Age | Commit message (Collapse) | Author | Files | Lines |
|
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
|
|
As the version of OpenLDAP required for Samba4 is fairly new, we don't
want to make it a requirement before this python code is run in 'make
test'.
As such, skip over the actual starting of slapd, but check the rest
runs alright (which still validates syntax and other modules).
Andrew Bartlett
|
|
|
|
heres the summary of all changes/extensions:
- Andrew Bartlett's patch to generate indext
- Howard Chu's idea to use nosync on the DB included, but made optional
- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when
openldap-backend is chosen.
its also used for olc-conversion
- slapd-detection is now always done by ldapsearch (ldb module),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.
- if ldapsearch was not successfull, (no slapd listening on our socket)
slapd is
started via special generated slapdcommand_prov (ldapi_uri only)
- slapd-"provision-process" startup is done via pythons subprocess.
- the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid.
- after provision-backend is finished:
--- slapd.pid is compared with our stored slapd_provision_pid.
if the are unique, slapd.pid will be read out, and the
slapd "provison"-process will be shut down.
--- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri
-> rootDSE.
--- if the pids are different or one of the pid-files is missing, slapd
will not be shut down,
instead an error message is displayed to locate slapd manually
--- extended help-messages (relevant to slapd) are always displayed,
e.g. the commandline with which slapd has to be started when everythings
finished
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))
- upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
|
|
- removed workaround for olcSyncprovConfig - creation (works perfect now
with 2.4.15, release was today)
- added 1 message-helpline, which is displayed when running
provision-backend with olc and/or mmr setup
- corrected 1 wrong slapcommand-helpline
- slapd.conf is removed now in case of olc-setup
- added 1 copyright-line to provision.py and provision-backend
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These extensions add mmr (multi-master-replication) and olc
(openldap-online-configuration) capabilities to the
provisioning-scripts (provision-backend and provision.py), for use
with the openldap-backend (only versions >=2.4.15!).
Changes / additions made to the provision-backend -script:
added new command-line-options:
--ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr
(can be combined with --ol-olc=yes),
--ol-olc=[yes/no] (activate automatic conversion from static slapd.conf
to olc),
--ol-slaptest=<path to slaptest binary> (needed in conjunction with
--ol-olc=yes)
Changes / additions made to the provision.py -script: added
extensions, that will automatically generate the chosen mmr and/or olc
setup for the openldap backend, according to the to chosen parameters
set in the provision-backend script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
python module.
|
|
|
|
fixes test.
|
|
|
|
by Python2.3.
|
|
<oliver@itc.li>
This changes the RIDs to be <serverID><DBID>, to ease later debugging.
The need to specify the port on the MMR URLs is now included in the
help.
Andrew Bartlett
(This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
|
|
This patches provision-backend and the related scripts to generate the
correct configuration blobs for N-way multi-master replication using
OpenLDAP.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
|
|
Fedora DS is still setup for simple binds only, at this point.
(it also fails on other issues).
Andrew Bartlett
(This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
|
|
This needs a blackbox test...
(This used to be commit 268c1de095411991ffb22ee835bfb88f8bce235a)
|
|
This option allows Fedora DS multi-master replication to work. I've
tried to update the wiki and scripts to the largely consistant with
each other.
Andrew Bartlett
(This used to be commit 42393c830733b2cc99ebccdafe944fcf3d82734f)
|
|
This should allow us to provision onto an OpenLDAP backend again.
Also ensure we always have a sysvol and netlogon share in the selftest
environment.
Andrew Bartlett
(This used to be commit b2d9b03ba3434e76d4d476233a198728523d17f9)
|
|
This required a large rework of the provision code, so as to move much
of the 'guess' logic into subprocedures, rather than just inline in
the provision code.
Andrew Bartlett
(This used to be commit a0754c2a857217ca831c2295b17255d8f38dfbc2)
|
|
Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.
We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.
Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.
Andrew Bartlett
(This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f)
|
|
This still doesn't work for me, but is the recommended order.
Andrew Bartlett
(This used to be commit 4c869c54c2b8125fc88e58bbfddf1975476978a5)
|
|
OpenLDAP module should ensure that after a subtree rename, attributes
are still consistant.
Andrew Bartlett
(This used to be commit f7f765c29b1aca1179a47bdd8712917c3f244f15)
|
|
plugin allows the error being returned to be adjusted.
Andrew Bartlett
(This used to be commit f2731fddf07dfda5d69ad19851dab8f82b05f1a5)
|
|
attributes, as found in the schema.
Index 'cn', as otherwise exact match searches on this attribute always
fail (need to figure out what is so special about cn in OpenLDAP).
Andrew Bartlett
(This used to be commit 5a4a2d10bc5729d4adac4b173b0dc05e2e076c32)
|
|
as part of the setup inf file.
Andrew Bartlett
(This used to be commit 6c8987464e198430885b9e71b54fed6758886fdd)
|
|
--ldap-manager-pass= option to work.
Andrew Bartlett
(This used to be commit fbcb1ec14125a4ca57922ec75b01af9a99dcd954)
|
|
Andrew Bartlett
(This used to be commit 17dad5d8c345c2c3a7643bff7a43473339a22d40)
|
|
to set up the LDAP backend.
Andrew Bartlett
(This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
|
|
on metze's schema work.
Andrew Bartlett
(This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
|
|
easily try this out.
I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.
Andrew Bartlett
(This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
|
|
OpenLDAP or Fedora DS backend.
This required a new mkdir() call in ejs.
We can now provision just the schema for ad2oLschema to operate on
(with provision_schema(), without performing the whole provision, just
to wipe it again (adjustments to 'make test' to come soon).
Andrew Bartlett
(This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec)
|