Andrew Bartlett abartlet at samba.org
Tue Feb 10 14:44:35 MST 2009

On Tue, 2009-02-10 at 20:39 +0100, Oliver Liebel wrote:
> Andrew Bartlett schrieb:
> >>
> >> i also added some new output to the post- provision-backend-messages,
> >> depending on the chosen options to make some olc/mmr-depending params 
> >> more clear.
> >>     
> >
> > Why can't we provision against ldapi in the MMR case?  I don't
> > understand why Samba4 should ever talk to anything but the ldapi socket
> > in the default case.
> >
> >   
> first: please specify the "default case".
> second: sure its possible to set up final provisioning for MMR with 
> both   ldap://<fqhn>:<port>   and/or    ldapi:///.
> just a matter of adding a few more words to explain this setup-type in 
> the provision-backend output line,
> and samba 4 can talk from here to eternity to the socket.
> but for real-life MMR-purposes slapd still has to be run with 
> (additionally) ldap://<fqhn>:<port> on every physical node.

Ahh, of course. 

> and in this (early) stage its surely less confusing and less complex 
> (for those who wants to test it)
> to set up mmr just with host:port.

I would prefer to keep Samba's configuration to the ldapi (leave the
provision unchanged), but of course to have the slapd command line
propose binding to a real TCP port.

> >> it was also necessary to create a small workaround (3 lines), in case
> >> the syncprov overlay (and directory) of olcDatabase={0}config were
> >> not created properly during conversion.
> >>     
> >
> > Ahh - this is because we don't have a cn=config in the slapd.conf, so
> > when slaptest creates it, it does not think to add syncprov to it?
> >   
> no.
> the correct cn=config block is placed via templating into slapd.conf 
> before it gets converted,
> as you can see in the script, the templates and the generated slapd.conf.
> in just made the experience that in some cases the syncprov container is 
> not created properly,
> if syncprov is used more then once. i didnt had the time over the last 
> weeks to test and reproduce this
> behaviour under all circumstances, so i created this small workaround.
> i will try to reproduce it later - for now the olc-setup is working.

OK.  So this works around an OpenLDAP bug?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090211/512b01e1/attachment.bin

More information about the samba-technical mailing list