From f9c7365e535727b1d6d6ef55ed8c196368c625b9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Oct 2010 10:38:10 +1100 Subject: s4-provisionbackend Allow a fixed URI to be specified for LDAP backend This is added to make the 'existing' LDAP backend class more useful, and to allow debuging of our OpenLDAP backend class with wireshark, by forcing the traffic over loopback TCP, which is much easier to sniff. Andrew Bartlett --- source4/setup/provision | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4/setup/provision') diff --git a/source4/setup/provision b/source4/setup/provision index 21d94cba27..c809c4afc3 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -93,6 +93,8 @@ parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT", help="Additional TCP port for LDAP backend server (to use for replication)") +parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI", + help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic") parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", help="LDAP backend type (fedora-ds or openldap)", choices=["fedora-ds", "openldap"]) @@ -230,6 +232,15 @@ elif opts.use_xattrs == "auto": file.close() +if opts.ldap_backend_type == "existing": + if opts.ldap_backend_forced_uri is not None: + logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri) + else: + logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location") +else: + if opts.ldap_backend_forced_uri is not None: + logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri) + session = system_session() try: provision(setup_dir, logger, @@ -245,6 +256,7 @@ try: wheel=opts.wheel, users=opts.users, serverrole=server_role, dom_for_fun_level=dom_for_fun_level, ldap_backend_extra_port=opts.ldap_backend_extra_port, + ldap_backend_forced_uri=opts.ldap_backend_forced_uri, backend_type=opts.ldap_backend_type, ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls, slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path, -- cgit