Oliver Liebel oliver at itc.li
Tue Feb 10 17:18:39 MST 2009

Andrew Bartlett schrieb:
> On Tue, 2009-02-10 at 20:39 +0100, Oliver Liebel wrote:
>> Andrew Bartlett schrieb:
>>>> i also added some new output to the post- provision-backend-messages,
>>>> depending on the chosen options to make some olc/mmr-depending params 
>>>> more clear.
>>> Why can't we provision against ldapi in the MMR case?  I don't
>>> understand why Samba4 should ever talk to anything but the ldapi socket
>>> in the default case.
>> first: please specify the "default case".
>> second: sure its possible to set up final provisioning for MMR with 
>> both   ldap://<fqhn>:<port>   and/or    ldapi:///.
>> just a matter of adding a few more words to explain this setup-type in 
>> the provision-backend output line,
>> and samba 4 can talk from here to eternity to the socket.
>> but for real-life MMR-purposes slapd still has to be run with 
>> (additionally) ldap://<fqhn>:<port> on every physical node.
> Ahh, of course. 
>> and in this (early) stage its surely less confusing and less complex 
>> (for those who wants to test it)
>> to set up mmr just with host:port.
> I would prefer to keep Samba's configuration to the ldapi (leave the
> provision unchanged), but of course to have the slapd command line
> propose binding to a real TCP port.
ok, i will adjust the provision-backend output, so that the "help-lines" 
for every setup-scenario, e.g.:
ol/ldapi, ol/olc/ldapi, ol/mmr/ldapi+ldap, 
ol/olc/mmr/ldapi+ldap....etc.  will be displayed
according to the chosen setup-type.

i also discovered two little bugs in provision-backend (--ol-olc / 
ol-slaptest validation). they
will be corrected with the next diffs.

>>>> it was also necessary to create a small workaround (3 lines), in case
>>>> the syncprov overlay (and directory) of olcDatabase={0}config were
>>>> not created properly during conversion.
>>> Ahh - this is because we don't have a cn=config in the slapd.conf, so
>>> when slaptest creates it, it does not think to add syncprov to it?
>> no.
>> the correct cn=config block is placed via templating into slapd.conf 
>> before it gets converted,
>> as you can see in the script, the templates and the generated slapd.conf.
>> in just made the experience that in some cases the syncprov container is 
>> not created properly,
>> if syncprov is used more then once. i didnt had the time over the last 
>> weeks to test and reproduce this
>> behaviour under all circumstances, so i created this small workaround.
>> i will try to reproduce it later - for now the olc-setup is working.
> OK.  So this works around an OpenLDAP bug?
like i said - i had no time to verify/reproduce it in every case or 
i will test it again asap.
if its reproducable, i will file an ITS.

> Andrew Bartlett

More information about the samba-technical mailing list