Changeset 1677


Ignore:
Timestamp:
Sep 27, 2010, 4:45:14 PM (13 years ago)
Author:
ezyang
Message:
More updates.
Location:
branches/fc13-dev/server/doc
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/fc13-dev/server/doc/install-howto.sh

    r1676 r1677  
    3636
    3737    yum update
     38
     39# Get rid of network manager
     40    yum remove NetworkManager
    3841
    3942# Check out the scripts.mit.edu svn repository. Configure svn not to cache
     
    8487    cd /root
    8588    \cp -a etc /
     89    chmod 0440 /etc/sudoers
    8690
    8791# NOTE: You will have just lost DNS resolution and the ability
     
    308312
    309313# Ensure fcgid isn't broken (should be 755)
    310     ls -l /var/run/mod_fcgid
     314    ls -l /var/run | grep mod_fcgid
    311315
    312316# Fix etc by making sure none of our config files got overwritten
  • branches/fc13-dev/server/doc/install-ldap

    r1674 r1677  
    66  root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
    77- root# yum install -y policycoreutils-python
     8- Temporarily move away the existing slapd-scripts folder
     9  root# mv /etc/dirsrv/slapd-scripts{,.bak}
    810- root# /usr/sbin/setup-ds.pl
    911    - Choose a typical install
     
    1416    - Input directory manager password
    1517      (this can be found in  ~/.ldapvirc)
    16         [XXX: Got error: sh: semanage: command not found; turns out this is in
    17         policycoreutils-python.  Don't know if this will cause problems.]
     18- Move the schema back
     19  root# cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts
     20  root# rm -Rf /etc/dirsrv/slapd-scripts.bak
    1821- yum install ldapvi
    1922- Check if dirsrv starts: /sbin/service dirsrv start
     23  then turn it back off: service dirsrv stop
    2024- Apply the following configuration changes.  If you're editing
    2125  dse.ldif, you don't want dirsrv to be on, otherwise it will
     
    4145nsSaslMapFilterTemplate: (objectClass=posixAccount)
    4246
    43 - /sbin/service dirsrv stop
    44 - Add the scripts schemas to /var/lib/dirsrv/slapd-scripts [XXX: I don't
    45   know how to do this, but placing them in /etc might be sufficient?]
    4647- Put LDAP keytab (ldap/hostname.mit.edu) in /etc/dirsrv/keytab.  Make
    4748  sure you chown/chgrp it to be readable by fedora-ds
    4849- Uncomment and modify in /etc/sysconfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
    49 - mkdir -p /var/run/dirsrv
    5050- chown fedora-ds:fedora-ds /var/run/dirsrv
    5151- chmod 755 /var/run/dirsrv
    52 - /sbin/service dirsrv restart
    53 - Use ldapvi -b cn=config to add these indexes:
     52- /sbin/service dirsrv start
     53- Use ldapvi -b cn=config to add these indexes (8 of them):
    5454
    5555add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
     
    191191nsDS5ReplicaBindDN: uid=ldap/whole-enchilada.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
    192192nsDS5ReplicaBindDN: uid=ldap/real-mccoy.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
     193nsDS5ReplicaBindDN: uid=ldap/better-mousetrap.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
     194nsDS5ReplicaBindDN: uid=ldap/old-faithful.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
    193195# ADD SERVERS HERE AS YOU ADD NEW SERVERS
    194196nsds5ReplicaPurgeDelay: 604800
     
    200202        weren't we going to replicate from only one server?  That is
    201203        correct, however, simply binding won't mean we will receive
    202         updates; we have to setup the $MASTER to send data $SALVE.
     204        updates; we have to setup the $MASTER to send data $SLAVE.
    203205
    204206    3. Although we allowed those uids to bind, that user information
     
    224226       been one of the hosts mentioned in nsDS5ReplicaBindDN) and tell
    225227       it to replicate to $SLAVE.
     228
     229       WARNING: There is a known bug doing full updates from 1.2.6 to
     230       1.2.6, see https://bugzilla.redhat.com/show_bug.cgi?id=637852
    226231
    227232add cn="GSSAPI Replication to $SLAVE", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config
     
    240245nsDS5ReplicaTimeout: 120
    241246
    242     4. Run the replication. (you could fold this into the previous step)
     247    4. Run the replication.  This is perhaps the most risky step of
     248    the process; see below for help debugging problems.
    243249
    244250# under cn="GSSAPI Replication to $SLAVE", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config
     
    285291===============
    286292
    287 LDAP multimaster replication can fail in a number of colorful ways.
     293LDAP multimaster replication can fail in a number of colorful ways;
     294combine that with GSSAPI authentication and it goes exponential.
     295
     296If authentication is failing with LDAP error 49, check if:
     297
     298    * /etc/dirsrv/keytab
     299    * fedora-ds is able to read /etc/dirsrv/keytab
     300    * /etc/hosts has not been modified by Network Manager (you
     301      /did/ uninstall it, right? Right?)
     302
    288303If the failure is local to a single master, usually you can recover
    289304by asking another master to refresh that master with:
     
    337352ou: People
    338353
    339 add uid=ldap/real-mccoy.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
     354add uid=ldap/whole-enchilada.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
    340355objectClass: account
    341356objectClass: top
    342 uid: ldap/real-mccoy.mit.edu
     357uid: ldap/whole-enchilada.mit.edu
Note: See TracChangeset for help on using the changeset viewer.