From 31f2cddcf5886b0a78290fdfa609a2ee63bda5ad Mon Sep 17 00:00:00 2001 From: Oliver Liebel Date: Tue, 24 Feb 2009 11:37:58 +1100 Subject: Added mmr and olc to the OpenLDAP backend provisioning-scripts These extensions add mmr (multi-master-replication) and olc (openldap-online-configuration) capabilities to the provisioning-scripts (provision-backend and provision.py), for use with the openldap-backend (only versions >=2.4.15!). Changes / additions made to the provision-backend -script: added new command-line-options: --ol-mmr-urls= for use with mmr (can be combined with --ol-olc=yes), --ol-olc=[yes/no] (activate automatic conversion from static slapd.conf to olc), --ol-slaptest= (needed in conjunction with --ol-olc=yes) Changes / additions made to the provision.py -script: added extensions, that will automatically generate the chosen mmr and/or olc setup for the openldap backend, according to the to chosen parameters set in the provision-backend script Signed-off-by: Andrew Bartlett --- source4/setup/DB_CONFIG | 11 ----------- source4/setup/mmr_serverids.conf | 1 - source4/setup/olcOverlay={0}syncprov.ldif | 11 +++++++++++ source4/setup/olc_acl.conf | 4 ++++ source4/setup/olc_mmr.conf | 3 +++ source4/setup/olc_pass.conf | 3 +++ source4/setup/olc_seed.ldif | 16 ++++++++++++++++ source4/setup/olc_serverid.conf | 1 + source4/setup/olc_syncrepl.conf | 13 +++++++++++++ source4/setup/olc_syncrepl_seed.conf | 5 +++++ source4/setup/provision-backend | 12 +++++++++--- source4/setup/slapd.conf | 20 +++++++++++++------- 12 files changed, 78 insertions(+), 22 deletions(-) create mode 100644 source4/setup/olcOverlay={0}syncprov.ldif create mode 100644 source4/setup/olc_acl.conf create mode 100644 source4/setup/olc_mmr.conf create mode 100644 source4/setup/olc_pass.conf create mode 100644 source4/setup/olc_seed.ldif create mode 100644 source4/setup/olc_serverid.conf create mode 100644 source4/setup/olc_syncrepl.conf create mode 100644 source4/setup/olc_syncrepl_seed.conf (limited to 'source4/setup') diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG index b4d2bfa868..74bb09d800 100644 --- a/source4/setup/DB_CONFIG +++ b/source4/setup/DB_CONFIG @@ -1,17 +1,6 @@ -# -# Set the database in memory cache size. -# set_cachesize 0 524288 0 - -# -# Set log values. -# set_lg_regionmax 104857 set_lg_max 1048576 set_lg_bsize 209715 set_lg_dir ${LDAPDBDIR}/bdb-logs - -# -# Set temporary file creation directory. -# set_tmp_dir ${LDAPDBDIR}/tmp diff --git a/source4/setup/mmr_serverids.conf b/source4/setup/mmr_serverids.conf index c6d14010b4..e4daf2028a 100644 --- a/source4/setup/mmr_serverids.conf +++ b/source4/setup/mmr_serverids.conf @@ -1,2 +1 @@ -# Generated from template mmr_serverids.conf ServerID ${SERVERID} "${LDAPSERVER}" diff --git a/source4/setup/olcOverlay={0}syncprov.ldif b/source4/setup/olcOverlay={0}syncprov.ldif new file mode 100644 index 0000000000..4f5b513c67 --- /dev/null +++ b/source4/setup/olcOverlay={0}syncprov.ldif @@ -0,0 +1,11 @@ +dn: olcOverlay={0}syncprov +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {0}syncprov +structuralObjectClass: olcSyncProvConfig +entryUUID: 41df5aca-785a-102d-9077-999999999999 +creatorsName: cn=config +createTimestamp: 20090116201111Z +entryCSN: 20090116201111.111111Z#000000#000#000000 +modifiersName: cn=config +modifyTimestamp: 20090116201111Z diff --git a/source4/setup/olc_acl.conf b/source4/setup/olc_acl.conf new file mode 100644 index 0000000000..c248b30fb5 --- /dev/null +++ b/source4/setup/olc_acl.conf @@ -0,0 +1,4 @@ +access to dn.sub="cn=config" + by dn="cn=samba-admin,cn=samba" write + by dn="cn=replicator,cn=samba" read + diff --git a/source4/setup/olc_mmr.conf b/source4/setup/olc_mmr.conf new file mode 100644 index 0000000000..2f60df1421 --- /dev/null +++ b/source4/setup/olc_mmr.conf @@ -0,0 +1,3 @@ +overlay syncprov +MirrorMode on + diff --git a/source4/setup/olc_pass.conf b/source4/setup/olc_pass.conf new file mode 100644 index 0000000000..4c66c1c43f --- /dev/null +++ b/source4/setup/olc_pass.conf @@ -0,0 +1,3 @@ +database config +rootdn cn=config + diff --git a/source4/setup/olc_seed.ldif b/source4/setup/olc_seed.ldif new file mode 100644 index 0000000000..afc3abe5a0 --- /dev/null +++ b/source4/setup/olc_seed.ldif @@ -0,0 +1,16 @@ +dn: cn=config +objectClass: olcGlobal +cn: config +${OLC_SERVER_ID_CONF} + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootDN: cn=config +olcRootPW: ${OLC_PW} +${OLC_SYNCREPL_CONF}olcMirrorMode: TRUE + +dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config +objectClass: olcSyncProvConfig +olcOverlay: syncprov + diff --git a/source4/setup/olc_serverid.conf b/source4/setup/olc_serverid.conf new file mode 100644 index 0000000000..3d28acbfb4 --- /dev/null +++ b/source4/setup/olc_serverid.conf @@ -0,0 +1 @@ +olcServerID: ${SERVERID} "${LDAPSERVER}" diff --git a/source4/setup/olc_syncrepl.conf b/source4/setup/olc_syncrepl.conf new file mode 100644 index 0000000000..fd7a58d03b --- /dev/null +++ b/source4/setup/olc_syncrepl.conf @@ -0,0 +1,13 @@ +# Generated from template olc_syncrepl.conf + +syncrepl rid=${RID} + provider="${LDAPSERVER}" + searchbase="cn=config" + filter="(!(olcDatabase={0}config))" + type=refreshAndPersist + retry="10 +" + bindmethod=sasl + saslmech=DIGEST-MD5 + authcid="replicator" + credentials="${MMR_PASSWORD}" + diff --git a/source4/setup/olc_syncrepl_seed.conf b/source4/setup/olc_syncrepl_seed.conf new file mode 100644 index 0000000000..1833fb9228 --- /dev/null +++ b/source4/setup/olc_syncrepl_seed.conf @@ -0,0 +1,5 @@ +olcSyncRepl: rid=${RID} provider="${LDAPSERVER}" + binddn="cn=config" bindmethod=sasl saslmech=DIGEST-MD5 + authcid="replicator" credentials="linux" + searchbase="cn=config" filter="(!(olcDatabase={0}config))" + type=refreshAndPersist retry="10 +" diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index eca209cb18..20e4420414 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -65,8 +65,12 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", - help="List of LDAP-URLS [ ldap://:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR") - + help="List of LDAP-URLS [ ldap://:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)") +parser.add_option("--ol-olc", type="choice", metavar="OPENLDAP-OLC", + help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'", + choices=["yes", "no"]) +parser.add_option("--ol-slaptest", type="string", metavar="SLAPTEST-PATH", + help="Path to slaptest-binary [e.g.:'/usr/local/sbin']. Only for use with --ol-olc='yes'") opts = parser.parse_args()[0] @@ -103,5 +107,7 @@ provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetd root=opts.root, serverrole=server_role, ldap_backend_type=opts.ldap_backend_type, ldap_backend_port=opts.ldap_backend_port, - ol_mmr_urls=opts.ol_mmr_urls) + ol_mmr_urls=opts.ol_mmr_urls, + ol_olc=opts.ol_olc, + ol_slaptest=opts.ol_slaptest) diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 506dc504b4..09dffbbfa3 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -7,7 +7,6 @@ sizelimit unlimited ${MMR_SERVERIDS_CONFIG} - include ${LDAPDIR}/backend-schema.schema pidfile ${LDAPDIR}/slapd.pid @@ -62,6 +61,13 @@ suffix cn=Samba directory ${LDAPDIR}/db/samba rootdn cn=Manager,cn=Samba +######################################## +## olc - configuration ### +${OLC_CONFIG_PASS} +${OLC_SYNCREPL_CONFIG} +${OLC_MMR_CONFIG} +${OLC_CONFIG_ACL} + ######################################## ### cn=schema ### database hdb @@ -78,10 +84,10 @@ index cn eq index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. -#We only need this for the contextCSN attribute anyway.... +#We need this for the contextCSN attribute and mmr. overlay syncprov syncprov-sessionlog 100 -# syncprov-checkpoint 100 10 +syncprov-checkpoint 100 10 ### Multimaster-Replication of cn=schema Subcontext ### @@ -107,10 +113,10 @@ index cn eq index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. -#We only need this for the contextCSN attribute anyway.... +#We need this for the contextCSN attribute and mmr. overlay syncprov syncprov-sessionlog 100 -# syncprov-checkpoint 100 10 +syncprov-checkpoint 100 10 ### Multimaster-Replication of cn=config Subcontext ### ${MMR_SYNCREPL_CONFIG_CONFIG} @@ -139,10 +145,10 @@ index cn eq index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. -#We only need this for the contextCSN attribute anyway.... +#We need this for the contextCSN attribute and mmr. overlay syncprov syncprov-sessionlog 100 -# syncprov-checkpoint 100 10 +syncprov-checkpoint 100 10 ### Multimaster-Replication of cn=user/base-dn context ### ${MMR_SYNCREPL_USER_CONFIG} -- cgit From 503d15e8df9075ea9cf8b2d260487e68fc68f559 Mon Sep 17 00:00:00 2001 From: Oliver Liebel Date: Wed, 25 Feb 2009 10:27:19 +1100 Subject: Updates to the recent cn=config support for the OpenLDAP backend - removed workaround for olcSyncprovConfig - creation (works perfect now with 2.4.15, release was today) - added 1 message-helpline, which is displayed when running provision-backend with olc and/or mmr setup - corrected 1 wrong slapcommand-helpline - slapd.conf is removed now in case of olc-setup - added 1 copyright-line to provision.py and provision-backend Signed-off-by: Andrew Bartlett --- source4/setup/olcOverlay={0}syncprov.ldif | 11 ----------- source4/setup/provision-backend | 5 +++-- 2 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 source4/setup/olcOverlay={0}syncprov.ldif (limited to 'source4/setup') diff --git a/source4/setup/olcOverlay={0}syncprov.ldif b/source4/setup/olcOverlay={0}syncprov.ldif deleted file mode 100644 index 4f5b513c67..0000000000 --- a/source4/setup/olcOverlay={0}syncprov.ldif +++ /dev/null @@ -1,11 +0,0 @@ -dn: olcOverlay={0}syncprov -objectClass: olcOverlayConfig -objectClass: olcSyncProvConfig -olcOverlay: {0}syncprov -structuralObjectClass: olcSyncProvConfig -entryUUID: 41df5aca-785a-102d-9077-999999999999 -creatorsName: cn=config -createTimestamp: 20090116201111Z -entryCSN: 20090116201111.111111Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20090116201111Z diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 20e4420414..28e73ae302 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -4,6 +4,7 @@ # provision a Samba4 server # Copyright (C) Jelmer Vernooij 2007-2008 # Copyright (C) Andrew Bartlett 2008 +# Copyright (C) Oliver Liebel 2008-2009 # # Based on the original in EJS: # Copyright (C) Andrew Tridgell 2005 @@ -65,9 +66,9 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", - help="List of LDAP-URLS [ ldap://:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)") + help="List of LDAP-URLS [ ldap://:/ (where has to be different from 389!) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)") parser.add_option("--ol-olc", type="choice", metavar="OPENLDAP-OLC", - help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'", + help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'. Note: Only OpenLDAP-Versions greater or equal 2.4.15 should be used!", choices=["yes", "no"]) parser.add_option("--ol-slaptest", type="string", metavar="SLAPTEST-PATH", help="Path to slaptest-binary [e.g.:'/usr/local/sbin']. Only for use with --ol-olc='yes'") -- cgit