Changes between Version 4 and Version 5 of ALL__accounts_roles

Timestamp:

11/13/14 15:15:34 (10 years ago)

Author:

lttoth@…

Comment:

Final Formatted Version of document

ALL__accounts_roles

@@ -95 +95 @@
 == UNIX GROUPS AND MEMBER ACCOUNTS ==
        === Directory Server Groups ===
+       Accounts associated with these groups are italicized.
+
         ==== group: iplanet     ====
-                default group of iplanet account
+                Default group of //iplanet// account
 
         ==== group: ldapgw ==== 
-                default group of ldapgw account
+                Default group of //ldapgw// account
 
         ==== group: updategw ====
-                group used by iplanet to expose files that must be visible to 'nobody' 
-                (future) group used by sxldap to expose files that must be visible to 'nobody'
-                (owner of Apache processes) when executing update process CGI scripts
-
+                * Group used by //iplanet// to expose files that must be visible to //'nobody'//
+                * Group used by //sxldap// to expose files that must be visible to //'nobody'//
+                * Owner of Apache processes when executing update process CGI scripts
 
         ==== group: edirgw ====
-                group used by ldapgw to expose files that must be visible to 'nobody' 
-                (owner of Apache processes) when executing gateway CGI scripts
+                * Group used by //ldapgw// to expose files that must be visible to //'nobody'// 
+                * Owner of Apache processes when executing gateway CGI scripts
 
 === Directory Server Accounts  ===
@@ -141 +142 @@
                         * <<directory servers>> iplanet
         
-        ==== account: //iplanet// ====  
-        UNIX account owning iPlanet directory and web update processes.  
+        ==== account: //iplanet// ====
+UNIX account owning iPlanet directory and web update processes.   
                 * Directory Locations
-                        ~iplanet/EDIR[TEST|PREP|PROD]/
-                        ~iplanet/AUTH[TEST|PREP|PROD]/
+                        * ~iplanet/EDIR[TEST|PREP|PROD]/
+                        * ~iplanet/AUTH[TEST|PREP|PROD]/
                 * All directory maintenance related source code is stored under this account 
-                        ~iplanet/local/ldap/
+                        * ~iplanet/local/ldap/
                 * .shosts file must allow access by
-                        <<registry servers>>    sxldap
+                        * <<registry servers>>  sxldap
                 * Group membership
                   * iplanet - primary group
                   * other  
                   * edirgw 
-                   * associated with files visible to all parties supporting gateways
+                    * associated with files visible to all parties supporting gateways
                   * updategw 
-                   * associated with password files read by CGI scripts 
-                   * any files opened during execution of CGI scripts 
-                   * <GW>/ldap/web/log directory where output is written
+                    * associated with password files read by CGI scripts 
+                    * any files opened during execution of CGI scripts 
+                    * <GW>/ldap/web/log directory where output is written
         
         ==== account: //nobody// ====   
@@ -183 +184 @@
                     * facilitate transfer of LDIF to uaasynch account
 
-                Note: Production "style" elements are copied from preproduction to the gateway 
+                '''Note:''' Production "style" elements are copied from preproduction to the gateway 
                 directories; no reliance on links.
         
@@ -190 +191 @@
 
         ==== group: SWLDAP ====
-                group used to share output of registry database batch processes where output is 
+                Group used to share output of registry database batch processes where output is 
                 owned by oracle and written to /tmp
 
@@ -204 +205 @@
 UNIX account under which EDIR Banner Extract processing occurs and from which registry generated LDIF originates.  All EDIR registry related source code is stored under this account. 
         
-                Master - eklutna:~sxldap/local/ldap/
-        
-                sxldap must be listed in ~iplanet/.shosts file to facilitate transfer 
-                and application of registry generated LDIF
-        
-                member of group SWLDAP (primary group)
-                member of group UA_Korn
-
-        
-
-ORACLE ACCOUNTS/ROLES
-=====================
-
-        account: OPS$SXLDAP
-                Oracle schema owning EDIR registry and performing EDIR Banner Extract
-                processing.
-        
-                granted role CONNECT 
-                granted role LDAP_ROLE (role to which oracle SYS privs are granted)
-        
-                Note: Table grants are made directly to the OPS$SXLDAP account which 
+                * Master - eklutna:~sxldap/local/ldap/
+        
+                * sxldap must be listed in ~iplanet/.shosts file to facilitate transfer and application of registry generated LDIF
+                * Group Membership
+                  * group SWLDAP (primary group)
+                  * group UA_Korn
+
+        
+
+== ORACLE ACCOUNTS AND ROLES ==
+
+        === account: //OPS$SXLDAP// ===
+Oracle schema owning EDIR registry and performing EDIR Banner Extract processing.
+                * Roles 
+                  * Granted role CONNECT 
+                  * Granted role LDAP_ROLE (role to which oracle SYS privs are granted)
+        
+                '''Note:''' Table grants are made directly to the OPS$SXLDAP account which 
                 in turn creates objects referencing those accounts.  See the following
                 files on toklat: 
@@ -230 +228 @@
                         /ODS/product/PROD/bin/grant_*_to_sxldap.sql
 
-        account: EDIR_GATEWAY
+        === account: //EDIR_GATEWAY// ===
                 Oracle schema granted execute and select privilege on OPS$SXLDAP owned 
                 registry procedures and views.
@@ -236 +234 @@
                 granted role EDIR_ROLE
 
-        role: EDIR_ROLE
+        === role: EDIR_ROLE ===
                 Oracle role to which ops$sxldap can grant privileges so that EDIR_GATEWAY
                 has access.
 
-                Note: Historically, all grants on OPS$SXLDAP objects are made to the 
+                '''Note:''' Historically, all grants on OPS$SXLDAP objects are made to the 
                 EDIR_GATEWAY via the SQL source scripts for creating the objects.  We haven't
-                been utilizing the role.  See summit:~sxldap/local/ldap/registry/*.sql
-
-        
-##############
-CHANGE HISTORY
-##############
-20071031 elm    added section about oracle_[en|dis]able_updates.ksh scripts
-20081114 elm    added reference to credentials, roles, ACIs soon to be associated 
-                with update back end under sxldap ownership rather than iplanet ownership
-
-(eof)   
+                been utilizing the role.  See eklutnat:~sxldap/local/ldap/registry/*.sql
+
+        
+########################################################[[br]]
+LEGACY CHANGE HISTORY - '''NOTE:''' All subsequent changes are recorded in TracWiki[[br]]
+########################################################[[br]]
+20071031 elm    added section about oracle_[en|dis]able_updates.ksh scripts[[br]]
+20081114 elm    added reference to credentials, roles, ACIs soon to be associated with update back end under sxldap ownership rather than iplanet ownership