/scripts/restoreconfig.in
@@ -0,0 +1,101 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+while getopts "Z:h" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ h) echo "Usage: restoreconfig [-Z serverID]"
+ echo " -Z - Server instance identifier"
+ exit 0;;
+ ?) echo "Usage: restoreconfig [-Z serverID]"
+ echo " -Z - Server instance identifier"
+ exit 1;;
+
+ esac
+done
+
+first="yes"
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: restoreconfig [-Z serverID]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+conf_ldif=`ls -1t $prefix/var/lib/dirsrv/slapd-$servid/bak/$servid-*.ldif \
2>/dev/null | head -1 ` +if [ -z "$conf_ldif" ]
+then
+ echo No configuration to restore in $prefix/var/lib/dirsrv/slapd-$servid/bak/ ; \
exit 1 +fi
+echo Restoring $conf_ldif...
+./ns-slapd ldif2db -D $configdir -i $conf_ldif -n NetscapeRoot 2>&1
+exit $?
diff --git a/ldap/admin/src/scripts/saveconfig.in \
b/ldap/admin/src/scripts/saveconfig.in new file mode 100755
index 0000000..62aa160
--- /dev/null
+++ b/ldap/admin/src/scripts/saveconfig.in
@@ -0,0 +1,101 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+while getopts "Z:h" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ h) echo "Usage: saveconfig [-Z serverID]"
+ echo " -Z - Server instance identifier"
+ exit 0;;
+ ?) echo "Usage: saveconfig [-Z serverID]"
+ echo " -Z - Server instance identifier"
+ exit 1;;
+ esac
+done
+
+first="yes"
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: saveconfig [-Z serverID]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+echo saving configuration...
+conf_ldif=$prefix/var/lib/dirsrv/slapd-$servid/bak/$servid-`date \
+%Y_%m_%d_%H%M%S`.ldif +./ns-slapd db2ldif -N -D $configdir -s "o=NetscapeRoot" -a \
$conf_ldif -n NetscapeRoot 2>&1 +if [ "$?" -ge 1 ]
+then
+ echo Error occurred while saving configuration
+ exit 1
+fi
+exit 0
diff --git a/ldap/admin/src/scripts/schema-reload.pl.in \
b/ldap/admin/src/scripts/schema-reload.pl.in new file mode 100644
index 0000000..8d235a6
--- /dev/null
+++ b/ldap/admin/src/scripts/schema-reload.pl.in
@@ -0,0 +1,206 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } \n"); + print(STDERR " [-d schemadir]\n");
+ print(STDERR " Opts: -D rootdn - Directory Manager\n");
+ print(STDERR " : -w password - Directory Manager's password\n");
+ print(STDERR " : -w - - Prompt for Directory Manager's \
password\n"); + print(STDERR " : -Z serverID - Server instance \
identifier\n"); + print(STDERR " : -j filename - Read Directory \
Manager's password from file\n"); + print(STDERR " : -d schemadir - \
Directory where schema files are located\n"); + print(STDERR " : -v \
- verbose\n"); +}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$schemadir = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$i = 0;
+while ($i <= $#ARGV)
+{
+ if ("$ARGV[$i]" eq "-d")
+ {
+ # schemadir
+ $i++; $schemadir = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-D")
+ {
+ # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-w")
+ {
+ # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-j")
+ {
+ # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-Z")
+ {
+ # server instance identifier
+ $i++; $servid = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-h")
+ {
+ # help
+ &usage; exit(0);
+ }
+ elsif ("$ARGV[$i]" eq "-v")
+ {
+ # verbose
+ $verbose = 1;
+ }
+ else
+ {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" )
+{
+ &usage;
+ exit(1);
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "schema_reload_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=schema reload task, cn=tasks, cn=config\n";
+$misc = "objectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+if ( $schemadir ne "" )
+{
+ $schemadir = "schemadir: $schemadir\n";
+}
+$entry = "${dn}${misc}${cn}${schemadir}";
+
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/setup-ds.pl.in \
b/ldap/admin/src/scripts/setup-ds.pl.in index 044444b..983a251 100644
--- a/ldap/admin/src/scripts/setup-ds.pl.in
+++ b/ldap/admin/src/scripts/setup-ds.pl.in
@@ -32,7 +32,7 @@
# exception.
#
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
diff --git a/ldap/admin/src/scripts/start-dirsrv.in \
b/ldap/admin/src/scripts/start-dirsrv.in index cfd6477..b5f45f9 100755
--- a/ldap/admin/src/scripts/start-dirsrv.in
+++ b/ldap/admin/src/scripts/start-dirsrv.in
@@ -41,6 +41,7 @@ start_instance() {
DS_CONFIG_DIR=$CONFIG_DIR
export DS_CONFIG_DIR
PIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.pid
+
STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid
if test -f $STARTPIDFILE ; then
PID=`cat $STARTPIDFILE`
diff --git a/ldap/admin/src/scripts/start-slapd.in \
b/ldap/admin/src/scripts/start-slapd.in new file mode 100755
index 0000000..6f1f6a5
--- /dev/null
+++ b/ldap/admin/src/scripts/start-slapd.in
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+# Script that starts the ns-slapd server.
+# Exit status can be:
+# 0: Server started successfully
+# 1: Server could not be started
+# 2: Server already running
+
+args=""
+while getopts "Z:SvVhi:d:w:" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ d) args=$args" -d $OPTARG";;
+ v) args=$args" -v";;
+ V) args=$args" -V";;
+ i) args=$args" -i $OPTARG";;
+ w) args=$args" -w $OPTARG";;
+ S) args=$args" -S";;
+ h) echo "Usage: start-slapd [-Z serverID]"
+ exit 0;;
+ ?) echo "Usage: start-slapd [-Z serverID]"
+ exit 1;;
+ esac
+done
+
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+first="yes"
+if [ -z $servid ]
+then
+ # server id not provided, check if there is only one instance
+ inst_count=0
+ for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+ do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+ done
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: start-slapd [-Z serverID]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+
+@sbindir@/start-dirsrv -d $prefix/etc/sysconfig $servid $args
+if [ $? == 0 ]
+then
+ echo Sucessfully started instance $servid
+else
+ echo Failed to start instance $servid
+fi
+exit $?
diff --git a/ldap/admin/src/scripts/stop-dirsrv.in \
b/ldap/admin/src/scripts/stop-dirsrv.in index 28adde5..220fe92 100755
--- a/ldap/admin/src/scripts/stop-dirsrv.in
+++ b/ldap/admin/src/scripts/stop-dirsrv.in
@@ -6,6 +6,11 @@
# 1: Server could not be stopped
# 2: Server was not running
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
stop_instance() {
SERV_ID=$1
diff --git a/ldap/admin/src/scripts/stop-slapd.in \
b/ldap/admin/src/scripts/stop-slapd.in new file mode 100755
index 0000000..7661b17
--- /dev/null
+++ b/ldap/admin/src/scripts/stop-slapd.in
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+# Script that stops the ns-slapd server.
+# Exit status can be:
+# 0: Server stopped successfully
+# 1: Server could not be stopped
+# 2: Server was not running
+
+while getopts "Z:SvVhi:d:w:" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ d) args=$args" -d $OPTARG";;
+ v) args=$args" -v";;
+ V) args=$args" -V";;
+ i) args=$args" -i $OPTARG";;
+ w) args=$args" -w $OPTARG";;
+ S) args=$args" -S";;
+ h) echo "Usage: stop-slapd [-Z serverID]"
+ exit 0;;
+ ?) echo "Usage: stop-slapd [-Z serverID]"
+ exit 1;;
+ esac
+done
+
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+fi
+
+first="yes"
+if [ -z $servid ]
+then
+ # server id not provided, check if there is only one instance
+ inst_count=0
+ for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+ do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+ done
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: stop-slapd [-Z serverID]"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+
+
+@sbindir@/stop-dirsrv -d $prefix/etc/sysconfig $servid $args
+if [ $? == 0 ]
+then
+ echo Sucessfully stopped instance $servid
+else
+ echo Failed to stop instance $servid
+fi
+
+exit $?
diff --git a/ldap/admin/src/scripts/suffix2instance.in \
b/ldap/admin/src/scripts/suffix2instance.in new file mode 100755
index 0000000..0c31fc6
--- /dev/null
+++ b/ldap/admin/src/scripts/suffix2instance.in
@@ -0,0 +1,104 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:s:h" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ s) args=$args" -s $OPTARG";;
+ h) echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+ exit 0;;
+ ?) echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+ exit 1;;
+ esac
+done
+
+if [ "$args" == "" ]
+then
+ echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+ exit 1
+fi
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: suffix2index [-Z serverID] -s <suffix>"
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+if [ $# -lt 2 ]
+then
+ echo Usage: suffix2instance [-Z serverID] {-s includesuffix}*
+ exit 1
+fi
+
+./ns-slapd suffix2instance -D $configdir $args 2>&1
diff --git a/ldap/admin/src/scripts/syntax-validate.pl.in \
b/ldap/admin/src/scripts/syntax-validate.pl.in new file mode 100644
index 0000000..2d6c98b
--- /dev/null
+++ b/ldap/admin/src/scripts/syntax-validate.pl.in
@@ -0,0 +1,216 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } \n"); + print(STDERR " -b baseDN [-f filter]\n");
+ print(STDERR " Opts: -D rootdn - Directory Manager.\n");
+ print(STDERR " : -w password - Directory Manager's password.\n");
+ print(STDERR " : -w - - Prompt for Directory Manager's \
password.\n"); + print(STDERR " : -Z serverID - Server instance \
identifier.\n"); + print(STDERR " : -j filename - Read Directory \
Manager's password from file.\n"); + print(STDERR " : -b baseDN - \
Base DN that contains entries to validate.\n"); + print(STDERR " : -f filter \
- Filter for entries to validate.\n"); + print(STDERR " \
If omitted, all entries under the specified\n"); + print(STDERR " \
base will have their attribute values\n"); + print(STDERR " \
validated.\n"); + print(STDERR " : -v - Verbose.\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$basedn_arg = "";
+$filter_arg = "";
+$filter = "";
+$first = "yes";
+$verbose = 0;
+$prefix = DSUtil::get_prefix();
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$i = 0;
+while ($i <= $#ARGV)
+{
+ if ("$ARGV[$i]" eq "-b")
+ {
+ # base DN
+ $i++; $basedn_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-f")
+ {
+ # filter
+ $i++; $filter_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-D")
+ {
+ # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-w")
+ {
+ # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-j")
+ {
+ # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-Z")
+ {
+ # Server instance identifier
+ $i++; $servid = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-h")
+ {
+ # help
+ &usage; exit(0);
+ }
+ elsif ("$ARGV[$i]" eq "-v")
+ {
+ # verbose
+ $verbose = 1;
+ }
+ else
+ {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" || $basedn_arg eq "" )
+{
+ &usage;
+ exit(1);
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "syntax_validate_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=syntax validate, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$basedn = "basedn: $basedn_arg\n";
+
+if ( $filter_arg ne "" )
+{
+ $filter = "filter: $filter_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${basedn}${filter}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/template-bak2db.in \
b/ldap/admin/src/scripts/template-bak2db.in index 013a9f1..1725aba 100755
--- a/ldap/admin/src/scripts/template-bak2db.in
+++ b/ldap/admin/src/scripts/template-bak2db.in
@@ -1,61 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-if [ $# -lt 1 ] || [ $# -gt 6 ]
-then
- echo "Usage: bak2db archivedir [-n backendname] [-q] | [-h]"
- exit 1
-elif [ "$1" = "-h" ]
-then
- echo "Usage: bak2db archivedir [-n backendname] [-q] | [-h]"
- exit 0
-else
- archivedir=$1
- shift
-fi
-benameopt=""
-dlevel=0
-quiet=0
-while getopts "hn:qd:" flag
-do
- case $flag in
- h) echo "Usage: bak2db archivedir [-n backendname] [-q] | [-h]"
- exit 1;;
- n) benameopt="-n $OPTARG";;
- q) quiet=1;;
- d) dlevel=$OPTARG;;
- esac
-done
-
-if [ 1 = `expr $archivedir : "\/"` ]
-then
- archivedir=$archivedir
-else
- # relative
- archivedir=`pwd`/$archivedir
-fi
-
cd {{SERVERBIN-DIR}}
-if [ $quiet -eq 0 ]; then
- ./ns-slapd archive2db -D {{CONFIG-DIR}} -a $archivedir $benameopt -d $dlevel
-else
- ./ns-slapd archive2db -D {{CONFIG-DIR}} -a $archivedir $benameopt -d $dlevel -q
-fi
+./bak2db "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-bak2db.pl.in \
b/ldap/admin/src/scripts/template-bak2db.pl.in index 4ab79cc..1133e2d 100644
--- a/ldap/admin/src/scripts/template-bak2db.pl.in
+++ b/ldap/admin/src/scripts/template-bak2db.pl.in
@@ -34,116 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
- print(STDERR " : -a dirname [-t dbtype]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's password\n");
- print(STDERR " : -j filename - Read Directory Manager's password from file\n");
- print(STDERR " : -a dirname - backup directory\n");
- print(STDERR " : -t dbtype - database type (default: ldbm database)\n");
- print(STDERR " : -n backend - name of backend instance to restore\n");
- print(STDERR " : -v - verbose\n");
-}
-$taskname = "";
-$archivedir = "";
-$dbtype = "ldbm database";
-$instance = "";
-$prefix = "{{DS-ROOT}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
while ($i <= $#ARGV) {
- if ("$ARGV[$i]" eq "-a") { # backup directory
- $i++; $archivedir = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-t") { # database type
- $i++; $dbtype = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-n") { # backend instance name
- $i++; $instance = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-v") { # verbose
- $verbose = 1;
- } else {
- &usage; exit(1);
- }
- $i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "restore_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-if ($archivedir eq "") {
- &usage; exit(1);
-}
-use File::Spec;
-$isabs = File::Spec->file_name_is_absolute( $archivedir );
-if (!$isabs) {
- $archivedir = File::Spec->rel2abs( $archivedir );
-}
-$dn = "dn: cn=$taskname, cn=restore, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-if ($instance ne "") {
- $nsinstance = "nsInstance: ${instance}\n";
-}
-$nsarchivedir = "nsArchiveDir: $archivedir\n";
-$nsdbtype = "nsDatabaseType: $dbtype\n";
-$entry = "${dn}${misc}${cn}${nsinstance}${nsarchivedir}${nsdbtype}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/bak2db.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-cleanallruv.pl.in \
b/ldap/admin/src/scripts/template-cleanallruv.pl.in index be95a6d..83b5ff3 100644
--- a/ldap/admin/src/scripts/template-cleanallruv.pl.in
+++ b/ldap/admin/src/scripts/template-cleanallruv.pl.in
@@ -34,153 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2012 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \
\n");
- print(STDERR " [-b basedn | -r rid | -A]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's \
password\n");
- print(STDERR " : -j filename - Read Directory Manager's password \
from file\n");
- print(STDERR " : -b basedn - DN of the replica root you want to \
clean\n");
- print(STDERR " : -r rid - The replica id that you want to \
clean\n");
- print(STDERR " : -A - Abort an existing cleanallruv \
task(must use with -b and -r args\n");
- print(STDERR " : -v - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$basedn = "";
-$rid = "";
-$abort = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV)
-{
- if ("$ARGV[$i]" eq "-b")
- {
- # Base DN
- $i++; $basedn = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-r")
- {
- # rid
- $i++; $rid = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-A")
- {
- # abort
- $abort = "yes";
- }
- elsif ("$ARGV[$i]" eq "-D")
- {
- # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-w")
- {
- # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-j")
- {
- # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-v")
- {
- # verbose
- $verbose = 1;
- }
- else
- {
- &usage; exit(1);
- }
- $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" || $basedn eq "" || $rid eq "")
-{
- &usage;
- exit(1);
-}
-
-$vstr = "";
-if ($verbose != 0)
-{
- $vstr = "-v";
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-
-if($abort eq ""){
- # Build the task entry to add
- $taskname = "cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
- $dn = "dn: cn=$taskname, cn=cleanallruv, cn=tasks, cn=config\n";
-} else {
- $taskname = "abort_cleanallruv_${yr}_${mn}_${dy}_${h}_${m}_${s}";
- $dn = "dn: cn=$taskname, cn=abort cleanallruv, cn=tasks, cn=config\n";
-}
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-$basedn = "replica-base-dn: $basedn\n";
-$rid = "replica-id: $rid\n";
-
-
-$entry = "${dn}${misc}${cn}${basedn}${rid}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+exec "{{SERVERBIN-DIR}}/cleanallruv.pl @wrapperArgs -Z {{SERV-ID}}"
diff --git a/ldap/admin/src/scripts/template-db2bak.in \
b/ldap/admin/src/scripts/template-db2bak.in index 85aac0f..50fd5ed 100755
--- a/ldap/admin/src/scripts/template-db2bak.in
+++ b/ldap/admin/src/scripts/template-db2bak.in
@@ -1,55 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-if [ $# -gt 4 ]
-then
- echo "Usage: db2bak [archivedir] [-q] [-h]"
- exit 1
-fi
-
-bak_dir={{BAK-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H_%M_%S`
-dlevel=0
-quiet=0
cd {{SERVERBIN-DIR}}
-if [ "$#" -gt 0 ]
-then
- if [ "$1" != "-q" ] && [ "$1" != "-d" ] && [ "$1" != "-h" ]
- then
- bak_dir=$1
- shift
- fi
- while getopts "hqd:" flag
- do
- case $flag in
- h) echo "Usage: db2bak [archivedir] [-q] [-h]"
- exit 0;;
- q) quiet=1;;
- d) dlevel=$OPTARG;;
- esac
- done
-fi
-
-echo "Back up directory: $bak_dir"
-if [ $quiet -eq 0 ]; then
- ./ns-slapd db2archive -D {{CONFIG-DIR}} -a $bak_dir -d $dlevel
-else
- ./ns-slapd db2archive -D {{CONFIG-DIR}} -a $bak_dir -d $dlevel -q
-fi
+./db2bak "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-db2bak.pl.in \
b/ldap/admin/src/scripts/template-db2bak.pl.in index 8a0cb1c..255472c 100644
--- a/ldap/admin/src/scripts/template-db2bak.pl.in
+++ b/ldap/admin/src/scripts/template-db2bak.pl.in
@@ -34,106 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
- print(STDERR " [-a dirname] [-t dbtype]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's password\n");
- print(STDERR " : -j filename - Read Directory Manager's password from file\n");
- print(STDERR " : -a dirname - backup directory\n");
- print(STDERR " : -t dbtype - database type (default: ldbm database)\n");
- print(STDERR " : -v - verbose\n");
-}
-$taskname = "";
-$archivedir = "";
-$dbtype = "ldbm database";
-$prefix = "{{DS-ROOT}}";
-$mybakdir = "{{BAK-DIR}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
while ($i <= $#ARGV) {
- if ("$ARGV[$i]" eq "-a") { # backup directory
- $i++; $archivedir = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-t") { # database type
- $i++; $dbtype = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-v") { # verbose
- $verbose = 1;
- } else {
- &usage; exit(1);
- }
- $i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-if ( $rootdn eq "" || $passwd eq "") { &usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "backup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-if ($archivedir eq "") {
- $archivedir = "${mybakdir}{{SEP}}{{SERV-ID}}-${yr}_${mn}_${dy}_${h}_${m}_${s}";
-}
-$dn = "dn: cn=$taskname, cn=backup, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-$nsarchivedir = "nsArchiveDir: $archivedir\n";
-$nsdbtype = "nsDatabaseType: $dbtype\n";
-$entry = "${dn}${misc}${cn}${nsarchivedir}${nsdbtype}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-print("Back up directory: $archivedir\n");
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/db2bak.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-db2index.in \
b/ldap/admin/src/scripts/template-db2index.in index ba39c17..a7a633d 100755
--- a/ldap/admin/src/scripts/template-db2index.in
+++ b/ldap/admin/src/scripts/template-db2index.in
@@ -1,33 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-if [ $# -eq 0 ]
-then
- bak_dir={{BAK-DIR}}/reindex_`date +%Y_%m_%d_%H_%M_%S`
- ./ns-slapd upgradedb -D {{CONFIG-DIR}} -f -a "$bak_dir"
-elif [ $# -lt 2 ]
-then
- echo "Usage: db2index [-n backend_instance | {-s includesuffix}* -t \
attribute[:indextypes[:matchingrules]] -T vlvattribute]"
- exit 1
-else
- ./ns-slapd db2index -D {{CONFIG-DIR}} "$@"
-fi
-
+./db2index "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-db2index.pl.in \
b/ldap/admin/src/scripts/template-db2index.pl.in index 46a7ee5..4546885 100644
--- a/ldap/admin/src/scripts/template-db2index.pl.in
+++ b/ldap/admin/src/scripts/template-db2index.pl.in
@@ -34,191 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-use Getopt::Std;
-
-$opt_D = "{{ROOT-DN}}";
-$opt_p = "{{SERVER-PORT}}";
-$opt_h = "{{SERVER-NAME}}";
-$opt_v = 0;
-
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \
\n");
- print(STDERR " -n instance [-t \
attributeName[:indextypes[:matchingrules]]]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's \
password\n");
- print(STDERR " : -j filename - Read Directory Manager's password \
from file\n");
- print(STDERR " : -n instance - instance to be indexed\n");
- print(STDERR " : -t attributeName[:indextypes[:matchingrules]]\n");
- print(STDERR " - attributeName: name of the attribute \
to be indexed\n");
- print(STDERR " If omitted, all the indexes defined \
\n");
- print(STDERR " for that instance are generated.\n");
- print(STDERR " - indextypes: comma separated index \
types\n");
- print(STDERR " - matchingrules: comma separated \
matrules\n");
- print(STDERR " Example: -t foo:eq,pres\n");
- print(STDERR " : -T vlvAttributeName - vlvAttributeName: name of the vlv \
attribute to be indexed\n");
- print(STDERR " : -v - verbose\n");
-
- exit 1;
-}
-
-$instance = "";
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$attribute_arg = "";
-$vlvattribute_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-usage() if (!getopts('n:D:w:T:t:j:v'));
-
-if ($opt_j ne ""){
- die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
- $opt_w = <RPASS>;
- chomp($opt_w);
- close(RPASS);
-}
-
-usage() if( $opt_w eq "" );
-usage() if( $#ARGV ge 0 );
-
-$instance = $opt_n;
-$rootdn = $opt_D;
-$passwd = $opt_w;
-$attribute_arg = $opt_t;
-$vlvattribute_arg = $opt_T;
-$verbose = $opt_v;
-
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" )
-{
- &usage;
-}
-
-$vstr = "";
-if ($verbose != 0)
-{
- $vstr = "-v";
-}
-
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "db2index_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-if ( $instance eq "" )
-{
- &usage;
-}
-
-# No attribute name has been specified: let's get them from the configuration
-$attribute="";
-$indexes_list="";
-$vlvattribute="";
-$vlvindexes_list="";
-chdir("$prefix{{SEP}}usr{{SEP}}bin");
-if ( $attribute_arg eq "" && $vlvattribute_arg eq "" )
-{
- # Get the list of indexes from the entry
- $indexes_list="ldapsearch @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p \
{{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s one " .
- "-b \"cn=index,cn=\"$instance\", cn=ldbm database,cn=plugins,cn=config\" \
\"(&(objectclass=*)(nsSystemIndex=false))\" cn";
- # build the values of the attribute nsIndexAttribute
- open(LDAP1, "$indexes_list |");
- while (<LDAP1>) {
- s/\n //g;
- if (/^cn: (.*)\n/) {
- $IndexAttribute="nsIndexAttribute";
- $attribute="$attribute$IndexAttribute: $1\n";
- }
- }
- close(LDAP1);
- if ( $attribute eq "" )
- {
- # No attribute to index, just exit
- exit(0);
- }
-
- # Get the list of indexes from the entry
- $vlvindexes_list="ldapsearch @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p \
{{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -s sub -b \"cn=\"$instance\", cn=ldbm \
database,cn=plugins,cn=config\" \"objectclass=vlvIndex\" cn";
-
- # build the values of the attribute nsIndexVlvAttribute
- open(LDAP1, "$vlvindexes_list |");
- while (<LDAP1>) {
- s/\n //g;
- if (/^cn: (.*)\n/) {
- $vlvIndexAttribute="nsIndexVlvAttribute";
- $vlvattribute="$vlvattribute$vlvIndexAttribute: $1\n";
- }
- }
- close(LDAP1);
-}
-else
-{
- if ( $attribute_arg ne "" )
- {
- $attribute="nsIndexAttribute: $attribute_arg\n";
- }
- if ( $vlvattribute_arg ne "" )
- {
- $vlvattribute="nsIndexVlvAttribute: $vlvattribute_arg\n";
- }
-}
-
-# Build the task entry to add
-
-$dn = "dn: cn=$taskname, cn=index, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-$nsinstance = "nsInstance: ${instance}\n";
-
-$entry = "${dn}${misc}${cn}${nsinstance}${attribute}${vlvattribute}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/db2index.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-db2ldif.in \
b/ldap/admin/src/scripts/template-db2ldif.in index d3a12be..d79db0d 100755
--- a/ldap/admin/src/scripts/template-db2ldif.in
+++ b/ldap/admin/src/scripts/template-db2ldif.in
@@ -1,86 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-make_ldiffile()
-{
- be=""
- while [ "$1" != "" ]
- do
- if [ "$1" = "-a" ]; then
- shift
- echo $1
- return 1
- elif [ "$1" = "-n" ]; then
- shift
- if [ "$be" = "" ]; then
- be="$1"
- else
- tmpbe="$be"
- be="${tmpbe}-$1"
- fi
- elif [ "$1" = "-s" ]; then
- shift
- if [ "$1" != "" ]; then
- rdn=`echo $1 | awk -F, '{print $1}'`
- rdnval=`echo $rdn | awk -F= '{print $2}'`
- if [ "$be" = "" ]; then
- be="$rdnval"
- else
- tmpbe="$be"
- be="${tmpbe}-$rdnval"
- fi
- fi
- elif [ "$1" = "-M" ]; then
- be=""
- fi
- if [ "$1" != "" ]; then
- shift
- fi
- done
-
- if [ "$be" = "" ]; then
- echo {{LDIF-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H%M%S`.ldif
- else
- echo {{LDIF-DIR}}/{{SERV-ID}}-${be}-`date +%Y_%m_%d_%H%M%S`.ldif
- fi
- return 0
-}
-
cd {{SERVERBIN-DIR}}
-if [ "$#" -lt 2 ];
-then
- echo "Usage: db2ldif {-n backend_instance}* | {-s includesuffix}*"
- echo " [{-x excludesuffix}*] [-a outputfile]"
- echo " [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1] [-q]"
- echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" is required."
- exit 1
-fi
-
-ldif_file=`make_ldiffile $@`
-rn=$?
-
-echo "Exported ldif file: $ldif_file"
-if [ $rn -eq 1 ]
-then
-./ns-slapd db2ldif -D {{CONFIG-DIR}} "$@"
-else
-./ns-slapd db2ldif -D {{CONFIG-DIR}} -a $ldif_file "$@"
-fi
+./db2ldif "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-db2ldif.pl.in \
b/ldap/admin/src/scripts/template-db2ldif.pl.in index a4929ba..bc01d7a 100644
--- a/ldap/admin/src/scripts/template-db2ldif.pl.in
+++ b/ldap/admin/src/scripts/template-db2ldif.pl.in
@@ -34,250 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
- print(STDERR " {-n instance}* | {-s include}* [{-x exclude}*] \n");
- print(STDERR " [-m] [-M] [-u] [-C] [-N] [-U] [-a filename]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's password\n");
- print(STDERR " : -j filename - Read Directory Manager's password from file\n");
- print(STDERR " : -n instance - instance to be exported\n");
- print(STDERR " : -a filename - output ldif file\n");
- print(STDERR " : -s include - included suffix(es)\n");
- print(STDERR " : -x exclude - excluded suffix(es)\n");
- print(STDERR " : -m - minimal base64 encoding\n");
- print(STDERR " : -M - output ldif is stored in multiple files\n");
- print(STDERR " these files are named : \
<instance>_<filename>\n");
- print(STDERR " by default, all instances are stored in \
<filename>\n");
- print(STDERR " : -r - export replica\n");
- print(STDERR " : -u - do not export unique id\n");
- print(STDERR " : -C - use main db file only\n");
- print(STDERR " : -N - suppress printing sequential number\n");
- print(STDERR " : -U - output ldif is not folded\n");
- print(STDERR " : -E - Decrypt encrypted data when exporting\n");
- print(STDERR " : -1 - do not print version line\n");
- print(STDERR " : -v - verbose\n");
-}
-
-@instances = (
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- ""
-);
-@included = (
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- ""
-);
-@excluded = (
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- ""
-);
-$maxidx = 50;
-$nowrap = 0;
-$nobase64 = 0;
-$noversion = 0;
-$nouniqueid = 0;
-$useid2entry = 0;
-$onefile = 1;
-$printkey = 1;
-$taskname = "";
-$ldiffile = "";
-$doreplica = 0;
-$prefix = "{{DS-ROOT}}";
-$ldifdir = "{{LDIF-DIR}}";
-$servid = "{{SERV-ID}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
-$insti = 0;
-$incli = 0;
-$excli = 0;
-$decrypt_on_export = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
while ($i <= $#ARGV) {
- if ( "$ARGV[$i]" eq "-n" ) { # instances
- $i++;
- if ($insti < $maxidx) {
- $instances[$insti] = $ARGV[$i]; $insti++;
- } else {
- &usage; exit(1);
- }
- } elsif ("$ARGV[$i]" eq "-s") { # included suffix
- $i++;
- if ($incli < $maxidx) {
- $included[$incli] = $ARGV[$i]; $incli++;
- } else {
- &usage; exit(1);
- }
- } elsif ("$ARGV[$i]" eq "-x") { # excluded suffix
- $i++;
- if ($excli < $maxidx) {
- $excluded[$excli] = $ARGV[$i]; $excli++;
- } else {
- &usage; exit(1);
- }
- } elsif ("$ARGV[$i]" eq "-a") { # ldif file
- $i++; $ldiffile = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-M") { # multiple ldif file
- $onefile = 0;
- } elsif ("$ARGV[$i]" eq "-o") { # one ldif file
- $onefile = 1;
- } elsif ("$ARGV[$i]" eq "-u") { # no dump unique id
- $nouniqueid = 1;
- } elsif ("$ARGV[$i]" eq "-C") { # use id2entry
- $useid2entry = 1;
- } elsif ("$ARGV[$i]" eq "-N") { # does not print key
- $printkey = 0;
- } elsif ("$ARGV[$i]" eq "-r") { # export replica
- $doreplica = 1;
- } elsif ("$ARGV[$i]" eq "-m") { # no base64
- $nobase64 = 1;
- } elsif ("$ARGV[$i]" eq "-U") { # no wrap
- $nowrap = 1;
- } elsif ("$ARGV[$i]" eq "-1") { # no version line
- $noversion = 1;
- } elsif ("$ARGV[$i]" eq "-E") { # decrypt
- $decrypt_on_export = 1;
- } elsif ("$ARGV[$i]" eq "-v") { # verbose
- $verbose = 1;
- } else {
- &usage; exit(1);
- }
- $i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-if (($instances[0] eq "" && $included[0] eq "") || $rootdn eq "" || $passwd eq "") { \
&usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "export_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-$dn = "dn: cn=$taskname, cn=export, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-$i = 0;
-$be = "";
-$nsinstance = "";
-while ("" ne "$instances[$i]") {
- $nsinstance = "${nsinstance}nsInstance: $instances[$i]\n";
- if ( "" eq "$be" ) {
- $be = "$instances[$i]";
- } else {
- $be = "${be}-$instances[$i]";
- }
- $i++;
-}
-$i = 0;
-$nsincluded = "";
-while ("" ne "$included[$i]") {
- $nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
- my ($rdn, $rest) = split(/,/, $included[$i]);
- my ($rest, $tmpbe) = split(/=/, $rdn);
- if ( "" eq "$be" ) {
- $be = "$tmpbe";
- } else {
- $be = "${be}-$tmpbe";
- }
- $i++;
-}
-$i = 0;
-$nsexcluded = "";
-while ("" ne "$excluded[$i]") {
- $nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
- $i++;
-}
-if ($ldiffile eq "") {
- if ($onefile == 0) {
- $ldiffile = "${ldifdir}{{SEP}}${servid}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
- } else {
- $ldiffile = "${ldifdir}{{SEP}}${servid}-${be}-${yr}_${mn}_${dy}_${h}_${m}_${s}.ldif";
- }
-}
-$nsreplica = "";
-if ($doreplica != 0) { $nsreplica = "nsExportReplica: true\n"; }
-$nsnobase64 = "";
-if ($nobase64 != 0) { $nsnobase64 = "nsMinimalEncoding: true\n"; }
-$nsnowrap = "";
-if ($nowrap != 0) { $nsnowrap = "nsNoWrap: true\n"; }
-$nsnoversion = "";
-if ($noversion != 0) { $nsnoversion = "nsNoVersionLine: true\n"; }
-$nsnouniqueid = "";
-if ($nouniqueid != 0) { $nsnouniqueid = "nsDumpUniqId: false\n"; }
-$nsuseid2entry = "";
-if ($useid2entry != 0) { $nsuseid2entry = "nsUseId2Entry: true\n"; }
-$nsonefile = "";
-if ($onefile != 0) { $nsonefile = "nsUseOneFile: true\n"; }
-if ($onefile == 0) { $nsonefile = "nsUseOneFile: false\n"; }
-$nsexportdecrypt = "";
-if ($decrypt_on_export != 0) { $nsexportdecrypt = "nsExportDecrypt: true\n"; }
-$nsprintkey = "";
-if ($printkey == 0) { $nsprintkey = "nsPrintKey: false\n"; }
-$nsldiffile = "nsFilename: ${ldiffile}\n";
-$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsreplica}${nsnob \
ase64}${nsnowrap}${nsnoversion}${nsnouniqueid}${nsuseid2entry}${nsonefile}${nsexportdecrypt}${nsprintkey}${nsldiffile}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-print("Exporting to ldif file: ${ldiffile}\n");
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/db2ldif.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-dbverify.in \
b/ldap/admin/src/scripts/template-dbverify.in index 8c1a98e..71e3e4e 100755
--- a/ldap/admin/src/scripts/template-dbverify.in
+++ b/ldap/admin/src/scripts/template-dbverify.in
@@ -1,49 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-args=""
-while [ "$1" != "" ]
-do
- if [ "$1" = "-n" ]; then
- args=$args" "$1
- shift
- args=$args" "$1
- elif [ "$1" = "-V" ]; then
- args=$args" "$1
- else
- echo "Usage: dbverify [-n backend_instance] [-V]"
- echo "Note : if \"-n backend_instance\" is not passed, verify all DBs."
- echo " -V : verbose"
- exit 1
- fi
- shift
-done
-
-
cd {{SERVERBIN-DIR}}
-./ns-slapd dbverify -D {{CONFIG-DIR}} $args
-if [ $? -eq 0 ]; then
- echo "DB verify: Passed"
- exit 0
-else
- echo "DB verify: Failed"
- exit 1
-fi
+./dbverify "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-dn2rdn.in \
b/ldap/admin/src/scripts/template-dn2rdn.in index 8e85db6..b3d8e82 100755
--- a/ldap/admin/src/scripts/template-dn2rdn.in
+++ b/ldap/admin/src/scripts/template-dn2rdn.in
@@ -1,23 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-bak_dir={{BAK-DIR}}/reindex_`date +%Y_%m_%d_%H_%M_%S`
-./ns-slapd upgradedb -D {{CONFIG-DIR}} -r -a "$bak_dir" "$@"
+./dn2rdn "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in \
b/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in index f181a7a..2cb7f82 \
100644
--- a/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in
+++ b/ldap/admin/src/scripts/template-fixup-linkedattrs.pl.in
@@ -34,136 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2009 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \
\n");
- print(STDERR " [-l linkDN]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's \
password\n");
- print(STDERR " : -j filename - Read Directory Manager's password \
from file\n");
- print(STDERR " : -l linkDN - DN of link config entry that you want \
to fix\n");
- print(STDERR " up the links for. If omitted, all \
configured\n");
- print(STDERR " linked attributes will be fixed \
up.\n");
- print(STDERR " : -v - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$linkdn_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV)
-{
- if ("$ARGV[$i]" eq "-l")
- {
- # link DN
- $i++; $linkdn_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-D")
- {
- # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-w")
- {
- # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-j")
- {
- # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-v")
- {
- # verbose
- $verbose = 1;
- }
- else
- {
- &usage; exit(1);
- }
- $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" )
-{
- &usage;
- exit(1);
-}
-
-$vstr = "";
-if ($verbose != 0)
-{
- $vstr = "-v";
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "linked_attrs_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=fixup linked attributes, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-if ($linkdn_arg ne "")
-{
- $linkdn = "linkdn: $linkdn_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${linkdn}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/fixup-linkedattrs.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-fixup-memberof.pl.in \
b/ldap/admin/src/scripts/template-fixup-memberof.pl.in index b43c21a..0d73961 100644
--- a/ldap/admin/src/scripts/template-fixup-memberof.pl.in
+++ b/ldap/admin/src/scripts/template-fixup-memberof.pl.in
@@ -34,147 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2008 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \
\n");
- print(STDERR " -b baseDN [-f filter]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's \
password\n");
- print(STDERR " : -j filename - Read Directory Manager's password \
from file\n");
- print(STDERR " : -b baseDN - Base DN that contains entries to fix \
up.\n");
- print(STDERR " : -f filter - Filter for entries to fix up\n");
- print(STDERR " If omitted, all entries under the \
specified\n");
- print(STDERR " base will have their memberOf \
attribute\n");
- print(STDERR " regenerated.\n");
- print(STDERR " : -v - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$basedn_arg = "";
-$filter_arg = "";
-$filter = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV)
-{
- if ("$ARGV[$i]" eq "-b")
- {
- # base DN
- $i++; $basedn_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-f")
- {
- # filter
- $i++; $filter_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-D")
- {
- # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-w")
- {
- # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-j")
- {
- # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-v")
- {
- # verbose
- $verbose = 1;
- }
- else
- {
- &usage; exit(1);
- }
- $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" || $basedn_arg eq "" )
-{
- &usage;
- exit(1);
-}
-
-$vstr = "";
-if ($verbose != 0)
-{
- $vstr = "-v";
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "memberOf_fixup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=memberOf task, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-$basedn = "basedn: $basedn_arg\n";
-
-if ( $filter_arg ne "" )
-{
- $filter = "filter: $filter_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${filter}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/fixup-memberof.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-ldif2db.in \
b/ldap/admin/src/scripts/template-ldif2db.in index ceb0157..f3fa58e 100755
--- a/ldap/admin/src/scripts/template-ldif2db.in
+++ b/ldap/admin/src/scripts/template-ldif2db.in
@@ -1,58 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-usage()
-{
- echo "Usage: ldif2db -n backend_instance | {-s includesuffix}* [{-x \
excludesuffix}*]"
- echo " {-i ldiffile}* [-O] [-q]"
- echo "Note: either \"-n backend_instance\" or \"-s includesuffix\" and \"-i \
ldiffile\" are required."
-}
-
-handleopts()
-{
- while [ "$1" != "" ]
- do
- if [ "$1" = "-q" ]; then
- return 1
- elif [ "$1" = "-h" ]; then
- usage
- exit 1
- fi
- shift
- done
- return 0
-}
-
cd {{SERVERBIN-DIR}}
-if [ $# -lt 4 ]
-then
- usage
- exit 1
-fi
-
-handleopts $@
-quiet=$?
-
-if [ $quiet -eq 0 ]; then
- echo importing data ...
-fi
-./ns-slapd ldif2db -D {{CONFIG-DIR}} "$@" 2>&1
+./ldif2db "$@" -Z {{SERV-ID}}
exit $?
diff --git a/ldap/admin/src/scripts/template-ldif2db.pl.in \
b/ldap/admin/src/scripts/template-ldif2db.pl.in index 089c95d..e69dd7c 100644
--- a/ldap/admin/src/scripts/template-ldif2db.pl.in
+++ b/ldap/admin/src/scripts/template-ldif2db.pl.in
@@ -34,208 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
- print(STDERR " -n instance | {-s include}* [{-x exclude}*] [-O] [-c]\n");
- print(STDERR " [-g [string]] [-G namespace_id] {-i filename}*\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's password\n");
- print(STDERR " : -j filename - Read Directory Manager's password from \
file\n");
- print(STDERR " : -n instance - instance to be imported to\n");
- print(STDERR " : -i filename - input ldif file(s)\n");
- print(STDERR " : -s include - included suffix\n");
- print(STDERR " : -x exclude - excluded suffix(es)\n");
- print(STDERR " : -O - only create core db, no attr indexes\n");
- print(STDERR " : -c size - merge chunk size\n");
- print(STDERR " : -g [string] - string is \"none\" or \"deterministic\"\n");
- print(STDERR " : none - unique id is not generated\n");
- print(STDERR " : deterministic - generate name based unique id (-G name)\n");
- print(STDERR " : by default - generate time based unique id\n");
- print(STDERR " : -G name - namespace id for name based uniqueid (-g \
deterministic)\n");
- print(STDERR " : -E - Encrypt data when importing\n");
- print(STDERR " : -v - verbose\n");
-}
-
-@ldiffiles = (
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- ""
-);
-@included = (
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- ""
-);
-@excluded = (
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- "", "", "", "", "", "", "", "", "", "",
- ""
-);
-$maxidx = 50;
-$instance = "";
-$noattrindexes = 0;
-$mergechunksiz = 0;
-$genuniqid = "time";
-$uniqidname = "";
-$taskname = "";
-$prefix = "{{DS-ROOT}}";
-$verbose = 0;
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$i = 0;
-$ldifi = 0;
-$incli = 0;
-$excli = 0;
-$encrypt_on_import = 0;
+# We lose args that are quoted when passing ARGV to a wrapper
while ($i <= $#ARGV) {
- if ( "$ARGV[$i]" eq "-i" ) { # ldiffiles
- $i++;
- if ($ldifi < $maxidx) {
- $ldiffiles[$ldifi] = $ARGV[$i]; $ldifi++;
- } else {
- &usage; exit(1);
- }
- } elsif ("$ARGV[$i]" eq "-s") { # included suffix
- $i++;
- if ($incli < $maxidx) {
- $included[$incli] = $ARGV[$i]; $incli++;
- } else {
- &usage; exit(1);
- }
- } elsif ("$ARGV[$i]" eq "-x") { # excluded suffix
- $i++;
- if ($excli < $maxidx) {
- $excluded[$excli] = $ARGV[$i]; $excli++;
- } else {
- &usage; exit(1);
- }
- } elsif ("$ARGV[$i]" eq "-n") { # instance
- $i++; $instance = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-D") { # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-w") { # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-j") { # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-O") { # no attr indexes
- $noattrindexes = 1;
- } elsif ("$ARGV[$i]" eq "-c") { # merge chunk size
- $i++; $mergechunksiz = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-g") { # generate uniqueid
- if (("$ARGV[$i+1]" ne "") && !("$ARGV[$i+1]" =~ /^-/)) {
- $i++;
- if ("$ARGV[$i]" eq "none") {
- $genuniqid = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "deterministic") {
- $genuniqid = $ARGV[$i];
- }
- }
- } elsif ("$ARGV[$i]" eq "-G") { # namespace id
- $i++; $uniqidname = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-v") { # verbose
- $verbose = 1;
- } elsif ("$ARGV[$i]" eq "-E") { # encrypt on import
- $encrypt_on_import = 1;
- } else {
- &usage; exit(1);
- }
- $i++;
-}
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-if (($instance eq "" && $included[0] eq "") || $ldiffiles[0] eq "" || $rootdn eq "" \
|| $passwd eq "") { &usage; exit(1); }
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "import_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-$dn = "dn: cn=$taskname, cn=import, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-if ($instance ne "") {
- $nsinstance = "nsInstance: ${instance}\n";
-}
-$i = 0;
-$nsldiffiles = "";
-while ("" ne "$ldiffiles[$i]") {
- $nsldiffiles = "${nsldiffiles}nsFilename: $ldiffiles[$i]\n";
- $i++;
-}
-$i = 0;
-$nsincluded = "";
-while ("" ne "$included[$i]") {
- $nsincluded = "${nsincluded}nsIncludeSuffix: $included[$i]\n";
- $i++;
-}
-$i = 0;
-$nsexcluded = "";
-while ("" ne "$excluded[$i]") {
- $nsexcluded = "${nsexcluded}nsExcludeSuffix: $excluded[$i]\n";
- $i++;
-}
-$nsnoattrindexes = "";
-if ($noattrindexes != 0) { $nsnoattrindexes = "nsImportIndexAttrs: false\n"; }
-$nsimportencrypt = "";
-if ($encrypt_on_import != 0) { $nsimportencrypt = "nsImportEncrypt: true\n"; }
-$nsmergechunksiz = "nsImportChunkSize: ${mergechunksiz}\n";
-$nsgenuniqid = "nsUniqueIdGenerator: ${genuniqid}\n";
-$nsuniqidname = "";
-if ($uniqidname ne "") { $nsuniqidname = "nsUniqueIdGeneratorNamespace: \
${uniqidname}\n"; }
-$entry = "${dn}${misc}${cn}${nsinstance}${nsincluded}${nsexcluded}${nsldiffiles}${nsnoattrindexes}${nsimportencrypt}${nsmergechunksiz}${nsgenuniqid}${nsuniqidname}";
-$vstr = "";
-if ($verbose != 0) { $vstr = "-v"; }
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/ldif2db.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-ldif2ldap.in \
b/ldap/admin/src/scripts/template-ldif2ldap.in index ab32f48..806ddcc 100755
--- a/ldap/admin/src/scripts/template-ldif2ldap.in
+++ b/ldap/admin/src/scripts/template-ldif2ldap.in
@@ -1,25 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix@ldapsdk_libdir@"
-libpath_add "@ldapsdk_libdir@"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-PATH=$prefix@ldaptool_bindir@:@ldaptool_bindir@
-
-ldapmodify @ldaptool_opts@ -a -p {{SERVER-PORT}} -D "$1" -w "$2" -f $3
+cd {{SERVERBIN-DIR}}
+./ldif2ldap "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-monitor.in \
b/ldap/admin/src/scripts/template-monitor.in index 49ac960..2f93337 100755
--- a/ldap/admin/src/scripts/template-monitor.in
+++ b/ldap/admin/src/scripts/template-monitor.in
@@ -1,24 +1,5 @@
#!/bin/sh
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix@ldapsdk_libdir@"
-libpath_add "@ldapsdk_libdir@"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
-PATH=$prefix@ldaptool_bindir@:@ldaptool_bindir@
-
-if [ "x$1" != "x" ];
-then MDN="$1";
-else MDN="cn=monitor";
- fi
-ldapsearch @ldaptool_opts@ -p {{SERVER-PORT}} -b "$MDN" -s base "objectClass=*"
+cd {{SERVERBIN-DIR}}
+./monitor "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-ns-accountstatus.pl.in \
b/ldap/admin/src/scripts/template-ns-accountstatus.pl.in index 8e2e590..00d1b30 \
100644
--- a/ldap/admin/src/scripts/template-ns-accountstatus.pl.in
+++ b/ldap/admin/src/scripts/template-ns-accountstatus.pl.in
@@ -34,828 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-###############################
-# SUB-ROUTINES
-###############################
-
-sub usage_and_exit
-{
- print (STDERR "$cmd [-D rootdn] { -w password | -w - | -j filename } \n");
- print (STDERR " [-p port] [-h host] -I DN-to-$operation\n\n");
- print (STDERR "May be used to $operation a user or a domain of users\n\n");
- print (STDERR "Arguments:\n");
- print (STDERR " -? - help\n");
- print (STDERR " -D rootdn - Provide a Directory Manager DN. \
Default= '$defrootdn'\n");
- print (STDERR " -w password - Provide a password for the \
Directory Manager DN\n");
- print (STDERR " -w - - Prompt for the Directory Manager's \
password\n");
- print (STDERR " -j filename - Read the Directory Manager's \
password from file\n");
- print (STDERR " -p port - Provide a port. Default= \
'$defport'\n");
- print (STDERR " -h host - Provide a host name. Default= \
'$defhost'\n");
- print (STDERR " -I DN-to-$operation - Single entry DN or role DN to \
$operation\n");
- exit 100;
-}
-
-sub debug
-{
-# print " ==> @_";
-}
-
-sub out
-{
- print "@_";
-}
-
-# --------------------------
-# Check if the entry is part of a locked role:
-# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
-# * it is the same as the entry
-# * the entry is member of role (==has nsroledn attributes), compare each of
-# them with the nsroledn of nsdisabledrole
-# * if nsroledn of nsdisabledrole are complex, go through each of them
-# argv[0] is the local file handler
-# argv[1] is the entry (may be a single entry DN or a role DN)
-# argv[2] is the base for the search
-# --------------------------
-
-$throughRole="";
-
-sub indirectLock
-{
- # For recursivity, file handler must be local
- my $L_filehandle=$_[0];
- $L_filehandle++;
-
- my $L_entry=$_[1];
- # Remove useless space
- my @L_intern=split /([,])/,$L_entry;
- my $L_result="";
- foreach $L_part (@L_intern)
- {
- $L_part=~s/^ +//;
- $L_part=~ tr/A-Z/a-z/;
- $L_result="$L_result$L_part";
- }
- $L_entry=$L_result;
-
- my $L_base=$_[2];
-
- my $L_search;
- my $L_currentrole;
- my $L_retCode;
-
- my $L_local;
-
-`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \
\"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> \
{{DEV-NULL}} 2>&1 `;
-$retCode=$?;
-if ( $retCode != 0 )
-{
- $retCode=$?>>8;
- return 1;
-}
-
- # Check if the role is a nested role
- @L_Nested="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_base\" \
\"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\" \
";
- # L_isNested == 1 means that we are going through a nested role, so for each member \
of that
- # nested role, check that the member is below the scope of the nested
- $L_isNested=@L_Nested;
-
- # Not Direct Lock, Go through roles if any
- $L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn \
";
-
- debug("\t-->indirectLock: check if $L_entry is part of a locked role from base \
$L_base\n\n");
-
- unless (open ($L_filehandle, "$L_search |"))
- {
- out("Can't open file $L_filehandle\n");
- exit;
- }
- while (<$L_filehandle>) {
-
- s/\n //g;
- if (/^nsroledn: (.*)\n/) {
- $L_currentrole = $1;
-
- # Remove useless space
- my @L_intern=split /([,])/,$L_currentrole;
- my $L_result="";
- foreach $L_part (@L_intern)
- {
- $L_part=~s/^ +//;
- $L_part=~ tr/A-Z/a-z/;
- $L_result="$L_result$L_part";
- }
- $L_currentrole=$L_result;
-
- debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base \
$L_base\n");
- if ( $L_isNested == 1 )
- {
- if ( checkScope($L_currentrole, $L_base) == 0 )
- {
- # Scope problem probably a bad conf, skip the currentrole
- next;
- }
- }
-
- if ( $L_currentrole eq $L_entry )
- {
- # the entry is a role that is directly locked
- # i.e, nsroledn of nsdisabledrole contains the entry
- $throughRole=$L_base;
- $throughRole=~ tr/A-Z/a-z/;
-
- # skipDisabled means that we've just found that the entry (which is a role)
- # is locked directly (==its DN is part of nsroledn attributes)
- # we just want to know now, if it is locked through another role
- # at least, one
- if ( $skipDisabled == 1 )
- {
- # direct inactivation
- $directLocked=1;
- # just go through that test once
- $skipDisabled=0;
- next;
- }
- debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n");
- return 0;
- }
-
- $L_retCode=memberOf($L_currentrole, $L_entry);
- if ( $L_retCode == 0 && $single == 1 )
- {
- $throughRole=$L_currentrole;
- $throughRole=~ tr/A-Z/a-z/;
- if ( $skipManaged == 1 )
- {
- if ( $L_currentrole eq $nsManagedDisabledRole)
- {
- # Try next nsroledn
- $directLocked=1;
- $skipManaged=0;
- next;
- }
- }
- debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n");
- return 0;
- }
-
- # Only for the first iteration
- # the first iteration is with nsdisabledrole as base, other
- # loops are deeper
- $L_local=$skipDisabled;
- $skipDisabled=0;
-
- # the current nsroledn may be a complex role, just go through
- # its won nsroledn
- $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
-
- # Because of recursivity, to keep the initial value for the first level
- $skipDisabled=$L_local;
-
- if ( $L_retCode == 0 )
- {
- $throughRole=$L_currentrole;
- $throughRole=~ tr/A-Z/a-z/;
- debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
- return 0;
- }
- }
- }
-
- close($L_filehandle);
-
- debug("\t<--indirectLock: no more nsroledn to process\n");
- return 1;
-}
-
-# --------------------------
-# Check if nsroledn is part of the entry attributes
-# argv[0] is a role DN (nsroledn attribute)
-# argv[1] is the entry
-# --------------------------
-sub memberOf
-{
- my $L_nsroledn=$_[0];
- $L_nsroledn=~ tr/A-Z/a-z/;
-
- my $L_entry=$_[1];
-
- my $L_search;
- my $L_currentrole;
-
- $L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" \
nsrole";
-
- debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn \
attribute\n");
-
- open (LDAP2, "$L_search |");
- while (<LDAP2>) {
- s/\n //g;
- if (/^nsrole: (.*)\n/) {
- $L_currentrole = $1;
- $L_currentrole=~ tr/A-Z/a-z/;
- if ( $L_currentrole eq $L_nsroledn )
- {
- # the parm is part of the $L_entry nsroledn
- debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
- return 0;
- }
- }
- }
- close(LDAP2);
-
- # the parm is not part of the $L_entry nsroledn
- debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
- return 1;
-}
-
-
-# --------------------------
-# Remove the rdn of a DN
-# argv[0] is a DN
-# --------------------------
-sub removeRdn
-{
- $L_entry=$_[0];
-
- @L_entryToTest=split /([,])/,$L_entry;
- debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
-
- $newDN="";
- $removeRDN=1;
- foreach $part (@L_entryToTest)
- {
- $part=~ s/^ +//;
- $part=~ tr/A-Z/a-z/;
- if ( $removeRDN <= 2 )
- {
- $removeRDN=$removeRDN+1;
- }
- else
- {
- $newDN="$newDN$part";
- }
- }
-
- debug("removeRdn: new DN **$newDN**\n");
-}
-
-# --------------------------
-# Check if L_current is below the scope of
-# L_nestedRole
-# argv[0] is a role
-# argv[1] is the nested role
-# --------------------------
-sub checkScope
-{
- $L_current=$_[0];
- $L_nestedRole=$_[1];
-
- debug("checkScope: check if $L_current is below $L_nestedRole\n");
-
- removeRdn($L_nestedRole);
- $L_nestedRoleSuffix=$newDN;
- debug("checkScope: nested role based: $L_nestedRoleSuffix\n");
-
- $cont=1;
- while ( ($cont == 1) && ($L_current ne "") )
- {
- removeRdn($L_current);
- $currentDn=$newDN;
- debug("checkScope: current DN to check: $currentDn\n");
-
- if ( $currentDn eq $L_nestedRoleSuffix )
- {
- debug("checkScope: DN match!!!\n");
- $cont = 0;
- }
- else
- {
- $L_current=$currentDn;
- }
- }
-
- if ( $cont == 1 )
- {
- debug("checkScope: $_[0] and $_[1] are not compatible\n");
- return 0;
- }
- else
- {
- debug("checkScope: $_[0] and $_[1] are compatible\n");
- return 1;
- }
-}
-
-
-###############################
-# MAIN ROUTINE
-###############################
-
-# Generated variable
-$prefix="{{DS-ROOT}}";
-
-# Determine which command we are running
-if ( $0 =~ /ns-inactivate(.pl)?$/ )
-{
- $cmd="ns-inactivate.pl";
- $operation="inactivate";
- $state="inactivated";
- $modrole="add";
- $already="already";
-}
-elsif ( $0 =~ /ns-activate(.pl)?$/ )
-{
- $cmd="ns-activate.pl";
- $operation="activate";
- $state="activated";
- $modrole="delete";
- $already="already";
-}
-elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
-{
- $cmd="ns-accountstatus.pl";
- $operation="get status of";
- $state="activated";
- # no need for $modrole as no operation is performed
- $already="";
-
-}
-else
-{
- out("$0: unknown command\n");
- exit 100;
-}
-
-debug("Running ** $cmd ** $operation\n");
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
-
-# Default values
-$defrootdn= "{{ROOT-DN}}";
-$defhost= "{{SERVER-NAME}}";
-$defport= "{{SERVER-PORT}}";
-
-# User values
-$rootdn= "{{ROOT-DN}}";
-$rootpw= "";
-$pwfile= "";
-$host= "{{SERVER-NAME}}";
-$port= "{{SERVER-PORT}}";
-$entry= "";
-
-$single=0;
-$role=0;
-
-# Process the command line arguments
-while( $arg = shift)
-{
- if($arg eq "-?")
- {
- usage_and_exit();
- }
- elsif($arg eq "-D")
- {
- $rootdn= shift @ARGV;
- }
- elsif($arg eq "-w")
- {
- $rootpw= shift @ARGV;
- }
- elsif($arg eq "-j")
- {
- $pwfile= shift @ARGV;
- }
- elsif($arg eq "-p")
- {
- $port= shift @ARGV;
- }
- elsif($arg eq "-h")
- {
- $host= shift @ARGV;
- }
- elsif($arg eq "-I")
- {
- $entry= shift @ARGV;
- }
- else
- {
- print "$arg: Unknown command line argument.\n";
- usage_and_exit();
- }
-}
-
-if ($pwfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $pwfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $rootpw = <RPASS>;
- chomp($rootpw);
- close(RPASS);
-} elsif ($rootpw eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $rootpw = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($rootpw); # trim trailing newline
-}
-
-if( $rootpw eq "" )
-{
- usage_and_exit();
-}
-
-if( $entry eq "" )
-{
- usage_and_exit();
-}
-
-#
-# Check the actual existence of the entry to inactivate/activate
-# and at the same time, validate the various parm: port, host, rootdn, rootpw
-#
-@exist=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$entry\" \"(objectclass=*)\" dn`;
-$retCode1=$?;
-if ( $retCode1 != 0 )
-{
- $retCode1=$?>>8;
- exit $retCode1;
-}
-
-@isRole=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$entry\" \
\"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
-$nbLineRole=@isRole;
-$retCode2=$?;
-if ( $retCode2 != 0 )
-{
- $retCode2=$?>>8;
- exit $retCode2;
-}
-
-if ( $nbLineRole > 0 )
-{
- debug("Groups of users\n");
- $role=1;
-}
-else
-{
- debug("Single user\n");
- $single=1;
-}
-
-#
-# First of all, check the existence of the nsaccountlock attribute in the entry
-#
-$isLocked=0;
-if ( $single == 1 )
-{
- $searchAccountLock="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s \
base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
- open (LDAP1, "$searchAccountLock |");
- while (<LDAP1>) {
- s/\n //g;
- if (/^nsaccountlock: (.*)\n/) {
- $L_currentvalue = $1;
- $L_currentvalue=~ tr/A-Z/a-z/;
- if ( $L_currentvalue eq "true")
- {
- $isLocked=1;
- }
- elsif ( $L_currentvalue eq "false" )
- {
- $isLocked=0;
- }
- }
- }
- close(LDAP1);
-}
-debug("Is the entry already locked? ==> $isLocked\n");
-
-#
-# Get the suffix name of that entry
-#
-
-# Remove the space at the beginning (just in case...)
-# -I "uid=jvedder , ou=People , o=sun.com"
-@suffix=split /([,])/,$entry;
-$result="";
-foreach $part (@suffix)
-{
- $part=~s/^ +//;
- $part=~ tr/A-Z/a-z/;
- $result="$result$part";
-}
-@suffixN=$result;
-
-debug("Entry to $operation: #@suffix#\n");
-debug("Entry to $operation: #@suffixN#\n");
-
-# Get the suffix
-$cont=0;
-while ($cont == 0)
-{
- # Look if suffix is the suffix of the entry
- # ldapsearch -s one -b "cn=mapping tree,cn=config" \
"cn=\"uid=jvedder,ou=People,o=sun.com\""
- #
- debug("\tSuffix from the entry: #@suffixN#\n");
- @mapping=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s one -b \
\"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
-
- $retCode=$?;
- if ( $retCode != 0 )
- {
- $retCode=$?>>8;
- exit $retCode;
- }
-
- # If we get a result, remove the dn:
- # dn: cn="o=sun.com",cn=mapping tree,cn=config
- # cn: "o=sun.com"
- #
- shift @mapping;
-
- foreach $res (@mapping)
- {
- # Break the string cn: "o=sun.com" into pieces
- @cn= split(/ /,$res);
-
- # And remove the cn: part
- shift @cn;
-
- # Now compare the suffix we extract from the mapping tree
- # with the suffix derived from the entry
- debug("\tSuffix from mapping tree: #@cn#\n");
- if ( @cn eq @suffixN ) {
- debug("Found matching suffix\n");
- $cont=1;
- }
- }
-
- if ( $cont == 0 )
- {
- # Remove the current rdn to try another suffix
- shift @suffix;
-
- $result="";
- foreach $part (@suffix)
- {
- $part=~ s/^ +//;
- $part=~ tr/A-Z/a-z/;
- $result="$result$part";
- }
- @suffixN=$result;
-
- debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
- $len=@suffix;
- if ( $len == 0 )
- {
- debug("Can not find suffix. Problem\n");
- $cont=2;
- }
- }
-}
-if ( $cont == 2)
-{
- out("Can not find suffix for entry $entry\n");
- exit 100;
-}
-
-if ( $operation eq "inactivate" )
-{
- #
- # Now that we have the suffix and we know if we deal with a single entry or
- # a role, just try to create the COS and roles associated.
- #
- @base=(
- "cn=nsManagedDisabledRole,@suffixN",
- "cn=nsDisabledRole,@suffixN",
- "cn=nsAccountInactivationTmp,@suffixN",
- "\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
- "cn=nsAccountInactivation_cos,@suffixN" );
-
- $addrolescos="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c -a >> \
{{DEV-NULL}} 2>&1 ";
- @role1=(
- "dn: cn=nsManagedDisabledRole,@suffixN\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: nsRoleDefinition\n",
- "objectclass: nsSimpleRoleDefinition\n",
- "objectclass: nsManagedRoleDefinition\n",
- "cn: nsManagedDisabledRole\n\n" );
- @role2=(
- "dn: cn=nsDisabledRole,@suffixN\n",
- "objectclass: top\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: nsRoleDefinition\n",
- "objectclass: nsComplexRoleDefinition\n",
- "objectclass: nsNestedRoleDefinition\n",
- "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
- "cn: nsDisabledRole\n\n" );
- @cos1=(
- "dn: cn=nsAccountInactivationTmp,@suffixN\n",
- "objectclass: top\n",
- "objectclass: nsContainer\n\n" );
- @cos2=(
- "dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
- "objectclass: top\n",
- "objectclass: extensibleObject\n",
- "objectclass: costemplate\n",
- "objectclass: ldapsubentry\n",
- "cosPriority: 1\n",
- "nsAccountLock: true\n\n" );
- @cos3=(
- "dn: cn=nsAccountInactivation_cos,@suffixN\n",
- "objectclass: top\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: cosSuperDefinition\n",
- "objectclass: cosClassicDefinition\n",
- "cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
- "cosSpecifier: nsRole\n",
- "cosAttribute: nsAccountLock operational\n\n" );
-
- @all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
-
- $i=0;
-
- foreach $current (@base)
- {
- debug("Creating $current ??\n");
- open(FD,"| $addrolescos ");
- print FD @{$all[$i]};
- close(FD);
- if ( $? != 0 )
- {
- $retCode=$?>>8;
- if ( $retCode == 68 )
- {
- debug("Entry $current already exists, ignore error\n");
- }
- else
- {
- # Probably a more serious problem.
- # Exit with LDAP error
- exit $retCode;
- }
- }
- else
- {
- debug("Entry $current created\n");
- }
- $i=$i+1;
- }
-}
-
-$skipManaged=0;
-$skipDisabled=0;
-$directLocked=0;
-
-$nsDisabledRole="cn=nsDisabledRole,@suffixN";
-$nsDisabledRole=~ tr/A-Z/a-z/;
-
-$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
-$nsManagedDisabledRole=~ tr/A-Z/a-z/;
-
-if ( $operation eq "inactivate" )
-{
- # Go through all the roles part of nsdisabledrole to check if the entry
- # is a member of one of those roles
- $ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
- if ( $ret == 0 )
- {
- if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
- {
- # indirect lock
- out("$entry already $state through $throughRole.\n");
- }
- else
- {
- # direct lock
- out("$entry already $state.\n");
- }
- exit 100;
- }
- elsif ( $isLocked == 1 )
- {
- # the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
- out("$entry already $state (probably directly).\n");
- exit 103;
- }
-}
-elsif ( $operation eq "activate" || $operation eq "get status of" )
-{
- $skipManaged=$single;
- $skipDisabled=$role;
-
- $ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
-
- if ( $ret == 0 )
- {
- # undirectly locked
- if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
- {
- if ( $operation eq "activate" )
- {
- out("$entry inactivated through $throughRole. Can not activate it \
individually.\n");
- exit 100;
- }
- else
- {
- out("$entry inactivated through $throughRole.\n");
- exit 104;
- }
- }
- debug("$entry locked individually\n");
-
- if ( $operation ne "activate" )
- {
- out("$entry inactivated.\n");
- exit 103;
- }
- }
- elsif ( $directLocked == 0 )
- {
- if ( $operation eq "activate" && $isLocked != 1 )
- {
- out("$entry $already $state.\n");
- exit 100;
- }
- elsif ( $isLocked != 1 )
- {
- out("$entry $already $state.\n");
- exit 102;
- }
- else
- {
- # not locked using our schema, but nsaccountlock is probably present
- out("$entry inactivated (probably directly).\n");
- exit 103;
- }
- }
- elsif ( $operation ne "activate" )
- {
- out("$entry inactivated.\n");
- exit 103;
- }
- # else Locked directly, juste unlock it!
- debug("$entry locked individually\n");
-}
-
-#
-# Inactivate/activate the entry
-#
-$action="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c >> \
{{DEV-NULL}} 2>&1";
-if ( $single == 1 )
-{
- @record=(
- "dn: $entry\n",
- "changetype: modify\n",
- "$modrole: nsRoleDN\n",
- "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
-}
-else
-{
- @record=(
- "dn: cn=nsDisabledRole,@suffixN\n",
- "changetype: modify\n",
- "$modrole: nsRoleDN\n",
- "nsRoleDN: $entry\n\n" );
-}
-open(FD,"| $action ");
-print FD @record;
-close(FD);
-if ( $? != 0 )
-{
-debug("$modrole, $entry\n");
- $retCode=$?>>8;
- exit $retCode;
-}
-
-out("$entry $state.\n");
-exit 0;
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/ns-accountstatus.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-ns-activate.pl.in \
b/ldap/admin/src/scripts/template-ns-activate.pl.in index 8e2e590..6ede47b 100644
--- a/ldap/admin/src/scripts/template-ns-activate.pl.in
+++ b/ldap/admin/src/scripts/template-ns-activate.pl.in
@@ -34,828 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-###############################
-# SUB-ROUTINES
-###############################
-
-sub usage_and_exit
-{
- print (STDERR "$cmd [-D rootdn] { -w password | -w - | -j filename } \n");
- print (STDERR " [-p port] [-h host] -I DN-to-$operation\n\n");
- print (STDERR "May be used to $operation a user or a domain of users\n\n");
- print (STDERR "Arguments:\n");
- print (STDERR " -? - help\n");
- print (STDERR " -D rootdn - Provide a Directory Manager DN. \
Default= '$defrootdn'\n");
- print (STDERR " -w password - Provide a password for the \
Directory Manager DN\n");
- print (STDERR " -w - - Prompt for the Directory Manager's \
password\n");
- print (STDERR " -j filename - Read the Directory Manager's \
password from file\n");
- print (STDERR " -p port - Provide a port. Default= \
'$defport'\n");
- print (STDERR " -h host - Provide a host name. Default= \
'$defhost'\n");
- print (STDERR " -I DN-to-$operation - Single entry DN or role DN to \
$operation\n");
- exit 100;
-}
-
-sub debug
-{
-# print " ==> @_";
-}
-
-sub out
-{
- print "@_";
-}
-
-# --------------------------
-# Check if the entry is part of a locked role:
-# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
-# * it is the same as the entry
-# * the entry is member of role (==has nsroledn attributes), compare each of
-# them with the nsroledn of nsdisabledrole
-# * if nsroledn of nsdisabledrole are complex, go through each of them
-# argv[0] is the local file handler
-# argv[1] is the entry (may be a single entry DN or a role DN)
-# argv[2] is the base for the search
-# --------------------------
-
-$throughRole="";
-
-sub indirectLock
-{
- # For recursivity, file handler must be local
- my $L_filehandle=$_[0];
- $L_filehandle++;
-
- my $L_entry=$_[1];
- # Remove useless space
- my @L_intern=split /([,])/,$L_entry;
- my $L_result="";
- foreach $L_part (@L_intern)
- {
- $L_part=~s/^ +//;
- $L_part=~ tr/A-Z/a-z/;
- $L_result="$L_result$L_part";
- }
- $L_entry=$L_result;
-
- my $L_base=$_[2];
-
- my $L_search;
- my $L_currentrole;
- my $L_retCode;
-
- my $L_local;
-
-`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \
\"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> \
{{DEV-NULL}} 2>&1 `;
-$retCode=$?;
-if ( $retCode != 0 )
-{
- $retCode=$?>>8;
- return 1;
-}
-
- # Check if the role is a nested role
- @L_Nested="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_base\" \
\"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\" \
";
- # L_isNested == 1 means that we are going through a nested role, so for each member \
of that
- # nested role, check that the member is below the scope of the nested
- $L_isNested=@L_Nested;
-
- # Not Direct Lock, Go through roles if any
- $L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn \
";
-
- debug("\t-->indirectLock: check if $L_entry is part of a locked role from base \
$L_base\n\n");
-
- unless (open ($L_filehandle, "$L_search |"))
- {
- out("Can't open file $L_filehandle\n");
- exit;
- }
- while (<$L_filehandle>) {
-
- s/\n //g;
- if (/^nsroledn: (.*)\n/) {
- $L_currentrole = $1;
-
- # Remove useless space
- my @L_intern=split /([,])/,$L_currentrole;
- my $L_result="";
- foreach $L_part (@L_intern)
- {
- $L_part=~s/^ +//;
- $L_part=~ tr/A-Z/a-z/;
- $L_result="$L_result$L_part";
- }
- $L_currentrole=$L_result;
-
- debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base \
$L_base\n");
- if ( $L_isNested == 1 )
- {
- if ( checkScope($L_currentrole, $L_base) == 0 )
- {
- # Scope problem probably a bad conf, skip the currentrole
- next;
- }
- }
-
- if ( $L_currentrole eq $L_entry )
- {
- # the entry is a role that is directly locked
- # i.e, nsroledn of nsdisabledrole contains the entry
- $throughRole=$L_base;
- $throughRole=~ tr/A-Z/a-z/;
-
- # skipDisabled means that we've just found that the entry (which is a role)
- # is locked directly (==its DN is part of nsroledn attributes)
- # we just want to know now, if it is locked through another role
- # at least, one
- if ( $skipDisabled == 1 )
- {
- # direct inactivation
- $directLocked=1;
- # just go through that test once
- $skipDisabled=0;
- next;
- }
- debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n");
- return 0;
- }
-
- $L_retCode=memberOf($L_currentrole, $L_entry);
- if ( $L_retCode == 0 && $single == 1 )
- {
- $throughRole=$L_currentrole;
- $throughRole=~ tr/A-Z/a-z/;
- if ( $skipManaged == 1 )
- {
- if ( $L_currentrole eq $nsManagedDisabledRole)
- {
- # Try next nsroledn
- $directLocked=1;
- $skipManaged=0;
- next;
- }
- }
- debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n");
- return 0;
- }
-
- # Only for the first iteration
- # the first iteration is with nsdisabledrole as base, other
- # loops are deeper
- $L_local=$skipDisabled;
- $skipDisabled=0;
-
- # the current nsroledn may be a complex role, just go through
- # its won nsroledn
- $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
-
- # Because of recursivity, to keep the initial value for the first level
- $skipDisabled=$L_local;
-
- if ( $L_retCode == 0 )
- {
- $throughRole=$L_currentrole;
- $throughRole=~ tr/A-Z/a-z/;
- debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
- return 0;
- }
- }
- }
-
- close($L_filehandle);
-
- debug("\t<--indirectLock: no more nsroledn to process\n");
- return 1;
-}
-
-# --------------------------
-# Check if nsroledn is part of the entry attributes
-# argv[0] is a role DN (nsroledn attribute)
-# argv[1] is the entry
-# --------------------------
-sub memberOf
-{
- my $L_nsroledn=$_[0];
- $L_nsroledn=~ tr/A-Z/a-z/;
-
- my $L_entry=$_[1];
-
- my $L_search;
- my $L_currentrole;
-
- $L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" \
nsrole";
-
- debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn \
attribute\n");
-
- open (LDAP2, "$L_search |");
- while (<LDAP2>) {
- s/\n //g;
- if (/^nsrole: (.*)\n/) {
- $L_currentrole = $1;
- $L_currentrole=~ tr/A-Z/a-z/;
- if ( $L_currentrole eq $L_nsroledn )
- {
- # the parm is part of the $L_entry nsroledn
- debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
- return 0;
- }
- }
- }
- close(LDAP2);
-
- # the parm is not part of the $L_entry nsroledn
- debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
- return 1;
-}
-
-
-# --------------------------
-# Remove the rdn of a DN
-# argv[0] is a DN
-# --------------------------
-sub removeRdn
-{
- $L_entry=$_[0];
-
- @L_entryToTest=split /([,])/,$L_entry;
- debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
-
- $newDN="";
- $removeRDN=1;
- foreach $part (@L_entryToTest)
- {
- $part=~ s/^ +//;
- $part=~ tr/A-Z/a-z/;
- if ( $removeRDN <= 2 )
- {
- $removeRDN=$removeRDN+1;
- }
- else
- {
- $newDN="$newDN$part";
- }
- }
-
- debug("removeRdn: new DN **$newDN**\n");
-}
-
-# --------------------------
-# Check if L_current is below the scope of
-# L_nestedRole
-# argv[0] is a role
-# argv[1] is the nested role
-# --------------------------
-sub checkScope
-{
- $L_current=$_[0];
- $L_nestedRole=$_[1];
-
- debug("checkScope: check if $L_current is below $L_nestedRole\n");
-
- removeRdn($L_nestedRole);
- $L_nestedRoleSuffix=$newDN;
- debug("checkScope: nested role based: $L_nestedRoleSuffix\n");
-
- $cont=1;
- while ( ($cont == 1) && ($L_current ne "") )
- {
- removeRdn($L_current);
- $currentDn=$newDN;
- debug("checkScope: current DN to check: $currentDn\n");
-
- if ( $currentDn eq $L_nestedRoleSuffix )
- {
- debug("checkScope: DN match!!!\n");
- $cont = 0;
- }
- else
- {
- $L_current=$currentDn;
- }
- }
-
- if ( $cont == 1 )
- {
- debug("checkScope: $_[0] and $_[1] are not compatible\n");
- return 0;
- }
- else
- {
- debug("checkScope: $_[0] and $_[1] are compatible\n");
- return 1;
- }
-}
-
-
-###############################
-# MAIN ROUTINE
-###############################
-
-# Generated variable
-$prefix="{{DS-ROOT}}";
-
-# Determine which command we are running
-if ( $0 =~ /ns-inactivate(.pl)?$/ )
-{
- $cmd="ns-inactivate.pl";
- $operation="inactivate";
- $state="inactivated";
- $modrole="add";
- $already="already";
-}
-elsif ( $0 =~ /ns-activate(.pl)?$/ )
-{
- $cmd="ns-activate.pl";
- $operation="activate";
- $state="activated";
- $modrole="delete";
- $already="already";
-}
-elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
-{
- $cmd="ns-accountstatus.pl";
- $operation="get status of";
- $state="activated";
- # no need for $modrole as no operation is performed
- $already="";
-
-}
-else
-{
- out("$0: unknown command\n");
- exit 100;
-}
-
-debug("Running ** $cmd ** $operation\n");
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
-
-# Default values
-$defrootdn= "{{ROOT-DN}}";
-$defhost= "{{SERVER-NAME}}";
-$defport= "{{SERVER-PORT}}";
-
-# User values
-$rootdn= "{{ROOT-DN}}";
-$rootpw= "";
-$pwfile= "";
-$host= "{{SERVER-NAME}}";
-$port= "{{SERVER-PORT}}";
-$entry= "";
-
-$single=0;
-$role=0;
-
-# Process the command line arguments
-while( $arg = shift)
-{
- if($arg eq "-?")
- {
- usage_and_exit();
- }
- elsif($arg eq "-D")
- {
- $rootdn= shift @ARGV;
- }
- elsif($arg eq "-w")
- {
- $rootpw= shift @ARGV;
- }
- elsif($arg eq "-j")
- {
- $pwfile= shift @ARGV;
- }
- elsif($arg eq "-p")
- {
- $port= shift @ARGV;
- }
- elsif($arg eq "-h")
- {
- $host= shift @ARGV;
- }
- elsif($arg eq "-I")
- {
- $entry= shift @ARGV;
- }
- else
- {
- print "$arg: Unknown command line argument.\n";
- usage_and_exit();
- }
-}
-
-if ($pwfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $pwfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $rootpw = <RPASS>;
- chomp($rootpw);
- close(RPASS);
-} elsif ($rootpw eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $rootpw = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($rootpw); # trim trailing newline
-}
-
-if( $rootpw eq "" )
-{
- usage_and_exit();
-}
-
-if( $entry eq "" )
-{
- usage_and_exit();
-}
-
-#
-# Check the actual existence of the entry to inactivate/activate
-# and at the same time, validate the various parm: port, host, rootdn, rootpw
-#
-@exist=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$entry\" \"(objectclass=*)\" dn`;
-$retCode1=$?;
-if ( $retCode1 != 0 )
-{
- $retCode1=$?>>8;
- exit $retCode1;
-}
-
-@isRole=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$entry\" \
\"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
-$nbLineRole=@isRole;
-$retCode2=$?;
-if ( $retCode2 != 0 )
-{
- $retCode2=$?>>8;
- exit $retCode2;
-}
-
-if ( $nbLineRole > 0 )
-{
- debug("Groups of users\n");
- $role=1;
-}
-else
-{
- debug("Single user\n");
- $single=1;
-}
-
-#
-# First of all, check the existence of the nsaccountlock attribute in the entry
-#
-$isLocked=0;
-if ( $single == 1 )
-{
- $searchAccountLock="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s \
base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
- open (LDAP1, "$searchAccountLock |");
- while (<LDAP1>) {
- s/\n //g;
- if (/^nsaccountlock: (.*)\n/) {
- $L_currentvalue = $1;
- $L_currentvalue=~ tr/A-Z/a-z/;
- if ( $L_currentvalue eq "true")
- {
- $isLocked=1;
- }
- elsif ( $L_currentvalue eq "false" )
- {
- $isLocked=0;
- }
- }
- }
- close(LDAP1);
-}
-debug("Is the entry already locked? ==> $isLocked\n");
-
-#
-# Get the suffix name of that entry
-#
-
-# Remove the space at the beginning (just in case...)
-# -I "uid=jvedder , ou=People , o=sun.com"
-@suffix=split /([,])/,$entry;
-$result="";
-foreach $part (@suffix)
-{
- $part=~s/^ +//;
- $part=~ tr/A-Z/a-z/;
- $result="$result$part";
-}
-@suffixN=$result;
-
-debug("Entry to $operation: #@suffix#\n");
-debug("Entry to $operation: #@suffixN#\n");
-
-# Get the suffix
-$cont=0;
-while ($cont == 0)
-{
- # Look if suffix is the suffix of the entry
- # ldapsearch -s one -b "cn=mapping tree,cn=config" \
"cn=\"uid=jvedder,ou=People,o=sun.com\""
- #
- debug("\tSuffix from the entry: #@suffixN#\n");
- @mapping=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s one -b \
\"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
-
- $retCode=$?;
- if ( $retCode != 0 )
- {
- $retCode=$?>>8;
- exit $retCode;
- }
-
- # If we get a result, remove the dn:
- # dn: cn="o=sun.com",cn=mapping tree,cn=config
- # cn: "o=sun.com"
- #
- shift @mapping;
-
- foreach $res (@mapping)
- {
- # Break the string cn: "o=sun.com" into pieces
- @cn= split(/ /,$res);
-
- # And remove the cn: part
- shift @cn;
-
- # Now compare the suffix we extract from the mapping tree
- # with the suffix derived from the entry
- debug("\tSuffix from mapping tree: #@cn#\n");
- if ( @cn eq @suffixN ) {
- debug("Found matching suffix\n");
- $cont=1;
- }
- }
-
- if ( $cont == 0 )
- {
- # Remove the current rdn to try another suffix
- shift @suffix;
-
- $result="";
- foreach $part (@suffix)
- {
- $part=~ s/^ +//;
- $part=~ tr/A-Z/a-z/;
- $result="$result$part";
- }
- @suffixN=$result;
-
- debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
- $len=@suffix;
- if ( $len == 0 )
- {
- debug("Can not find suffix. Problem\n");
- $cont=2;
- }
- }
-}
-if ( $cont == 2)
-{
- out("Can not find suffix for entry $entry\n");
- exit 100;
-}
-
-if ( $operation eq "inactivate" )
-{
- #
- # Now that we have the suffix and we know if we deal with a single entry or
- # a role, just try to create the COS and roles associated.
- #
- @base=(
- "cn=nsManagedDisabledRole,@suffixN",
- "cn=nsDisabledRole,@suffixN",
- "cn=nsAccountInactivationTmp,@suffixN",
- "\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
- "cn=nsAccountInactivation_cos,@suffixN" );
-
- $addrolescos="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c -a >> \
{{DEV-NULL}} 2>&1 ";
- @role1=(
- "dn: cn=nsManagedDisabledRole,@suffixN\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: nsRoleDefinition\n",
- "objectclass: nsSimpleRoleDefinition\n",
- "objectclass: nsManagedRoleDefinition\n",
- "cn: nsManagedDisabledRole\n\n" );
- @role2=(
- "dn: cn=nsDisabledRole,@suffixN\n",
- "objectclass: top\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: nsRoleDefinition\n",
- "objectclass: nsComplexRoleDefinition\n",
- "objectclass: nsNestedRoleDefinition\n",
- "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
- "cn: nsDisabledRole\n\n" );
- @cos1=(
- "dn: cn=nsAccountInactivationTmp,@suffixN\n",
- "objectclass: top\n",
- "objectclass: nsContainer\n\n" );
- @cos2=(
- "dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
- "objectclass: top\n",
- "objectclass: extensibleObject\n",
- "objectclass: costemplate\n",
- "objectclass: ldapsubentry\n",
- "cosPriority: 1\n",
- "nsAccountLock: true\n\n" );
- @cos3=(
- "dn: cn=nsAccountInactivation_cos,@suffixN\n",
- "objectclass: top\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: cosSuperDefinition\n",
- "objectclass: cosClassicDefinition\n",
- "cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
- "cosSpecifier: nsRole\n",
- "cosAttribute: nsAccountLock operational\n\n" );
-
- @all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
-
- $i=0;
-
- foreach $current (@base)
- {
- debug("Creating $current ??\n");
- open(FD,"| $addrolescos ");
- print FD @{$all[$i]};
- close(FD);
- if ( $? != 0 )
- {
- $retCode=$?>>8;
- if ( $retCode == 68 )
- {
- debug("Entry $current already exists, ignore error\n");
- }
- else
- {
- # Probably a more serious problem.
- # Exit with LDAP error
- exit $retCode;
- }
- }
- else
- {
- debug("Entry $current created\n");
- }
- $i=$i+1;
- }
-}
-
-$skipManaged=0;
-$skipDisabled=0;
-$directLocked=0;
-
-$nsDisabledRole="cn=nsDisabledRole,@suffixN";
-$nsDisabledRole=~ tr/A-Z/a-z/;
-
-$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
-$nsManagedDisabledRole=~ tr/A-Z/a-z/;
-
-if ( $operation eq "inactivate" )
-{
- # Go through all the roles part of nsdisabledrole to check if the entry
- # is a member of one of those roles
- $ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
- if ( $ret == 0 )
- {
- if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
- {
- # indirect lock
- out("$entry already $state through $throughRole.\n");
- }
- else
- {
- # direct lock
- out("$entry already $state.\n");
- }
- exit 100;
- }
- elsif ( $isLocked == 1 )
- {
- # the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
- out("$entry already $state (probably directly).\n");
- exit 103;
- }
-}
-elsif ( $operation eq "activate" || $operation eq "get status of" )
-{
- $skipManaged=$single;
- $skipDisabled=$role;
-
- $ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
-
- if ( $ret == 0 )
- {
- # undirectly locked
- if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
- {
- if ( $operation eq "activate" )
- {
- out("$entry inactivated through $throughRole. Can not activate it \
individually.\n");
- exit 100;
- }
- else
- {
- out("$entry inactivated through $throughRole.\n");
- exit 104;
- }
- }
- debug("$entry locked individually\n");
-
- if ( $operation ne "activate" )
- {
- out("$entry inactivated.\n");
- exit 103;
- }
- }
- elsif ( $directLocked == 0 )
- {
- if ( $operation eq "activate" && $isLocked != 1 )
- {
- out("$entry $already $state.\n");
- exit 100;
- }
- elsif ( $isLocked != 1 )
- {
- out("$entry $already $state.\n");
- exit 102;
- }
- else
- {
- # not locked using our schema, but nsaccountlock is probably present
- out("$entry inactivated (probably directly).\n");
- exit 103;
- }
- }
- elsif ( $operation ne "activate" )
- {
- out("$entry inactivated.\n");
- exit 103;
- }
- # else Locked directly, juste unlock it!
- debug("$entry locked individually\n");
-}
-
-#
-# Inactivate/activate the entry
-#
-$action="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c >> \
{{DEV-NULL}} 2>&1";
-if ( $single == 1 )
-{
- @record=(
- "dn: $entry\n",
- "changetype: modify\n",
- "$modrole: nsRoleDN\n",
- "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
-}
-else
-{
- @record=(
- "dn: cn=nsDisabledRole,@suffixN\n",
- "changetype: modify\n",
- "$modrole: nsRoleDN\n",
- "nsRoleDN: $entry\n\n" );
-}
-open(FD,"| $action ");
-print FD @record;
-close(FD);
-if ( $? != 0 )
-{
-debug("$modrole, $entry\n");
- $retCode=$?>>8;
- exit $retCode;
-}
-
-out("$entry $state.\n");
-exit 0;
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/ns-activate.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-ns-inactivate.pl.in \
b/ldap/admin/src/scripts/template-ns-inactivate.pl.in index 8e2e590..1924ad3 100644
--- a/ldap/admin/src/scripts/template-ns-inactivate.pl.in
+++ b/ldap/admin/src/scripts/template-ns-inactivate.pl.in
@@ -34,828 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-###############################
-# SUB-ROUTINES
-###############################
-
-sub usage_and_exit
-{
- print (STDERR "$cmd [-D rootdn] { -w password | -w - | -j filename } \n");
- print (STDERR " [-p port] [-h host] -I DN-to-$operation\n\n");
- print (STDERR "May be used to $operation a user or a domain of users\n\n");
- print (STDERR "Arguments:\n");
- print (STDERR " -? - help\n");
- print (STDERR " -D rootdn - Provide a Directory Manager DN. \
Default= '$defrootdn'\n");
- print (STDERR " -w password - Provide a password for the \
Directory Manager DN\n");
- print (STDERR " -w - - Prompt for the Directory Manager's \
password\n");
- print (STDERR " -j filename - Read the Directory Manager's \
password from file\n");
- print (STDERR " -p port - Provide a port. Default= \
'$defport'\n");
- print (STDERR " -h host - Provide a host name. Default= \
'$defhost'\n");
- print (STDERR " -I DN-to-$operation - Single entry DN or role DN to \
$operation\n");
- exit 100;
-}
-
-sub debug
-{
-# print " ==> @_";
-}
-
-sub out
-{
- print "@_";
-}
-
-# --------------------------
-# Check if the entry is part of a locked role:
-# i.e.: for each role member (nsroledn) of nsdisabledrole, check if
-# * it is the same as the entry
-# * the entry is member of role (==has nsroledn attributes), compare each of
-# them with the nsroledn of nsdisabledrole
-# * if nsroledn of nsdisabledrole are complex, go through each of them
-# argv[0] is the local file handler
-# argv[1] is the entry (may be a single entry DN or a role DN)
-# argv[2] is the base for the search
-# --------------------------
-
-$throughRole="";
-
-sub indirectLock
-{
- # For recursivity, file handler must be local
- my $L_filehandle=$_[0];
- $L_filehandle++;
-
- my $L_entry=$_[1];
- # Remove useless space
- my @L_intern=split /([,])/,$L_entry;
- my $L_result="";
- foreach $L_part (@L_intern)
- {
- $L_part=~s/^ +//;
- $L_part=~ tr/A-Z/a-z/;
- $L_result="$L_result$L_part";
- }
- $L_entry=$L_result;
-
- my $L_base=$_[2];
-
- my $L_search;
- my $L_currentrole;
- my $L_retCode;
-
- my $L_local;
-
-`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \"$L_base\" \
\"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn >> \
{{DEV-NULL}} 2>&1 `;
-$retCode=$?;
-if ( $retCode != 0 )
-{
- $retCode=$?>>8;
- return 1;
-}
-
- # Check if the role is a nested role
- @L_Nested="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_base\" \
\"(|(objectclass=nsNestedRoleDefinition)(objectclass=ldapsubentry))\" \
";
- # L_isNested == 1 means that we are going through a nested role, so for each member \
of that
- # nested role, check that the member is below the scope of the nested
- $L_isNested=@L_Nested;
-
- # Not Direct Lock, Go through roles if any
- $L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_base\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" nsroledn \
";
-
- debug("\t-->indirectLock: check if $L_entry is part of a locked role from base \
$L_base\n\n");
-
- unless (open ($L_filehandle, "$L_search |"))
- {
- out("Can't open file $L_filehandle\n");
- exit;
- }
- while (<$L_filehandle>) {
-
- s/\n //g;
- if (/^nsroledn: (.*)\n/) {
- $L_currentrole = $1;
-
- # Remove useless space
- my @L_intern=split /([,])/,$L_currentrole;
- my $L_result="";
- foreach $L_part (@L_intern)
- {
- $L_part=~s/^ +//;
- $L_part=~ tr/A-Z/a-z/;
- $L_result="$L_result$L_part";
- }
- $L_currentrole=$L_result;
-
- debug("\t-- indirectLock loop: current nsroledn $L_currentrole of base \
$L_base\n");
- if ( $L_isNested == 1 )
- {
- if ( checkScope($L_currentrole, $L_base) == 0 )
- {
- # Scope problem probably a bad conf, skip the currentrole
- next;
- }
- }
-
- if ( $L_currentrole eq $L_entry )
- {
- # the entry is a role that is directly locked
- # i.e, nsroledn of nsdisabledrole contains the entry
- $throughRole=$L_base;
- $throughRole=~ tr/A-Z/a-z/;
-
- # skipDisabled means that we've just found that the entry (which is a role)
- # is locked directly (==its DN is part of nsroledn attributes)
- # we just want to know now, if it is locked through another role
- # at least, one
- if ( $skipDisabled == 1 )
- {
- # direct inactivation
- $directLocked=1;
- # just go through that test once
- $skipDisabled=0;
- next;
- }
- debug("\t-- 1 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n");
- return 0;
- }
-
- $L_retCode=memberOf($L_currentrole, $L_entry);
- if ( $L_retCode == 0 && $single == 1 )
- {
- $throughRole=$L_currentrole;
- $throughRole=~ tr/A-Z/a-z/;
- if ( $skipManaged == 1 )
- {
- if ( $L_currentrole eq $nsManagedDisabledRole)
- {
- # Try next nsroledn
- $directLocked=1;
- $skipManaged=0;
- next;
- }
- }
- debug("\t-- 2 indirectLock: $L_currentrole locked throughRole == \
$throughRole\n");
- return 0;
- }
-
- # Only for the first iteration
- # the first iteration is with nsdisabledrole as base, other
- # loops are deeper
- $L_local=$skipDisabled;
- $skipDisabled=0;
-
- # the current nsroledn may be a complex role, just go through
- # its won nsroledn
- $L_retCode=indirectLock($L_filehandle,$L_entry, $L_currentrole);
-
- # Because of recursivity, to keep the initial value for the first level
- $skipDisabled=$L_local;
-
- if ( $L_retCode == 0 )
- {
- $throughRole=$L_currentrole;
- $throughRole=~ tr/A-Z/a-z/;
- debug("\t-- 3 indirectLock: $L_entry locked throughRole == $throughRole\n");
- return 0;
- }
- }
- }
-
- close($L_filehandle);
-
- debug("\t<--indirectLock: no more nsroledn to process\n");
- return 1;
-}
-
-# --------------------------
-# Check if nsroledn is part of the entry attributes
-# argv[0] is a role DN (nsroledn attribute)
-# argv[1] is the entry
-# --------------------------
-sub memberOf
-{
- my $L_nsroledn=$_[0];
- $L_nsroledn=~ tr/A-Z/a-z/;
-
- my $L_entry=$_[1];
-
- my $L_search;
- my $L_currentrole;
-
- $L_search="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$L_entry\" \"(|(objectclass=*)(objectclass=ldapsubentry))\" \
nsrole";
-
- debug("\t\t-->memberOf: $L_search: check if $L_entry has $L_nsroledn as nsroledn \
attribute\n");
-
- open (LDAP2, "$L_search |");
- while (<LDAP2>) {
- s/\n //g;
- if (/^nsrole: (.*)\n/) {
- $L_currentrole = $1;
- $L_currentrole=~ tr/A-Z/a-z/;
- if ( $L_currentrole eq $L_nsroledn )
- {
- # the parm is part of the $L_entry nsroledn
- debug("\t\t<--memberOf: $L_entry locked through $L_nsroledn\n");
- return 0;
- }
- }
- }
- close(LDAP2);
-
- # the parm is not part of the $L_entry nsroledn
- debug("\t\t<--memberOf: $L_entry not locked through $L_nsroledn\n");
- return 1;
-}
-
-
-# --------------------------
-# Remove the rdn of a DN
-# argv[0] is a DN
-# --------------------------
-sub removeRdn
-{
- $L_entry=$_[0];
-
- @L_entryToTest=split /([,])/,$L_entry;
- debug("removeRdn: entry to split: $L_entry**@L_entryToTest\n");
-
- $newDN="";
- $removeRDN=1;
- foreach $part (@L_entryToTest)
- {
- $part=~ s/^ +//;
- $part=~ tr/A-Z/a-z/;
- if ( $removeRDN <= 2 )
- {
- $removeRDN=$removeRDN+1;
- }
- else
- {
- $newDN="$newDN$part";
- }
- }
-
- debug("removeRdn: new DN **$newDN**\n");
-}
-
-# --------------------------
-# Check if L_current is below the scope of
-# L_nestedRole
-# argv[0] is a role
-# argv[1] is the nested role
-# --------------------------
-sub checkScope
-{
- $L_current=$_[0];
- $L_nestedRole=$_[1];
-
- debug("checkScope: check if $L_current is below $L_nestedRole\n");
-
- removeRdn($L_nestedRole);
- $L_nestedRoleSuffix=$newDN;
- debug("checkScope: nested role based: $L_nestedRoleSuffix\n");
-
- $cont=1;
- while ( ($cont == 1) && ($L_current ne "") )
- {
- removeRdn($L_current);
- $currentDn=$newDN;
- debug("checkScope: current DN to check: $currentDn\n");
-
- if ( $currentDn eq $L_nestedRoleSuffix )
- {
- debug("checkScope: DN match!!!\n");
- $cont = 0;
- }
- else
- {
- $L_current=$currentDn;
- }
- }
-
- if ( $cont == 1 )
- {
- debug("checkScope: $_[0] and $_[1] are not compatible\n");
- return 0;
- }
- else
- {
- debug("checkScope: $_[0] and $_[1] are compatible\n");
- return 1;
- }
-}
-
-
-###############################
-# MAIN ROUTINE
-###############################
-
-# Generated variable
-$prefix="{{DS-ROOT}}";
-
-# Determine which command we are running
-if ( $0 =~ /ns-inactivate(.pl)?$/ )
-{
- $cmd="ns-inactivate.pl";
- $operation="inactivate";
- $state="inactivated";
- $modrole="add";
- $already="already";
-}
-elsif ( $0 =~ /ns-activate(.pl)?$/ )
-{
- $cmd="ns-activate.pl";
- $operation="activate";
- $state="activated";
- $modrole="delete";
- $already="already";
-}
-elsif ( $0 =~ /ns-accountstatus(.pl)?$/ )
-{
- $cmd="ns-accountstatus.pl";
- $operation="get status of";
- $state="activated";
- # no need for $modrole as no operation is performed
- $already="";
-
-}
-else
-{
- out("$0: unknown command\n");
- exit 100;
-}
-
-debug("Running ** $cmd ** $operation\n");
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
-
-# Default values
-$defrootdn= "{{ROOT-DN}}";
-$defhost= "{{SERVER-NAME}}";
-$defport= "{{SERVER-PORT}}";
-
-# User values
-$rootdn= "{{ROOT-DN}}";
-$rootpw= "";
-$pwfile= "";
-$host= "{{SERVER-NAME}}";
-$port= "{{SERVER-PORT}}";
-$entry= "";
-
-$single=0;
-$role=0;
-
-# Process the command line arguments
-while( $arg = shift)
-{
- if($arg eq "-?")
- {
- usage_and_exit();
- }
- elsif($arg eq "-D")
- {
- $rootdn= shift @ARGV;
- }
- elsif($arg eq "-w")
- {
- $rootpw= shift @ARGV;
- }
- elsif($arg eq "-j")
- {
- $pwfile= shift @ARGV;
- }
- elsif($arg eq "-p")
- {
- $port= shift @ARGV;
- }
- elsif($arg eq "-h")
- {
- $host= shift @ARGV;
- }
- elsif($arg eq "-I")
- {
- $entry= shift @ARGV;
- }
- else
- {
- print "$arg: Unknown command line argument.\n";
- usage_and_exit();
- }
-}
-
-if ($pwfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $pwfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $rootpw = <RPASS>;
- chomp($rootpw);
- close(RPASS);
-} elsif ($rootpw eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $rootpw = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($rootpw); # trim trailing newline
-}
-
-if( $rootpw eq "" )
-{
- usage_and_exit();
-}
-
-if( $entry eq "" )
-{
- usage_and_exit();
-}
-
-#
-# Check the actual existence of the entry to inactivate/activate
-# and at the same time, validate the various parm: port, host, rootdn, rootpw
-#
-@exist=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$entry\" \"(objectclass=*)\" dn`;
-$retCode1=$?;
-if ( $retCode1 != 0 )
-{
- $retCode1=$?>>8;
- exit $retCode1;
-}
-
-@isRole=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s base -b \
\"$entry\" \
\"(&(objectclass=LDAPsubentry)(objectclass=nsRoleDefinition))\" dn`;
-$nbLineRole=@isRole;
-$retCode2=$?;
-if ( $retCode2 != 0 )
-{
- $retCode2=$?>>8;
- exit $retCode2;
-}
-
-if ( $nbLineRole > 0 )
-{
- debug("Groups of users\n");
- $role=1;
-}
-else
-{
- debug("Single user\n");
- $single=1;
-}
-
-#
-# First of all, check the existence of the nsaccountlock attribute in the entry
-#
-$isLocked=0;
-if ( $single == 1 )
-{
- $searchAccountLock="$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s \
base -b \"$entry\" \"(objectclass=*)\" nsaccountlock";
- open (LDAP1, "$searchAccountLock |");
- while (<LDAP1>) {
- s/\n //g;
- if (/^nsaccountlock: (.*)\n/) {
- $L_currentvalue = $1;
- $L_currentvalue=~ tr/A-Z/a-z/;
- if ( $L_currentvalue eq "true")
- {
- $isLocked=1;
- }
- elsif ( $L_currentvalue eq "false" )
- {
- $isLocked=0;
- }
- }
- }
- close(LDAP1);
-}
-debug("Is the entry already locked? ==> $isLocked\n");
-
-#
-# Get the suffix name of that entry
-#
-
-# Remove the space at the beginning (just in case...)
-# -I "uid=jvedder , ou=People , o=sun.com"
-@suffix=split /([,])/,$entry;
-$result="";
-foreach $part (@suffix)
-{
- $part=~s/^ +//;
- $part=~ tr/A-Z/a-z/;
- $result="$result$part";
-}
-@suffixN=$result;
-
-debug("Entry to $operation: #@suffix#\n");
-debug("Entry to $operation: #@suffixN#\n");
-
-# Get the suffix
-$cont=0;
-while ($cont == 0)
-{
- # Look if suffix is the suffix of the entry
- # ldapsearch -s one -b "cn=mapping tree,cn=config" \
"cn=\"uid=jvedder,ou=People,o=sun.com\""
- #
- debug("\tSuffix from the entry: #@suffixN#\n");
- @mapping=`$ldapsearch -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -s one -b \
\"cn=mapping tree, cn=config\" \"cn=\\"@suffixN\\"\" cn `;
-
- $retCode=$?;
- if ( $retCode != 0 )
- {
- $retCode=$?>>8;
- exit $retCode;
- }
-
- # If we get a result, remove the dn:
- # dn: cn="o=sun.com",cn=mapping tree,cn=config
- # cn: "o=sun.com"
- #
- shift @mapping;
-
- foreach $res (@mapping)
- {
- # Break the string cn: "o=sun.com" into pieces
- @cn= split(/ /,$res);
-
- # And remove the cn: part
- shift @cn;
-
- # Now compare the suffix we extract from the mapping tree
- # with the suffix derived from the entry
- debug("\tSuffix from mapping tree: #@cn#\n");
- if ( @cn eq @suffixN ) {
- debug("Found matching suffix\n");
- $cont=1;
- }
- }
-
- if ( $cont == 0 )
- {
- # Remove the current rdn to try another suffix
- shift @suffix;
-
- $result="";
- foreach $part (@suffix)
- {
- $part=~ s/^ +//;
- $part=~ tr/A-Z/a-z/;
- $result="$result$part";
- }
- @suffixN=$result;
-
- debug("\t\tNothing found => go up one level in rdn #@suffix#\n");
- $len=@suffix;
- if ( $len == 0 )
- {
- debug("Can not find suffix. Problem\n");
- $cont=2;
- }
- }
-}
-if ( $cont == 2)
-{
- out("Can not find suffix for entry $entry\n");
- exit 100;
-}
-
-if ( $operation eq "inactivate" )
-{
- #
- # Now that we have the suffix and we know if we deal with a single entry or
- # a role, just try to create the COS and roles associated.
- #
- @base=(
- "cn=nsManagedDisabledRole,@suffixN",
- "cn=nsDisabledRole,@suffixN",
- "cn=nsAccountInactivationTmp,@suffixN",
- "\'cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\'",
- "cn=nsAccountInactivation_cos,@suffixN" );
-
- $addrolescos="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c -a >> \
{{DEV-NULL}} 2>&1 ";
- @role1=(
- "dn: cn=nsManagedDisabledRole,@suffixN\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: nsRoleDefinition\n",
- "objectclass: nsSimpleRoleDefinition\n",
- "objectclass: nsManagedRoleDefinition\n",
- "cn: nsManagedDisabledRole\n\n" );
- @role2=(
- "dn: cn=nsDisabledRole,@suffixN\n",
- "objectclass: top\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: nsRoleDefinition\n",
- "objectclass: nsComplexRoleDefinition\n",
- "objectclass: nsNestedRoleDefinition\n",
- "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n",
- "cn: nsDisabledRole\n\n" );
- @cos1=(
- "dn: cn=nsAccountInactivationTmp,@suffixN\n",
- "objectclass: top\n",
- "objectclass: nsContainer\n\n" );
- @cos2=(
- "dn: cn=\"cn=nsDisabledRole,@suffixN\",cn=nsAccountInactivationTmp,@suffixN\n",
- "objectclass: top\n",
- "objectclass: extensibleObject\n",
- "objectclass: costemplate\n",
- "objectclass: ldapsubentry\n",
- "cosPriority: 1\n",
- "nsAccountLock: true\n\n" );
- @cos3=(
- "dn: cn=nsAccountInactivation_cos,@suffixN\n",
- "objectclass: top\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: cosSuperDefinition\n",
- "objectclass: cosClassicDefinition\n",
- "cosTemplateDn: cn=nsAccountInactivationTmp,@suffixN\n",
- "cosSpecifier: nsRole\n",
- "cosAttribute: nsAccountLock operational\n\n" );
-
- @all=(\@role1, \@role2, \@cos1, \@cos2, \@cos3);
-
- $i=0;
-
- foreach $current (@base)
- {
- debug("Creating $current ??\n");
- open(FD,"| $addrolescos ");
- print FD @{$all[$i]};
- close(FD);
- if ( $? != 0 )
- {
- $retCode=$?>>8;
- if ( $retCode == 68 )
- {
- debug("Entry $current already exists, ignore error\n");
- }
- else
- {
- # Probably a more serious problem.
- # Exit with LDAP error
- exit $retCode;
- }
- }
- else
- {
- debug("Entry $current created\n");
- }
- $i=$i+1;
- }
-}
-
-$skipManaged=0;
-$skipDisabled=0;
-$directLocked=0;
-
-$nsDisabledRole="cn=nsDisabledRole,@suffixN";
-$nsDisabledRole=~ tr/A-Z/a-z/;
-
-$nsManagedDisabledRole="cn=nsManagedDisabledRole,@suffixN";
-$nsManagedDisabledRole=~ tr/A-Z/a-z/;
-
-if ( $operation eq "inactivate" )
-{
- # Go through all the roles part of nsdisabledrole to check if the entry
- # is a member of one of those roles
- $ret=indirectLock("LDAP00", $entry, $nsDisabledRole);
- if ( $ret == 0 )
- {
- if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
- {
- # indirect lock
- out("$entry already $state through $throughRole.\n");
- }
- else
- {
- # direct lock
- out("$entry already $state.\n");
- }
- exit 100;
- }
- elsif ( $isLocked == 1 )
- {
- # the entry is not locked through a role, may be nsaccountlock is "hardcoded" ?
- out("$entry already $state (probably directly).\n");
- exit 103;
- }
-}
-elsif ( $operation eq "activate" || $operation eq "get status of" )
-{
- $skipManaged=$single;
- $skipDisabled=$role;
-
- $ret=indirectLock("LDAP00",$entry, $nsDisabledRole);
-
- if ( $ret == 0 )
- {
- # undirectly locked
- if ( $throughRole ne $nsDisabledRole && $throughRole ne $nsManagedDisabledRole )
- {
- if ( $operation eq "activate" )
- {
- out("$entry inactivated through $throughRole. Can not activate it \
individually.\n");
- exit 100;
- }
- else
- {
- out("$entry inactivated through $throughRole.\n");
- exit 104;
- }
- }
- debug("$entry locked individually\n");
-
- if ( $operation ne "activate" )
- {
- out("$entry inactivated.\n");
- exit 103;
- }
- }
- elsif ( $directLocked == 0 )
- {
- if ( $operation eq "activate" && $isLocked != 1 )
- {
- out("$entry $already $state.\n");
- exit 100;
- }
- elsif ( $isLocked != 1 )
- {
- out("$entry $already $state.\n");
- exit 102;
- }
- else
- {
- # not locked using our schema, but nsaccountlock is probably present
- out("$entry inactivated (probably directly).\n");
- exit 103;
- }
- }
- elsif ( $operation ne "activate" )
- {
- out("$entry inactivated.\n");
- exit 103;
- }
- # else Locked directly, juste unlock it!
- debug("$entry locked individually\n");
-}
-
-#
-# Inactivate/activate the entry
-#
-$action="$ldapmodify -p $port -h $host -D \"$rootdn\" -w \"$rootpw\" -c >> \
{{DEV-NULL}} 2>&1";
-if ( $single == 1 )
-{
- @record=(
- "dn: $entry\n",
- "changetype: modify\n",
- "$modrole: nsRoleDN\n",
- "nsRoleDN: cn=nsManagedDisabledRole,@suffixN\n\n" );
-}
-else
-{
- @record=(
- "dn: cn=nsDisabledRole,@suffixN\n",
- "changetype: modify\n",
- "$modrole: nsRoleDN\n",
- "nsRoleDN: $entry\n\n" );
-}
-open(FD,"| $action ");
-print FD @record;
-close(FD);
-if ( $? != 0 )
-{
-debug("$modrole, $entry\n");
- $retCode=$?>>8;
- exit $retCode;
-}
-
-out("$entry $state.\n");
-exit 0;
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/ns-inactivate.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in \
b/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in index 50ce047..db6a1db 100755
--- a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in
+++ b/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in
@@ -34,271 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-use lib qw(@perlpath@);
-
-# enable the use of our bundled perldap with our bundled ldapsdk libraries
-# all of this nonsense can be omitted if the mozldapsdk and perldap are
-# installed in the operating system locations (e.g. /usr/lib /usr/lib/perl5)
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-# Add new password policy specific entries
-
-#############################################################################
-# enable the use of Perldap functions
-require DynaLoader;
-
-use Getopt::Std;
-use Mozilla::LDAP::Conn;
-use Mozilla::LDAP::Utils qw(:all);
-use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API
-
-#############################################################################
-# Default values of the variables
-
-$opt_D = "{{ROOT-DN}}";
-$opt_p = "{{SERVER-PORT}}";
-$opt_h = "{{SERVER-NAME}}";
-$opt_v = 0;
-
-# Variables
-$ldapsearch="ldapsearch @ldaptool_opts@ @plainldif_opts@";
-$ldapmodify="ldapmodify @ldaptool_opts@";
-
-#############################################################################
-
-sub usage {
- print (STDERR "ns-newpwpolicy.pl [-v] [-D rootdn] { -w password | -j filename } \
\n");
- print (STDERR " [-p port] [-h host] -U UserDN -S SuffixDN\n\n");
-
- print (STDERR "Arguments:\n");
- print (STDERR " -? - help\n");
- print (STDERR " -v - verbose output\n");
- print (STDERR " -D rootdn - Directory Manager DN. Default= '$opt_D'\n");
- print (STDERR " -w rootpw - password for the Directory Manager DN\n");
- print (STDERR " -j filename - Read the Directory Manager's password from file\n");
- print (STDERR " -p port - port. Default= $opt_p\n");
- print (STDERR " -h host - host name. Default= '$opt_h'\n");
- print (STDERR " -U userDN - User entry DN\n");
- print (STDERR " -S suffixDN - Suffix entry DN\n");
- exit 100;
-}
-
-# Process the command line arguments
-{
- usage() if (!getopts('vD:w:j:p:h:U:S:'));
-
- if ($opt_j ne ""){
- die "Error, cannot open password file $opt_j\n" unless (open (RPASS, $opt_j));
- $opt_w = <RPASS>;
- chomp($opt_w);
- close(RPASS);
- }
-
- usage() if( $opt_w eq "" );
- if ($opt_U eq "" && $opt_S eq "") {
- print (STDERR "Please provide at least -S or -U option.\n\n");
- }
-
- # Now, check if the user/group exists
-
- if ($opt_S) {
- my $esc_opt_S = $opt_S;
- $esc_opt_S =~ s/,/\\,/g;
- $esc_opt_S =~ s/=/\\=/g;
- print (STDERR "host = $opt_h, port = $opt_p, suffixDN = \"$opt_S\"\n\n") if \
$opt_v;
- @base=(
- "cn=nsPwPolicyContainer,$opt_S",
- "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
- "cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S",
- "cn=nsPwPolicy_cos,$opt_S"
- );
-
- $ldapadd="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c -a 2>&1";
- $modifyCfg="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c 2>&1";
-
- @container=(
- "dn: cn=nsPwPolicyContainer,$opt_S\n",
- "objectclass: top\n",
- "objectclass: nsContainer\n\n" );
- @pwpolicy=(
- "dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
- "objectclass: top\n",
- "objectclass: ldapsubentry\n",
- "objectclass: passwordpolicy\n\n" );
- @template=(
- "dn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
- "objectclass: top\n",
- "objectclass: extensibleObject\n",
- "objectclass: costemplate\n",
- "objectclass: ldapsubentry\n",
- "cosPriority: 1\n",
- "pwdpolicysubentry: \
cn=cn\\=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n\n" \
);
- @cos=(
- "dn: cn=nsPwPolicy_cos,$opt_S\n",
- "objectclass: top\n",
- "objectclass: LDAPsubentry\n",
- "objectclass: cosSuperDefinition\n",
- "objectclass: cosPointerDefinition\n",
- "cosTemplateDn: cn=cn\\=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n",
- "cosAttribute: pwdpolicysubentry default operational-default\n\n" );
-
- @all=(\@container, \@pwpolicy, \@template, \@cos);
-
- $i=0;
-
- foreach $current (@base)
- {
- open(FD,"| $ldapadd");
- print FD @{$all[$i]};
- close(FD);
- if ( $? != 0 ) {
- $retCode=$?>>8;
- if ( $retCode == 68 ) {
- print( STDERR "Entry \"$current\" already exists. Please ignore the \
error\n\n");
- }
- else {
- # Probably a more serious problem.
- # Exit with LDAP error
- print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
- exit $retCode;
- }
- }
- else {
- print( STDERR "Entry \"$current\" created\n\n") if $opt_v;
- }
- $i=$i+1;
- }
-
- $modConfig = "dn:cn=config\nchangetype: \
modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: \
on\n\n";
- open(FD,"| $modifyCfg ");
- print(FD $modConfig);
- close(FD);
- $retcode = $?;
- if ( $retcode != 0 ) {
- print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
- exit ($retcode);
- }
- else {
- print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
- }
- } # end of $opt_S
-
- if ($opt_U) {
- my $norm_opt_U = normalizeDN($opt_U);
- my $esc_opt_U = $norm_opt_U;
- $esc_opt_U =~ s/,/\\,/g;
- $esc_opt_U =~ s/=/\\=/g;
- print (STDERR "host = $opt_h, port = $opt_p, userDN = \"$norm_opt_U\"\n\n") if \
$opt_v;
- $retcode = `$ldapsearch -h $opt_h -p $opt_p -b \"$norm_opt_U\" -s base \"\"`;
- if ($retcode != 0 ) {
- print( STDERR "the user entry $norm_opt_U does not exist. Exiting.\n");
- exit ($retcode);
- }
-
- print( STDERR "the user entry $norm_opt_U found..\n\n") if $opt_v;
-
- # Now, get the parentDN
- @rdns = ldap_explode_dn($norm_opt_U, 0);
- shift @rdns;
- $parentDN = join(',', @rdns);
-
- print (STDERR "parentDN is $parentDN\n\n") if $opt_v;
-
- @base=(
- "cn=nsPwPolicyContainer,$parentDN",
- "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN"
- );
-
- $ldapadd="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c -a 2>&1";
- $modifyCfg="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c 2>&1";
-
- @container=(
- "dn: cn=nsPwPolicyContainer,$parentDN\n",
- "objectclass: top\n",
- "objectclass: nsContainer\n\n" );
- @pwpolicy=(
- "dn: cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN\n",
- "objectclass: top\n",
- "objectclass: ldapsubentry\n",
- "objectclass: passwordpolicy\n\n" );
-
- @all=(\@container, \@pwpolicy);
-
- $i=0;
-
- foreach $current (@base)
- {
- open(FD,"| $ldapadd ");
- print FD @{$all[$i]};
- close(FD);
- if ( $? != 0 ) {
- $retCode=$?>>8;
- if ( $retCode == 68 ) {
- print( STDERR "Entry $current already exists. Please ignore the error\n\n");
- }
- else {
- # Probably a more serious problem.
- # Exit with LDAP error
- print(STDERR "Error $retcode while adding \"$current\". Exiting.\n");
- exit $retCode;
- }
- }
- else {
- print( STDERR "Entry $current created\n\n") if $opt_v;
- }
- $i=$i+1;
- }
-
- $target = "cn=cn\\=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN";
- $modConfig = "dn: $norm_opt_U\nchangetype: \
modify\nreplace:pwdpolicysubentry\npwdpolicysubentry: $target\n\n";
- open(FD,"| $modifyCfg ");
- print(FD $modConfig);
- close(FD);
- $retcode = $?;
- if ( $retcode != 0 ) {
- print( STDERR "Error $retcode while modifing $norm_opt_U. Exiting.\n" );
- exit ($retcode);
- }
- else {
- print( STDERR "Entry \"$norm_opt_U\" modified\n\n") if $opt_v;
- }
-
- $modConfig = "dn:cn=config\nchangetype: \
modify\nreplace:nsslapd-pwpolicy-local\nnsslapd-pwpolicy-local: \
on\n\n";
- open(FD,"| $modifyCfg ");
- print(FD $modConfig);
- close(FD);
- $retcode = $?;
- if ( $retcode != 0 ) {
- print( STDERR "Error $retcode while modifing \"cn=config\". Exiting.\n" );
- exit ($retcode);
- }
- else {
- print( STDERR "Entry \"cn=config\" modified\n\n") if $opt_v;
- }
- } # end of $opt_U
-}
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/ns-newpwpolicy.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-restart-slapd.in \
b/ldap/admin/src/scripts/template-restart-slapd.in index e30fca8..d169432 100644
--- a/ldap/admin/src/scripts/template-restart-slapd.in
+++ b/ldap/admin/src/scripts/template-restart-slapd.in
@@ -1,11 +1,5 @@
#!/bin/sh
-# Script that restarts the ns-slapd server.
-# Exit status can be:
-# 0: Server restarted successfully
-# 1: Server could not be started
-# 2: Server started successfully (was not running)
-# 3: Server could not be stopped
-
-@sbindir@/restart-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@"
-exit $?
+cd {{SERVERBIN-DIR}}
+./restart-slapd "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-restoreconfig.in \
b/ldap/admin/src/scripts/template-restoreconfig.in index 480af88..f4b2d06 100755
--- a/ldap/admin/src/scripts/template-restoreconfig.in
+++ b/ldap/admin/src/scripts/template-restoreconfig.in
@@ -1,28 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-conf_ldif=`ls -1t {{BAK-DIR}}/{{SERV-ID}}-*.ldif | head -1`
-if [ -z "$conf_ldif" ]
-then
- echo No configuration to restore in {{BAK-DIR}} ; exit 1
-fi
-echo Restoring $conf_ldif
-./ns-slapd ldif2db -D {{CONFIG-DIR}} -i $conf_ldif -n NetscapeRoot 2>&1
-exit $?
+./restoreconfig "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-saveconfig.in \
b/ldap/admin/src/scripts/template-saveconfig.in index 4c8f3d6..c77cce1 100755
--- a/ldap/admin/src/scripts/template-saveconfig.in
+++ b/ldap/admin/src/scripts/template-saveconfig.in
@@ -1,29 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-echo saving configuration ...
-conf_ldif={{BAK-DIR}}/{{SERV-ID}}-`date +%Y_%m_%d_%H%M%S`.ldif
-./ns-slapd db2ldif -N -D {{CONFIG-DIR}} -s "o=NetscapeRoot" -a $conf_ldif -n \
NetscapeRoot 2>&1
-if [ "$?" -ge 1 ]
-then
- echo Error occurred while saving configuration
- exit 1
-fi
-exit 0
+./saveconfig "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-schema-reload.pl.in \
b/ldap/admin/src/scripts/template-schema-reload.pl.in index f7a1dbb..e4c39d9 100644
--- a/ldap/admin/src/scripts/template-schema-reload.pl.in
+++ b/ldap/admin/src/scripts/template-schema-reload.pl.in
@@ -34,136 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2008 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \
\n");
- print(STDERR " [-d schemadir]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's \
password\n");
- print(STDERR " : -j filename - Read Directory Manager's password \
from file\n");
- print(STDERR " : -d schemadir - Directory where schema files are \
located\n");
- print(STDERR " : -v - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$schemadir = "";
-$schemadir_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV)
-{
- if ("$ARGV[$i]" eq "-d")
- {
- # schemadir
- $i++; $schemadir_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-D")
- {
- # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-w")
- {
- # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-j")
- {
- # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-v")
- {
- # verbose
- $verbose = 1;
- }
- else
- {
- &usage; exit(1);
- }
- $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" )
-{
- &usage;
- exit(1);
-}
-
-$vstr = "";
-if ($verbose != 0)
-{
- $vstr = "-v";
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "schema_reload_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=schema reload task, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-
-if ( $schemadir_arg ne "" )
-{
- $schemadir = "schemadir: $schemadir_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${schemadir}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/schema-reload.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-start-slapd.in \
b/ldap/admin/src/scripts/template-start-slapd.in index 0c9ac63..c5a9ca9 100755
--- a/ldap/admin/src/scripts/template-start-slapd.in
+++ b/ldap/admin/src/scripts/template-start-slapd.in
@@ -1,11 +1,5 @@
#!/bin/sh
-# Script that starts the ns-slapd server.
-# Exit status can be:
-# 0: Server started successfully
-# 1: Server could not be started
-# 2: Server already running
-INSTANCE={{SERV-ID}}
-
-@sbindir@/start-dirsrv -d {{INITCONFIG-DIR}} $INSTANCE "$@"
+cd {{SERVERBIN-DIR}}
+./start-slapd "$@" -Z {{SERV-ID}}
exit $?
diff --git a/ldap/admin/src/scripts/template-stop-slapd.in \
b/ldap/admin/src/scripts/template-stop-slapd.in index 1c10986..7e1820a 100755
--- a/ldap/admin/src/scripts/template-stop-slapd.in
+++ b/ldap/admin/src/scripts/template-stop-slapd.in
@@ -1,10 +1,5 @@
#!/bin/sh
-# Script that stops the ns-slapd server.
-# Exit status can be:
-# 0: Server stopped successfully
-# 1: Server could not be stopped
-# 2: Server was not running
-
-@sbindir@/stop-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@"
+cd {{SERVERBIN-DIR}}
+./stop-slapd "$@" -Z {{SERV-ID}}
exit $?
diff --git a/ldap/admin/src/scripts/template-suffix2instance.in \
b/ldap/admin/src/scripts/template-suffix2instance.in index 8186ef8..03bcba8 100755
--- a/ldap/admin/src/scripts/template-suffix2instance.in
+++ b/ldap/admin/src/scripts/template-suffix2instance.in
@@ -1,27 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-if [ $# -lt 2 ]
-then
- echo Usage: suffix2instance {-s includesuffix}*
- exit 1
-fi
-
-./ns-slapd suffix2instance -D {{CONFIG-DIR}} "$@" 2>&1
+./suffix2instance "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-syntax-validate.pl.in \
b/ldap/admin/src/scripts/template-syntax-validate.pl.in index b87e12d..f0b7350 100644
--- a/ldap/admin/src/scripts/template-syntax-validate.pl.in
+++ b/ldap/admin/src/scripts/template-syntax-validate.pl.in
@@ -34,147 +34,19 @@
#
#
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2009 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \
\n");
- print(STDERR " -b baseDN [-f filter]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager.\n");
- print(STDERR " : -w password - Directory Manager's password.\n");
- print(STDERR " : -w - - Prompt for Directory Manager's \
password.\n");
- print(STDERR " : -j filename - Read Directory Manager's password \
from file.\n");
- print(STDERR " : -b baseDN - Base DN that contains entries to \
validate.\n");
- print(STDERR " : -f filter - Filter for entries to validate.\n");
- print(STDERR " If omitted, all entries under the \
specified\n");
- print(STDERR " base will have their attribute \
values\n");
- print(STDERR " validated.\n");
- print(STDERR " : -v - Verbose.\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$basedn_arg = "";
-$filter_arg = "";
-$filter = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV)
-{
- if ("$ARGV[$i]" eq "-b")
- {
- # base DN
- $i++; $basedn_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-f")
- {
- # filter
- $i++; $filter_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-D")
- {
- # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-w")
- {
- # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-j")
- {
- # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-v")
- {
- # verbose
- $verbose = 1;
- }
- else
- {
- &usage; exit(1);
- }
- $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" || $basedn_arg eq "" )
-{
- &usage;
- exit(1);
-}
-
-$vstr = "";
-if ($verbose != 0)
-{
- $vstr = "-v";
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "syntax_validate_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=syntax validate, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-$basedn = "basedn: $basedn_arg\n";
-
-if ( $filter_arg ne "" )
-{
- $filter = "filter: $filter_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${filter}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/syntax-validate.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-upgradedb.in \
b/ldap/admin/src/scripts/template-upgradedb.in index a36acc6..ce879bb 100755
--- a/ldap/admin/src/scripts/template-upgradedb.in
+++ b/ldap/admin/src/scripts/template-upgradedb.in
@@ -1,29 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-if [ "$#" -eq 1 ]
-then
- bak_dir=$1
-else
- bak_dir={{BAK-DIR}}/upgradedb_`date +%Y_%m_%d_%H_%M_%S`
-fi
-
-echo upgrade index files ...
-./ns-slapd upgradedb -D {{CONFIG-DIR}} -a $bak_dir
+./upgradedb "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-upgradednformat.in \
b/ldap/admin/src/scripts/template-upgradednformat.in index d1ff5c8..5fd8ef9 100755
--- a/ldap/admin/src/scripts/template-upgradednformat.in
+++ b/ldap/admin/src/scripts/template-upgradednformat.in
@@ -1,63 +1,5 @@
#!/bin/sh
-# upgradednformat -- upgrade DN format to the new style (RFC 4514)
-# Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory
-# -N: dryrun
-# exit code: 0 -- needs upgrade; 1 -- no need to upgrade; -1 -- error
-# -n backend_instance -- instance name to be examined or upgraded
-# -a db_instance_directory -- full path to the db instance dir
-# e.g., /var/lib/dirsrv/slapd-ID/db/userRoot
-prefix="{{DS-ROOT}}"
-if [ "$prefix" = "/" ] ; then
- prefix=""
-fi
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-
-dir=""
-be=""
-dryrun=0
-while [ "$1" != "" ]
-do
- if [ "$1" = "-a" ]; then
- shift
- dir="$1"
- elif [ "$1" = "-n" ]; then
- shift
- be="$1"
- elif [ "$1" = "-N" ]; then
- dryrun=1
- fi
- if [ "$1" != "" ]; then
- shift
- fi
-done
-
-if [ "$be" = "" ] || [ "$dir" = "" ]; then
- echo "be: $be"
- echo "dir: $dir"
- echo "Usage: $0 [-N] -n backend_instance -a db_instance_directory"
- exit 1
-fi
-
-if [ $dryrun -eq 0 ]; then
- ./ns-slapd upgradednformat -D {{CONFIG-DIR}} -a $dir -n $be
-else
- ./ns-slapd upgradednformat -D {{CONFIG-DIR}} -a $dir -n $be -N
-fi
-rc=$?
-exit $rc
+./upgradednformat "$@" -Z {{SERV-ID}}
+exit $?
\ No newline at end of file
diff --git a/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in \
b/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in index 3e17be0..9d5d549 \
100644
--- a/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in
+++ b/ldap/admin/src/scripts/template-usn-tombstone-cleanup.pl.in
@@ -33,165 +33,19 @@
# exception.
#
#
-# Copyright (C) 2009 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage {
- print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } -s \
suffix | -n backend [ -m maxusn_to_delete ]\n");
- print(STDERR " Opts: -D rootdn - Directory Manager\n");
- print(STDERR " : -w password - Directory Manager's password\n");
- print(STDERR " : -w - - Prompt for Directory Manager's \
password\n");
- print(STDERR " : -j filename - Read Directory Manager's password \
from file\n");
- print(STDERR " : -s suffix - Suffix where USN tombstone entries \
are cleaned up\n");
- print(STDERR " : -n backend - Backend instance in which USN \
tombstone entries \n");
- print(STDERR " are cleaned up (alternative to \
suffix)\n");
- print(STDERR " : -m maxusn_to_delete - USN tombstone entries are deleted up \
to \n");
- print(STDERR " the entry with maxusn_to_delete\n");
- print(STDERR " : -v - verbose\n");
-}
-
-$rootdn = "";
-$passwd = "";
-$passwdfile = "";
-$args = "";
-$suffix_arg = "";
-$backend_arg = "";
-$maxusn_arg = "";
-$verbose = 0;
-
-$prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
-
-libpath_add("$prefix@nss_libdir@");
-libpath_add("$prefix/usr/lib");
-libpath_add("@nss_libdir@");
-libpath_add("/usr/lib");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-$i = 0;
-while ($i <= $#ARGV)
-{
- if ("$ARGV[$i]" eq "-s")
- {
- # suffix
- $i++; $suffix_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-n")
- {
- # backend
- $i++; $backend_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-m")
- {
- # max usn
- $i++; $maxusn_arg = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-D")
- {
- # Directory Manager
- $i++; $rootdn = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-w")
- {
- # Directory Manager's password
- $i++; $passwd = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-j")
- {
- # Read Directory Manager's password from a file
- $i++; $passwdfile = $ARGV[$i];
- }
- elsif ("$ARGV[$i]" eq "-v")
- {
- # verbose
- $verbose = 1;
- }
- else
- {
- &usage; exit(1);
- }
- $i++;
-}
-
-if ($passwdfile ne ""){
-# Open file and get the password
- unless (open (RPASS, $passwdfile)) {
- die "Error, cannot open password file $passwdfile\n";
- }
- $passwd = <RPASS>;
- chomp($passwd);
- close(RPASS);
-} elsif ($passwd eq "-"){
-# Read the password from terminal
- print "Bind Password: ";
- # Disable console echo
- system("@sttyexec@ -echo") if -t STDIN;
- # read the answer
- $passwd = <STDIN>;
- # Enable console echo
- system("@sttyexec@ echo") if -t STDIN;
- print "\n";
- chop($passwd); # trim trailing newline
-}
-
-if ( $rootdn eq "" || $passwd eq "" )
-{
- &usage;
- exit(1);
-}
-
-$vstr = "";
-if ($verbose != 0)
-{
- $vstr = "-v";
-}
-
-# Use a timestamp as part of the task entry name
-($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
-$mn++; $yr += 1900;
-$taskname = "usn_cleanup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
-
-# Build the task entry to add
-$dn = "dn: cn=$taskname, cn=USN tombstone cleanup task, cn=tasks, cn=config\n";
-$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
-$cn = "cn: $taskname\n";
-
-if ( $suffix_arg eq "" && $backend_arg eq "" )
-{
- &usage;
- exit(1);
-}
-elsif ( $suffix_arg ne "" )
-{
- $args = "suffix: $suffix_arg\n";
-}
-else
-{
- $args = "backend: $backend_arg\n";
-}
-
-if ( $maxusn_arg ne "" )
-{
- $args = $args . "maxusn_to_delete: $maxusn_arg\n";
-}
-
-$entry = "${dn}${misc}${cn}${basedn}${args}";
-open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} \
-D \"$rootdn\" -w \"$passwd\" -a" );
-print(FOO "$entry");
-close(FOO);
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+# We lose args that are quoted when passing ARGV to a wrapper
+while ($i <= $#ARGV) {
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/usn-tombstone-cleanup.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-verify-db.pl.in \
b/ldap/admin/src/scripts/template-verify-db.pl.in index c352eb2..ab58e89 100644
--- a/ldap/admin/src/scripts/template-verify-db.pl.in
+++ b/ldap/admin/src/scripts/template-verify-db.pl.in
@@ -33,241 +33,19 @@
# exception.
#
#
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
-sub usage
-{
- print "Usage: $0 [ -a <fullpath_to_db_dir> ]\n";
-}
-
-# getDbDir checks up to 4 levels of db dirs
-# e.g., <server_inst_dir>/db/<backend_instance_dir>/<subdir>
-sub getDbDir
-{
- (my $here) = @_;
- my @dbdirs = ();
-
- opendir(DIR0, $here) or die "can't opendir $here : $!";
- while (defined(my $file0 = readdir(DIR0)))
- {
- if ( "$file0" eq "\." || "$file0" eq "\.\." )
- {
- ;
- }
- elsif ( "$file0" eq "DBVERSION" )
- {
- $#dbdirs++;
- $dbdirs[$#dbdirs] = $here;
- }
- elsif ( -d $here . "{{SEP}}" . $file0 )
- {
- opendir(DIR1, $here . "{{SEP}}" . $file0) or die "can't opendir $file0 : $!";
- while (defined(my $file1 = readdir(DIR1)))
- {
- if ( "$file1" eq "\." || "$file1" eq "\.\." )
- {
- ;
- }
- elsif ( "$file1" eq "DBVERSION" )
- {
- $#dbdirs++;
- $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0;
- }
- elsif ( -d $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 )
- {
- opendir(DIR2, $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1) or die \
"can't opendir $file1 : $!";
- while (defined(my $file2 = readdir(DIR2)))
- {
- if ( "$file2" eq "\." || "$file2" eq "\.\." )
- {
- ;
- }
- elsif ("$file2" eq "DBVERSION")
- {
- $#dbdirs++;
- $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1;
- }
- elsif ( -d $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . "{{SEP}}" . \
$file2 )
- {
- opendir(DIR3, $here . "{{SEP}}" . $file0 . "{{SEP}}" . $file1 . \
"{{SEP}}" . $file2) or die "can't opendir $file1 : $!";
- while (defined(my $file3 = readdir(DIR3)))
- {
- if ( "$file3" eq "\." || "$file3" eq "\.\." )
- {
- ;
- }
- elsif ("$file3" eq "DBVERSION")
- {
- $#dbdirs++;
- $dbdirs[$#dbdirs] = $here . "{{SEP}}" . $file0 . "{{SEP}}" . \
$file1 . "{{SEP}}" . $file2;
- }
- }
- closedir(DIR3);
- }
- }
- closedir(DIR2);
- }
- }
- closedir(DIR1);
- }
- }
- closedir(DIR0);
-
- return \@dbdirs;
-}
-
-sub getLastLogfile
-{
- (my $here) = @_;
- my $logfile = "";
-
- opendir(DIR, $here) or die "can't opendir $here : $!";
- while (defined($file = readdir(DIR)))
- {
- if ($file =~ /log./)
- {
- $logfile = $file;
- }
- }
- closedir(DIR);
-
- return \$logfile;
-}
-
-$isWin = -d '\\';
-if ($isWin) {
- $NULL = "nul";
-} else {
- $NULL = "/dev/null";
-}
-
-my $i = 0;
-$startpoint = "";
+# We lose args that are quoted when passing ARGV to a wrapper
while ($i <= $#ARGV) {
- if ( "$ARGV[$i]" eq "-a" ) { # path to search the db files
- $i++; $startpoint = $ARGV[$i];
- } else {
- &usage; exit(1);
- }
- $i++;
-}
-
-print("*****************************************************************\n");
-print("verify-db: This tool should only be run if recovery start fails\n" .
- "and the server is down. If you run this tool while the server is\n" .
- "running, you may get false reports of corrupted files or other\n" .
- "false errors.\n");
-print("*****************************************************************\n");
-
-if ( "$startpoint" eq "" ) {
- $startpoint = "{{DB-DIR}}";
-}
-# get dirs having DBVERSION
-my $dbdirs = getDbDir($startpoint);
-my $prefix = "{{DS-ROOT}}";
-
-$ENV{'PATH'} = "{{INST-DIR}}:$prefix@db_bindir@:$prefix/usr/bin:@db_bindir@:/usr/bin";
-
-libpath_add("@db_libdir@");
-libpath_add("@libdir@");
-
-$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
-
-# Check transaction logs by db_printlog
-for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++)
-{
- my $logfile = getLastLogfile($$dbdirs[$i]);
-
- if ( "$$logfile" ne "" )
- {
- # run db_printlog -h <dbdir> for each <dbdir>
- print "Verify log files in $$dbdirs[$i] ... ";
- open(PRINTLOG, "db_printlog -h $$dbdirs[$i] 2>&1 1> $NULL |");
- sleep 1;
- my $haserr = 0;
- while ($l = <PRINTLOG>)
- {
- if ("$l" ne "")
- {
- if ($haserr == 0)
- {
- print "\n";
- }
- print "LOG ERROR: $l";
- $haserr++;
- }
- }
- close(PRINTLOG);
- if ($haserr == 0 && $? == 0)
- {
- print "Good\n";
- }
- else
- {
- print "Log file(s) in $$dbdirs[$i] could be corrupted.\n";
- print "Please delete a log file $$logfile, and try restarting the server.\n";
- }
- }
-}
-
-# Check db files by db_verify
-print "Verify db files ... ";
-open(DBVERIFY, "dbverify $thisdb 2>&1 1> $NULL |");
-sleep 1;
-my $bad_index = 0;
-my $bad_id2entry = 0;
-my $isfirst = 1;
-while ($l = <DBVERIFY>)
-{
- if ($isfirst)
- {
- print "\n";
- $isfirst = 0;
- }
- if ("$l" =~ /verify failed/)
- {
- if ("$l" =~ /id2entry.db/)
- {
- $bad_id2entry++;
- }
- else
- {
- $bad_index++;
- }
- }
- print "$l";
-}
-close(DBVERIFY);
-
-if ($bad_id2entry > 0)
-{
- print "\nFound the db was corrupted\n";
- print "Please restore your backup and recover the database.\n";
- exit(1);
-}
-elsif ($bad_index > 0)
-{
- print "\nFound the index file(s) was corrupted\n";
- print "Please run db2index on the corrupted index\n";
- exit(1);
-}
-else
-{
- print "Good\n";
- exit(0);
-}
-
-sub libpath_add {
- my $libpath = shift;
-
- if ($libpath) {
- if ($ENV{'LD_LIBRARY_PATH'}) {
- $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath";
+ if($ARGV[$i] =~ /^-/){
+ $wrapperArgs[$i] = $ARGV[$i];
} else {
- $ENV{'LD_LIBRARY_PATH'} = "$libpath";
+ $wrapperArgs[$i] = "\"$ARGV[$i]\"";
}
- }
+ $i++;
}
+
+exec "{{SERVERBIN-DIR}}/verify-db.pl @wrapperArgs -Z {{SERV-ID}}";
diff --git a/ldap/admin/src/scripts/template-vlvindex.in \
b/ldap/admin/src/scripts/template-vlvindex.in index 193667a..0249696 100755
--- a/ldap/admin/src/scripts/template-vlvindex.in
+++ b/ldap/admin/src/scripts/template-vlvindex.in
@@ -1,28 +1,5 @@
#!/bin/sh
-prefix="{{DS-ROOT}}"
-
-libpath_add() {
- [ -z "$1" ] && return
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
-}
-
-libpath_add "$prefix{{SERVER-DIR}}"
-libpath_add "$prefix@nss_libdir@"
-libpath_add "$prefix@libdir@"
-libpath_add "@nss_libdir@"
-libpath_add "$prefix@pcre_libdir@"
-
-export LD_LIBRARY_PATH
-SHLIB_PATH=$LD_LIBRARY_PATH
-export SHLIB_PATH
-
cd {{SERVERBIN-DIR}}
-if [ $# -lt 4 ]
-then
- echo "Usage: vlvindex -n backend_instance | {-s includesuffix}* -T attribute"
- echo Note: either \"-n backend_instance\" or \"-s includesuffix\" are required.
- exit 1
-fi
-
-./ns-slapd db2index -D {{CONFIG-DIR}} "$@"
+./vlvindex "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/upgradedb.in \
b/ldap/admin/src/scripts/upgradedb.in new file mode 100755
index 0000000..e250cc9
--- /dev/null
+++ b/ldap/admin/src/scripts/upgradedb.in
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:vfrd:" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ v) args=$args" -v";;
+ f) args=$args" -f";;
+ r) args=$args" -r";;
+ d) args=$args" -d $OPTARG";;
+ a) args=$args" -a $OPTARG";;
+ D) args=$args" -D $OPTARG";;
+ esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "You must supply a server instance identifier. Use -Z to specify \
instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+if [ "$#" -eq 1 ]
+then
+ bak_dir=$1
+else
+ bak_dir=$prefix/var/lib/dirsrv/slapd-$servid/bak/upgradedb_`date \
+%Y_%m_%d_%H_%M_%S` +fi
+
+echo upgrade index files ...
+./ns-slapd upgradedb -D $configdir -a $bak_dir $args
diff --git a/ldap/admin/src/scripts/upgradednformat.in \
b/ldap/admin/src/scripts/upgradednformat.in new file mode 100755
index 0000000..6f6ded8
--- /dev/null
+++ b/ldap/admin/src/scripts/upgradednformat.in
@@ -0,0 +1,121 @@
+#!/bin/sh
+
+# upgradednformat -- upgrade DN format to the new style (RFC 4514)
+# Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory
+# -N: dryrun
+# exit code: 0 -- needs upgrade; 1 -- no need to upgrade; -1 -- error
+# -n backend_instance -- instance name to be examined or upgraded
+# -a db_instance_directory -- full path to the db instance dir
+# e.g., /var/lib/dirsrv/slapd-ID/db/userRoot
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+cd $server_sbin
+
+dir=""
+be=""
+servid=""
+dryrun=0
+
+first="yes"
+args=""
+while getopts "vhd:a:n:D:N" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ v) args=$args" -v";;
+ N) args=$args" -N";;
+ d) args=$args" -d $OPTARG";;
+ a) args=$args" -a $OPTARG"
+ dir="set";;
+ n) args=$args" -n $OPTARG"
+ be="set";;
+ h) echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a \
db_instance_directory" + exit 0;;
+ D) args=$args" -D $OPTARG";;
+ ?) echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a \
db_instance_directory" + exit 1;;
+ esac
+done
+
+if [ "$be" = "" ] || [ "$dir" = "" ]; then
+ echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a db_instance_directory"
+ exit 1
+fi
+
+
+ # server id not provided, check if there is only one instance
+ inst_count=0
+ for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+ do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+ done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: $0 [-N] [-Z serverID] -n backend_instance -a \
db_instance_directory" + echo "You must supply a server instance identifier. \
Use -Z to specify instance name" + echo "Available instances: $instances"
+ exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+./ns-slapd upgradednformat -D $configdir $args
+
+rc=$?
+exit $rc
diff --git a/ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in \
b/ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in new file mode 100644
index 0000000..f03a53f
--- /dev/null
+++ b/ldap/admin/src/scripts/usn-tombstone-cleanup.pl.in
@@ -0,0 +1,237 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] [-Z serverID] [-D rootdn] { -w password | -w - | -j \
filename } -s suffix | -n backend [ -m maxusn_to_delete ]\n"); + print(STDERR " \
Opts: -D rootdn - Directory Manager\n"); + print(STDERR " : -w \
password - Directory Manager's password\n"); + print(STDERR " : -w - \
- Prompt for Directory Manager's password\n"); + print(STDERR " : -Z serverID \
- Server instance identifier\n"); + print(STDERR " : -j filename - \
Read Directory Manager's password from file\n"); + print(STDERR " : -s suffix \
- Suffix where USN tombstone entries are cleaned up\n"); + print(STDERR " : -n \
backend - Backend instance in which USN tombstone entries \n"); \
+ print(STDERR " are cleaned up (alternative to \
suffix)\n"); + print(STDERR " : -m maxusn_to_delete - USN tombstone entries \
are deleted up to \n"); + print(STDERR " the entry \
with maxusn_to_delete\n"); + print(STDERR " : -v - \
verbose\n"); +}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$args = "";
+$suffix_arg = "";
+$backend_arg = "";
+$maxusn_arg = "";
+$verbose = 0;
+$host = "";
+$port = "";
+$first = "yes";
+$prefix = DSUtil::get_prefix();
+
+$ENV{'PATH'} = "$prefix@ldaptool_bindir@:$prefix/usr/bin:@ldaptool_bindir@:/usr/bin";
+
+DSUtil::libpath_add("$prefix@nss_libdir@");
+DSUtil::libpath_add("$prefix/usr/lib");
+DSUtil::libpath_add("@nss_libdir@");
+DSUtil::libpath_add("/usr/lib");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+$i = 0;
+while ($i <= $#ARGV)
+{
+ if ("$ARGV[$i]" eq "-s")
+ {
+ # suffix
+ $i++; $suffix_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-n")
+ {
+ # backend
+ $i++; $backend_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-m")
+ {
+ # max usn
+ $i++; $maxusn_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-D")
+ {
+ # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-w")
+ {
+ # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-j")
+ {
+ # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-Z")
+ {
+ # Server instance identifier
+ $i++; $servid = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-h")
+ {
+ # help
+ &usage; exit(0);
+ }
+ elsif ("$ARGV[$i]" eq "-v")
+ {
+ # verbose
+ $verbose = 1;
+ }
+ else
+ {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+
+opendir(DIR, "$prefix/etc/sysconfig");
+@files = readdir(DIR);
+foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+}
+
+if($servid eq ""){
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+@info = DSUtil::get_missing_info($prefix, $servid, $instances, $host, $port, \
$rootdn); +
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("@sttyexec@ -echo") if -t STDIN;
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("@sttyexec@ echo") if -t STDIN;
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $info[2] eq "" || $passwd eq "" )
+{
+ &usage;
+ exit(1);
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "usn_cleanup_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=USN tombstone cleanup task, cn=tasks, cn=config\n";
+$misc = "objectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+
+if ( $suffix_arg eq "" && $backend_arg eq "" )
+{
+ &usage;
+ exit(1);
+}
+elsif ( $suffix_arg ne "" )
+{
+ $args = "suffix: $suffix_arg\n";
+}
+else
+{
+ $args = "backend: $backend_arg\n";
+}
+
+if ( $maxusn_arg ne "" )
+{
+ $args = $args . "maxusn_to_delete: $maxusn_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${args}";
+open(FOO, "| ldapmodify @ldaptool_opts@ $vstr -h $info[0] -p $info[1] -D \
\"$info[2]\" -w \"$passwd\" -a" ); +print(FOO "$entry");
+close(FOO);
diff --git a/ldap/admin/src/scripts/verify-db.pl.in \
b/ldap/admin/src/scripts/verify-db.pl.in new file mode 100644
index 0000000..bff8a2e
--- /dev/null
+++ b/ldap/admin/src/scripts/verify-db.pl.in
@@ -0,0 +1,303 @@
+#!@perlexec@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+use lib qw(@perlpath@);
+use DSUtil;
+
+sub usage
+{
+ print "Usage: $0 [-Z serverID] [ -a <fullpath_to_db_dir> ]\n";
+}
+
+# getDbDir checks up to 4 levels of db dirs
+# e.g., <server_inst_dir>/db/<backend_instance_dir>/<subdir>
+sub getDbDir
+{
+ (my $here) = @_;
+ my @dbdirs = ();
+
+ opendir(DIR0, $here) or die "can't opendir $here : $!";
+ while (defined(my $file0 = readdir(DIR0)))
+ {
+ if ( "$file0" eq "\." || "$file0" eq "\.\." )
+ {
+ ;
+ }
+ elsif ( "$file0" eq "DBVERSION" )
+ {
+ $#dbdirs++;
+ $dbdirs[$#dbdirs] = $here;
+ }
+ elsif ( -d $here . "/" . $file0 )
+ {
+ opendir(DIR1, $here . "/" . $file0) or die "can't opendir $file0 : $!";
+ while (defined(my $file1 = readdir(DIR1)))
+ {
+ if ( "$file1" eq "\." || "$file1" eq "\.\." )
+ {
+ ;
+ }
+ elsif ( "$file1" eq "DBVERSION" )
+ {
+ $#dbdirs++;
+ $dbdirs[$#dbdirs] = $here . "/" . $file0;
+ }
+ elsif ( -d $here . "/" . $file0 . "/" . $file1 )
+ {
+ opendir(DIR2, $here . "/" . $file0 . "/" . $file1) or die "can't opendir \
$file1 : $!"; + while (defined(my $file2 = readdir(DIR2)))
+ {
+ if ( "$file2" eq "\." || "$file2" eq "\.\." )
+ {
+ ;
+ }
+ elsif ("$file2" eq "DBVERSION")
+ {
+ $#dbdirs++;
+ $dbdirs[$#dbdirs] = $here . "/" . $file0 . "/" . $file1;
+ }
+ elsif ( -d $here . "/" . $file0 . "/" . $file1 . "/" . $file2 )
+ {
+ opendir(DIR3, $here . "/" . $file0 . "/" . $file1 . "/" . $file2) or \
die "can't opendir $file1 : $!"; + while (defined(my $file3 = \
readdir(DIR3))) + {
+ if ( "$file3" eq "\." || "$file3" eq "\.\." )
+ {
+ ;
+ }
+ elsif ("$file3" eq "DBVERSION")
+ {
+ $#dbdirs++;
+ $dbdirs[$#dbdirs] = $here . "/" . $file0 . "/" . $file1 . "/" . \
$file2; + }
+ }
+ closedir(DIR3);
+ }
+ }
+ closedir(DIR2);
+ }
+ }
+ closedir(DIR1);
+ }
+ }
+ closedir(DIR0);
+
+ return \@dbdirs;
+}
+
+sub getLastLogfile
+{
+ (my $here) = @_;
+ my $logfile = "";
+
+ opendir(DIR, $here) or die "can't opendir $here : $!";
+ while (defined($file = readdir(DIR)))
+ {
+ if ($file =~ /log./)
+ {
+ $logfile = $file;
+ }
+ }
+ closedir(DIR);
+
+ return \$logfile;
+}
+
+$isWin = -d '\\';
+if ($isWin) {
+ $NULL = "nul";
+} else {
+ $NULL = "/dev/null";
+}
+
+my $i = 0;
+$startpoint = "";
+$prefix = DSUtil::get_prefix();
+
+while ($i <= $#ARGV) {
+ if ( "$ARGV[$i]" eq "-a" ) { # path to search the db files
+ $i++; $startpoint = $ARGV[$i];
+ } elsif ( "$ARGV[$i]" eq "-Z" ) { # server instance identifier
+ $i++; $servid = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-h") { # help
+ &usage; exit(0);
+ } else {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+$first = "yes";
+if($servid eq ""){
+ opendir(DIR, "$prefix/etc/sysconfig");
+ @files = readdir(DIR);
+ foreach $file (@files){
+ if($file =~ /^dirsrv-/ && $file ne "dirsrv-admin"){
+ $instance_count++;
+ if($file =~ /dirsrv-(.*)/){
+ if($first eq "yes"){
+ $instances=$1;
+ $first = "no";
+ } else {
+ $instances=$instances . ", $1";
+ }
+ $name = $1;
+ }
+ }
+ }
+ if ($instance_count == 1){
+ $servid = $name;
+ } else {
+ &usage;
+ print "You must supply a server instance identifier. Use -Z to specify \
instance name\n"; + print "Available instances: $instances\n";
+ exit (1);
+ }
+} elsif ($servid =~ /^dirsrv-/){
+ # strip off "dirsrv-"
+ $servid =~ s/^dirsrv-//;
+} elsif ($servid =~ /^slapd-/){
+ # strip off "slapd-"
+ $servid =~ s/^slapd-//;
+}
+
+print("*****************************************************************\n");
+print("verify-db: This tool should only be run if recovery start fails\n" .
+ "and the server is down. If you run this tool while the server is\n" .
+ "running, you may get false reports of corrupted files or other\n" .
+ "false errors.\n");
+print("*****************************************************************\n");
+
+if ( "$startpoint" eq "" ) {
+ $startpoint = "$prefix/var/lib/dirsrv/slapd-$servid/db";
+}
+# get dirs having DBVERSION
+my $dbdirs = getDbDir($startpoint);
+
+$ENV{'PATH'} = "@libdir@/dirsrv/slapd-$servid:$prefix@db_bindir@:$prefix/usr/bin:@db_bindir@:/usr/bin";
+
+DSUtil::libpath_add("@db_libdir@");
+DSUtil::libpath_add("@libdir@");
+
+$ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+
+# Check transaction logs by db_printlog
+for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++)
+{
+ my $logfile = getLastLogfile($$dbdirs[$i]);
+
+ if ( "$$logfile" ne "" )
+ {
+ # run db_printlog -h <dbdir> for each <dbdir>
+ print "Verify log files in $$dbdirs[$i] ... ";
+ open(PRINTLOG, "db_printlog -h $$dbdirs[$i] 2>&1 1> $NULL |");
+ sleep 1;
+ my $haserr = 0;
+ while ($l = <PRINTLOG>)
+ {
+ if ("$l" ne "")
+ {
+ if ($haserr == 0)
+ {
+ print "\n";
+ }
+ print "LOG ERROR: $l";
+ $haserr++;
+ }
+ }
+ close(PRINTLOG);
+ if ($haserr == 0 && $? == 0)
+ {
+ print "Good\n";
+ }
+ else
+ {
+ print "Log file(s) in $$dbdirs[$i] could be corrupted.\n";
+ print "Please delete a log file $$logfile, and try restarting the server.\n";
+ }
+ }
+}
+
+# Check db files by db_verify
+print "Verify db files ... ";
+open(DBVERIFY, "dbverify -Z $servid 2>&1 1> $NULL |");
+sleep 1;
+my $bad_index = 0;
+my $bad_id2entry = 0;
+my $isfirst = 1;
+while ($l = <DBVERIFY>)
+{
+ if ($isfirst)
+ {
+ print "\n";
+ $isfirst = 0;
+ }
+ if ("$l" =~ /verify failed/)
+ {
+ if ("$l" =~ /id2entry.db/)
+ {
+ $bad_id2entry++;
+ }
+ else
+ {
+ $bad_index++;
+ }
+ }
+ print "$l";
+}
+close(DBVERIFY);
+
+if ($bad_id2entry > 0)
+{
+ print "\nFound the db was corrupted\n";
+ print "Please restore your backup and recover the database.\n";
+ exit(1);
+}
+elsif ($bad_index > 0)
+{
+ print "\nFound the index file(s) was corrupted\n";
+ print "Please run db2index on the corrupted index\n";
+ exit(1);
+}
+else
+{
+ print "Good\n";
+ exit(0);
+}
diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in
new file mode 100755
index 0000000..4f0c693
--- /dev/null
+++ b/ldap/admin/src/scripts/vlvindex.in
@@ -0,0 +1,110 @@
+#!/bin/sh
+
+libpath_add() {
+ [ -z "$1" ] && return
+ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$1
+}
+
+server_dir="@libdir@/dirsrv/"
+SCRIPT=$(readlink -f $0)
+SCRIPTPATH=$(dirname $SCRIPT)
+if [ $SCRIPTPATH == "/usr/sbin" ]
+then
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/usr\/sbin//'`
+ server_sbin="/usr/sbin"
+else
+ prefix=`echo "$SCRIPTPATH" | sed -e 's/\/sbin//'`
+ server_sbin=$prefix"/sbin"
+fi
+
+libpath_add "$server_dir"
+libpath_add "$prefix@nss_libdir@"
+libpath_add "$prefix@libdir@"
+libpath_add "@libdir@"
+libpath_add "@nss_libdir@"
+libpath_add "$prefix@pcre_libdir@"
+
+export LD_LIBRARY_PATH
+SHLIB_PATH=$LD_LIBRARY_PATH
+export SHLIB_PATH
+
+first="yes"
+args=""
+while getopts "Z:vd:a:t:T:Sn:s:x:hD:" flag
+do
+ case $flag in
+ Z) servid=$OPTARG;;
+ v) args=$args" -v";;
+ s) args=$args" -s $OPTARG";;
+ d) args=$args" -d $OPTARG";;
+ a) args=$args" -a $OPTARG";;
+ t) args=$args" -t $OPTARG";;
+ T) args=$args" -T $OPTARG";;
+ S) args=$args" -S";;
+ n) args=$args" -n $OPTARG";;
+ x) args=$args" -x $OPTARG";;
+ D) args=$args" -D $OPTARG";;
+ h) echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s \
includesuffix}* -T attribute" + echo Note: either \"-n backend_instance\" \
or \"-s includesuffix\" are required. + exit 0;;
+ ?) echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s \
includesuffix}* -T attribute" + echo Note: either \"-n backend_instance\" \
or \"-s includesuffix\" are required. + exit 1;;
+ esac
+done
+
+# server id not provided, check if there is only one instance
+inst_count=0
+for i in `ls $prefix/etc/sysconfig/dirsrv-* 2>/dev/null`
+do
+ if [ $i != '$prefix/etc/sysconfig/dirsrv-admin' ]
+ then
+ inst_count=`expr $inst_count + 1`
+ id=$(expr "$i" : ".*dirsrv-\([^)]*\).*")
+ if [ $first == "yes" ]
+ then
+ instances=$id
+ first="no"
+ else
+ instances=$instances", $id"
+ fi
+ name=$id
+ fi
+done
+
+if [ -z $servid ]
+then
+ if [ $inst_count -eq 1 ]
+ then
+ servid=$name
+ else
+ # error
+ echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s \
includesuffix}* -T attribute" + echo "You must supply a server instance \
identifier. Use -Z to specify instance name" + echo "Available instances: \
$instances" + exit 1
+ fi
+elif [ $servid == slapd-* ]
+then
+ servid=`echo "$servid" | sed -e 's/slapd-//'`
+elif [ $servid == dirsrv-* ]
+then
+ servid=`echo "$servid" | sed -e 's/dirsrv-//'`
+fi
+configdir="$prefix/etc/dirsrv/slapd-$servid"
+if ! [ -a $configdir ]
+then
+ echo "Invalid server identifier: $servid"
+ echo "Available instances: $instances"
+ exit 1
+fi
+
+cd $server_sbin
+if [ $# -lt 4 ]
+then
+ echo "Usage: vlvindex [-Z serverID] -n backend_instance | {-s includesuffix}* -T \
attribute" + echo Note: either \"-n backend_instance\" or \"-s includesuffix\" are \
required. + exit 1
+fi
+
+./ns-slapd db2index -D $configdir $args
diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c
index 14befbd..675279c 100644
--- a/ldap/servers/slapd/entry.c
+++ b/ldap/servers/slapd/entry.c
@@ -4108,8 +4108,8 @@ slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry \
**curr_entries, slapi_entry_clear_flag(*cep, SLAPI_ENTRY_FLAG_DIFF_IN_BOTH);
} else {
rval = 1;
-
- LDAPDebug(LDAP_DEBUG_ANY, "Del %sEntry %s\n",
+
+ LDAPDebug(LDAP_DEBUG_ANY, "Del %sEntry %s\n",
my_logging_prestr, slapi_entry_get_dn_const(*cep), 0);
if (testall)
--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic