Andrew Bartlett abartlet at samba.org
Mon Feb 9 22:38:04 MST 2009

On Sat, 2009-01-17 at 01:40 +0100, Oliver Liebel wrote:
> hi andrew,
> the olc-conversion works now:
> for  a standalone dc and
> n - dcs in multimaster-replication.
> all files and diffs are attached, please take a look on it
> and tell me if its okay for you.
> following, a short description of the changes/additions
> i made:
> we have now:
> --ol-olc=[yes/no] # trigger olc-conversion, needs:
> --ol-slaptest=</path to slaptest binary>
> if wrong path is given or slaptest doesnt exist, the script will exit 
> with a  sys.exit
> Warning:  ("Path to slaptest-Binary does not exist.")
> if both options are chosen,
> the slapd.conf will be generated as normal and is
> then converted to olc (dir: ../private/ldap/slapd.d)
> in case of olc-conversion, the access to cn=config is made via
> cn=samba-admin,cn=samba (write) for administration and
> cn=replicator,cn=samba (read) for replication purposes.
> the slapd.conf should be removed after olc-setup.
> (remove-line exists in provision.py and is commented out).
> as it "protects" the admin to ran in trouble using both confs (olc and 
> static).

Indeed, we should remove it in this case. 

> if olc AND mmr are chosen,
> the olc-conversion will be setup like described above,
> and a small olc_seed.ldif for initial load of the other masters with slapadd
> will be generated in ../private/ldap/olc_seed.ldif. but its also
> possible to setup the other masters using the same provision-backend
> params as on the first master. final provision can then be skipped
> on the secondary dcs; after starting their slapds, they will suck out
> all contexts from the first master.
> what else:
> i also added some new output to the post- provision-backend-messages,
> depending on the chosen options to make some olc/mmr-depending params 
> more clear.

Why can't we provision against ldapi in the MMR case?  I don't
understand why Samba4 should ever talk to anything but the ldapi socket
in the default case.

> i added several new files to the template-system
> and cleaned up / modified some of the existing (all attached).
> i had to clean up the bdb-file "setup/DB_CONFIG" (no comments "#" anymore),
> otherwise we will ran into the error:
> "mods check (olcDbConfig: value #0 provided more than once)"
> during config-replication.
> it was also necessary to create a small workaround (3 lines), in case
> the syncprov overlay (and directory) of olcDatabase={0}config were
> not created properly during conversion.

Ahh - this is because we don't have a cn=config in the slapd.conf, so
when slaptest creates it, it does not think to add syncprov to it?


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090210/fa1be82c/attachment.bin

More information about the samba-technical mailing list