Hi David, hi Alan, I've the nearly same approach, well done for these scripts ;) (I did about the same).
But don't you think it would be far easier to do this kind of things: * remove-ds-admin.pl -y -f -y * yum remove -y 389-ds-base-base-libs * yum install 389-ds 389-admin 389-adminutil * setup-ds-admin.pl -s -f /tmp/ldap.inf * stuff... But that would be a 389-ds task Regards, 2016-01-10 18:54 GMT+01:00 David Barr <[email protected]>: > I have a straight up bash script at > https://github.com/dafydd2277/systemAdmin/blob/master/ldap/99_389dsCleanInstall.sh > that > exactly this. You're welcome to use as a starting point. > > David > > > On Jan 10, 2016, at 08:43, Charlie Mordant <[email protected]> wrote: > > Hi census experts! > > At first, I wanted to thank you for that wonderful technology, providing > secure (tls ready, acl ready, clusterable) product: you're the only one > driving annuary (directory) as mature as this. > > I'm encountering an untraditional issue: I'm trying to make a kind of > cloud service all ldap centric: all my services are consuming ldap to give > user credentials (jenkins, webmail, nexus, etc...). > > I'm able to make a first-time ldap installation that fits all my needs but > not able to makes it repeatable. > > The issues are that: > * docker image are really difficult to tackle: > mains parts are on the same db: netscaperoot things, ssl > configuration, maxbersize, as well as the users db (dc=mydn, dc=people), so > splitting concerns are difficult. > * remove-ds.pl then setup-ds.pl does not make admin-ds recognizable > within the new ldap. > * remove-ds-admin.pl removes some rpm mandatory files, so yum erase > (389-ds-base, 389-admin, 389-adminutil), yum install is mandatory (but it > looks like its not sufficient, and can cause some side effect: removing > other deps). > > So how can I make a repeatable 389 install? > What I want to achieve: > * Install a 389 server importing a personal CA and certs > * Securizing access (my cloud has prices depending on the number of users) > so my cloud adds users to 'dc=mycompany,ou=people, ou=company' but company > can add users to 'dc=mycompany,ou=people, ou=webmail,ou=contacts' > * Making it repeatable (exporting contacts data, yum erase 389-ds, yum > install 389-ds then configure stuff and importing contacts data should > lead to the same result as before), and I'm not able to do that after 3 > month of work. > > I've a sample Opscode Chef recipe mounting all this stuff, but > re-provisioning machine leads to errors, I can give access to one of your > dev if wanted. > > Can 389 can be improved to uninstall ds then reinstall an installation > (without the admin things) and being as complete as before? > > > Best regards > > -- > Charlie Mordant > > Full OSGI/EE stack made with Karaf: > https://github.com/OsgiliathEnterprise/net.osgiliath.parent > -- > 389 users mailing list > 389-users@%(host_name)s > > http://lists.fedoraproject.org/admin/lists/[email protected] > > > -- > > David - Offbeat > dafydd - Online http://pgp.mit.edu/ > > ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- > > The most dangerous phrase is, 'We've always done it this way.' –RADM Grace > Hopper > > > -- > 389 users mailing list > 389-users@%(host_name)s > > http://lists.fedoraproject.org/admin/lists/[email protected] > -- Charlie Mordant Full OSGI/EE stack made with Karaf: https://github.com/OsgiliathEnterprise/net.osgiliath.parent
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/[email protected]
