diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-12-27 04:18:54 -0600 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2007-12-26 22:21:01 -0600 |
commit | 8ff2de3f294af0f4ffd03eda015f01da13fba2dd (patch) | |
tree | 92c37b482231efb78368455f34c0be5899ee4cb7 /source4 | |
parent | 6ac5221680d0a8f7f41823893d1bf90d61c392e5 (diff) | |
download | samba-8ff2de3f294af0f4ffd03eda015f01da13fba2dd.tar.gz samba-8ff2de3f294af0f4ffd03eda015f01da13fba2dd.tar.bz2 samba-8ff2de3f294af0f4ffd03eda015f01da13fba2dd.zip |
r26610: Write out a memberof.conf, to run the memberof plugin on all linked
attributes, as found in the schema.
Index 'cn', as otherwise exact match searches on this attribute always
fail (need to figure out what is so special about cn in OpenLDAP).
Andrew Bartlett
(This used to be commit 5a4a2d10bc5729d4adac4b173b0dc05e2e076c32)
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/setup/provision-backend | 30 | ||||
-rw-r--r-- | source4/setup/slapd.conf | 5 |
2 files changed, 35 insertions, 0 deletions
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index b713595a7e..83fda33519 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -141,6 +141,36 @@ if (options["ldap-backend-type"] == "fedora-ds") { } else { slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; } + + var ldb = ldb_init(); + ldb.filename = tmp_schema_ldb; + + var connect_ok = ldb.connect(ldb.filename); + assert(connect_ok); + var attrs = new Array("linkID", "lDAPDisplayName"); + var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + var memberof_config = ""; + for (i=0; i < res.msgs.length; i++) { +searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); + var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); + if (target != undefined) { + memberof_config = memberof_config + "overlay memberof +memberof-dangling error +memberof-refint TRUE +memberof-group-oc top +memberof-member-ad " + res.msgs[i].lDAPDisplayName + " +memberof-memberof-ad " + target + " + +"; + } + } + ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); + if (!ok) { + message("failed to create file: " + f + "\n"); + assert(ok); + } + } var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 446facbf3d..d50e5708fb 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -31,6 +31,7 @@ index name eq index objectCategory eq index lDAPDisplayName eq index subClassOf eq +index cn eq database hdb suffix ${CONFIGDN} @@ -44,6 +45,7 @@ index nCName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq database hdb suffix ${DOMAINDN} @@ -65,9 +67,12 @@ index lDAPDisplayName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 + +include ${LDAPDIR}/memberof.conf |