backend provision samba4-ol-multimaster working
Oliver Liebel
oliver at itc.li
Mon Aug 18 13:24:19 GMT 2008
Andrew Bartlett schrieb:
> On Mon, 2008-08-18 at 13:55 +0200, Oliver Liebel wrote:
>
>> Oliver Liebel schrieb:
>>
>> but please take a short look on it, if its okay the way i made it,
>> before i start to setup the syncrepl-blocks:
>>
>
> Yep, that looks exactly right.
>
> Andrew Bartlett
>
.... done, complete mmr-setup is working now as wanted, using the
templating system
(see attached files and diffs).
please take a look on it, if its allright for you, we can talk about the
next steps.
oliver
____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.5043 from 18.08.2008
Virus news: www.antiviruslab.com
-------------- next part --------------
loglevel 0
### Multimaster-ServerIDs and URLs ###
${MMR_SERVERIDS_CONFIG}
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
#authz-regexp
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
#authz-regexp
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///cn=samba??one?(cn=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
ldap:///cn=samba??one?(cn=\$1)
access to dn.base=""
by dn=cn=samba-admin,cn=samba manage
by anonymous read
by * read
access to dn.subtree="cn=samba"
by anonymous auth
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage
by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
${REFINT_CONFIG}
${MEMBEROF_CONFIG}
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
rootdn cn=Manager,cn=Samba
########################################
### cn=schema ###
database hdb
suffix ${SCHEMADN}
rootdn cn=Manager,${SCHEMADN}
rootpw linux
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Multimaster-Replication of cn=schema Subcontext ###
${MMR_SYNCREPL_SCHEMA_CONFIG}
${MIRRORMODE}
#########################################
### cn=config ###
database hdb
suffix ${CONFIGDN}
rootdn cn=Manager,${CONFIGDN}
rootpw linux
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Multimaster-Replication of cn=config Subcontext ###
${MMR_SYNCREPL_CONFIG_CONFIG}
${MIRRORMODE}
########################################
### cn=users /base-dn ###
database hdb
suffix ${DOMAINDN}
rootdn cn=Manager,${DOMAINDN}
rootpw linux
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Multimaster-Replication of cn=user/base-dn context ###
${MMR_SYNCREPL_USER_CONFIG}
${MIRRORMODE}
-------------- next part --------------
${MIRRORMODE}
-------------- next part --------------
ServerID ${SERVERID} "${LDAPSERVER}:9000"
-------------- next part --------------
syncrepl rid=${RID}
provider="${LDAPSERVER}:9000"
searchbase="${MMRDN}"
type=refreshAndPersist
retry="10 +"
bindmethod=simple
binddn="CN=Manager,${MMRDN}"
credentials="linux"
-------------- next part --------------
--- scripting/python/samba/provision.py.bak 2008-08-12 10:35:33.000000000 +0200
+++ scripting/python/samba/provision.py 2008-08-18 15:14:26.000000000 +0200
@@ -76,7 +76,9 @@
self.memberofconf = None
self.fedoradsinf = None
self.fedoradspartitions = None
-
+ self.olmmron = None
+ self.olmmrserveridsconf = None
+ self.olmmrsyncreplconf = None
class ProvisionNames(object):
def __init__(self):
@@ -242,8 +244,12 @@
"memberof.conf")
paths.fedoradsinf = os.path.join(paths.ldapdir,
"fedorads.inf")
- paths.fedoradspartitions = os.path.join(paths.ldapdir,
- "fedorads-partitions.ldif")
+ paths.olmmrserveridsconf = os.path.join(paths.ldapdir,
+ "mmr_serverids.conf")
+ paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
+ "mmr_syncrepl.conf")
+ paths.olmmron = os.path.join(paths.ldapdir,
+ "mmr_on.conf")
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
paths.hkcu = "hkcu.ldb"
@@ -331,7 +337,7 @@
names.hostname = hostname
names.sitename = sitename
names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn)
-
+
return names
@@ -1141,7 +1147,11 @@
smbconf=None, targetdir=None, realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
domain=None, hostname=None, adminpass=None, root=None, serverrole=None,
- ldap_backend_type=None, ldap_backend_port=None):
+ ldap_backend_type=None, ldap_backend_port=None,
+ ol_mmr_urls=None, mmr_serverids_config=None, mmr_on_config=None,
+ mmr_syncrepl_schema_config=None,
+ mmr_syncrepl_config_config=None,
+ mmr_syncrepl_user_config=None ):
def setup_path(file):
return os.path.join(setup_dir, file)
@@ -1255,7 +1265,64 @@
refint_config = read_and_sub_file(setup_path("refint.conf"),
{ "LINK_ATTRS" : refint_attributes})
-
+
+########################################################
+### generate serverids and ldap-urls for mmr hosts ###
+########################################################
+
+ mmr_on_config = " "
+ mmr_serverids_config = " "
+
+ if ol_mmr_urls is not None:
+ mmr_hosts=ol_mmr_urls
+ mmr_hosts=filter(None,mmr_hosts.split(' '))
+
+ mmr_serverids_config = "# Generated from template mmr_serverids.conf\n"
+ z=0
+ for i in mmr_hosts:
+ z=z+1
+ mmr_serverids_config += read_and_sub_file(setup_path("mmr_serverids.conf"),
+ { "SERVERID" : str(z),
+ "LDAPSERVER" : i })
+ mmr_on_config = "MirrorMode On"
+
+########################################################
+### generate syncrepl-blocks for mmr hosts ###
+########################################################
+
+ mmr_syncrepl_schema_config = " "
+ mmr_syncrepl_config_config = " "
+ mmr_syncrepl_user_config = " "
+
+ if ol_mmr_urls is not None:
+ mmr_hosts=ol_mmr_urls
+ mmr_hosts=filter(None,mmr_hosts.split(' '))
+ mmr_syncrepl_schema_config = "# Generated from template mmr_syncrepl.conf\n"
+ mmr_syncrepl_config_config = "# Generated from template mmr_syncrepl.conf\n"
+ mmr_syncrepl_user_config = "# Generated from template mmr_syncrepl.conf\n"
+ z=0
+ for i in mmr_hosts:
+ z=z+1
+ mmr_syncrepl_schema_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+ { "RID" : str(z),
+ "MMRDN": names.schemadn,
+ "LDAPSERVER" : i })
+
+ for i in mmr_hosts:
+ z=z+1
+ mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+ { "RID" : str(z),
+ "MMRDN": names.configdn,
+ "LDAPSERVER" : i })
+
+ for i in mmr_hosts:
+ z=z+1
+ mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+ { "RID" : str(z),
+ "MMRDN": names.domaindn,
+ "LDAPSERVER" : i })
+
+
setup_file(setup_path("slapd.conf"), paths.slapdconf,
{"DNSDOMAIN": names.dnsdomain,
"LDAPDIR": paths.ldapdir,
@@ -1263,8 +1330,13 @@
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"MEMBEROF_CONFIG": memberof_config,
+ "MIRRORMODE": mmr_on_config,
+ "MMR_SERVERIDS_CONFIG": mmr_serverids_config,
+ "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config,
+ "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config,
+ "MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config,
"REFINT_CONFIG": refint_config})
- setup_file(setup_path("modules.conf"), paths.modulesconf,
+ setup_file(setup_path("modules.conf"), paths.modulesconf,
{"REALM": names.realm})
setup_db_config(setup_path, os.path.join(paths.ldapdir, "db", "user"))
-------------- next part --------------
--- setup/provision-backend.bak 2008-08-12 11:46:13.000000000 +0200
+++ setup/provision-backend 2008-08-15 13:35:41.000000000 +0200
@@ -64,6 +64,9 @@
help="Set server role to provision for (default standalone)")
parser.add_option("--targetdir", type="string", metavar="DIR",
help="Set target directory")
+parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
+ help="List of LDAP-URLS separated with whitespaces for Use with OpenLDAP-MMR")
+
opts = parser.parse_args()[0]
@@ -99,4 +102,6 @@
adminpass=opts.ldap_admin_pass,
root=opts.root, serverrole=server_role,
ldap_backend_type=opts.ldap_backend_type,
- ldap_backend_port=opts.ldap_backend_port)
+ ldap_backend_port=opts.ldap_backend_port,
+ ol_mmr_urls=opts.ol_mmr_urls)
+
More information about the samba-technical
mailing list