summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-05-29 01:20:47 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:53:00 -0500
commit5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519 (patch)
tree7bfef694058416ed31fcce643f65b04977fcd419 /source4/setup
parentb8b580dbcb0468306b89e0a37589700dee6ca7b8 (diff)
downloadsamba-5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519.tar.gz
samba-5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519.tar.bz2
samba-5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519.zip
r23177: Add in a new provision-backend script. This helps set up the OpenLDAP or Fedora DS backend.
This required a new mkdir() call in ejs. We can now provision just the schema for ad2oLschema to operate on (with provision_schema(), without performing the whole provision, just to wipe it again (adjustments to 'make test' to come soon). Andrew Bartlett (This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec)
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/fedorads-partitions.ldif28
-rw-r--r--source4/setup/fedorads.inf26
-rwxr-xr-xsource4/setup/provision-backend114
-rw-r--r--source4/setup/slapd.conf73
4 files changed, 241 insertions, 0 deletions
diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif
new file mode 100644
index 0000000000..7533b1583a
--- /dev/null
+++ b/source4/setup/fedorads-partitions.ldif
@@ -0,0 +1,28 @@
+dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config
+objectclass: top
+objectclass: extensibleObject
+objectclass: nsMappingTree
+nsslapd-state: backend
+nsslapd-backend: configData
+cn: ${CONFIGDN}
+
+dn: cn=configData,cn=ldbm database,cn=plugins,cn=config
+objectclass: extensibleObject
+objectclass: nsBackendInstance
+nsslapd-suffix: ${CONFIGDN}
+cn: configData
+
+dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config
+objectclass: top
+objectclass: extensibleObject
+objectclass: nsMappingTree
+nsslapd-state: backend
+nsslapd-backend: schemaData
+cn: ${SCHEMADN}
+
+dn: cn=schemaData,cn=ldbm database,cn=plugins,cn=config
+objectclass: extensibleObject
+objectclass: nsBackendInstance
+nsslapd-suffix: ${SCHEMADN}
+cn: schemaData
+
diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf
new file mode 100644
index 0000000000..a5d282d392
--- /dev/null
+++ b/source4/setup/fedorads.inf
@@ -0,0 +1,26 @@
+[General]
+SuiteSpotUserID = ${ROOT}
+FullMachineName= ${HOSTNAME}.${DNSDOMAIN}
+ServerRoot= ${LDAPDIR}
+
+[slapd]
+ldapifilepath=${LDAPDIR}/ldapi
+Suffix= ${DOMAINDN}
+RootDN= cn=Manager,${DOMAINDN}
+RootDNPwd= ${LDAPMANAGERPASS}
+ServerIdentifier= samba4
+
+inst_dir= ${LDAPDIR}/slapd-samba4
+config_dir= ${LDAPDIR}/slapd-samba4
+schema_dir= ${LDAPDIR}/slapd-samba4/schema
+lock_dir= ${LDAPDIR}/slapd-samba4/lock
+log_dir= ${LDAPDIR}/slapd-samba4/logs
+run_dir= ${LDAPDIR}/slapd-samba4/logs
+db_dir= ${LDAPDIR}/slapd-samba4/db
+bak_dir= ${LDAPDIR}/slapd-samba4/bak
+tmp_dir= ${LDAPDIR}/slapd-samba4/tmp
+ldif_dir= ${LDAPDIR}/slapd-samba4/ldif
+cert_dir= ${LDAPDIR}/slapd-samba4
+
+start_server= 0
+install_full_schema= 0 \ No newline at end of file
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
new file mode 100755
index 0000000000..6a5ec3e892
--- /dev/null
+++ b/source4/setup/provision-backend
@@ -0,0 +1,114 @@
+#!/bin/sh
+exec smbscript "$0" ${1+"$@"}
+/*
+ provision a Samba4 server
+ Copyright Andrew Tridgell 2005
+ Released under the GNU GPL v2 or later
+*/
+
+options = GetOptions(ARGV,
+ "POPT_AUTOHELP",
+ "POPT_COMMON_SAMBA",
+ "POPT_COMMON_VERSION",
+ "POPT_COMMON_CREDENTIALS",
+ 'realm=s',
+ 'host-name=s',
+ 'ldap-manager-pass=s',
+ 'root=s',
+ 'quiet',
+ 'ldap-backend-type=s');
+
+if (options == undefined) {
+ println("Failed to parse options");
+ return -1;
+}
+
+sys = sys_init();
+
+libinclude("base.js");
+libinclude("provision.js");
+
+/*
+ print a message if quiet is not set
+*/
+function message()
+{
+ if (options["quiet"] == undefined) {
+ print(vsprintf(arguments));
+ }
+}
+
+/*
+ show some help
+*/
+function ShowHelp()
+{
+ print("
+Samba4 provisioning
+
+provision [options]
+ --realm REALM set realm
+ --host-name HOSTNAME set hostname
+ --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random)
+ --root USERNAME choose 'root' unix username
+ --quiet Be quiet
+ --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
+ --ldap-module= MODULE LDB mapping module to use for the LDAP backend
+You must provide at least a realm and ldap-backend-type
+
+");
+ exit(1);
+}
+
+if (options['host-name'] == undefined) {
+ options['host-name'] = hostname();
+}
+
+/*
+ main program
+*/
+if (options["realm"] == undefined ||
+ options["ldap-backend-type"] == undefined ||
+ options["host-name"] == undefined) {
+ ShowHelp();
+}
+
+/* cope with an initially blank smb.conf */
+var lp = loadparm_init();
+lp.set("realm", options.realm);
+lp.reload();
+
+var subobj = provision_guess();
+for (r in options) {
+ var key = strupper(join("", split("-", r)));
+ subobj[key] = options[r];
+}
+
+var ldapbackend = (options["ldap-backend-type"] != undefined);
+
+var paths = provision_default_paths(subobj);
+provision_fix_subobj(subobj, message, paths);
+message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR);
+message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS);
+
+var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb";
+sys.mkdir(subobj.LDAPDIR, 0700);
+
+provision_schema(subobj, message, tmp_schema_ldb, paths);
+
+var mapping;
+var ext;
+if (options["ldap-backend-type"] == "fedora-ds") {
+ mapping = "schema-map-fedora-ds-1.0";
+ ext = "ldif";
+ setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj);
+ setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj);
+} else if (options["ldap-backend-type"] == "openldap") {
+ mapping = "schema-map-openldap-2.3";
+ ext = "schema";
+ setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
+}
+message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n");
+
+message("All OK\n");
+return 0;
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
new file mode 100644
index 0000000000..a6fe73a4de
--- /dev/null
+++ b/source4/setup/slapd.conf
@@ -0,0 +1,73 @@
+loglevel 0
+
+include ${LDAPDIR}/backend-schema.schema
+
+pidfile ${LDAPDIR}/slapd.pid
+argsfile ${LDAPDIR}/slapd.args
+sasl-realm ${DNSDOMAIN}
+access to * by * write
+
+allow update_anon
+
+authz-regexp
+ uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
+ ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+
+authz-regexp
+ uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
+ ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+
+include $modconf
+
+defaultsearchbase \"${DOMAINDN}\"
+
+backend bdb
+database bdb
+suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\"
+directory ${LDAPDIR}/db/schema
+index objectClass eq
+index samAccountName eq
+index name eq
+index objectCategory eq
+index lDAPDisplayName eq
+index subClassOf eq
+
+database bdb
+suffix \"cn=Configuration,${DOMAINDN}\"
+directory ${LDAPDIR}/db/config
+index objectClass eq
+index samAccountName eq
+index name eq
+index objectSid eq
+index objectCategory eq
+index nCName eq pres
+index subClassOf eq
+index dnsRoot eq
+index nETBIOSName eq pres
+
+database bdb
+suffix \"${DOMAINDN}\"
+rootdn \"cn=Manager,${DOMAINDN}\"
+rootpw ${LDAPMANAGERPASS}
+directory ${LDAPDIR}/db/user
+index objectClass eq
+index samAccountName eq
+index name eq
+index objectSid eq
+index objectCategory eq
+index member eq
+index uidNumber eq
+index gidNumber eq
+index unixName eq
+index privilege eq
+index nCName eq pres
+index lDAPDisplayName eq
+index subClassOf eq
+index dnsRoot eq
+index nETBIOSName eq pres
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We only need this for the contextCSN attribute anyway....
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100