diff options
author | Oliver Liebel <oliver@itc.li> | 2009-02-24 11:37:58 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-02-24 21:34:44 +1100 |
commit | 31f2cddcf5886b0a78290fdfa609a2ee63bda5ad (patch) | |
tree | ec311efac147bedf11db908b621601158a47a11b /source4/setup | |
parent | 00173c6ce6e6aa394acc0685827b0b9fb1faf45c (diff) | |
download | samba-31f2cddcf5886b0a78290fdfa609a2ee63bda5ad.tar.gz samba-31f2cddcf5886b0a78290fdfa609a2ee63bda5ad.tar.bz2 samba-31f2cddcf5886b0a78290fdfa609a2ee63bda5ad.zip |
Added mmr and olc to the OpenLDAP backend provisioning-scripts
These extensions add mmr (multi-master-replication) and olc
(openldap-online-configuration) capabilities to the
provisioning-scripts (provision-backend and provision.py), for use
with the openldap-backend (only versions >=2.4.15!).
Changes / additions made to the provision-backend -script:
added new command-line-options:
--ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr
(can be combined with --ol-olc=yes),
--ol-olc=[yes/no] (activate automatic conversion from static slapd.conf
to olc),
--ol-slaptest=<path to slaptest binary> (needed in conjunction with
--ol-olc=yes)
Changes / additions made to the provision.py -script: added
extensions, that will automatically generate the chosen mmr and/or olc
setup for the openldap backend, according to the to chosen parameters
set in the provision-backend script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/setup')
-rw-r--r-- | source4/setup/DB_CONFIG | 11 | ||||
-rw-r--r-- | source4/setup/mmr_serverids.conf | 1 | ||||
-rw-r--r-- | source4/setup/olcOverlay={0}syncprov.ldif | 11 | ||||
-rw-r--r-- | source4/setup/olc_acl.conf | 4 | ||||
-rw-r--r-- | source4/setup/olc_mmr.conf | 3 | ||||
-rw-r--r-- | source4/setup/olc_pass.conf | 3 | ||||
-rw-r--r-- | source4/setup/olc_seed.ldif | 16 | ||||
-rw-r--r-- | source4/setup/olc_serverid.conf | 1 | ||||
-rw-r--r-- | source4/setup/olc_syncrepl.conf | 13 | ||||
-rw-r--r-- | source4/setup/olc_syncrepl_seed.conf | 5 | ||||
-rwxr-xr-x | source4/setup/provision-backend | 12 | ||||
-rw-r--r-- | source4/setup/slapd.conf | 20 |
12 files changed, 78 insertions, 22 deletions
diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG index b4d2bfa868..74bb09d800 100644 --- a/source4/setup/DB_CONFIG +++ b/source4/setup/DB_CONFIG @@ -1,17 +1,6 @@ -# -# Set the database in memory cache size. -# set_cachesize 0 524288 0 - -# -# Set log values. -# set_lg_regionmax 104857 set_lg_max 1048576 set_lg_bsize 209715 set_lg_dir ${LDAPDBDIR}/bdb-logs - -# -# Set temporary file creation directory. -# set_tmp_dir ${LDAPDBDIR}/tmp diff --git a/source4/setup/mmr_serverids.conf b/source4/setup/mmr_serverids.conf index c6d14010b4..e4daf2028a 100644 --- a/source4/setup/mmr_serverids.conf +++ b/source4/setup/mmr_serverids.conf @@ -1,2 +1 @@ -# Generated from template mmr_serverids.conf ServerID ${SERVERID} "${LDAPSERVER}" diff --git a/source4/setup/olcOverlay={0}syncprov.ldif b/source4/setup/olcOverlay={0}syncprov.ldif new file mode 100644 index 0000000000..4f5b513c67 --- /dev/null +++ b/source4/setup/olcOverlay={0}syncprov.ldif @@ -0,0 +1,11 @@ +dn: olcOverlay={0}syncprov +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {0}syncprov +structuralObjectClass: olcSyncProvConfig +entryUUID: 41df5aca-785a-102d-9077-999999999999 +creatorsName: cn=config +createTimestamp: 20090116201111Z +entryCSN: 20090116201111.111111Z#000000#000#000000 +modifiersName: cn=config +modifyTimestamp: 20090116201111Z diff --git a/source4/setup/olc_acl.conf b/source4/setup/olc_acl.conf new file mode 100644 index 0000000000..c248b30fb5 --- /dev/null +++ b/source4/setup/olc_acl.conf @@ -0,0 +1,4 @@ +access to dn.sub="cn=config" + by dn="cn=samba-admin,cn=samba" write + by dn="cn=replicator,cn=samba" read + diff --git a/source4/setup/olc_mmr.conf b/source4/setup/olc_mmr.conf new file mode 100644 index 0000000000..2f60df1421 --- /dev/null +++ b/source4/setup/olc_mmr.conf @@ -0,0 +1,3 @@ +overlay syncprov +MirrorMode on + diff --git a/source4/setup/olc_pass.conf b/source4/setup/olc_pass.conf new file mode 100644 index 0000000000..4c66c1c43f --- /dev/null +++ b/source4/setup/olc_pass.conf @@ -0,0 +1,3 @@ +database config +rootdn cn=config + diff --git a/source4/setup/olc_seed.ldif b/source4/setup/olc_seed.ldif new file mode 100644 index 0000000000..afc3abe5a0 --- /dev/null +++ b/source4/setup/olc_seed.ldif @@ -0,0 +1,16 @@ +dn: cn=config +objectClass: olcGlobal +cn: config +${OLC_SERVER_ID_CONF} + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootDN: cn=config +olcRootPW: ${OLC_PW} +${OLC_SYNCREPL_CONF}olcMirrorMode: TRUE + +dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config +objectClass: olcSyncProvConfig +olcOverlay: syncprov + diff --git a/source4/setup/olc_serverid.conf b/source4/setup/olc_serverid.conf new file mode 100644 index 0000000000..3d28acbfb4 --- /dev/null +++ b/source4/setup/olc_serverid.conf @@ -0,0 +1 @@ +olcServerID: ${SERVERID} "${LDAPSERVER}" diff --git a/source4/setup/olc_syncrepl.conf b/source4/setup/olc_syncrepl.conf new file mode 100644 index 0000000000..fd7a58d03b --- /dev/null +++ b/source4/setup/olc_syncrepl.conf @@ -0,0 +1,13 @@ +# Generated from template olc_syncrepl.conf + +syncrepl rid=${RID} + provider="${LDAPSERVER}" + searchbase="cn=config" + filter="(!(olcDatabase={0}config))" + type=refreshAndPersist + retry="10 +" + bindmethod=sasl + saslmech=DIGEST-MD5 + authcid="replicator" + credentials="${MMR_PASSWORD}" + diff --git a/source4/setup/olc_syncrepl_seed.conf b/source4/setup/olc_syncrepl_seed.conf new file mode 100644 index 0000000000..1833fb9228 --- /dev/null +++ b/source4/setup/olc_syncrepl_seed.conf @@ -0,0 +1,5 @@ +olcSyncRepl: rid=${RID} provider="${LDAPSERVER}" + binddn="cn=config" bindmethod=sasl saslmech=DIGEST-MD5 + authcid="replicator" credentials="linux" + searchbase="cn=config" filter="(!(olcDatabase={0}config))" + type=refreshAndPersist retry="10 +" diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index eca209cb18..20e4420414 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -65,8 +65,12 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", - help="List of LDAP-URLS [ ldap://<FQDN>:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR") - + help="List of LDAP-URLS [ ldap://<FQDN>:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)") +parser.add_option("--ol-olc", type="choice", metavar="OPENLDAP-OLC", + help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'", + choices=["yes", "no"]) +parser.add_option("--ol-slaptest", type="string", metavar="SLAPTEST-PATH", + help="Path to slaptest-binary [e.g.:'/usr/local/sbin']. Only for use with --ol-olc='yes'") opts = parser.parse_args()[0] @@ -103,5 +107,7 @@ provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetd root=opts.root, serverrole=server_role, ldap_backend_type=opts.ldap_backend_type, ldap_backend_port=opts.ldap_backend_port, - ol_mmr_urls=opts.ol_mmr_urls) + ol_mmr_urls=opts.ol_mmr_urls, + ol_olc=opts.ol_olc, + ol_slaptest=opts.ol_slaptest) diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 506dc504b4..09dffbbfa3 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -7,7 +7,6 @@ sizelimit unlimited ${MMR_SERVERIDS_CONFIG} - include ${LDAPDIR}/backend-schema.schema pidfile ${LDAPDIR}/slapd.pid @@ -63,6 +62,13 @@ directory ${LDAPDIR}/db/samba rootdn cn=Manager,cn=Samba ######################################## +## olc - configuration ### +${OLC_CONFIG_PASS} +${OLC_SYNCREPL_CONFIG} +${OLC_MMR_CONFIG} +${OLC_CONFIG_ACL} + +######################################## ### cn=schema ### database hdb suffix ${SCHEMADN} @@ -78,10 +84,10 @@ index cn eq index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. -#We only need this for the contextCSN attribute anyway.... +#We need this for the contextCSN attribute and mmr. overlay syncprov syncprov-sessionlog 100 -# syncprov-checkpoint 100 10 +syncprov-checkpoint 100 10 ### Multimaster-Replication of cn=schema Subcontext ### @@ -107,10 +113,10 @@ index cn eq index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. -#We only need this for the contextCSN attribute anyway.... +#We need this for the contextCSN attribute and mmr. overlay syncprov syncprov-sessionlog 100 -# syncprov-checkpoint 100 10 +syncprov-checkpoint 100 10 ### Multimaster-Replication of cn=config Subcontext ### ${MMR_SYNCREPL_CONFIG_CONFIG} @@ -139,10 +145,10 @@ index cn eq index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. -#We only need this for the contextCSN attribute anyway.... +#We need this for the contextCSN attribute and mmr. overlay syncprov syncprov-sessionlog 100 -# syncprov-checkpoint 100 10 +syncprov-checkpoint 100 10 ### Multimaster-Replication of cn=user/base-dn context ### ${MMR_SYNCREPL_USER_CONFIG} |