samba4-ol-mmr
Oliver Liebel
oliver at itc.li
Tue Aug 12 13:31:18 GMT 2008
Andrew Bartlett schrieb:
>> what do you think about checking only the presence of ol_mmr_url1 (maybe
>> logical "and-ed" url2).
>> if values not "none", then all mmr-specific values will be set. so we
>> dont need [ol_mmr =yes] as choice.
>>
>
> Yep. I was thinking we could actually have it as
> --ol-mmr-urls="ldap://host1 ldap://host2", and use pythons .split()
> function to get a list of them from the string.
>
> ie,
>
> ol_mmr_urls = opts.ol_mmr_urls.split
>
> You could then work on the URL list, which might include any number of
> servers. But perhaps leave this for later...
>
i got the provisioning-backend working with the mmr-templates ;-)
(in a simple way -see below- , but it works)
i have attached all slapd-relevant config-templates and the diffs
of provision-backend an provision.py.
i didnt make use of the split-function yet, i will try that later.
> You need to specify the variables to sub. Only create one ol-mmr.conf,
> and then specify different MMR_DN values (instead of CONFIG_DN) for the
> 3 different mmr configs.
>
>
i dont exactly know how to get this done yet,
so i have used the four confs in this early stage.
can you give me a few more details how to set it up?
thanks
oliver
____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4930 from 12.08.2008
Virus news: www.antiviruslab.com
-------------- next part --------------
loglevel 0
${MMR_CONFIG}
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
#authz-regexp
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
#authz-regexp
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///cn=samba??one?(cn=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
ldap:///cn=samba??one?(cn=\$1)
access to dn.base=""
by dn=cn=samba-admin,cn=samba manage
by anonymous read
by * read
access to dn.subtree="cn=samba"
by anonymous auth
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage
by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
${REFINT_CONFIG}
${MEMBEROF_CONFIG}
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
rootdn cn=Manager,cn=Samba
database hdb
suffix ${SCHEMADN}
rootdn cn=Manager,${SCHEMADN}
rootpw linux
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
${MMR_SCHEMA_CONFIG}
database hdb
suffix ${CONFIGDN}
rootdn cn=Manager,${CONFIGDN}
rootpw linux
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
${MMR_CONFIG_CONFIG}
database hdb
suffix ${DOMAINDN}
rootdn cn=Manager,${DOMAINDN}
rootpw linux
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
${MMR_USER_CONFIG}
-------------- next part --------------
### needed for replication of the sub-contexts ###
sizelimit unlimited
########################################################
### mmr-specific server-ids/urls (2 node setup)###
########################################################
ServerID 1 "${LDAPSERVER_1}:9000/"
ServerID 2 "${LDAPSERVER_2}:9000/"
########################################################
-------------- next part --------------
### cn=config replication #########################################
syncrepl rid=3
provider="${LDAPSERVER_1}:9000/"
searchbase="${CONFIGDN}"
bindmethod=simple
binddn="cn=Manager,${CONFIGDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
syncrepl rid=4
provider="${LDAPSERVER_2}:9000/"
searchbase="${CONFIGDN}"
bindmethod=simple
binddn="cn=Manager,${CONFIGDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
MirrorMode On
#####################################################################
-------------- next part --------------
### cn=schema replication #########################################
syncrepl rid=1
provider="${LDAPSERVER_1}:9000/"
searchbase="${SCHEMADN}"
bindmethod=simple
binddn="cn=Manager,${SCHEMADN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
syncrepl rid=2
provider="${LDAPSERVER_2}:9000/"
searchbase="${SCHEMADN}"
bindmethod=simple
binddn="cn=Manager,${SCHEMADN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
MirrorMode On
#####################################################################
-------------- next part --------------
### cn=user/base-dn replication #########################################
syncrepl rid=5
provider="${LDAPSERVER_1}:9000/"
searchbase="${DOMAINDN}"
bindmethod=simple
binddn="cn=Manager,${DOMAINDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
syncrepl rid=6
provider="${LDAPSERVER_2}:9000/"
searchbase="${DOMAINDN}"
bindmethod=simple
binddn="cn=Manager,${DOMAINDN}"
credentials="linux"
type=refreshAndPersist
retry="10 +"
MirrorMode On
#####################################################################
-------------- next part --------------
--- scripting/python/samba/provision.py.bak 2008-08-12 10:35:33.000000000 +0200
+++ scripting/python/samba/provision.py 2008-08-12 15:07:58.000000000 +0200
@@ -76,7 +76,10 @@
self.memberofconf = None
self.fedoradsinf = None
self.fedoradspartitions = None
-
+ self.olmmrconf = None
+ self.olmmrschemaconf = None
+ self.olmmrconfigconf = None
+ self.olmmruserconf = None
class ProvisionNames(object):
def __init__(self):
@@ -244,6 +247,14 @@
"fedorads.inf")
paths.fedoradspartitions = os.path.join(paths.ldapdir,
"fedorads-partitions.ldif")
+ paths.olmmrconf = os.path.join(paths.ldapdir,
+ "ol-mmr.conf")
+ paths.olmmrschemaconf = os.path.join(paths.ldapdir,
+ "ol-mmr-schema.conf")
+ paths.olmmrconfigconf = os.path.join(paths.ldapdir,
+ "ol-mmr-config.conf")
+ paths.olmmruserconf = os.path.join(paths.ldapdir,
+ "ol-mmr-user.conf")
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
paths.hkcu = "hkcu.ldb"
@@ -331,7 +342,7 @@
names.hostname = hostname
names.sitename = sitename
names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn)
-
+
return names
@@ -1141,7 +1152,8 @@
smbconf=None, targetdir=None, realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
domain=None, hostname=None, adminpass=None, root=None, serverrole=None,
- ldap_backend_type=None, ldap_backend_port=None):
+ ldap_backend_type=None, ldap_backend_port=None,
+ ol_mmr_url1=None, ol_mmr_url2=None):
def setup_path(file):
return os.path.join(setup_dir, file)
@@ -1255,7 +1267,31 @@
refint_config = read_and_sub_file(setup_path("refint.conf"),
{ "LINK_ATTRS" : refint_attributes})
-
+
+### generating mmr-templates ###
+ if ol_mmr_url1 is not None:
+ ol_mmr_config = read_and_sub_file(setup_path("ol-mmr.conf"),
+ { "LDAPSERVER_1" : ol_mmr_url1,
+ "LDAPSERVER_2" : ol_mmr_url2})
+
+ if ol_mmr_url1 is not None:
+ ol_mmr_schema_config = read_and_sub_file(setup_path("ol-mmr-schema.conf"),
+ { "LDAPSERVER_1" : ol_mmr_url1,
+ "LDAPSERVER_2" : ol_mmr_url2,
+ "SCHEMADN" : names.schemadn})
+ if ol_mmr_url1 is not None:
+ ol_mmr_config_config = read_and_sub_file(setup_path("ol-mmr-config.conf"),
+ { "LDAPSERVER_1" : ol_mmr_url1,
+ "LDAPSERVER_2" : ol_mmr_url2,
+ "CONFIGDN" : names.configdn})
+
+ if ol_mmr_url1 is not None:
+ ol_mmr_user_config = read_and_sub_file(setup_path("ol-mmr-user.conf"),
+ { "LDAPSERVER_1" : ol_mmr_url1,
+ "LDAPSERVER_2" : ol_mmr_url2,
+ "DOMAINDN" : names.domaindn})
+
+### end mmr - templates ###
setup_file(setup_path("slapd.conf"), paths.slapdconf,
{"DNSDOMAIN": names.dnsdomain,
"LDAPDIR": paths.ldapdir,
@@ -1263,7 +1299,11 @@
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"MEMBEROF_CONFIG": memberof_config,
- "REFINT_CONFIG": refint_config})
+ "REFINT_CONFIG": refint_config,
+ "MMR_CONFIG": ol_mmr_config,
+ "MMR_SCHEMA_CONFIG": ol_mmr_schema_config,
+ "MMR_CONFIG_CONFIG": ol_mmr_config_config,
+ "MMR_USER_CONFIG": ol_mmr_user_config})
setup_file(setup_path("modules.conf"), paths.modulesconf,
{"REALM": names.realm})
-------------- next part --------------
--- setup/provision-backend.bak 2008-08-12 11:46:13.000000000 +0200
+++ setup/provision-backend 2008-08-12 13:31:51.000000000 +0200
@@ -64,6 +64,11 @@
help="Set server role to provision for (default standalone)")
parser.add_option("--targetdir", type="string", metavar="DIR",
help="Set target directory")
+parser.add_option("--ol-mmr-url1", type="string", metavar="LDAPSERVER_1",
+ help="LDAP-URL (DC1) corresponding to Server-ID for Use with OpenLDAP-MMR")
+parser.add_option("--ol-mmr-url2", type="string", metavar="LDAPSERVER_2",
+ help="LDAP-URL (DC2) corresponding to Server-ID for Use with OpenLDAP-MMR")
+
opts = parser.parse_args()[0]
@@ -99,4 +104,7 @@
adminpass=opts.ldap_admin_pass,
root=opts.root, serverrole=server_role,
ldap_backend_type=opts.ldap_backend_type,
- ldap_backend_port=opts.ldap_backend_port)
+ ldap_backend_port=opts.ldap_backend_port,
+ ol_mmr_url1=opts.ol_mmr_url1,
+ ol_mmr_url2=opts.ol_mmr_url2)
+
More information about the samba-technical
mailing list