diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-03-15 19:03:04 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-03-15 19:03:04 +1100 |
commit | d7299d82c31f08750d5d378b0e1f0226dbff5d05 (patch) | |
tree | 69913c8259839e2c34ceaceab26ccfb0d0adfeae | |
parent | 2fd59920381ea81734565637adcec96e5668ef86 (diff) | |
download | samba-d7299d82c31f08750d5d378b0e1f0226dbff5d05.tar.gz samba-d7299d82c31f08750d5d378b0e1f0226dbff5d05.tar.bz2 samba-d7299d82c31f08750d5d378b0e1f0226dbff5d05.zip |
Rework memberof handling in slapd.conf (used for OpenLDAP backend)
Instead of using an include file, put the generated configurationd
directly into slapd.conf.
Andrew Bartlett
(This used to be commit 95ac786136aebfe5ededeb3fb81cbd4e296e3988)
-rw-r--r-- | source4/scripting/python/samba/provision.py | 41 | ||||
-rw-r--r-- | source4/setup/slapd.conf | 8 |
2 files changed, 24 insertions, 25 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 25316e888a..47d00f8871 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1173,27 +1173,10 @@ def provision_backend(setup_dir=None, message=None, mapping = "schema-map-fedora-ds-1.0" backend_schema = "99_ad.ldif" elif ldap_backend_type == "openldap": - setup_file(setup_path("slapd.conf"), paths.slapdconf, - {"DNSDOMAIN": names.dnsdomain, - "LDAPDIR": paths.ldapdir, - "DOMAINDN": names.domaindn, - "CONFIGDN": names.configdn, - "SCHEMADN": names.schemadn, - "LDAPMANAGERDN": names.ldapmanagerdn, - "LDAPMANAGERPASS": adminpass}) - setup_file(setup_path("modules.conf"), paths.modulesconf, - {"REALM": names.realm}) - - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "user")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "config")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "schema")) - mapping = "schema-map-openldap-2.3" - backend_schema = "backend-schema.schema" - attrs = ["linkID", "lDAPDisplayName"] res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs); - memberof_config = "# This is a generated file, do not edit!\n"; + memberof_config = "# Generated from schema in " + schemadb_path + "\n"; refint_attributes = ""; for i in range (0, len(res)): linkid = res[i]["linkID"][0] @@ -1219,10 +1202,24 @@ memberof-dangling-error 32 overlay refint refint_attributes""" + refint_attributes + "\n"; - if os.path.exists(paths.memberofconf): - os.unlink(paths.memberof.conf) - - open(paths.memberofconf, 'w').write(memberof_config) + setup_file(setup_path("slapd.conf"), paths.slapdconf, + {"DNSDOMAIN": names.dnsdomain, + "LDAPDIR": paths.ldapdir, + "DOMAINDN": names.domaindn, + "CONFIGDN": names.configdn, + "SCHEMADN": names.schemadn, + "LDAPMANAGERDN": names.ldapmanagerdn, + "LDAPMANAGERPASS": adminpass, + "MEMBEROF_CONFIG": memberof_config}) + setup_file(setup_path("modules.conf"), paths.modulesconf, + {"REALM": names.realm}) + + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "user")) + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "config")) + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "schema")) + mapping = "schema-map-openldap-2.3" + backend_schema = "backend-schema.schema" + ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri) diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 83f4da3359..cdf9ff79a9 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -21,7 +21,7 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} -include ${LDAPDIR}/memberof.conf +${MEMBEROF_CONFIG} database hdb suffix ${SCHEMADN} @@ -62,8 +62,6 @@ syncprov-sessionlog 100 database hdb suffix ${DOMAINDN} -rootdn ${LDAPMANAGERDN} -rootpw ${LDAPMANAGERPASS} directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq @@ -82,8 +80,12 @@ index dnsRoot eq index nETBIOSName eq index cn eq +rootdn ${LDAPMANAGERDN} +rootpw ${LDAPMANAGERPASS} + #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 + |