extended provision-backend

Andrew Bartlett abartlet at samba.org
Thu Aug 6 02:50:37 MDT 2009

On Wed, 2009-08-05 at 12:31 +0200, Oliver Liebel wrote:
> hi andrew,
> here are the improvements to provision/provision-backend
> and all necessary diffs:
> (first apologize that i have attached "normal" diffs,
> but i still did not had the time, to get closer into the git-stuff.
> please push the changes to the master.)
> andrews patches:
> - all integrated
> slapd/slaptest:
> - slaptest-path is not needed any more (slapd -Ttest is used instead)
> and is therefore removed.
> - slapd-path must be given when openldap-backend is chosen. is also used
> for olc-conversion (see above)
> running slapd-daemon:
> - system is pre-checked if another instance of slapd is running on
> system before starting it
> - if no other slapd is running, slapdcommand_prov starts slapd (ldapi
> only) for final provision
> - after startup is verified, if slapd is up an listening on s4's ldapi_uri
> help:
> - complete slapd-commandline (to start slapd manual after final
> provision is done) is stored
> under paths.ldapdir/slapd_command_file.txt  (depending on setup type, it
> includes real
> ldap://fqhn if olc and/or mmr was chosen, so slapd can be run after
> provision
> just with copy an paste that string, only port must be set manually)
> - extended help messages to make things more clear
> after final provision finished:
> - first is checked, if slapd is still running, listening to s4s ldapi_uri
> - then slapd (with pid from paths.ldapdir/slapd.pid) will be terminated
> (proper termination is re-checked)
> - stored slapd-commandline is displayed to show the right syntax to
> start slapd manually (except port )
> howto:
> - added a little howto (file: howto-ol-backend-s4.txt), including
> all ol-configure-options and setup-types (static/olc, standalone/mmr)
> todo:
> - full merge of provision and provision-backend, maybe in this way:
> with ol-backend, you only have to run (final) provision.
> slapd-path and other ol-specific-parameters has to be given.
> "backend-"prov is run first internally if any ol-param is given (slapd
> started auto),
> then "final-"prov (fully transparent to the user), after that slapd is
> terminated.

Thank-you so much for this work.  I've been thinking about it, and the
main thing I dislike is the way you try to detect another slapd process
using ps and grep.  Instead, how about trying a rootDSE search against
the ldapi socket?  If it succeeds, then have the script fail with 'an
ldap server appears to already be listening on .../ldapi, please shut it
down before you continue'.  

I would really like to see the slapd process handled with the subprocess
python module, but the best benefits of this (simply calling
slapd.terminate() to kill the child) replies on the two parts being

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090806/d9ab67c2/attachment.pgp>

More information about the samba-technical mailing list