summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-03-15 19:03:04 +1100
committerAndrew Bartlett <abartlet@samba.org>2008-03-15 19:03:04 +1100
commitd7299d82c31f08750d5d378b0e1f0226dbff5d05 (patch)
tree69913c8259839e2c34ceaceab26ccfb0d0adfeae
parent2fd59920381ea81734565637adcec96e5668ef86 (diff)
downloadsamba-d7299d82c31f08750d5d378b0e1f0226dbff5d05.tar.gz
samba-d7299d82c31f08750d5d378b0e1f0226dbff5d05.tar.bz2
samba-d7299d82c31f08750d5d378b0e1f0226dbff5d05.zip
Rework memberof handling in slapd.conf (used for OpenLDAP backend)
Instead of using an include file, put the generated configurationd directly into slapd.conf. Andrew Bartlett (This used to be commit 95ac786136aebfe5ededeb3fb81cbd4e296e3988)
-rw-r--r--source4/scripting/python/samba/provision.py41
-rw-r--r--source4/setup/slapd.conf8
2 files changed, 24 insertions, 25 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 25316e888a..47d00f8871 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1173,27 +1173,10 @@ def provision_backend(setup_dir=None, message=None,
mapping = "schema-map-fedora-ds-1.0"
backend_schema = "99_ad.ldif"
elif ldap_backend_type == "openldap":
- setup_file(setup_path("slapd.conf"), paths.slapdconf,
- {"DNSDOMAIN": names.dnsdomain,
- "LDAPDIR": paths.ldapdir,
- "DOMAINDN": names.domaindn,
- "CONFIGDN": names.configdn,
- "SCHEMADN": names.schemadn,
- "LDAPMANAGERDN": names.ldapmanagerdn,
- "LDAPMANAGERPASS": adminpass})
- setup_file(setup_path("modules.conf"), paths.modulesconf,
- {"REALM": names.realm})
-
- setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "user"))
- setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "config"))
- setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "schema"))
- mapping = "schema-map-openldap-2.3"
- backend_schema = "backend-schema.schema"
-
attrs = ["linkID", "lDAPDisplayName"]
res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs);
- memberof_config = "# This is a generated file, do not edit!\n";
+ memberof_config = "# Generated from schema in " + schemadb_path + "\n";
refint_attributes = "";
for i in range (0, len(res)):
linkid = res[i]["linkID"][0]
@@ -1219,10 +1202,24 @@ memberof-dangling-error 32
overlay refint
refint_attributes""" + refint_attributes + "\n";
- if os.path.exists(paths.memberofconf):
- os.unlink(paths.memberof.conf)
-
- open(paths.memberofconf, 'w').write(memberof_config)
+ setup_file(setup_path("slapd.conf"), paths.slapdconf,
+ {"DNSDOMAIN": names.dnsdomain,
+ "LDAPDIR": paths.ldapdir,
+ "DOMAINDN": names.domaindn,
+ "CONFIGDN": names.configdn,
+ "SCHEMADN": names.schemadn,
+ "LDAPMANAGERDN": names.ldapmanagerdn,
+ "LDAPMANAGERPASS": adminpass,
+ "MEMBEROF_CONFIG": memberof_config})
+ setup_file(setup_path("modules.conf"), paths.modulesconf,
+ {"REALM": names.realm})
+
+ setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "user"))
+ setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "config"))
+ setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "schema"))
+ mapping = "schema-map-openldap-2.3"
+ backend_schema = "backend-schema.schema"
+
ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri)
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 83f4da3359..cdf9ff79a9 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -21,7 +21,7 @@ include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
-include ${LDAPDIR}/memberof.conf
+${MEMBEROF_CONFIG}
database hdb
suffix ${SCHEMADN}
@@ -62,8 +62,6 @@ syncprov-sessionlog 100
database hdb
suffix ${DOMAINDN}
-rootdn ${LDAPMANAGERDN}
-rootpw ${LDAPMANAGERPASS}
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
@@ -82,8 +80,12 @@ index dnsRoot eq
index nETBIOSName eq
index cn eq
+rootdn ${LDAPMANAGERDN}
+rootpw ${LDAPMANAGERPASS}
+
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
+