1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
SLAPD_CONF=$LDAPDIR/slapd.conf
export SLAPD_CONF
echo "OPENLDAP_LOGLEVEL=0"
OPENLDAP_PIDFILE=$PIDDIR/slapd.pid
echo "OPENLDAP_PIDFILE=$OPENLDAP_PIDFILE"
cat >$SLAPD_CONF <<EOF
loglevel 0
include $LDAPDIR/ad.schema
pidfile $OPENLDAP_PIDFILE
argsfile $LDAPDIR/slapd.args
sasl-realm $DNSNAME
access to * by * write
allow update_anon
authz-regexp
uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth
ldap:///$BASEDN??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///$BASEDN??sub?(samAccountName=\$1)
include $LDAPDIR/modules.conf
defaultsearchbase "$BASEDN"
backend bdb
database bdb
suffix "$BASEDN"
rootdn "cn=Manager,$BASEDN"
rootpw $PASSWORD
directory $LDAPDIR/db
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index unixName eq
index privilege eq
index nCName eq pres
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq pres
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
EOF
cat > $LDAPDIR/db/DB_CONFIG <<EOF
#
# Set the database in memory cache size.
#
set_cachesize 0 524288 0
#
# Set database flags (this is a test environment, we don't need to fsync()).
#
set_flags DB_TXN_NOSYNC
#
# Set log values.
#
set_lg_regionmax 104857
set_lg_max 1048576
set_lg_bsize 209715
set_lg_dir $LDAPDIR/db/bdb-logs
#
# Set temporary file creation directory.
#
set_tmp_dir $LDAPDIR/db/tmp
EOF
#This uses the provision we just did, to read out the schema
$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema >&2
#Now create an LDAP baseDN
$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS --ldap-base >&2
OLDPATH=$PATH
PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH
export PATH
MODCONF=$LDAPDIR/modules.conf
rm -f $MODCONF
touch $MODCONF
slaptest -u -f $SLAPD_CONF >&2 || {
# echo "enabling slapd modules" >&2
cat > $MODCONF <<EOF
modulepath /usr/lib/ldap
moduleload back_bdb
moduleload syncprov
EOF
}
if slaptest -u -f $SLAPD_CONF; then
slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif >/dev/null || {
echo "slapadd failed" >&2
}
slaptest -f $SLAPD_CONF >/dev/null || {
echo "slaptest after database load failed" >&2
}
fi
PATH=$OLDPATH
export PATH
|
