summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-05-30 01:09:18 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:53:05 -0500
commite6aecd8b91cb9811bac2b3e2a47a9a09116b09b7 (patch)
tree946103379aeac877f7afd05fca4c5490f932483a
parent55ee74f8ca9204d7f48bba48d3f775744d11fccd (diff)
downloadsamba-e6aecd8b91cb9811bac2b3e2a47a9a09116b09b7.tar.gz
samba-e6aecd8b91cb9811bac2b3e2a47a9a09116b09b7.tar.bz2
samba-e6aecd8b91cb9811bac2b3e2a47a9a09116b09b7.zip
r23235: Don't do a seperate LDAP provision step. Instead, everything we need
(including the config files) is created by provision-backend. Andrew Bartlett (This used to be commit 6d4d90399f5a0451fcf2156a465123801e027359)
-rw-r--r--source4/selftest/Samba4.pm177
-rw-r--r--source4/setup/DB_CONFIG10
2 files changed, 23 insertions, 164 deletions
diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm
index e579123d3a..7ccacc97cc 100644
--- a/source4/selftest/Samba4.pm
+++ b/source4/selftest/Samba4.pm
@@ -204,136 +204,16 @@ chdir "$ENV{FEDORA_DS_PREFIX}/bin" || die;
return ($fedora_ds_dir, $pidfile);
}
-sub write_openldap_dbconfig($) {
- my ( $ldapdbdir ) = @_;
- open(CONF, ">$ldapdbdir/DB_CONFIG");
- print CONF "
-#
- # Set the database in memory cache size.
- #
- set_cachesize 0 524288 0
-
-
- #
- # Set database flags (this is a test environment, we don't need to fsync()).
- #
- set_flags DB_TXN_NOSYNC
-
- #
- # Set log values.
- #
- set_lg_regionmax 104857
- set_lg_max 1048576
- set_lg_bsize 209715
- set_lg_dir $ldapdbdir/bdb-logs
-
-
- #
- # Set temporary file creation directory.
- #
- set_tmp_dir $ldapdbdir/tmp
- ";
- close(CONF);
-
-
-}
-
-sub mk_openldap($$$$$$$$)
+sub mk_openldap($$$$$)
{
- my ($self, $ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, $provision_options) = @_;
+ my ($self, $ldapdir, $configuration, $basedn, $dnsname, $password) = @_;
my $slapd_conf = "$ldapdir/slapd.conf";
my $pidfile = "$ldapdir/slapd.pid";
my $modconf = "$ldapdir/modules.conf";
- mkdir($_, 0777) foreach ($ldapdir, "$ldapdir/db", "$ldapdir/db/user", "$ldapdir/db/config", "$ldapdir/db/schema", "$ldapdir/db/bdb-logs",
- "$ldapdir/db/tmp");
-
- open(CONF, ">$slapd_conf");
- print CONF "
-loglevel 0
-
-include $ldapdir/ad.schema
-
-pidfile $pidfile
-argsfile $ldapdir/slapd.args
-sasl-realm $dnsname
-access to * by * write
-
-allow update_anon
-
-authz-regexp
- uid=([^,]*),cn=$dnsname,cn=digest-md5,cn=auth
- ldap:///$basedn??sub?(samAccountName=\$1)
-
-authz-regexp
- uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
- ldap:///$basedn??sub?(samAccountName=\$1)
-
-include $modconf
-
-defaultsearchbase \"$basedn\"
-
-backend bdb
-database bdb
-suffix \"cn=Schema,cn=Configuration,$basedn\"
-directory $ldapdir/db/schema
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectCategory eq
-index lDAPDisplayName eq
-index subClassOf eq
-
-database bdb
-suffix \"cn=Configuration,$basedn\"
-directory $ldapdir/db/config
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index nCName eq pres
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq pres
-
-database bdb
-suffix \"$basedn\"
-rootdn \"cn=Manager,$basedn\"
-rootpw $password
-directory $ldapdir/db/user
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index member eq
-index uidNumber eq
-index gidNumber eq
-index unixName eq
-index privilege eq
-index nCName eq pres
-index lDAPDisplayName eq
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq pres
-
-#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
-#We only need this for the contextCSN attribute anyway....
-overlay syncprov
-syncprov-checkpoint 100 10
-syncprov-sessionlog 100
-";
-
- close(CONF);
-
- write_openldap_dbconfig("$ldapdir/db/user");
- write_openldap_dbconfig("$ldapdir/db/config");
- write_openldap_dbconfig("$ldapdir/db/schema");
-
- #This uses the provision-backend we just did, to read out the schema
- system("$self->{bindir}/ad2oLschema $configuration -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/ad.schema >&2") == 0 or die("schema conversion for OpenLDAP failed");
+ #This uses the backend provision we just did, to read out the schema
+ system("$self->{bindir}/ad2oLschema $configuration --option=convert:target=openldap -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/backend-schema.schema >&2") == 0 or die("schema conversion for OpenLDAP failed");
my $oldpath = $ENV{PATH};
$ENV{PATH} = "/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
@@ -514,22 +394,21 @@ sub provision($$$$$$)
(system("($self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$netbiosname\" ) >/dev/null 2>&1") == 0) or die("Failed to create a valid smb.conf configuration!");
- my @provision_options = ($configuration);
+my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provision");
+ push (@provision_options, split(' ', $configuration));
push (@provision_options, "--host-name=$netbiosname");
push (@provision_options, "--host-ip=$ifaceipv4");
push (@provision_options, "--quiet");
- push (@provision_options, "--domain $localdomain");
- push (@provision_options, "--realm $localrealm");
- push (@provision_options, "--adminpass $password");
- push (@provision_options, "--krbtgtpass krbtgt$password");
- push (@provision_options, "--machinepass machine$password");
+ push (@provision_options, "--domain=$localdomain");
+ push (@provision_options, "--realm=$localrealm");
+ push (@provision_options, "--adminpass=$password");
+ push (@provision_options, "--krbtgtpass=krbtgt$password");
+ push (@provision_options, "--machinepass=machine$password");
push (@provision_options, "--root=$root");
push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn");
push (@provision_options, "--password=$password");
push (@provision_options, "--root=$root");
- (system("$self->{bindir}/smbscript $self->{setupdir}/provision " . join(' ', @provision_options) . ">&2") == 0) or die("Unable to provision");
-
my $ldap_uri= "$ldapdir/ldapi";
$ldap_uri =~ s|/|%2F|g;
$ldap_uri = "ldapi://$ldap_uri";
@@ -555,27 +434,28 @@ sub provision($$$$$$)
if (defined($self->{ldap})) {
- system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
+ push (@provision_options, "--ldap-backend=$ldap_uri");
+ system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
+
if ($self->{ldap} eq "openldap") {
- ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, join(' ', @provision_options)) or die("Unable to create openldap directories");
+ ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration, $basedn, $dnsname, $password) or die("Unable to create openldap directories");
} elsif ($self->{ldap} eq "fedora-ds") {
($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ldapdir, $configuration) or die("Unable to create fedora ds directories");
push (@provision_options, "--ldap-module=nsuniqueid");
- }
+ push (@provision_options, "--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK");
+ }
$self->slapd_start($ret) or
die("couldn't start slapd");
-
- $ret->{PROVISION_OPTIONS} = join(' ', @provision_options);
+ }
- print "LDAP PROVISIONING...";
- $self->provision_ldap($ret);
+ (system(@provision_options) == 0) or die("Unable to provision");
+ if (defined($self->{ldap})) {
$self->slapd_stop($ret) or
die("couldn't stop slapd");
- } else {
- $ret->{PROVISION_OPTIONS} = join(' ', @provision_options);
}
+
return $ret;
}
@@ -636,21 +516,6 @@ sub provision_dc($$)
return $ret;
}
-sub provision_ldap($$)
-{
- my ($self, $envvars) = @_;
- my $provision_aci = "";
-
- if ($self->{ldap} eq "fedora-ds") {
- #it is easier to base64 encode this than correctly escape it:
- # (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)
- $provision_aci = "--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK";
- }
-
- system("$self->{bindir}/smbscript $self->{setupdir}/provision $envvars->{PROVISION_OPTIONS} \"$provision_aci\" --ldap-backend=$envvars->{LDAP_URI}") and
- die("LDAP PROVISIONING failed: $self->{bindir}/smbscript $self->{setupdir}/provision $envvars->{PROVISION_OPTIONS} \"$provision_aci\" --ldap-backend=$envvars->{LDAP_URI}");
-}
-
sub teardown_env($$)
{
my ($self, $envvars) = @_;
diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG
index 3198e17b14..b4d2bfa868 100644
--- a/source4/setup/DB_CONFIG
+++ b/source4/setup/DB_CONFIG
@@ -1,22 +1,16 @@
+#
# Set the database in memory cache size.
#
set_cachesize 0 524288 0
-
#
-# Set database flags (this is a test environment, we don't need to fsync()).
-#
-set_flags DB_TXN_NOSYNC
-
-#
- Set log values.
+# Set log values.
#
set_lg_regionmax 104857
set_lg_max 1048576
set_lg_bsize 209715
set_lg_dir ${LDAPDBDIR}/bdb-logs
-
#
# Set temporary file creation directory.
#