Age | Commit message (Collapse) | Author | Files | Lines |
|
- removed workaround for olcSyncprovConfig - creation (works perfect now
with 2.4.15, release was today)
- added 1 message-helpline, which is displayed when running
provision-backend with olc and/or mmr setup
- corrected 1 wrong slapcommand-helpline
- slapd.conf is removed now in case of olc-setup
- added 1 copyright-line to provision.py and provision-backend
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These extensions add mmr (multi-master-replication) and olc
(openldap-online-configuration) capabilities to the
provisioning-scripts (provision-backend and provision.py), for use
with the openldap-backend (only versions >=2.4.15!).
Changes / additions made to the provision-backend -script:
added new command-line-options:
--ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr
(can be combined with --ol-olc=yes),
--ol-olc=[yes/no] (activate automatic conversion from static slapd.conf
to olc),
--ol-slaptest=<path to slaptest binary> (needed in conjunction with
--ol-olc=yes)
Changes / additions made to the provision.py -script: added
extensions, that will automatically generate the chosen mmr and/or olc
setup for the openldap backend, according to the to chosen parameters
set in the provision-backend script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
python module.
|
|
|
|
|
|
fixes test.
|
|
|
|
|
|
|
|
We need to avoid handling DN+Binary and DN+String with the refint
module for now, as this is a currently unsupported syntax.
Also rename entryTTL to avoid a conflict with the operational
attribute of the same name.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
by Python2.3.
|
|
- Remove spurious line breaks
- Add missing attributeId from docs
- Remove incorrect multiple values of systemFlags
- Fix duplicate attributeId
- Fix schemaIdGuid syntax
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
We need to move 1.3.6.1.4.1.7165.4.1 and 1.3.6.1.4.1.7165.4.2 to the
end...(if we still need them, which we should avoid)
metze
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This should make it easier to import just the schema entries from the
WSPP docs.
Andrew Bartlett
|
|
depending on the backend
This just changes the existing stratagy of loading different modules
for the OpenLDAP backend to also include extended_dn_out_*
When we provision the OpenLDAP backend, we make sure to include the
'deref' overlay (which must be made available by the OpenLDAP build)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
default domain name.
|
|
are given).
|
|
This schema is *NOT* licenced under a standard Free Software licence,
but does provide us the freedoms we need to use the schema, and the
requirement to distribute as 'part of an implemenation' is similar to
common Free font licences that are accepted by major linux distributions.
Andrew Bartlett
|
|
This should fix the OpenLDAP backend
|
|
|
|
|
|
|
|
it should always have been. Make it also async so that it is not a special case.
|
|
metze
|
|
|
|
|
|
|
|
We need to make sure replicated updates are handled differently
in some situations, e.g. we should bypass the schema checks.
metze
|
|
In the future, we might simply randomly generate this, or allow the
admin to specify it seperate to the admin password. However, both are
highly sensitive, as they imply read access to the krbtgt.
Andrew Bartlett
(This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
|
|
This avoids passing rootdn passwords or replicated data in cleartext
across the network.
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
|
|
trusted-domains
(This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
|
|
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
|
|
This makes it easy to set the expiry (or no expiry) for a samdb user
(This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
|
|
(This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
|
|
value in for group type to avoid sign extension, otherwise we don't
find the builtin groups
(This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)
|
|
template.
Andrew Bartlett
(This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)
|
|
This changes the @ATTRIBUTES record to be for bootstrapping only,
before we find the schema.
Andrew Bartlett
(This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)
|
|
<oliver@itc.li>
This changes the RIDs to be <serverID><DBID>, to ease later debugging.
The need to specify the port on the MMR URLs is now included in the
help.
Andrew Bartlett
(This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
|
|
(This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)
|
|
This changes the MMR password from hard-coded value of 'linux',
adds tests and fixes the Fedora DS backend.
Currently the MMR password matches the admin password, but we can
change this to be another random value if required.
Also require the port to be specified on the command line, so we don't
hard-code a port of 9000.
Andrew Bartlett
(This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)
|
|
This patches provision-backend and the related scripts to generate the
correct configuration blobs for N-way multi-master replication using
OpenLDAP.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
|
|
This sets the attributes in a seperate transaction, and allows a
forced delete of the whole file.
Andrew Bartlett
(This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)
|