From 8ff2de3f294af0f4ffd03eda015f01da13fba2dd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Dec 2007 04:18:54 -0600 Subject: r26610: Write out a memberof.conf, to run the memberof plugin on all linked attributes, as found in the schema. Index 'cn', as otherwise exact match searches on this attribute always fail (need to figure out what is so special about cn in OpenLDAP). Andrew Bartlett (This used to be commit 5a4a2d10bc5729d4adac4b173b0dc05e2e076c32) --- source4/setup/provision-backend | 30 ++++++++++++++++++++++++++++++ source4/setup/slapd.conf | 5 +++++ 2 files changed, 35 insertions(+) diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index b713595a7e..83fda33519 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -141,6 +141,36 @@ if (options["ldap-backend-type"] == "fedora-ds") { } else { slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; } + + var ldb = ldb_init(); + ldb.filename = tmp_schema_ldb; + + var connect_ok = ldb.connect(ldb.filename); + assert(connect_ok); + var attrs = new Array("linkID", "lDAPDisplayName"); + var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + var memberof_config = ""; + for (i=0; i < res.msgs.length; i++) { +searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); + var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); + if (target != undefined) { + memberof_config = memberof_config + "overlay memberof +memberof-dangling error +memberof-refint TRUE +memberof-group-oc top +memberof-member-ad " + res.msgs[i].lDAPDisplayName + " +memberof-memberof-ad " + target + " + +"; + } + } + ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); + if (!ok) { + message("failed to create file: " + f + "\n"); + assert(ok); + } + } var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 446facbf3d..d50e5708fb 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -31,6 +31,7 @@ index name eq index objectCategory eq index lDAPDisplayName eq index subClassOf eq +index cn eq database hdb suffix ${CONFIGDN} @@ -44,6 +45,7 @@ index nCName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq database hdb suffix ${DOMAINDN} @@ -65,9 +67,12 @@ index lDAPDisplayName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 + +include ${LDAPDIR}/memberof.conf -- cgit