From e6aecd8b91cb9811bac2b3e2a47a9a09116b09b7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 30 May 2007 01:09:18 +0000 Subject: r23235: Don't do a seperate LDAP provision step. Instead, everything we need (including the config files) is created by provision-backend. Andrew Bartlett (This used to be commit 6d4d90399f5a0451fcf2156a465123801e027359) --- source4/selftest/Samba4.pm | 177 ++++++--------------------------------------- source4/setup/DB_CONFIG | 10 +-- 2 files changed, 23 insertions(+), 164 deletions(-) (limited to 'source4') diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm index e579123d3a..7ccacc97cc 100644 --- a/source4/selftest/Samba4.pm +++ b/source4/selftest/Samba4.pm @@ -204,136 +204,16 @@ chdir "$ENV{FEDORA_DS_PREFIX}/bin" || die; return ($fedora_ds_dir, $pidfile); } -sub write_openldap_dbconfig($) { - my ( $ldapdbdir ) = @_; - open(CONF, ">$ldapdbdir/DB_CONFIG"); - print CONF " -# - # Set the database in memory cache size. - # - set_cachesize 0 524288 0 - - - # - # Set database flags (this is a test environment, we don't need to fsync()). - # - set_flags DB_TXN_NOSYNC - - # - # Set log values. - # - set_lg_regionmax 104857 - set_lg_max 1048576 - set_lg_bsize 209715 - set_lg_dir $ldapdbdir/bdb-logs - - - # - # Set temporary file creation directory. - # - set_tmp_dir $ldapdbdir/tmp - "; - close(CONF); - - -} - -sub mk_openldap($$$$$$$$) +sub mk_openldap($$$$$) { - my ($self, $ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, $provision_options) = @_; + my ($self, $ldapdir, $configuration, $basedn, $dnsname, $password) = @_; my $slapd_conf = "$ldapdir/slapd.conf"; my $pidfile = "$ldapdir/slapd.pid"; my $modconf = "$ldapdir/modules.conf"; - mkdir($_, 0777) foreach ($ldapdir, "$ldapdir/db", "$ldapdir/db/user", "$ldapdir/db/config", "$ldapdir/db/schema", "$ldapdir/db/bdb-logs", - "$ldapdir/db/tmp"); - - open(CONF, ">$slapd_conf"); - print CONF " -loglevel 0 - -include $ldapdir/ad.schema - -pidfile $pidfile -argsfile $ldapdir/slapd.args -sasl-realm $dnsname -access to * by * write - -allow update_anon - -authz-regexp - uid=([^,]*),cn=$dnsname,cn=digest-md5,cn=auth - ldap:///$basedn??sub?(samAccountName=\$1) - -authz-regexp - uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth - ldap:///$basedn??sub?(samAccountName=\$1) - -include $modconf - -defaultsearchbase \"$basedn\" - -backend bdb -database bdb -suffix \"cn=Schema,cn=Configuration,$basedn\" -directory $ldapdir/db/schema -index objectClass eq -index samAccountName eq -index name eq -index objectCategory eq -index lDAPDisplayName eq -index subClassOf eq - -database bdb -suffix \"cn=Configuration,$basedn\" -directory $ldapdir/db/config -index objectClass eq -index samAccountName eq -index name eq -index objectSid eq -index objectCategory eq -index nCName eq pres -index subClassOf eq -index dnsRoot eq -index nETBIOSName eq pres - -database bdb -suffix \"$basedn\" -rootdn \"cn=Manager,$basedn\" -rootpw $password -directory $ldapdir/db/user -index objectClass eq -index samAccountName eq -index name eq -index objectSid eq -index objectCategory eq -index member eq -index uidNumber eq -index gidNumber eq -index unixName eq -index privilege eq -index nCName eq pres -index lDAPDisplayName eq -index subClassOf eq -index dnsRoot eq -index nETBIOSName eq pres - -#syncprov is stable in OpenLDAP 2.3, and available in 2.2. -#We only need this for the contextCSN attribute anyway.... -overlay syncprov -syncprov-checkpoint 100 10 -syncprov-sessionlog 100 -"; - - close(CONF); - - write_openldap_dbconfig("$ldapdir/db/user"); - write_openldap_dbconfig("$ldapdir/db/config"); - write_openldap_dbconfig("$ldapdir/db/schema"); - - #This uses the provision-backend we just did, to read out the schema - system("$self->{bindir}/ad2oLschema $configuration -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/ad.schema >&2") == 0 or die("schema conversion for OpenLDAP failed"); + #This uses the backend provision we just did, to read out the schema + system("$self->{bindir}/ad2oLschema $configuration --option=convert:target=openldap -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/backend-schema.schema >&2") == 0 or die("schema conversion for OpenLDAP failed"); my $oldpath = $ENV{PATH}; $ENV{PATH} = "/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}"; @@ -514,22 +394,21 @@ sub provision($$$$$$) (system("($self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$netbiosname\" ) >/dev/null 2>&1") == 0) or die("Failed to create a valid smb.conf configuration!"); - my @provision_options = ($configuration); +my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provision"); + push (@provision_options, split(' ', $configuration)); push (@provision_options, "--host-name=$netbiosname"); push (@provision_options, "--host-ip=$ifaceipv4"); push (@provision_options, "--quiet"); - push (@provision_options, "--domain $localdomain"); - push (@provision_options, "--realm $localrealm"); - push (@provision_options, "--adminpass $password"); - push (@provision_options, "--krbtgtpass krbtgt$password"); - push (@provision_options, "--machinepass machine$password"); + push (@provision_options, "--domain=$localdomain"); + push (@provision_options, "--realm=$localrealm"); + push (@provision_options, "--adminpass=$password"); + push (@provision_options, "--krbtgtpass=krbtgt$password"); + push (@provision_options, "--machinepass=machine$password"); push (@provision_options, "--root=$root"); push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn"); push (@provision_options, "--password=$password"); push (@provision_options, "--root=$root"); - (system("$self->{bindir}/smbscript $self->{setupdir}/provision " . join(' ', @provision_options) . ">&2") == 0) or die("Unable to provision"); - my $ldap_uri= "$ldapdir/ldapi"; $ldap_uri =~ s|/|%2F|g; $ldap_uri = "ldapi://$ldap_uri"; @@ -555,27 +434,28 @@ sub provision($$$$$$) if (defined($self->{ldap})) { - system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); + push (@provision_options, "--ldap-backend=$ldap_uri"); + system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); + if ($self->{ldap} eq "openldap") { - ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, join(' ', @provision_options)) or die("Unable to create openldap directories"); + ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration, $basedn, $dnsname, $password) or die("Unable to create openldap directories"); } elsif ($self->{ldap} eq "fedora-ds") { ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ldapdir, $configuration) or die("Unable to create fedora ds directories"); push (@provision_options, "--ldap-module=nsuniqueid"); - } + push (@provision_options, "--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK"); + } $self->slapd_start($ret) or die("couldn't start slapd"); - - $ret->{PROVISION_OPTIONS} = join(' ', @provision_options); + } - print "LDAP PROVISIONING..."; - $self->provision_ldap($ret); + (system(@provision_options) == 0) or die("Unable to provision"); + if (defined($self->{ldap})) { $self->slapd_stop($ret) or die("couldn't stop slapd"); - } else { - $ret->{PROVISION_OPTIONS} = join(' ', @provision_options); } + return $ret; } @@ -636,21 +516,6 @@ sub provision_dc($$) return $ret; } -sub provision_ldap($$) -{ - my ($self, $envvars) = @_; - my $provision_aci = ""; - - if ($self->{ldap} eq "fedora-ds") { - #it is easier to base64 encode this than correctly escape it: - # (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");) - $provision_aci = "--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK"; - } - - system("$self->{bindir}/smbscript $self->{setupdir}/provision $envvars->{PROVISION_OPTIONS} \"$provision_aci\" --ldap-backend=$envvars->{LDAP_URI}") and - die("LDAP PROVISIONING failed: $self->{bindir}/smbscript $self->{setupdir}/provision $envvars->{PROVISION_OPTIONS} \"$provision_aci\" --ldap-backend=$envvars->{LDAP_URI}"); -} - sub teardown_env($$) { my ($self, $envvars) = @_; diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG index 3198e17b14..b4d2bfa868 100644 --- a/source4/setup/DB_CONFIG +++ b/source4/setup/DB_CONFIG @@ -1,22 +1,16 @@ +# # Set the database in memory cache size. # set_cachesize 0 524288 0 - # -# Set database flags (this is a test environment, we don't need to fsync()). -# -set_flags DB_TXN_NOSYNC - -# - Set log values. +# Set log values. # set_lg_regionmax 104857 set_lg_max 1048576 set_lg_bsize 209715 set_lg_dir ${LDAPDBDIR}/bdb-logs - # # Set temporary file creation directory. # -- cgit