extended provision-backend

Oliver Liebel oliver at itc.li
Thu Aug 6 17:09:37 MDT 2009 


Andrew Bartlett schrieb:
> On Thu, 2009-08-06 at 13:58 +0200, Oliver Liebel wrote:
>   
>> Andrew Bartlett schrieb:
>>     
>>>       
>>> Thank-you so much for this work.  I've been thinking about it, and the
>>> main thing I dislike is the way you try to detect another slapd process
>>> using ps and grep.  Instead, how about trying a rootDSE search against
>>> the ldapi socket?  
>>>       
>> what about a simple bind via python-ldap to the socket?
>> that should do it too.
>> tested ist, seems ok.
>>     
>
> That would work.  However I would prefer to use the ldb bindings if
> possible.  See the Ldb module. 
>
> (not that I think using python-ldap would be a big extra burden in terms
> of dependences, but because it means a future maintainer of the script
> would not have to learn another module and pattern). 
>
> Andrew Bartlett
>   
hi andrew,
here is the second (and hopefully...) final edition.

(apologize again that i have attached "normal" diffs,
but the git-stuff and i... sorry ;-)



(mostly) everything should be now according to your needs,
in particular:

- your patches ar added.

- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when 
openldap-backend is chosen.
its also used for olc-conversion

- slapd-detection (after run of provision-backend) is done by ldapsearch 
(python-ldap),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.
(i have chosen python-ldap as it could be also useful later, e.g. to 
monitor/query some
slapd-behaviour/settings)

- if ldapsearch was not successfull, (no slapd listening on our socket) 
slapd is started via special generated slapdcommand_prov  (ldapi_uri only)

- slapd-"provision-process" startup is done via pythons subprocess. the 
slapd-provision-pid is additionally stored
under paths.ldapdir/slapd_provision_pid (at the moment primary for 
debugging purposes.
when both scripts are fully merged, we maybe dont need that any more.)

- after provision-backend is finished, extended help-messages (relevant 
to slapd) are displayed,
e.g. the commandline with which slapd has to be started when everythings 
finished
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))

- also after final provision is finished, slapd.pid will be read out, 
and the
slapd "provison"-process is killed via SIGTERM. (at the moment this is 
done with os.kill,
we can move later to Popen.kill when both scripts are fully merged.)
extended ldap-specific help/status-messages are displayd.
If something goes wrong, extended help-messages are displayed too.

- proper slapd-temination after final provision is also verified via 
ldapsearch -> ldapi_uri -> rootDSE.

- added some new content to the mini-howto
(howto-ol-backend-s4.txt)


puh. hope that was it ..for now. ;-)
think i got me a beer or two tomorrow

have a nice weekend,
oliver

























-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: slapd.conf.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090807/d5a912ad/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: provision.py.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090807/d5a912ad/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: provision-backend.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090807/d5a912ad/attachment-0002.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Samba4.pm.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090807/d5a912ad/attachment-0003.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: secrets_sasl_ldap.ldif.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090807/d5a912ad/attachment-0004.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: howto-ol-backend-s4.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090807/d5a912ad/attachment.txt>

More information about the samba-technical mailing list