samba4-ol-mmr
Oliver Liebel
oliver at itc.li
Tue Aug 12 10:16:06 GMT 2008
Andrew Bartlett schrieb:
> It certainly looks reasonable to me. Please put the passwords back in
> cleartext in the config file for 'rootpw', as we have to have them clear
> anyway (in the replication), and it will make debugging easier. (As you
> say, move to SASL later).
>
done.
> We could potentially still provision to the ldapi URL, if you started
> slapd listening on both ldapi and TCP sockets.
>
thats absolutely right, as it would speedup the communication between
samba and ol
on the same host.
but since the addition of ldapi has no effect on
the mmr-setup/functionality itself, i would like to keep it simple at
the moment
and add that point later, when mmr-provisioning is working.
( maybe in the way: ldapi [always set up] , ldap://<host>:port
[additionally when mmr=yes] .)
> Look closely at how we sub in memberof configuration into the
> slapd.conf. I suggest that you could add a ${REPL_CONFIG} after each
> database, which the script could sub with either "" or by reading and
> subing in a slapd-replica.conf
>
> Let me know if you need any more help.
>
i have setup the configuration-files as you mentioned by excluding the
mmr-specific parts
into sub-files (slapd.conf-template and the corresponding
ol-mmr*.conf-templates files are attached)
i have tried to modify the provision.py and provision-backend as far as
i could, but i get stucked,
as i am not very familiar with python, so i need your help at this point.
(diffs are attached to).
the backend-provision script kicks me out with the following message.
" ldap_ol_mmr_yesno=opts.ldap_ol_mmr_yesno,
AttributeError: Values instance has no attribute 'ldap_ol_mmr_yesno'"
Oliver
> Andrew Bartlett
>
>
____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4926 from 12.08.2008
Virus news: www.antiviruslab.com
-------------- next part --------------
loglevel 0
${MMR_CONFIG}
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
#authz-regexp
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
#authz-regexp
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///cn=samba??one?(cn=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
ldap:///cn=samba??one?(cn=\$1)
access to dn.base=""
by dn=cn=samba-admin,cn=samba manage
by anonymous read
by * read
access to dn.subtree="cn=samba"
by anonymous auth
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage
by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
${REFINT_CONFIG}
${MEMBEROF_CONFIG}
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
rootdn cn=Manager,cn=Samba
database hdb
suffix ${SCHEMADN}
rootdn cn=Manager,${SCHEMADN}
rootpw linux
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
${SCHEMA_MMR_CONFIG}
database hdb
suffix ${CONFIGDN}
rootdn cn=Manager,${CONFIGDN}
rootpw linux
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
${CONFIG_MMR_CONFIG}
database hdb
suffix ${DOMAINDN}
rootdn cn=Manager,${DOMAINDN}
rootpw linux
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
${USER_MMR_CONFIG}
-------------- next part --------------
### needed for replication of the sub-contexts ###
sizelimit unlimited
########################################################
### mmr-specific server-ids/urls (2 node setup)###
########################################################
ServerID 1 "${LDAPSERVER_1}:9000/"
ServerID 2 "${LDAPSERVER_2}:9000/"
########################################################
-------------- next part --------------
### cn=config replication #########################################
syncrepl rid=3
provider="${LDAPSERVER_1}:9000/"
searchbase="${CONFIGDN}"
bindmethod=simple
binddn="cn=Manager,${CONFIGDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
syncrepl rid=4
provider="${LDAPSERVER_2}:9000/"
searchbase="${CONFIGDN}"
bindmethod=simple
binddn="cn=Manager,${CONFIGDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
MirrorMode On
#####################################################################
-------------- next part --------------
### cn=schema replication #########################################
syncrepl rid=1
provider="${LDAPSERVER_1}:9000/"
searchbase="${SCHEMADN}"
bindmethod=simple
binddn="cn=Manager,${SCHEMADN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
syncrepl rid=2
provider="${LDAPSERVER_2}:9000/"
searchbase="${SCHEMADN}"
bindmethod=simple
binddn="cn=Manager,${SCHEMADN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
MirrorMode On
#####################################################################
-------------- next part --------------
### cn=user/base-dn replication #########################################
syncrepl rid=5
provider="${LDAPSERVER_1}:9000/"
searchbase="${DOMAINDN}"
bindmethod=simple
binddn="cn=Manager,${DOMAINDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
syncrepl rid=6
provider="${LDAPSERVER_2}:9000/"
searchbase="${DOMAINDN}"
bindmethod=simple
binddn="cn=Manager,${DOMAINDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
MirrorMode On
#####################################################################
-------------- next part --------------
79,82c79
< self.olmmrconf = None
< self.olmmrschemaconf = None
< self.olmmrconfigconf = None
< self.olmmruserconf = None
---
>
250,257d246
< paths.olmmrconf = os.path.join(paths.ldapdir,
< "ol-mmr.conf")
< paths.olmmrschemaconf = os.path.join(paths.ldapdir,
< "ol-mmr-schema.conf")
< paths.olmmrconfigconf = os.path.join(paths.ldapdir,
< "ol-mmr-config.conf")
< paths.olmmruserconf = os.path.join(paths.ldapdir,
< "ol-mmr-user.conf")
1155,1156c1144
< ldap_backend_type=None, ldap_backend_port=None,
< ldap_ol_mmr_yesno=None, ldap_ol_mmr_url1=None, ldap_ol_mmr_url2=None, ):
---
> ldap_backend_type=None, ldap_backend_port=None):
1271,1280d1258
< if ldap_ol_mmr_yesno == "yes":
< ol-mmr_config = read_and_sub_file(setup_path("ol-mmr.conf"),
< { "LDAPSERVER_1" : ldap_ol_mmr_url1},
< { "LDAPSERVER_2" : ldap_ol_mmr_url2})
<
< if ldap_ol_mmr_yesno == "yes":
< ol-mmr_config = read_and_sub_file(setup_path("ol-mmr-schema.conf"),
< ol-mmr_config = read_and_sub_file(setup_path("ol-mmr-config.conf"),
< ol-mmr_config = read_and_sub_file(setup_path("ol-mmr-user.conf")
<
-------------- next part --------------
67,73d66
< parser.add_option("--ol-mmr", type="string", metavar="MMR",
< help="With OpenLDAP-Multi-Master Replication [=yes/no]")
< parser.add_option("--ol-mmr-url1", type="string", metavar="LDAPSERVER_1",
< help="LDAP-URL (DC1) corresponding to Server-ID for Use with OpenLDAP-MMR")
< parser.add_option("--ol-mmr-url2", type="string", metavar="LDAPSERVER_2",
< help="LDAP-URL (DC2) corresponding to Server-ID for Use with OpenLDAP-MMR")
<
109,113c102
< ldap_backend_port=opts.ldap_backend_port,
< ldap_ol_mmr_yesno=opts.ldap_ol_mmr_yesno,
< ldap_ol_mmr_url1=opts.ldap_ol_mmr_url1,
< ldap_ol_mmr_url2=opts.ldap_ol_mmr_url2,)
<
---
> ldap_backend_port=opts.ldap_backend_port)
More information about the samba-technical
mailing list