Versions Compared

Old Version 41

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 42

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Install the mit-moira RPM; the daemon uses the blanche client.
  • yum install perl-LDAP (This will also bring in perl-IO-Socket-SSL and perl-Net-SSLeay as dependencies)
  • yum install perl-Convert-ASN1
  • Unpack the cams-ldap binary tarball, from the root directory:
    No Format
    # cd /
# tar xzf /path/to/cams-ldap.tgz
  • Make sure the trigger library is configured for the run-time linker (required for mysqld to be able to load it):
    No Format
    # echo "/usr/local/cams/lib" > /etc/ld.so.conf.d/cams-ldap.conf
# ldconfig
  • On the slave only, disable the cron job which purges the Cams Moira list:
    No Format
    # rm /etc/cron.d/cams-ldap
  • Install a daemon keytab in /usr/local/cams/ldap/keytab. It must be owned by the mysql user. The principal must be added to the from-cams-admin list, which is the owner of the from-cams list, e.g.:
    No Format
    # blanche from-cams-admin -a kerberos:daemon.idpe@ATHENA.MIT.EDU
    (For staging, add the daemon.idpe-staging principal to the list on ttsp)
  • Configure /etc/syslog.conf with the following patch; the daemon uses the LOCAL5 facility:
    No Format
    40,41c40,41
< # msql apps
< local5.info					/var/log/db
---
> # cams-ldap (originally msql apps)
> local5.*				/var/log/cams-ldap.log
    Make this change effective:
    No Format
    # kill -HUP `cat /var/run/syslogd.pid`
  • Install the configuration file /usr/local/cams/ldap/cams-ldap.conf. This file is in Perl syntax. Edit it to make sure that the usernames and passwords for DB and LDAP access are set properly ($dbuser, $dpassword, $ldap_dn, $ldap_password), and that $krb5_princ is set to the daemon principal in the keytab. Make sure that $cafile is set to point at mitCA.pem (install if not already there). Make sure the file is owned by the mysql user and only readable by the owner.
  • Make sure that the camsldap user is added to the MySQL database (see above).
  • Restart mysqld, to make sure that it can link in the trigger library.
  • Start the cams-ldap daemon, and make sure it starts at boot time:
    No Format
    # /etc/init.d/cams-ldap start
# chkconfig --add cams-ldap
    The daemon should run on both the slave and master servers; the daemon detects when it is running on the slave, and treats the trigger as a no-op.
  • Make sure the trigger function is defined properly in the database. This should be executed on the slave first; check the slave status afterward to make sure it is still running, and restart if necessary.
    No Format
    # mysql -u root -p cams < /path/to/cams-ldap-trigger.sql

...