Age | Commit message (Collapse) | Author | Files | Lines |
|
This should help debug problems with 'make test' of the LDAP backend,
if a stray listener is still around.
Andrew Bartlett
|
|
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
|
|
To choose the process model, set the environment variable
SAMBA_PROCESS_MODEL to the desired model. This will allow us to enable
the standard process model for some machines in the build farm without
enabling it for all of them. I don't want to just enable it
universally as I am concerned with total memory using during some of
the tests.
|
|
I think we are missing some important messages from the server during
'make test' because we don't show the log file contents during
runs. This patch uses tee to put the log messages to stderr so we can
see any server messages associated with the test that caused them.
|
|
The provision-backend script now starts slapd for us
Andrew Bartlett
|
|
In the releases of OpenLDAP we require (2.4.17) it can guess this much
itself, so no need for us to do it.
Andrew Bartlett
|
|
heres the summary of all changes/extensions:
- Andrew Bartlett's patch to generate indext
- Howard Chu's idea to use nosync on the DB included, but made optional
- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when
openldap-backend is chosen.
its also used for olc-conversion
- slapd-detection is now always done by ldapsearch (ldb module),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.
- if ldapsearch was not successfull, (no slapd listening on our socket)
slapd is
started via special generated slapdcommand_prov (ldapi_uri only)
- slapd-"provision-process" startup is done via pythons subprocess.
- the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid.
- after provision-backend is finished:
--- slapd.pid is compared with our stored slapd_provision_pid.
if the are unique, slapd.pid will be read out, and the
slapd "provison"-process will be shut down.
--- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri
-> rootDSE.
--- if the pids are different or one of the pid-files is missing, slapd
will not be shut down,
instead an error message is displayed to locate slapd manually
--- extended help-messages (relevant to slapd) are always displayed,
e.g. the commandline with which slapd has to be started when everythings
finished
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))
- upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
|
|
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
|
|
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ. (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
Andrew Bartlett
|
|
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
|
|
|
|
metze
|
|
The versions of OpenLDAP that we require don't need us to specify the
location any more - slaptest knows this from it's build time.
Andrew Bartlett
|
|
|
|
metze
|
|
metze
|
|
metze
|
|
provision_raw_run()
This functions will be reused soon for a Samba34.pm used by
a 'make selftest34'
metze
|
|
metze
|
|
metze
|
|
metze
|
|
We support "local" and "client" (default) now.
We can decide if we want to run a client against the server
(with a special client.conf) or if we want to run tests localy
on the server with the same config as the server.
metze
|
|
metze
|
|
metze
|
|
pathes
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
metze
|
|
Conflicts:
selftest/selftest.pl
|
|
|