summaryrefslogtreecommitdiff
path: root/source4/setup/provision-backend
AgeCommit message (Collapse)AuthorFilesLines
2009-08-17s4:provision Rework provision-backend into provisionAndrew Bartlett1-119/+0
This removes a *lot* of duplicated code and the cause of much administrator frustration. We now handle starting and stopping the slapd (at least for the provision), and ensure that there is only one 'right' way to configure the OpenLDAP and Fedora DS backend We now run OpenLDAP in 'cn=config' mode for online configuration. To test what was the provision-backend code, a new --ldap-dryrun-mode option has been added to provision. It quits the provision just before it would start the LDAP binaries Andrew Bartlett
2009-08-12s4:provision Allow provision-backend to not run slapd for 'make test'Andrew Bartlett1-1/+5
As the version of OpenLDAP required for Samba4 is fairly new, we don't want to make it a requirement before this python code is run in 'make test'. As such, skip over the actual starting of slapd, but check the rest runs alright (which still validates syntax and other modules). Andrew Bartlett
2009-08-12s4:provision Make the --ol-slapd paramter take the full path to slapdAndrew Bartlett1-1/+1
2009-08-12s4:provision Rework and further automate setup of OpenLDAP backendOliver Liebel1-6/+7
heres the summary of all changes/extensions: - Andrew Bartlett's patch to generate indext - Howard Chu's idea to use nosync on the DB included, but made optional - slaptest-path is not needed any more (slapd -Ttest is used instead) and is therefore removed. slapd-path is now recommended when openldap-backend is chosen. its also used for olc-conversion - slapd-detection is now always done by ldapsearch (ldb module), looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri. - if ldapsearch was not successfull, (no slapd listening on our socket) slapd is started via special generated slapdcommand_prov (ldapi_uri only) - slapd-"provision-process" startup is done via pythons subprocess. - the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid. - after provision-backend is finished: --- slapd.pid is compared with our stored slapd_provision_pid. if the are unique, slapd.pid will be read out, and the slapd "provison"-process will be shut down. --- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri -> rootDSE. --- if the pids are different or one of the pid-files is missing, slapd will not be shut down, instead an error message is displayed to locate slapd manually --- extended help-messages (relevant to slapd) are always displayed, e.g. the commandline with which slapd has to be started when everythings finished (slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt)) - upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
2009-02-25Updates to the recent cn=config support for the OpenLDAP backendOliver Liebel1-2/+3
- removed workaround for olcSyncprovConfig - creation (works perfect now with 2.4.15, release was today) - added 1 message-helpline, which is displayed when running provision-backend with olc and/or mmr setup - corrected 1 wrong slapcommand-helpline - slapd.conf is removed now in case of olc-setup - added 1 copyright-line to provision.py and provision-backend Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-02-24Added mmr and olc to the OpenLDAP backend provisioning-scriptsOliver Liebel1-3/+9
These extensions add mmr (multi-master-replication) and olc (openldap-online-configuration) capabilities to the provisioning-scripts (provision-backend and provision.py), for use with the openldap-backend (only versions >=2.4.15!). Changes / additions made to the provision-backend -script: added new command-line-options: --ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr (can be combined with --ol-olc=yes), --ol-olc=[yes/no] (activate automatic conversion from static slapd.conf to olc), --ol-slaptest=<path to slaptest binary> (needed in conjunction with --ol-olc=yes) Changes / additions made to the provision.py -script: added extensions, that will automatically generate the chosen mmr and/or olc setup for the openldap backend, according to the to chosen parameters set in the provision-backend script Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-02-11Use convenience function for finding setup_dir based on location ofJelmer Vernooij1-2/+2
python module.
2009-01-21Use script path to find the setup directory.Jelmer Vernooij1-1/+1
2009-01-19Make sure server_role gets initialized in backend provisioning code -Jelmer Vernooij1-1/+1
fixes test.
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij1-1/+1
2008-12-19Avoid use of parentheses in Python import statements, as it's not supported ↵Jelmer Vernooij1-1/+1
by Python2.3.
2008-08-20Update OpenLDAP MMR configuration per comments by Oliver LiebelAndrew Bartlett1-1/+1
<oliver@itc.li> This changes the RIDs to be <serverID><DBID>, to ease later debugging. The need to specify the port on the MMR URLs is now included in the help. Andrew Bartlett (This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
2008-08-19Generate Multi-Master Replication configuration for OpenLDAPOliver Liebel1-1/+6
This patches provision-backend and the related scripts to generate the correct configuration blobs for N-way multi-master replication using OpenLDAP. Signed-off-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
2008-07-15Rework provision to handle both simple and SASL binds.Andrew Bartlett1-3/+3
Fedora DS is still setup for simple binds only, at this point. (it also fails on other issues). Andrew Bartlett (This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
2008-05-23Fix imports for provision-backend.Jelmer Vernooij1-3/+6
This needs a blackbox test... (This used to be commit 268c1de095411991ffb22ee835bfb88f8bce235a)
2008-04-08Re-add support for the --ldap-backend-port option to provision-backendAndrew Bartlett1-7/+8
This option allows Fedora DS multi-master replication to work. I've tried to update the wiki and scripts to the largely consistant with each other. Andrew Bartlett (This used to be commit 42393c830733b2cc99ebccdafe944fcf3d82734f)
2008-03-13Update the provision scripts and selftest for LDAPAndrew Bartlett1-3/+3
This should allow us to provision onto an OpenLDAP backend again. Also ensure we always have a sysvol and netlogon share in the selftest environment. Andrew Bartlett (This used to be commit b2d9b03ba3434e76d4d476233a198728523d17f9)
2008-03-13Upgrade provision-backend to python.Andrew Bartlett1-189/+98
This required a large rework of the provision code, so as to move much of the 'guess' logic into subprocedures, rather than just inline in the provision code. Andrew Bartlett (This used to be commit a0754c2a857217ca831c2295b17255d8f38dfbc2)
2008-01-17provision: simplfy by removing old code to manually create baseDNs.Andrew Bartlett1-3/+2
Previously, we would create the first record in the DB as an LDIF file, with the expectation that the administrator would use slapadd to create the database. We now do everything over LDAP, which is far simpler, and allows the LDB module chain to do its work, without special cases. Also fix naming of the output schema when suggesting the comamnd line to run ad2oLschema in provision-backend. Andrew Bartlett (This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f)
2008-01-17OpenLDAP backend: Place the refint overlay after the memberof overlayAndrew Bartlett1-2/+3
This still doesn't work for me, but is the recommended order. Andrew Bartlett (This used to be commit 4c869c54c2b8125fc88e58bbfddf1975476978a5)
2008-01-16Start generating a configuration for the refint overlay. ThisAndrew Bartlett1-0/+7
OpenLDAP module should ensure that after a subtree rename, attributes are still consistant. Andrew Bartlett (This used to be commit f7f765c29b1aca1179a47bdd8712917c3f244f15)
2007-12-31r26635: The OpenLDAP folks have been very accommodating, and their memberof ↵Andrew Bartlett1-0/+1
plugin allows the error being returned to be adjusted. Andrew Bartlett (This used to be commit f2731fddf07dfda5d69ad19851dab8f82b05f1a5)
2007-12-26r26610: Write out a memberof.conf, to run the memberof plugin on all linkedAndrew Bartlett1-0/+30
attributes, as found in the schema. Index 'cn', as otherwise exact match searches on this attribute always fail (need to figure out what is so special about cn in OpenLDAP). Andrew Bartlett (This used to be commit 5a4a2d10bc5729d4adac4b173b0dc05e2e076c32)
2007-12-21r25616: Fedora DS now has a way to install the schema and extra configurationAndrew Bartlett1-4/+4
as part of the setup inf file. Andrew Bartlett (This used to be commit 6c8987464e198430885b9e71b54fed6758886fdd)
2007-10-10r23717: We need to remove the _ in LDAP_MANAGERPASS for theAndrew Bartlett1-1/+1
--ldap-manager-pass= option to work. Andrew Bartlett (This used to be commit fbcb1ec14125a4ca57922ec75b01af9a99dcd954)
2007-10-10r23716: Clarify LDAP Manager DN and fix slapd startup syntax.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 17dad5d8c345c2c3a7643bff7a43473339a22d40)
2007-10-10r23715: Make the provision-backend script print out the exact commands to run,Andrew Bartlett1-2/+11
to set up the LDAP backend. Andrew Bartlett (This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
2007-10-10r23703: Start to get Samba4 to again work with LDAP backends, after I turnedAndrew Bartlett1-1/+1
on metze's schema work. Andrew Bartlett (This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
2007-10-10r23189: Work towards a totally scripted setup of LDAP backends, so others canAndrew Bartlett1-5/+33
easily try this out. I also intend to use this for the selftest, but I'm chasing issues with the OpenlDAP (but not Fedora DS) backend. Andrew Bartlett (This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
2007-10-10r23177: Add in a new provision-backend script. This helps set up the ↵Andrew Bartlett1-0/+114
OpenLDAP or Fedora DS backend. This required a new mkdir() call in ejs. We can now provision just the schema for ad2oLschema to operate on (with provision_schema(), without performing the whole provision, just to wipe it again (adjustments to 'make test' to come soon). Andrew Bartlett (This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec)