s4:provision Rework and further automate setup of OpenLDAP backend

heres the summary of all changes/extensions:

- Andrew Bartlett's patch to generate indext
- Howard Chu's idea to use nosync on the DB included, but made optional

- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when
openldap-backend is chosen.
its also used for olc-conversion

- slapd-detection is now always done by ldapsearch (ldb module),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.

- if ldapsearch was not successfull, (no slapd listening on our socket)
slapd is
started via special generated slapdcommand_prov  (ldapi_uri only)

- slapd-"provision-process" startup is done via pythons subprocess.

- the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid.

- after provision-backend is finished:
--- slapd.pid is compared with our stored slapd_provision_pid.
if the are unique, slapd.pid will be read out, and the
slapd "provison"-process will be shut down.
--- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri
-> rootDSE.
--- if the pids are different or one of the pid-files is missing, slapd
will not be shut down,
instead an error message is displayed to locate slapd manually
--- extended help-messages (relevant to slapd) are always displayed,
e.g. the commandline with which slapd has to be started when everythings
finished
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))

- upgraded the content of the mini-howto (howto-ol-backend-s4.txt)

2 files changed, 13 insertions, 40 deletions

diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index 28e73ae302..5cf0f8bf6d 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -55,6 +55,7 @@ parser.add_option("--ldap-admin-pass", type="string", metavar="PASSWORD",
 parser.add_option("--root", type="string", metavar="USERNAME", 
 		help="choose 'root' unix username")
 parser.add_option("--quiet", help="Be quiet", action="store_true")
+parser.add_option("--nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
 parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", 
 		help="LDB mapping module to use for the LDAP backend",
 		choices=["fedora-ds", "openldap"])
@@ -66,12 +67,12 @@ parser.add_option("--server-role", type="choice", metavar="ROLE",
 parser.add_option("--targetdir", type="string", metavar="DIR", 
 		          help="Set target directory")
 parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
-                help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/  (where <PORT> has to be different from 389!) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)")
+                help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/  (where <PORT> has to be different than 389!) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)")
 parser.add_option("--ol-olc", type="choice", metavar="OPENLDAP-OLC", 
-		help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'. Note: Only OpenLDAP-Versions greater or equal 2.4.15 should be used!",
+		help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'.",
 		choices=["yes", "no"])
-parser.add_option("--ol-slaptest", type="string", metavar="SLAPTEST-PATH", 
-		help="Path to slaptest-binary [e.g.:'/usr/local/sbin']. Only for use with --ol-olc='yes'")
+parser.add_option("--ol-slapd", type="string", metavar="SLAPD-PATH", 
+		help="Path to OpenLDAP-Daemon (slapd) [e.g.:'/usr/local/libexec']. Recommended for Setup with OpenLDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.") 
 
 opts = parser.parse_args()[0]
 
@@ -110,5 +111,5 @@ provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetd
 		  ldap_backend_port=opts.ldap_backend_port,
 		  ol_mmr_urls=opts.ol_mmr_urls,
 		  ol_olc=opts.ol_olc,
-		  ol_slaptest=opts.ol_slaptest)
-
+		  ol_slapd=opts.ol_slapd,
+		  nosync=opts.nosync)
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 09dffbbfa3..8f443b936f 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -74,14 +74,8 @@ database        hdb
 suffix		${SCHEMADN}
 rootdn          cn=Manager,${SCHEMADN}
 directory	${LDAPDIR}/db/schema
-index           objectClass eq
-index           samAccountName eq
-index name eq
-index objectCategory eq
-index lDAPDisplayName eq
-index subClassOf eq
-index cn eq
-index entryUUID,entryCSN eq
+${NOSYNC}
+${INDEX_CONFIG}
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We need this for the contextCSN attribute and mmr.
@@ -100,17 +94,8 @@ database        hdb
 suffix		${CONFIGDN}
 rootdn          cn=Manager,${CONFIGDN}
 directory	${LDAPDIR}/db/config
-index           objectClass eq
-index           samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index nCName eq
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq
-index cn eq
-index entryUUID,entryCSN eq
+${NOSYNC}
+${INDEX_CONFIG}
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We need this for the contextCSN attribute and mmr.
@@ -128,21 +113,8 @@ database        hdb
 suffix		${DOMAINDN}
 rootdn          cn=Manager,${DOMAINDN}
 directory	${LDAPDIR}/db/user
-index           objectClass eq
-index           samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index member eq
-index uidNumber eq
-index gidNumber eq
-index nCName eq
-index lDAPDisplayName eq
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq
-index cn eq
-index entryUUID,entryCSN eq
+${NOSYNC}
+${INDEX_CONFIG}
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We need this for the contextCSN attribute and mmr.