summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-12-27 04:18:54 -0600
committerStefan Metzmacher <metze@samba.org>2007-12-26 22:21:01 -0600
commit8ff2de3f294af0f4ffd03eda015f01da13fba2dd (patch)
tree92c37b482231efb78368455f34c0be5899ee4cb7
parent6ac5221680d0a8f7f41823893d1bf90d61c392e5 (diff)
downloadsamba-8ff2de3f294af0f4ffd03eda015f01da13fba2dd.tar.gz
samba-8ff2de3f294af0f4ffd03eda015f01da13fba2dd.tar.bz2
samba-8ff2de3f294af0f4ffd03eda015f01da13fba2dd.zip
r26610: Write out a memberof.conf, to run the memberof plugin on all linked
attributes, as found in the schema. Index 'cn', as otherwise exact match searches on this attribute always fail (need to figure out what is so special about cn in OpenLDAP). Andrew Bartlett (This used to be commit 5a4a2d10bc5729d4adac4b173b0dc05e2e076c32)
-rwxr-xr-xsource4/setup/provision-backend30
-rw-r--r--source4/setup/slapd.conf5
2 files changed, 35 insertions, 0 deletions
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index b713595a7e..83fda33519 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -141,6 +141,36 @@ if (options["ldap-backend-type"] == "fedora-ds") {
} else {
slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI;
}
+
+ var ldb = ldb_init();
+ ldb.filename = tmp_schema_ldb;
+
+ var connect_ok = ldb.connect(ldb.filename);
+ assert(connect_ok);
+ var attrs = new Array("linkID", "lDAPDisplayName");
+ var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs);
+ assert(res.error == 0);
+ var memberof_config = "";
+ for (i=0; i < res.msgs.length; i++) {
+searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
+ var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName");
+ if (target != undefined) {
+ memberof_config = memberof_config + "overlay memberof
+memberof-dangling error
+memberof-refint TRUE
+memberof-group-oc top
+memberof-member-ad " + res.msgs[i].lDAPDisplayName + "
+memberof-memberof-ad " + target + "
+
+";
+ }
+ }
+ ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config);
+ if (!ok) {
+ message("failed to create file: " + f + "\n");
+ assert(ok);
+ }
+
}
var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema;
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 446facbf3d..d50e5708fb 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -31,6 +31,7 @@ index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
+index cn eq
database hdb
suffix ${CONFIGDN}
@@ -44,6 +45,7 @@ index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
+index cn eq
database hdb
suffix ${DOMAINDN}
@@ -65,9 +67,12 @@ index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
+index cn eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
+
+include ${LDAPDIR}/memberof.conf