summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-05-29 12:18:41 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:53:02 -0500
commit86a4886e393189b7679ec6220d4d59bb6ef1b50e (patch)
treeb4adcdc877e7d0d08127925bb7a18c972d06e1c9
parentfbe7d8cbc5df572024098bfae2ad2666cd4bcc47 (diff)
downloadsamba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.gz
samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.bz2
samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.zip
r23189: Work towards a totally scripted setup of LDAP backends, so others can
easily try this out. I also intend to use this for the selftest, but I'm chasing issues with the OpenlDAP (but not Fedora DS) backend. Andrew Bartlett (This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
-rwxr-xr-xsource4/script/installmisc.sh1
-rw-r--r--source4/scripting/libjs/provision.js9
-rw-r--r--source4/selftest/Samba4.pm6
-rw-r--r--source4/setup/fedorads-partitions.ldif4
-rw-r--r--source4/setup/fedorads.inf1
-rwxr-xr-xsource4/setup/provision1
-rwxr-xr-xsource4/setup/provision-backend38
-rw-r--r--source4/setup/slapd.conf12
8 files changed, 52 insertions, 20 deletions
diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh
index a714783aec..84785312a9 100755
--- a/source4/script/installmisc.sh
+++ b/source4/script/installmisc.sh
@@ -15,6 +15,7 @@ cp scripting/libjs/*.js $JSDIR || exit 1
echo "Installing setup templates"
mkdir -p $SETUPDIR || exit 1
cp setup/schema-map-* $SETUPDIR || exit 1
+cp setup/DB_CONFIG $SETUPDIR || exit 1
cp setup/*.inf $SETUPDIR || exit 1
cp setup/*.ldif $SETUPDIR || exit 1
cp setup/*.zone $SETUPDIR || exit 1
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d25c0f38eb..7e55930a1a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -385,10 +385,10 @@ function provision_default_paths(subobj)
paths.keytab = "secrets.keytab";
paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
paths.winsdb = "wins.ldb";
- paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
- paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif";
- paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif";
paths.ldapdir = lp.get("private dir") + "/ldap";
+ paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
+ paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
+ paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
return paths;
}
@@ -793,6 +793,8 @@ function provision_ldapbase(subobj, message, paths)
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
+ sys.mkdir(paths.ldapdir, 0700);
+
setup_file("provision_basedn.ldif",
message, paths.ldap_basedn_ldif,
subobj);
@@ -805,7 +807,6 @@ function provision_ldapbase(subobj, message, paths)
message, paths.ldap_schema_basedn_ldif,
subobj);
- message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
}
diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm
index 297391e38f..42dc989c56 100644
--- a/source4/selftest/Samba4.pm
+++ b/source4/selftest/Samba4.pm
@@ -422,8 +422,8 @@ moduleload syncprov
}
system("slaptest -u -f $slapd_conf") == 0 or die("slaptest still fails after adding modules");
- system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
- system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
+ system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
+ system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
system("slaptest -u -f $slapd_conf >/dev/null") == 0 or
die ("slaptest after database load failed");
@@ -458,7 +458,7 @@ sub provision($$$$$$)
my $winbindd_socket_dir = "$prefix_abs/winbind_socket";
my $configuration = "--configfile=$conffile";
- my $ldapdir = "$prefix_abs/ldap";
+ my $ldapdir = "$privatedir/ldap";
my $tlsdir = "$privatedir/tls";
diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif
index 7533b1583a..12855f9c70 100644
--- a/source4/setup/fedorads-partitions.ldif
+++ b/source4/setup/fedorads-partitions.ldif
@@ -1,4 +1,4 @@
-dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config
+dn: cn="${CONFIGDN}",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
@@ -12,7 +12,7 @@ objectclass: nsBackendInstance
nsslapd-suffix: ${CONFIGDN}
cn: configData
-dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config
+dn: cn="${SCHEMADN}",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf
index a5d282d392..785e65ce56 100644
--- a/source4/setup/fedorads.inf
+++ b/source4/setup/fedorads.inf
@@ -9,6 +9,7 @@ Suffix= ${DOMAINDN}
RootDN= cn=Manager,${DOMAINDN}
RootDNPwd= ${LDAPMANAGERPASS}
ServerIdentifier= samba4
+${SERVERPORT}
inst_dir= ${LDAPDIR}/slapd-samba4
config_dir= ${LDAPDIR}/slapd-samba4
diff --git a/source4/setup/provision b/source4/setup/provision
index 2a3ddecd3e..3c5d31dc0f 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -150,6 +150,7 @@ message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
provision_ldapbase(subobj, message, paths);
+ message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
} else if (partitions_only) {
provision_become_dc(subobj, message, false, paths, system_session);
} else {
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index 6a5ec3e892..9c1649ac3e 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -16,7 +16,8 @@ options = GetOptions(ARGV,
'ldap-manager-pass=s',
'root=s',
'quiet',
- 'ldap-backend-type=s');
+ 'ldap-backend-type=s',
+ 'ldap-backend-port=i');
if (options == undefined) {
println("Failed to parse options");
@@ -52,8 +53,8 @@ provision [options]
--ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random)
--root USERNAME choose 'root' unix username
--quiet Be quiet
- --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
- --ldap-module= MODULE LDB mapping module to use for the LDAP backend
+ --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
+ --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only)
You must provide at least a realm and ldap-backend-type
");
@@ -84,13 +85,12 @@ for (r in options) {
subobj[key] = options[r];
}
-var ldapbackend = (options["ldap-backend-type"] != undefined);
+
var paths = provision_default_paths(subobj);
provision_fix_subobj(subobj, message, paths);
message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR);
message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS);
-
var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb";
sys.mkdir(subobj.LDAPDIR, 0700);
@@ -101,12 +101,40 @@ var ext;
if (options["ldap-backend-type"] == "fedora-ds") {
mapping = "schema-map-fedora-ds-1.0";
ext = "ldif";
+ if (options["ldap-backend-port"] != undefined) {
+ message("Will listen on TCP port " + options["ldap-backend-port"] + "\n");
+ subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"];
+ } else {
+ message("Will listen on LDAPI only\n");
+ subobj.SERVERPORT="";
+ }
setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj);
setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj);
} else if (options["ldap-backend-type"] == "openldap") {
+ provision_ldapbase(subobj, message, paths);
mapping = "schema-map-openldap-2.3";
ext = "schema";
setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
+ setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj);
+ sys.mkdir(subobj.LDAPDIR + "/db", 0700);
+ subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user";
+ sys.mkdir(subobj.LDAPDBDIR, 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+ setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+ subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config";
+ sys.mkdir(subobj.LDAPDBDIR, 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+ setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+ subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema";
+ sys.mkdir(subobj.LDAPDBDIR, 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+ setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+ if (options["ldap-backend-port"] != undefined) {
+ message("NOTE: OpenLDAP TCP ports are controlled on the command line, not in the generated config file\n");
+ }
}
message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n");
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index a6fe73a4de..770c688f35 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -17,13 +17,13 @@ authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
-include $modconf
+include ${LDAPDIR}/modules.conf
-defaultsearchbase \"${DOMAINDN}\"
+defaultsearchbase ${DOMAINDN}
backend bdb
database bdb
-suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\"
+suffix ${SCHEMADN}
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
@@ -33,7 +33,7 @@ index lDAPDisplayName eq
index subClassOf eq
database bdb
-suffix \"cn=Configuration,${DOMAINDN}\"
+suffix ${CONFIGDN}
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
@@ -46,8 +46,8 @@ index dnsRoot eq
index nETBIOSName eq pres
database bdb
-suffix \"${DOMAINDN}\"
-rootdn \"cn=Manager,${DOMAINDN}\"
+suffix ${DOMAINDN}
+rootdn cn=Manager,${DOMAINDN}
rootpw ${LDAPMANAGERPASS}
directory ${LDAPDIR}/db/user
index objectClass eq