diff --git a/doc/Installation/APSDeveloperInstallation.md b/doc/Installation/APSDeveloperInstallation.md
index 2e6d68cdf6abce89aba1589e867e9f5d738b9dba..e6cf0432d1d47bfaad5b7774861b626a8cdeabd5 100644
--- a/doc/Installation/APSDeveloperInstallation.md
+++ b/doc/Installation/APSDeveloperInstallation.md
@@ -42,6 +42,8 @@ An example of setting up the Data Management system for a developer is described
- Change directory to the root of the Data Management components
+ - Note some configuration can be changed before processing the as discussed below. There are two files **dm_dev.deploy.conf** and **dm.deploy.conf** which define some environment variables used in the scripts used to install & configure. For the test deployment, **dm_dev.deploy.conf** is used.
+
> cd ../dev
- Execute the dm/_deploy/_test/_system.sh file in the sbin directory
diff --git a/etc/aps-db-web-service.conf.template b/etc/aps-db-web-service.conf.template
index 9c7b636662f54488ed1596455f7400fefc8a060b..850f62ca30ed115b0c98ffd59b235065f48de13c 100644
--- a/etc/aps-db-web-service.conf.template
+++ b/etc/aps-db-web-service.conf.template
@@ -9,7 +9,7 @@ sslCaCertFile=DM_INSTALL_DIR/etc/ssl/cacert.pem
principalRetriever=DbPrincipalRetriever()
#principalRetriever=NoOpPrincipalRetriever()
principalAuthenticator1=CryptedPasswordPrincipalAuthenticator()
-principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='ldaps://dmid-vm.xray.aps.anl.gov:636', dnFormat='uid=%%s,ou=people,o=aps.anl.gov,dc=aps,dc=anl,dc=gov')
+principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='LDAP_SERVER_URL', dnFormat='LDAP_DN_FORMAT')
[BssClient]
bssLoginFile=DM_INSTALL_DIR/etc/dmadmin.bss.login
diff --git a/etc/cat-web-service.conf.template b/etc/cat-web-service.conf.template
index 1676880af07dfb33b504c6cef199797a4bc0edcd..1880beca0a905f7290f2704b14b5893f16788380 100644
--- a/etc/cat-web-service.conf.template
+++ b/etc/cat-web-service.conf.template
@@ -11,7 +11,7 @@ principalRetriever=dm.ds_web_service.service.auth.dsAuthPrincipalRetriever.DsAut
#principalRetriever=DbPrincipalRetriever()
#principalRetriever=NoOpPrincipalRetriever()
principalAuthenticator1=CryptedPasswordPrincipalAuthenticator()
-principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='ldaps://phoebusldap.aps.anl.gov:636', dnFormat='uid=%%s,ou=people,o=aps.anl.gov,dc=aps,dc=anl,dc=gov')
+principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='LDAP_SERVER_URL', dnFormat='LDAP_DN_FORMAT')
[MongoDbManager]
mongoDbName=dm
diff --git a/etc/daq-web-service.conf.template b/etc/daq-web-service.conf.template
index b3206abd6a1ebac7cda6a8009072f040fedd1c2d..f7ed04b3974f3086150a83a1e88637679d833455 100644
--- a/etc/daq-web-service.conf.template
+++ b/etc/daq-web-service.conf.template
@@ -11,7 +11,7 @@ principalRetriever=dm.ds_web_service.service.auth.dsAuthPrincipalRetriever.DsAut
#principalRetriever=DbPrincipalRetriever()
#principalRetriever=NoOpPrincipalRetriever()
principalAuthenticator1=CryptedPasswordPrincipalAuthenticator()
-principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='ldaps://phoebusldap.aps.anl.gov:636', dnFormat='uid=%%s,ou=people,o=aps.anl.gov,dc=aps,dc=anl,dc=gov')
+principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='LDAP_SERVER_URL', dnFormat='LDAP_DN_FORMAT')
#[SingleSignOnManager]
#sessionManager=dm.ds_web_service.service.auth.dsSessionManager.DsSessionManager()
diff --git a/etc/dm.deploy.conf b/etc/dm.deploy.conf
index 4a3b6be308d1ffd629014db522131de70f9aa3d6..c751829d9e961f90218d93b70375f3ad063b45f7 100644
--- a/etc/dm.deploy.conf
+++ b/etc/dm.deploy.conf
@@ -17,6 +17,10 @@ DM_APS_DB_WEB_SERVICE_URL=https://DM_HOSTNAME:11236
DM_SOFTWARE_VERSION=dev
LDAP_SERVER_URL='ldaps://dmid-vm.xray.aps.anl.gov:636'
LDAP_DN_FORMAT='uid=%%s,ou=people,o=aps.anl.gov,dc=aps,dc=anl,dc=gov'
+LDAP_UTIL_ADMIN_DN='uid=DM_SYSTEM_UNIX_ACCOUNT,ou=People,o=aps.anl.gov,dc=aps,dc=anl,dc=gov'
+LDAP_UTIL_ADMIN_PASSWD_FILE='DM_INSTALL_DIR/etc/DM_SYSTEM_UNIX_ACCOUNT.ldap.passwd'
+LDAP_UTIL_GROUP_DN_FORMAT='cn=%%s,ou=DM,ou=Group,o=aps.anl.gov,dc=aps,dc=anl,dc=gov'
+LDAP_UTIL_MIN_GID_NUMBER=66000
CA_ORG_NAME_0='Argonne National Laboratory'
CA_ORG_NAME_1='Advanced Photon Source'
CA_UNIT_NAME='XSD/SDM'
diff --git a/etc/dm_dev.deploy.conf b/etc/dm_dev.deploy.conf
index e94831662d49d0ae74a17230e05b4adeca8145f5..15f126ed5bcf0ff844b8e9d86c0e0b48238f132e 100644
--- a/etc/dm_dev.deploy.conf
+++ b/etc/dm_dev.deploy.conf
@@ -17,6 +17,10 @@ DM_APS_DB_WEB_SERVICE_URL=https://DM_HOSTNAME:11236
DM_SOFTWARE_VERSION=2.2.2
LDAP_SERVER_URL='ldaps://dmid-vm.xray.aps.anl.gov:636'
LDAP_DN_FORMAT='uid=%%s,ou=people,o=aps.anl.gov,dc=aps,dc=anl,dc=gov'
+LDAP_UTIL_ADMIN_DN='uid=DM_SYSTEM_UNIX_ACCOUNT,ou=People,o=aps.anl.gov,dc=aps,dc=anl,dc=gov'
+LDAP_UTIL_ADMIN_PASSWD_FILE='DM_INSTALL_DIR/etc/DM_SYSTEM_UNIX_ACCOUNT.ldap.passwd'
+LDAP_UTIL_GROUP_DN_FORMAT='cn=%%s,ou=DM,ou=Group,o=aps.anl.gov,dc=aps,dc=anl,dc=gov'
+LDAP_UTIL_MIN_GID_NUMBER=66000
CA_ORG_NAME_0='Argonne National Laboratory'
CA_ORG_NAME_1='Advanced Photon Source'
CA_UNIT_NAME='XSD/SDM'
diff --git a/etc/ds-web-service.conf.template b/etc/ds-web-service.conf.template
index e1b919a1094386c25e3286a106261a6b9a5c27f8..da1d22463cd756765e43cced96568b4dc8b81e19 100644
--- a/etc/ds-web-service.conf.template
+++ b/etc/ds-web-service.conf.template
@@ -9,7 +9,7 @@ sslCaCertFile=DM_INSTALL_DIR/etc/ssl/cacert.pem
principalRetriever=DbPrincipalRetriever()
#principalRetriever=NoOpPrincipalRetriever()
principalAuthenticator1=CryptedPasswordPrincipalAuthenticator()
-principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='ldaps://dmid-vm.xray.aps.anl.gov:636', dnFormat='uid=%%s,ou=people,o=aps.anl.gov,dc=aps,dc=anl,dc=gov')
+principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='LDAP_SERVER_URL', dnFormat='LDAP_DN_FORMAT')
[ExperimentManager]
storageDirectory=DM_STORAGE_DIR
@@ -18,7 +18,7 @@ recycleDirectory=DM_STORAGE_DIR/recycle
storageId=extrepid
manageStoragePermissions=True
#platformUtility=dm.common.utility.linuxUtility.LinuxUtility()
-platformUtility=dm.common.utility.ldapLinuxPlatformUtility.LdapLinuxPlatformUtility('ldaps://dmid-vm.xray.aps.anl.gov:636', 'uid=DM_SYSTEM_UNIX_ACCOUNT,ou=People,o=aps.anl.gov,dc=aps,dc=anl,dc=gov', 'DM_INSTALL_DIR/etc/DM_SYSTEM_UNIX_ACCOUNT.ldap.passwd', groupDnFormat='cn=%%s,ou=DM,ou=Group,o=aps.anl.gov,dc=aps,dc=anl,dc=gov', minGidNumber=66000)
+platformUtility=dm.common.utility.ldapLinuxPlatformUtility.LdapLinuxPlatformUtility(LDAP_SERVER_URL, 'LDAP_UTIL_ADMIN_DN', 'LDAP_UTIL_ADMIN_PASSWD_FILE', groupDnFormat='LDAP_UTIL_GROUP_DN_FORMAT', minGidNumber=LDAP_UTIL_MIN_GID_NUMBER)
[LdapLinuxPlatformUtility]
refreshAuthFilesCommand=
diff --git a/etc/proc-web-service.conf.template b/etc/proc-web-service.conf.template
index 504185836bf21614cc6b90294db7e2ef2c225ddb..350d97b032a7da9a431058e53cfea9cb32770685 100644
--- a/etc/proc-web-service.conf.template
+++ b/etc/proc-web-service.conf.template
@@ -11,7 +11,7 @@ principalRetriever=dm.ds_web_service.service.auth.dsAuthPrincipalRetriever.DsAut
#principalRetriever=DbPrincipalRetriever()
#principalRetriever=NoOpPrincipalRetriever()
principalAuthenticator1=CryptedPasswordPrincipalAuthenticator()
-principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='ldaps://phoebusldap.aps.anl.gov:636', dnFormat='uid=%%s,ou=people,o=aps.anl.gov,dc=aps,dc=anl,dc=gov')
+principalAuthenticator2=LdapPasswordPrincipalAuthenticator(serverUrl='LDAP_SERVER_URL', dnFormat='LDAP_DN_FORMAT')
[ExecutionEngine]
nExecutionThreads=3
diff --git a/sbin/dm_deploy_aps_db_web_service.sh b/sbin/dm_deploy_aps_db_web_service.sh
index ea6ee92b1543fc69db8c3e0609570b685f59372c..d51b1ae55f3e2d0f2c79a50819df629586e63f85 100755
--- a/sbin/dm_deploy_aps_db_web_service.sh
+++ b/sbin/dm_deploy_aps_db_web_service.sh
@@ -141,8 +141,8 @@ if [ ! -f $DM_WEB_SERVICE_CONFIG_FILE ]; then
| sed 's?DM_DS_WEB_SERVICE_URL?$DM_DS_WEB_SERVICE_URL?g' \
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
| sed 's?DM_DB_NAME?$DM_DB_NAME?g' \
- | sed 's?LDAP_SERVER_URL?LDAP_SERVER_URL?g' \
- | sed 's?LDAP_DN_FORMAT?LDAP_DN_FORMAT?g' \
+ | sed 's?LDAP_SERVER_URL?$LDAP_SERVER_URL?g' \
+ | sed 's?LDAP_DN_FORMAT?$LDAP_DN_FORMAT?g' \
> $DM_WEB_SERVICE_CONFIG_FILE"
eval $cmd || exit 1
else
diff --git a/sbin/dm_deploy_cat_web_service.sh b/sbin/dm_deploy_cat_web_service.sh
index ae1a2a422fad25a524c3615b279fd8213c2b9b01..95d47ef690f6ec6cd088a80b5388687691a2123b 100755
--- a/sbin/dm_deploy_cat_web_service.sh
+++ b/sbin/dm_deploy_cat_web_service.sh
@@ -1,3 +1,4 @@
+pwd
#!/bin/sh
#
@@ -149,8 +150,8 @@ if [ ! -f $DM_WEB_SERVICE_CONFIG_FILE ]; then
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
| sed 's?DM_DB_NAME?$DM_DB_NAME?g' \
| sed 's?DM_STATION_NAME?$DM_CAT_STATION_NAME?g' \
- | sed 's?LDAP_SERVER_URL?LDAP_SERVER_URL?g' \
- | sed 's?LDAP_DN_FORMAT?LDAP_DN_FORMAT?g' \
+ | sed 's?LDAP_SERVER_URL?$LDAP_SERVER_URL?g' \
+ | sed 's?LDAP_DN_FORMAT?$LDAP_DN_FORMAT?g' \
> $DM_WEB_SERVICE_CONFIG_FILE"
eval $cmd || exit 1
else
diff --git a/sbin/dm_deploy_daq_web_service.sh b/sbin/dm_deploy_daq_web_service.sh
index a2c8f9942b9d96f76e51da0f025f73e71f1a62f3..6d5bda4136d188f1962ad0f8b94e21d4849f7e4e 100755
--- a/sbin/dm_deploy_daq_web_service.sh
+++ b/sbin/dm_deploy_daq_web_service.sh
@@ -149,8 +149,8 @@ if [ ! -f $DM_WEB_SERVICE_CONFIG_FILE ]; then
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
| sed 's?DM_DB_NAME?$DM_DB_NAME?g' \
| sed 's?DM_STATION_NAME?$DM_DAQ_STATION_NAME?g' \
- | sed 's?LDAP_SERVER_URL?LDAP_SERVER_URL?g' \
- | sed 's?LDAP_DN_FORMAT?LDAP_DN_FORMAT?g' \
+ | sed 's?LDAP_SERVER_URL?$LDAP_SERVER_URL?g' \
+ | sed 's?LDAP_DN_FORMAT?$LDAP_DN_FORMAT?g' \
> $DM_WEB_SERVICE_CONFIG_FILE"
eval $cmd || exit 1
else
diff --git a/sbin/dm_deploy_ds_web_service.sh b/sbin/dm_deploy_ds_web_service.sh
index df454ca9abd7f36544d501aae6843d849e09da99..5d54c2ae78c5072b9c59108f87b1f0845b2979d8 100755
--- a/sbin/dm_deploy_ds_web_service.sh
+++ b/sbin/dm_deploy_ds_web_service.sh
@@ -121,19 +121,26 @@ mkdir -p $DM_STORAGE_DIR || exit 1
echo "Checking service configuration file"
if [ ! -f $DM_WEB_SERVICE_CONFIG_FILE ]; then
echo "Generating service config file"
+ # Note that order matters here. Some bits of LDAP_UTIL_... need further substitution
+ # from DM_SYSTEM_UNIX_ACCOUNT & DM_INSTALL_DIR which must come after the LDAP_UTIL...
+ # substitutions
cmd="cat $DM_ROOT_DIR/etc/$DM_WEB_SERVICE_DAEMON.conf.template \
| sed 's?servicePort=.*?servicePort=$DM_DS_WEB_SERVICE_PORT?g' \
| sed 's?sslCaCertFile=.*?sslCaCertFile=$DM_CA_CERT_FILE?g' \
| sed 's?sslCertFile=.*?sslCertFile=$DM_WEB_SERVICE_CERT_FILE?g' \
| sed 's?sslKeyFile=.*?sslKeyFile=$DM_WEB_SERVICE_KEY_FILE?g' \
| sed 's?handler=TimedRotatingFileLoggingHandler.*?handler=TimedRotatingFileLoggingHandler(\"$DM_WEB_SERVICE_LOG_FILE\")?g' \
+ | sed 's?LDAP_UTIL_ADMIN_DN?$LDAP_UTIL_ADMIN_DN?g \
+ | sed 's?LDAP_UTIL_UTIL_ADMIN_PASSWD_FILE?$LDAP_UTIL_ADMIN_PASSWD_FILE?g' \
+ | sed 's?LDAP_UTIL_GROUP_DN_FORMAT?$LDAP_UTIL_GROUP_DN_FORMAT?g' \
+ | sed 's?LDAP_UTIL_MIN_GID_NUMBER?$LDAP_UTIL_MIN_GID_NUMBER?g' \
| sed 's?DM_STORAGE_DIR?$DM_STORAGE_DIR?g' \
| sed 's?DM_INSTALL_DIR?$DM_INSTALL_DIR?g' \
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
| sed 's?DM_DB_NAME?$DM_DB_NAME?g' \
| sed 's?DM_SYSTEM_UNIX_ACCOUNT?$DM_SYSTEM_UNIX_ACCOUNT?g' \
- | sed 's?LDAP_SERVER_URL?LDAP_SERVER_URL?g' \
- | sed 's?LDAP_DN_FORMAT?LDAP_DN_FORMAT?g' \
+ | sed 's?LDAP_SERVER_URL?$LDAP_SERVER_URL?g' \
+ | sed 's?LDAP_DN_FORMAT?$LDAP_DN_FORMAT?g' \
> $DM_WEB_SERVICE_CONFIG_FILE"
eval $cmd || exit 1
else
diff --git a/sbin/dm_deploy_proc_web_service.sh b/sbin/dm_deploy_proc_web_service.sh
index 8e8eac5e2ec481bc89fb68a7b0ae9ba17c5739d2..281d834d98dc5f458d1a2bd2250288556be8e4f0 100755
--- a/sbin/dm_deploy_proc_web_service.sh
+++ b/sbin/dm_deploy_proc_web_service.sh
@@ -149,8 +149,8 @@ if [ ! -f $DM_WEB_SERVICE_CONFIG_FILE ]; then
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
| sed 's?DM_DB_NAME?$DM_DB_NAME?g' \
| sed 's?DM_STATION_NAME?$DM_PROC_STATION_NAME?g' \
- | sed 's?LDAP_SERVER_URL?LDAP_SERVER_URL?g' \
- | sed 's?LDAP_DN_FORMAT?LDAP_DN_FORMAT?g' \
+ | sed 's?LDAP_SERVER_URL?$LDAP_SERVER_URL?g' \
+ | sed 's?LDAP_DN_FORMAT?$LDAP_DN_FORMAT?g' \
> $DM_WEB_SERVICE_CONFIG_FILE"
eval $cmd || exit 1
else