diff options
author | Oliver Liebel <oliver@itc.li> | 2009-08-10 09:45:01 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-08-12 10:01:48 +1000 |
commit | 28bcdf5266f75ef835fd3cbb353aadb782a1f27c (patch) | |
tree | e1472895449327d416dab1cd2163e7a7dbe3dcf1 /source4/setup | |
parent | a038f1e05b8b7acb5e99257e59178e1ece4ce156 (diff) | |
download | samba-28bcdf5266f75ef835fd3cbb353aadb782a1f27c.tar.gz samba-28bcdf5266f75ef835fd3cbb353aadb782a1f27c.tar.bz2 samba-28bcdf5266f75ef835fd3cbb353aadb782a1f27c.zip |
s4:provision Rework and further automate setup of OpenLDAP backend
heres the summary of all changes/extensions:
- Andrew Bartlett's patch to generate indext
- Howard Chu's idea to use nosync on the DB included, but made optional
- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when
openldap-backend is chosen.
its also used for olc-conversion
- slapd-detection is now always done by ldapsearch (ldb module),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.
- if ldapsearch was not successfull, (no slapd listening on our socket)
slapd is
started via special generated slapdcommand_prov (ldapi_uri only)
- slapd-"provision-process" startup is done via pythons subprocess.
- the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid.
- after provision-backend is finished:
--- slapd.pid is compared with our stored slapd_provision_pid.
if the are unique, slapd.pid will be read out, and the
slapd "provison"-process will be shut down.
--- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri
-> rootDSE.
--- if the pids are different or one of the pid-files is missing, slapd
will not be shut down,
instead an error message is displayed to locate slapd manually
--- extended help-messages (relevant to slapd) are always displayed,
e.g. the commandline with which slapd has to be started when everythings
finished
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))
- upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
Diffstat (limited to 'source4/setup')
-rwxr-xr-x | source4/setup/provision-backend | 13 | ||||
-rw-r--r-- | source4/setup/slapd.conf | 40 |
2 files changed, 13 insertions, 40 deletions
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 28e73ae302..5cf0f8bf6d 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -55,6 +55,7 @@ parser.add_option("--ldap-admin-pass", type="string", metavar="PASSWORD", parser.add_option("--root", type="string", metavar="USERNAME", help="choose 'root' unix username") parser.add_option("--quiet", help="Be quiet", action="store_true") +parser.add_option("--nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true") parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", help="LDB mapping module to use for the LDAP backend", choices=["fedora-ds", "openldap"]) @@ -66,12 +67,12 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", - help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different from 389!) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)") + help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)") parser.add_option("--ol-olc", type="choice", metavar="OPENLDAP-OLC", - help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'. Note: Only OpenLDAP-Versions greater or equal 2.4.15 should be used!", + help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'.", choices=["yes", "no"]) -parser.add_option("--ol-slaptest", type="string", metavar="SLAPTEST-PATH", - help="Path to slaptest-binary [e.g.:'/usr/local/sbin']. Only for use with --ol-olc='yes'") +parser.add_option("--ol-slapd", type="string", metavar="SLAPD-PATH", + help="Path to OpenLDAP-Daemon (slapd) [e.g.:'/usr/local/libexec']. Recommended for Setup with OpenLDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.") opts = parser.parse_args()[0] @@ -110,5 +111,5 @@ provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetd ldap_backend_port=opts.ldap_backend_port, ol_mmr_urls=opts.ol_mmr_urls, ol_olc=opts.ol_olc, - ol_slaptest=opts.ol_slaptest) - + ol_slapd=opts.ol_slapd, + nosync=opts.nosync) diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 09dffbbfa3..8f443b936f 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -74,14 +74,8 @@ database hdb suffix ${SCHEMADN} rootdn cn=Manager,${SCHEMADN} directory ${LDAPDIR}/db/schema -index objectClass eq -index samAccountName eq -index name eq -index objectCategory eq -index lDAPDisplayName eq -index subClassOf eq -index cn eq -index entryUUID,entryCSN eq +${NOSYNC} +${INDEX_CONFIG} #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We need this for the contextCSN attribute and mmr. @@ -100,17 +94,8 @@ database hdb suffix ${CONFIGDN} rootdn cn=Manager,${CONFIGDN} directory ${LDAPDIR}/db/config -index objectClass eq -index samAccountName eq -index name eq -index objectSid eq -index objectCategory eq -index nCName eq -index subClassOf eq -index dnsRoot eq -index nETBIOSName eq -index cn eq -index entryUUID,entryCSN eq +${NOSYNC} +${INDEX_CONFIG} #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We need this for the contextCSN attribute and mmr. @@ -128,21 +113,8 @@ database hdb suffix ${DOMAINDN} rootdn cn=Manager,${DOMAINDN} directory ${LDAPDIR}/db/user -index objectClass eq -index samAccountName eq -index name eq -index objectSid eq -index objectCategory eq -index member eq -index uidNumber eq -index gidNumber eq -index nCName eq -index lDAPDisplayName eq -index subClassOf eq -index dnsRoot eq -index nETBIOSName eq -index cn eq -index entryUUID,entryCSN eq +${NOSYNC} +${INDEX_CONFIG} #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We need this for the contextCSN attribute and mmr. |