diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-05-29 01:20:47 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:53:00 -0500 |
commit | 5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519 (patch) | |
tree | 7bfef694058416ed31fcce643f65b04977fcd419 /source4/setup | |
parent | b8b580dbcb0468306b89e0a37589700dee6ca7b8 (diff) | |
download | samba-5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519.tar.gz samba-5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519.tar.bz2 samba-5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519.zip |
r23177: Add in a new provision-backend script. This helps set up the OpenLDAP or Fedora DS backend.
This required a new mkdir() call in ejs.
We can now provision just the schema for ad2oLschema to operate on
(with provision_schema(), without performing the whole provision, just
to wipe it again (adjustments to 'make test' to come soon).
Andrew Bartlett
(This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec)
Diffstat (limited to 'source4/setup')
-rw-r--r-- | source4/setup/fedorads-partitions.ldif | 28 | ||||
-rw-r--r-- | source4/setup/fedorads.inf | 26 | ||||
-rwxr-xr-x | source4/setup/provision-backend | 114 | ||||
-rw-r--r-- | source4/setup/slapd.conf | 73 |
4 files changed, 241 insertions, 0 deletions
diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif new file mode 100644 index 0000000000..7533b1583a --- /dev/null +++ b/source4/setup/fedorads-partitions.ldif @@ -0,0 +1,28 @@ +dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config +objectclass: top +objectclass: extensibleObject +objectclass: nsMappingTree +nsslapd-state: backend +nsslapd-backend: configData +cn: ${CONFIGDN} + +dn: cn=configData,cn=ldbm database,cn=plugins,cn=config +objectclass: extensibleObject +objectclass: nsBackendInstance +nsslapd-suffix: ${CONFIGDN} +cn: configData + +dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config +objectclass: top +objectclass: extensibleObject +objectclass: nsMappingTree +nsslapd-state: backend +nsslapd-backend: schemaData +cn: ${SCHEMADN} + +dn: cn=schemaData,cn=ldbm database,cn=plugins,cn=config +objectclass: extensibleObject +objectclass: nsBackendInstance +nsslapd-suffix: ${SCHEMADN} +cn: schemaData + diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf new file mode 100644 index 0000000000..a5d282d392 --- /dev/null +++ b/source4/setup/fedorads.inf @@ -0,0 +1,26 @@ +[General] +SuiteSpotUserID = ${ROOT} +FullMachineName= ${HOSTNAME}.${DNSDOMAIN} +ServerRoot= ${LDAPDIR} + +[slapd] +ldapifilepath=${LDAPDIR}/ldapi +Suffix= ${DOMAINDN} +RootDN= cn=Manager,${DOMAINDN} +RootDNPwd= ${LDAPMANAGERPASS} +ServerIdentifier= samba4 + +inst_dir= ${LDAPDIR}/slapd-samba4 +config_dir= ${LDAPDIR}/slapd-samba4 +schema_dir= ${LDAPDIR}/slapd-samba4/schema +lock_dir= ${LDAPDIR}/slapd-samba4/lock +log_dir= ${LDAPDIR}/slapd-samba4/logs +run_dir= ${LDAPDIR}/slapd-samba4/logs +db_dir= ${LDAPDIR}/slapd-samba4/db +bak_dir= ${LDAPDIR}/slapd-samba4/bak +tmp_dir= ${LDAPDIR}/slapd-samba4/tmp +ldif_dir= ${LDAPDIR}/slapd-samba4/ldif +cert_dir= ${LDAPDIR}/slapd-samba4 + +start_server= 0 +install_full_schema= 0
\ No newline at end of file diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend new file mode 100755 index 0000000000..6a5ec3e892 --- /dev/null +++ b/source4/setup/provision-backend @@ -0,0 +1,114 @@ +#!/bin/sh +exec smbscript "$0" ${1+"$@"} +/* + provision a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +options = GetOptions(ARGV, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", + 'realm=s', + 'host-name=s', + 'ldap-manager-pass=s', + 'root=s', + 'quiet', + 'ldap-backend-type=s'); + +if (options == undefined) { + println("Failed to parse options"); + return -1; +} + +sys = sys_init(); + +libinclude("base.js"); +libinclude("provision.js"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 provisioning + +provision [options] + --realm REALM set realm + --host-name HOSTNAME set hostname + --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) + --root USERNAME choose 'root' unix username + --quiet Be quiet + --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure + --ldap-module= MODULE LDB mapping module to use for the LDAP backend +You must provide at least a realm and ldap-backend-type + +"); + exit(1); +} + +if (options['host-name'] == undefined) { + options['host-name'] = hostname(); +} + +/* + main program +*/ +if (options["realm"] == undefined || + options["ldap-backend-type"] == undefined || + options["host-name"] == undefined) { + ShowHelp(); +} + +/* cope with an initially blank smb.conf */ +var lp = loadparm_init(); +lp.set("realm", options.realm); +lp.reload(); + +var subobj = provision_guess(); +for (r in options) { + var key = strupper(join("", split("-", r))); + subobj[key] = options[r]; +} + +var ldapbackend = (options["ldap-backend-type"] != undefined); + +var paths = provision_default_paths(subobj); +provision_fix_subobj(subobj, message, paths); +message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); +message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS); + +var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; +sys.mkdir(subobj.LDAPDIR, 0700); + +provision_schema(subobj, message, tmp_schema_ldb, paths); + +var mapping; +var ext; +if (options["ldap-backend-type"] == "fedora-ds") { + mapping = "schema-map-fedora-ds-1.0"; + ext = "ldif"; + setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); + setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); +} else if (options["ldap-backend-type"] == "openldap") { + mapping = "schema-map-openldap-2.3"; + ext = "schema"; + setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); +} +message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n"); + +message("All OK\n"); +return 0; diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf new file mode 100644 index 0000000000..a6fe73a4de --- /dev/null +++ b/source4/setup/slapd.conf @@ -0,0 +1,73 @@ +loglevel 0 + +include ${LDAPDIR}/backend-schema.schema + +pidfile ${LDAPDIR}/slapd.pid +argsfile ${LDAPDIR}/slapd.args +sasl-realm ${DNSDOMAIN} +access to * by * write + +allow update_anon + +authz-regexp + uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth + ldap:///${DOMAINDN}??sub?(samAccountName=\$1) + +authz-regexp + uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth + ldap:///${DOMAINDN}??sub?(samAccountName=\$1) + +include $modconf + +defaultsearchbase \"${DOMAINDN}\" + +backend bdb +database bdb +suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\" +directory ${LDAPDIR}/db/schema +index objectClass eq +index samAccountName eq +index name eq +index objectCategory eq +index lDAPDisplayName eq +index subClassOf eq + +database bdb +suffix \"cn=Configuration,${DOMAINDN}\" +directory ${LDAPDIR}/db/config +index objectClass eq +index samAccountName eq +index name eq +index objectSid eq +index objectCategory eq +index nCName eq pres +index subClassOf eq +index dnsRoot eq +index nETBIOSName eq pres + +database bdb +suffix \"${DOMAINDN}\" +rootdn \"cn=Manager,${DOMAINDN}\" +rootpw ${LDAPMANAGERPASS} +directory ${LDAPDIR}/db/user +index objectClass eq +index samAccountName eq +index name eq +index objectSid eq +index objectCategory eq +index member eq +index uidNumber eq +index gidNumber eq +index unixName eq +index privilege eq +index nCName eq pres +index lDAPDisplayName eq +index subClassOf eq +index dnsRoot eq +index nETBIOSName eq pres + +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 |