diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-05-29 12:18:41 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:53:02 -0500 |
commit | 86a4886e393189b7679ec6220d4d59bb6ef1b50e (patch) | |
tree | b4adcdc877e7d0d08127925bb7a18c972d06e1c9 | |
parent | fbe7d8cbc5df572024098bfae2ad2666cd4bcc47 (diff) | |
download | samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.gz samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.bz2 samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.zip |
r23189: Work towards a totally scripted setup of LDAP backends, so others can
easily try this out.
I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.
Andrew Bartlett
(This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
-rwxr-xr-x | source4/script/installmisc.sh | 1 | ||||
-rw-r--r-- | source4/scripting/libjs/provision.js | 9 | ||||
-rw-r--r-- | source4/selftest/Samba4.pm | 6 | ||||
-rw-r--r-- | source4/setup/fedorads-partitions.ldif | 4 | ||||
-rw-r--r-- | source4/setup/fedorads.inf | 1 | ||||
-rwxr-xr-x | source4/setup/provision | 1 | ||||
-rwxr-xr-x | source4/setup/provision-backend | 38 | ||||
-rw-r--r-- | source4/setup/slapd.conf | 12 |
8 files changed, 52 insertions, 20 deletions
diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh index a714783aec..84785312a9 100755 --- a/source4/script/installmisc.sh +++ b/source4/script/installmisc.sh @@ -15,6 +15,7 @@ cp scripting/libjs/*.js $JSDIR || exit 1 echo "Installing setup templates" mkdir -p $SETUPDIR || exit 1 cp setup/schema-map-* $SETUPDIR || exit 1 +cp setup/DB_CONFIG $SETUPDIR || exit 1 cp setup/*.inf $SETUPDIR || exit 1 cp setup/*.ldif $SETUPDIR || exit 1 cp setup/*.zone $SETUPDIR || exit 1 diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index d25c0f38eb..7e55930a1a 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -385,10 +385,10 @@ function provision_default_paths(subobj) paths.keytab = "secrets.keytab"; paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone"; paths.winsdb = "wins.ldb"; - paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif"; - paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif"; - paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif"; paths.ldapdir = lp.get("private dir") + "/ldap"; + paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif"; + paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif"; + paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif"; return paths; } @@ -793,6 +793,8 @@ function provision_ldapbase(subobj, message, paths) subobj.RDN_DC = substr(rdns[0], strlen("DC=")); + sys.mkdir(paths.ldapdir, 0700); + setup_file("provision_basedn.ldif", message, paths.ldap_basedn_ldif, subobj); @@ -805,7 +807,6 @@ function provision_ldapbase(subobj, message, paths) message, paths.ldap_schema_basedn_ldif, subobj); - message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n"); } diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm index 297391e38f..42dc989c56 100644 --- a/source4/selftest/Samba4.pm +++ b/source4/selftest/Samba4.pm @@ -422,8 +422,8 @@ moduleload syncprov } system("slaptest -u -f $slapd_conf") == 0 or die("slaptest still fails after adding modules"); - system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed"); - system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed"); + system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed"); + system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed"); system("slaptest -u -f $slapd_conf >/dev/null") == 0 or die ("slaptest after database load failed"); @@ -458,7 +458,7 @@ sub provision($$$$$$) my $winbindd_socket_dir = "$prefix_abs/winbind_socket"; my $configuration = "--configfile=$conffile"; - my $ldapdir = "$prefix_abs/ldap"; + my $ldapdir = "$privatedir/ldap"; my $tlsdir = "$privatedir/tls"; diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif index 7533b1583a..12855f9c70 100644 --- a/source4/setup/fedorads-partitions.ldif +++ b/source4/setup/fedorads-partitions.ldif @@ -1,4 +1,4 @@ -dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config +dn: cn="${CONFIGDN}",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree @@ -12,7 +12,7 @@ objectclass: nsBackendInstance nsslapd-suffix: ${CONFIGDN} cn: configData -dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config +dn: cn="${SCHEMADN}",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index a5d282d392..785e65ce56 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -9,6 +9,7 @@ Suffix= ${DOMAINDN} RootDN= cn=Manager,${DOMAINDN} RootDNPwd= ${LDAPMANAGERPASS} ServerIdentifier= samba4 +${SERVERPORT} inst_dir= ${LDAPDIR}/slapd-samba4 config_dir= ${LDAPDIR}/slapd-samba4 diff --git a/source4/setup/provision b/source4/setup/provision index 2a3ddecd3e..3c5d31dc0f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -150,6 +150,7 @@ message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); if (ldapbase) { provision_ldapbase(subobj, message, paths); + message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n"); } else if (partitions_only) { provision_become_dc(subobj, message, false, paths, system_session); } else { diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 6a5ec3e892..9c1649ac3e 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -16,7 +16,8 @@ options = GetOptions(ARGV, 'ldap-manager-pass=s', 'root=s', 'quiet', - 'ldap-backend-type=s'); + 'ldap-backend-type=s', + 'ldap-backend-port=i'); if (options == undefined) { println("Failed to parse options"); @@ -52,8 +53,8 @@ provision [options] --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) --root USERNAME choose 'root' unix username --quiet Be quiet - --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure - --ldap-module= MODULE LDB mapping module to use for the LDAP backend + --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure + --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only) You must provide at least a realm and ldap-backend-type "); @@ -84,13 +85,12 @@ for (r in options) { subobj[key] = options[r]; } -var ldapbackend = (options["ldap-backend-type"] != undefined); + var paths = provision_default_paths(subobj); provision_fix_subobj(subobj, message, paths); message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS); - var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; sys.mkdir(subobj.LDAPDIR, 0700); @@ -101,12 +101,40 @@ var ext; if (options["ldap-backend-type"] == "fedora-ds") { mapping = "schema-map-fedora-ds-1.0"; ext = "ldif"; + if (options["ldap-backend-port"] != undefined) { + message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); + subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; + } else { + message("Will listen on LDAPI only\n"); + subobj.SERVERPORT=""; + } setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); } else if (options["ldap-backend-type"] == "openldap") { + provision_ldapbase(subobj, message, paths); mapping = "schema-map-openldap-2.3"; ext = "schema"; setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); + setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); + sys.mkdir(subobj.LDAPDIR + "/db", 0700); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + if (options["ldap-backend-port"] != undefined) { + message("NOTE: OpenLDAP TCP ports are controlled on the command line, not in the generated config file\n"); + } } message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n"); diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index a6fe73a4de..770c688f35 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -17,13 +17,13 @@ authz-regexp uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth ldap:///${DOMAINDN}??sub?(samAccountName=\$1) -include $modconf +include ${LDAPDIR}/modules.conf -defaultsearchbase \"${DOMAINDN}\" +defaultsearchbase ${DOMAINDN} backend bdb database bdb -suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\" +suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -33,7 +33,7 @@ index lDAPDisplayName eq index subClassOf eq database bdb -suffix \"cn=Configuration,${DOMAINDN}\" +suffix ${CONFIGDN} directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -46,8 +46,8 @@ index dnsRoot eq index nETBIOSName eq pres database bdb -suffix \"${DOMAINDN}\" -rootdn \"cn=Manager,${DOMAINDN}\" +suffix ${DOMAINDN} +rootdn cn=Manager,${DOMAINDN} rootpw ${LDAPMANAGERPASS} directory ${LDAPDIR}/db/user index objectClass eq |