r23189: Work towards a totally scripted setup of LDAP backends, so others can

easily try this out. I also intend to use this for the selftest, but I'm chasing issues with the OpenlDAP (but not Fedora DS) backend. Andrew Bartlett (This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
author: Andrew Bartlett <abartlet@samba.org> 2007-05-29 12:18:41 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 14:53:02 -0500
commit: 86a4886e393189b7679ec6220d4d59bb6ef1b50e (patch)
tree: b4adcdc877e7d0d08127925bb7a18c972d06e1c9 /source4
parent: fbe7d8cbc5df572024098bfae2ad2666cd4bcc47 (diff)
download: samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.gz
samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.bz2
samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.zip
8 files changed, 52 insertions, 20 deletions
diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh
index a714783aec..84785312a9 100755
--- a/source4/script/installmisc.sh
+++ b/source4/script/installmisc.sh
@@ -15,6 +15,7 @@ cp scripting/libjs/*.js $JSDIR || exit 1
 echo "Installing setup templates"
 mkdir -p $SETUPDIR || exit 1
 cp setup/schema-map-* $SETUPDIR || exit 1
+cp setup/DB_CONFIG $SETUPDIR || exit 1
 cp setup/*.inf $SETUPDIR || exit 1
 cp setup/*.ldif $SETUPDIR || exit 1
 cp setup/*.zone $SETUPDIR || exit 1
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index d25c0f38eb..7e55930a1a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -385,10 +385,10 @@ function provision_default_paths(subobj)
 	paths.keytab = "secrets.keytab";
 	paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
 	paths.winsdb = "wins.ldb";
-	paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
-	paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif";
-	paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif";
 	paths.ldapdir = lp.get("private dir") + "/ldap";
+	paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
+	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
+	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
 	return paths;
 }
 
@@ -793,6 +793,8 @@ function provision_ldapbase(subobj, message, paths)
 
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
+	sys.mkdir(paths.ldapdir, 0700);
+
 	setup_file("provision_basedn.ldif", 
 		   message, paths.ldap_basedn_ldif, 
 		   subobj);
@@ -805,7 +807,6 @@ function provision_ldapbase(subobj, message, paths)
 		   message, paths.ldap_schema_basedn_ldif, 
 		   subobj);
 
-	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
 }
 
 
diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm
index 297391e38f..42dc989c56 100644
--- a/source4/selftest/Samba4.pm
+++ b/source4/selftest/Samba4.pm
@@ -422,8 +422,8 @@ moduleload	syncprov
 	}
 
 	system("slaptest -u -f $slapd_conf") == 0 or die("slaptest still fails after adding modules");
-	system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
-	system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
+	system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
+	system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
 
     system("slaptest -u -f $slapd_conf >/dev/null") == 0 or 
 		die ("slaptest after database load failed");
@@ -458,7 +458,7 @@ sub provision($$$$$$)
 	my $winbindd_socket_dir = "$prefix_abs/winbind_socket";
 
 	my $configuration = "--configfile=$conffile";
-	my $ldapdir = "$prefix_abs/ldap";
+	my $ldapdir = "$privatedir/ldap";
 
 	my $tlsdir = "$privatedir/tls";
 
diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif
index 7533b1583a..12855f9c70 100644
--- a/source4/setup/fedorads-partitions.ldif
+++ b/source4/setup/fedorads-partitions.ldif
@@ -1,4 +1,4 @@
-dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config
+dn: cn="${CONFIGDN}",cn=mapping tree,cn=config
 objectclass: top
 objectclass: extensibleObject
 objectclass: nsMappingTree
@@ -12,7 +12,7 @@ objectclass: nsBackendInstance
 nsslapd-suffix: ${CONFIGDN}
 cn: configData
 
-dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config
+dn: cn="${SCHEMADN}",cn=mapping tree,cn=config
 objectclass: top
 objectclass: extensibleObject
 objectclass: nsMappingTree
diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf
index a5d282d392..785e65ce56 100644
--- a/source4/setup/fedorads.inf
+++ b/source4/setup/fedorads.inf
@@ -9,6 +9,7 @@ Suffix= ${DOMAINDN}
 RootDN= cn=Manager,${DOMAINDN}
 RootDNPwd= ${LDAPMANAGERPASS}
 ServerIdentifier= samba4
+${SERVERPORT}
 
 inst_dir= ${LDAPDIR}/slapd-samba4
 config_dir= ${LDAPDIR}/slapd-samba4
diff --git a/source4/setup/provision b/source4/setup/provision
index 2a3ddecd3e..3c5d31dc0f 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -150,6 +150,7 @@ message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 message("Using administrator password: %s\n", subobj.ADMINPASS);
 if (ldapbase) {
 	provision_ldapbase(subobj, message, paths);
+	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
 } else if (partitions_only) {
 	provision_become_dc(subobj, message, false, paths, system_session);
 } else {
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index 6a5ec3e892..9c1649ac3e 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -16,7 +16,8 @@ options = GetOptions(ARGV,
 		'ldap-manager-pass=s',
 		'root=s',
 		'quiet',
-		'ldap-backend-type=s');
+		'ldap-backend-type=s',
+                'ldap-backend-port=i');
 
 if (options == undefined) {
    println("Failed to parse options");
@@ -52,8 +53,8 @@ provision [options]
  --ldap-manager-pass	PASSWORD	choose LDAP Manager password (otherwise random)
  --root         USERNAME	choose 'root' unix username
  --quiet			Be quiet
- --ldap-backend-type LDAPSERVER     Select either \"openldap\" or \"fedora-ds\" as a target to configure
- --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
+ --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
+ --ldap-backend-port PORT       Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only)
 You must provide at least a realm and ldap-backend-type
 
 ");
@@ -84,13 +85,12 @@ for (r in options) {
 	subobj[key] = options[r];
 }
 
-var ldapbackend = (options["ldap-backend-type"] != undefined);
+
 
 var paths = provision_default_paths(subobj);
 provision_fix_subobj(subobj, message, paths);
 message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR);
 message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS);
-
 var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb";
 sys.mkdir(subobj.LDAPDIR, 0700);
 
@@ -101,12 +101,40 @@ var ext;
 if (options["ldap-backend-type"] == "fedora-ds") {
 	mapping = "schema-map-fedora-ds-1.0";
 	ext = "ldif";
+	if (options["ldap-backend-port"] != undefined) {
+		message("Will listen on TCP port " + options["ldap-backend-port"] + "\n");
+		subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"];
+	} else {
+		message("Will listen on LDAPI only\n");
+		subobj.SERVERPORT="";
+	}
 	setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj);
 	setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj);
 } else if (options["ldap-backend-type"] == "openldap") {
+	provision_ldapbase(subobj, message, paths);
 	mapping = "schema-map-openldap-2.3";
 	ext = "schema";
 	setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
+	setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj);
+	sys.mkdir(subobj.LDAPDIR + "/db", 0700);
+	subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user";
+	sys.mkdir(subobj.LDAPDBDIR, 0700);
+	sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+	sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+	setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+	subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config";
+	sys.mkdir(subobj.LDAPDBDIR, 0700);
+	sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+	sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+	setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+	subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema";
+	sys.mkdir(subobj.LDAPDBDIR, 0700);
+	sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+	sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+	setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+	if (options["ldap-backend-port"] != undefined) {
+		message("NOTE: OpenLDAP TCP ports are controlled on the command line, not in the generated config file\n");
+	}
 }
 message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n");
 
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index a6fe73a4de..770c688f35 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -17,13 +17,13 @@ authz-regexp
           uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
           ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
 
-include $modconf
+include ${LDAPDIR}/modules.conf
 
-defaultsearchbase \"${DOMAINDN}\"
+defaultsearchbase ${DOMAINDN}
 
 backend		bdb
 database        bdb
-suffix		\"cn=Schema,cn=Configuration,${DOMAINDN}\"
+suffix		${SCHEMADN}
 directory	${LDAPDIR}/db/schema
 index           objectClass eq
 index           samAccountName eq
@@ -33,7 +33,7 @@ index lDAPDisplayName eq
 index subClassOf eq
 
 database        bdb
-suffix		\"cn=Configuration,${DOMAINDN}\"
+suffix		${CONFIGDN}
 directory	${LDAPDIR}/db/config
 index           objectClass eq
 index           samAccountName eq
@@ -46,8 +46,8 @@ index dnsRoot eq
 index nETBIOSName eq pres
 
 database        bdb
-suffix		\"${DOMAINDN}\"
-rootdn          \"cn=Manager,${DOMAINDN}\"
+suffix		${DOMAINDN}
+rootdn          cn=Manager,${DOMAINDN}
 rootpw          ${LDAPMANAGERPASS}
 directory	${LDAPDIR}/db/user
 index           objectClass eq
author	Andrew Bartlett <abartlet@samba.org>	2007-05-29 12:18:41 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 14:53:02 -0500
commit	86a4886e393189b7679ec6220d4d59bb6ef1b50e (patch)
tree	b4adcdc877e7d0d08127925bb7a18c972d06e1c9 /source4
parent	fbe7d8cbc5df572024098bfae2ad2666cd4bcc47 (diff)
download	samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.gz samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.tar.bz2 samba-86a4886e393189b7679ec6220d4d59bb6ef1b50e.zip