extended provision-backend

Oliver Liebel oliver at itc.li
Sat Aug 8 12:40:56 MDT 2009

Andrew Bartlett schrieb:
> This is what I want:
> When we start a provision-backend, we look to see if a slapd is already
> listening on the ldapi socket, before we start a new slapd to listen
> there.  
> In this case we print the presumed PID of the old slapd that is
> in our way and abort.
> When we finish the provision, we shut down the slapd that we know we
> started. 
> It's PID is recorded between provision-backend and provision,
> and verified with the slapd.pid.  
> We also only do this if there is a
> working slapd on the socket. 
> how about trying a rootDSE search against
> the ldapi socket?  If it succeeds, then have the script fail with 'an
> ldap server appears to already be listening on .../ldapi, please shut it
> down before you continue'.  
> However I would prefer to use the ldb bindings if
> possible.  See the Ldb module. (not that I think using 
> python-ldap would be a big extra burden in terms
> of dependences, but because it means a future maintainer of the script
> would not have to learn another module and pattern). 
python-ldap is out, ldb is in.
> I would really like to see the slapd process handled with the subprocess
> python module

i have tested and verified the new extensions several times under
different conditions, and all is working stable and as expected.

heres the summary of all changes/extensions:

- your patches are added.

- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when
openldap-backend is chosen.
its also used for olc-conversion

- slapd-detection is now always done by ldapsearch (ldb module),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.

- if ldapsearch was not successfull, (no slapd listening on our socket)
slapd is
started via special generated slapdcommand_prov  (ldapi_uri only)

- slapd-"provision-process" startup is done via pythons subprocess.

- the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid.

- after provision-backend is finished:
--- slapd.pid is compared with our stored slapd_provision_pid.
if the are unique, slapd.pid will be read out, and the
slapd "provison"-process will be shut down.
--- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri
-> rootDSE.
--- if the pids are different or one of the pid-files is missing, slapd
will not be shut down,
instead an error message is displayed to locate slapd manually
--- extended help-messages (relevant to slapd) are always displayed,
e.g. the commandline with which slapd has to be started when everythings
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))

- upgraded the content of the mini-howto (howto-ol-backend-s4.txt)

the latest patches are all attached. please commit them to git.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: provision.py.diff
Type: text/x-patch
Size: 18350 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090808/852370ad/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: provision-backend.diff
Type: text/x-patch
Size: 2236 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090808/852370ad/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Samba4.pm.diff
Type: text/x-patch
Size: 926 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090808/852370ad/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: secrets_sasl_ldap.ldif.diff
Type: text/x-patch
Size: 256 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090808/852370ad/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: slapd.conf.diff
Type: text/x-patch
Size: 1666 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090808/852370ad/attachment-0004.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: howto-ol-backend-s4.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090808/852370ad/attachment.txt>

More information about the samba-technical mailing list