olc/mmr-patches
Oliver Liebel
oliver at itc.li
Mon Feb 23 12:04:45 MST 2009
hi andrew,
i hope, the following descriptions of all made modifications/additions and
extensions are clear enough, and that i have created the commit-message
in the right way.
otherwise please give me a short help / advice, and i will correct them
according
to your specifications.
the long description, commit-message and all necessary files an diffs
are attached.
first the long description:
these extensions add mmr (multi-master-replication) and olc
(openldap-online-configuration)
capabilities to the provisioning-scripts (provision-backend and
provision.py),
for use with the openldap-backend (only versions >=2.4.15!).
changes / additions made to the provision-backend -script:
added new command-line-options:
--ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr
(can be combined with --ol-olc=yes),
--ol-olc=[yes/no] (activate automatic conversion from static slapd.conf
to olc),
--ol-slaptest=<path to slaptest binary> (needed in conjunction with
--ol-olc=yes)
changes / additions made to the provision.py -script:
added extensions, that will automatically generate the chosen mmr
and/or olc setup
for the openldap backend, according to the to chosen parameters set in
the provision-backend script
(see above).
possible setup-options are:
1) normal setup (samba 4 "standalone" with openldap backend and static
slapd.conf,
communication via ldapi)
2) mmr: mmr is setup with 2-n DCs and a static slapd.conf, which will
be generated via templating system. final provisioning can be done
via ldapi, for communication between all DCs, slapd must be started with
(additional)
ldap://<host>:<port (other than 389!)> on every node, to have mmr working.
readonly-access to the contexts is made by cn=replicator for replication
purposes,
administrative access is possible via cn=samba-admin.
communication via ldapi and ldap://<host>:<port (other than 389!)>.
3) olc, single DC: olc is setup with 1 (standalone) DC and olc
(slapd.d), final provisioning can be done
via ldapi. to access the olc, slapd must be started with (additional)
ldap://<host>:<port (other than 389!)>.
administrative access is possible via cn=samba-admin.
communication via ldapi and ldap://<host>:<port (other than 389!)>.
4) olc + mmr: olc + mmr is setup with 2-n DCs and olc (slapd.d), final
provisioning can be done
via ldapi. for communication between all DCs and to access the olc,
slapd must be started with (additional)
ldap://<host>:<port (other than 389!)> on every node.
readonly-access to the contexts is made by cn=replicator for replication
purposes,
administrative access is possible via cn=samba-admin.
communication via ldapi and ldap://<host>:<port (other than 389!)>.
for all olc-setups, the existence of slaptest-binary is checked before
conversion, if it doesnt exist,
script will exit with a related error-message. same happens, if
--ol-olc=yes and --ol-slaptest is not set.
if --ol-olc=yes and slaptest-path is correct, a slapd.conf
will be generated via templating system and is then converted to
slapd.d/ (olc).
the slapd.d/ - Directory is placed under ../private/ldap/
the "old" slapd.conf will be removed after conversion to avoid errors
running slapd with both configs (static/dynamic).
the use of openldap 2.4.15 (2.4.14 CVS) is strongly recommended
according to some olc-relevant
openldap-patches (olcSyncprovConfig - creation for cn=config).
according to that, i removed the previous created workaround to create
olcSyncprovConfig "manually".
in case of olc combined with mmr, the syncrepl-statements for the
cn=config-contexts
have RIDs with 4 integer-digits (beginning from 1001), to avoid
mistakes/confusion with the
"normal" RIDs for the "normal" contexts (3 integer-digits).
also, an olc-seed-ldif will be generated automatically, and is placed
under ../private/ldap/
with which the other DCs can be setup -without conversion- from the
scratch via slapadd.
list of files (and their functions/extensions/modifications):
- provision.py.diff (diffs of ../scripting/python/samba/provision.py)
- provision-backend.diff (diffs of ../setup/provision-backend)
- setup/slapd.conf (extended slapd.conf with new templating-variables
for olc and mmr)
- setup/cn=replicator.ldif (ldif used to setup
readonly-replicator-account for mmr)
- setup/DB_CONFIG (modified DB_CONFIG: removed all comments as they
could cause trouble during olc-conversion)
- setup/mmr_serverids.conf (place serverids + ldapurls in slapd.conf
via ${MMR_SERVERIDS_CONFIG} )
- setup/mmr_syncrepl.conf (place syncrepl-statements for the 3 main
contexts in slapd.conf via ${MMR_SYNCREPL_CONFIG_CONFIG},
${MMR_SYNCREPL_SCHEMA_CONFIG}, ${MMR_SYNCREPL_USER_CONFIG})
- setup/olc_acl.conf (place ACLs for cn=config in slapd.conf via
${OLC_CONFIG_ACL})
- setup/olc_mmr.conf (place syncprov and mirrormode -directives in
slapd.conf via ${OLC_MMR_CONFIG})
- setup/olc_pass.conf (place "database config" directives in slapd.conf
via ${OLC_CONFIG_PASS})
- setup/olc_syncrepl.conf (place syncrepl-statements for cn=config
context in slapd.conf via ${OLC_SYNCREPL_CONFIG})
- setup/olc_serverid.conf (used to setup serverids + urls in
olc-seed-ldif via file: ../setup/olc_seed.ldif)
- setup/olc_syncrepl_seed.conf (used to setup syncrepl-statements in
olc-seed-ldif via file: ../setup/olc_seed.ldif)
- setup/olc_seed.ldif (template for generated
../private/ldap/olc-seed.ldif)
other related variables in slapd.conf:
${MIRRORMODE} - place "Mirrormode on" for the 3 main contexts in
slapd.conf, if mmr is chosen
-------------
commit-message:
From: Oliver Liebel <oliver at itc.li>
Date: Mon, 23 Feb 2009 15:52:55
Subject: [PATCH] added mmr (multi-master-replication) and
olc (openldap-online-configuration) capabilities to the
provisioning-scripts (provision-backend and provision.py),
for use with the openldap-backend (olc only with
versions >=2.4.15!). the extensions will automatically
generate the chosen mmr and/or olc -setup for the openldap
backend, according to chosen parameters set in the
provision-backend script.
----------
-------------- next part --------------
--- scripting/python/samba/provision.org 2009-01-06 12:59:15.000000000 +0100
+++ scripting/python/samba/provision.py 2009-02-23 15:39:06.000000000 +0100
@@ -4,6 +4,7 @@
# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2008
# Copyright (C) Andrew Bartlett <abartlet at samba.org> 2008
+# Copyright (C) Oliver Liebel <o.liebel at itc.li> 2008-2009
#
# Based on the original in EJS:
# Copyright (C) Andrew Tridgell <tridge at samba.org> 2005
@@ -26,6 +27,7 @@
from base64 import b64encode
import os
+import sys
import pwd
import grp
import time
@@ -76,9 +78,12 @@
self.memberofconf = None
self.fedoradsinf = None
self.fedoradspartitions = None
- self.olmmron = None
- self.olmmrserveridsconf = None
- self.olmmrsyncreplconf = None
+ self.olmmron = None
+ self.olmmrserveridsconf = None
+ self.olmmrsyncreplconf = None
+ self.olcdir = None
+ self.olslaptest = None
+ self.olcseedldif = None
class ProvisionNames(object):
@@ -251,6 +256,10 @@
"mmr_serverids.conf")
paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
"mmr_syncrepl.conf")
+ paths.olcdir = os.path.join(paths.ldapdir,
+ "slapd.d")
+ paths.olcseedldif = os.path.join(paths.ldapdir,
+ "olc_seed.ldif")
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
paths.hkcu = "hkcu.ldb"
@@ -1160,7 +1169,7 @@
rootdn=None, domaindn=None, schemadn=None, configdn=None,
domain=None, hostname=None, adminpass=None, root=None, serverrole=None,
ldap_backend_type=None, ldap_backend_port=None,
- ol_mmr_urls=None):
+ ol_mmr_urls=None,ol_olc=None,ol_slaptest=None):
def setup_path(file):
return os.path.join(setup_dir, file)
@@ -1184,6 +1193,18 @@
make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole,
targetdir)
+ # openldap-online-configuration: validation of olc and slaptest
+ if ol_olc == "yes" and ol_slaptest is None:
+ sys.exit("Warning: OpenLDAP-Online-Configuration cant be setup without path to slaptest-Binary!")
+
+ if ol_olc == "yes" and ol_slaptest is not None:
+ ol_slaptest = ol_slaptest + "/slaptest"
+ if not os.path.exists(ol_slaptest):
+ message (ol_slaptest)
+ sys.exit("Warning: Given Path to slaptest-Binary does not exist!")
+
+
+
lp = param.LoadParm()
lp.load(smbconf)
@@ -1276,52 +1297,95 @@
{ "LINK_ATTRS" : refint_attributes})
# generate serverids, ldap-urls and syncrepl-blocks for mmr hosts
- mmr_on_config = ""
- mmr_replicator_acl = ""
- mmr_serverids_config = ""
+ mmr_on_config = ""
+ mmr_replicator_acl = ""
+ mmr_serverids_config = ""
mmr_syncrepl_schema_config = ""
- mmr_syncrepl_config_config = ""
- mmr_syncrepl_user_config = ""
-
- if ol_mmr_urls is not None:
+ mmr_syncrepl_config_config = ""
+ mmr_syncrepl_user_config = ""
+
+
+ if ol_mmr_urls is not None:
# For now, make these equal
mmr_pass = adminpass
- url_list=filter(None,ol_mmr_urls.split(' '))
+ url_list=filter(None,ol_mmr_urls.split(' '))
if (len(url_list) == 1):
url_list=filter(None,ol_mmr_urls.split(','))
- mmr_on_config = "MirrorMode On"
- mmr_replicator_acl = " by dn=cn=replicator,cn=samba read"
- serverid=0
- for url in url_list:
- serverid=serverid+1
- mmr_serverids_config += read_and_sub_file(setup_path("mmr_serverids.conf"),
- { "SERVERID" : str(serverid),
- "LDAPSERVER" : url })
+ mmr_on_config = "MirrorMode On"
+ mmr_replicator_acl = " by dn=cn=replicator,cn=samba read"
+ serverid=0
+ for url in url_list:
+ serverid=serverid+1
+ mmr_serverids_config += read_and_sub_file(setup_path("mmr_serverids.conf"),
+ { "SERVERID" : str(serverid),
+ "LDAPSERVER" : url })
rid=serverid*10
- rid=rid+1
- mmr_syncrepl_schema_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
- { "RID" : str(rid),
- "MMRDN": names.schemadn,
- "LDAPSERVER" : url,
+ rid=rid+1
+ mmr_syncrepl_schema_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+ { "RID" : str(rid),
+ "MMRDN": names.schemadn,
+ "LDAPSERVER" : url,
"MMR_PASSWORD": mmr_pass})
- rid=rid+1
- mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
- { "RID" : str(rid),
- "MMRDN": names.configdn,
- "LDAPSERVER" : url,
+ rid=rid+1
+ mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+ { "RID" : str(rid),
+ "MMRDN": names.configdn,
+ "LDAPSERVER" : url,
"MMR_PASSWORD": mmr_pass})
- rid=rid+1
- mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
- { "RID" : str(rid),
- "MMRDN": names.domaindn,
- "LDAPSERVER" : url,
+ rid=rid+1
+ mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+ { "RID" : str(rid),
+ "MMRDN": names.domaindn,
+ "LDAPSERVER" : url,
"MMR_PASSWORD": mmr_pass })
+ # olc = yes?
+ olc_config_pass = ""
+ olc_config_acl = ""
+ olc_syncrepl_config = ""
+ olc_mmr_config = ""
+ if ol_olc == "yes":
+ olc_config_pass += read_and_sub_file(setup_path("olc_pass.conf"),
+ { "OLC_PW": adminpass })
+ olc_config_acl += read_and_sub_file(setup_path("olc_acl.conf"),{})
+
+ # if olc = yes + mmr = yes, generate cn=config-replication directives
+ # and olc_seed.lif for the other mmr-servers
+ if ol_olc == "yes" and ol_mmr_urls is not None:
+ serverid=0
+ olc_serverids_config = ""
+ olc_syncrepl_config = ""
+ olc_syncrepl_seed_config = ""
+ olc_mmr_config = ""
+ olc_mmr_config += read_and_sub_file(setup_path("olc_mmr.conf"),{})
+ rid=1000
+ for url in url_list:
+ serverid=serverid+1
+ olc_serverids_config += read_and_sub_file(setup_path("olc_serverid.conf"),
+ { "SERVERID" : str(serverid),
+ "LDAPSERVER" : url })
+
+ rid=rid+1
+ olc_syncrepl_config += read_and_sub_file(setup_path("olc_syncrepl.conf"),
+ { "RID" : str(rid),
+ "LDAPSERVER" : url,
+ "MMR_PASSWORD": adminpass})
+
+ olc_syncrepl_seed_config += read_and_sub_file(setup_path("olc_syncrepl_seed.conf"),
+ { "RID" : str(rid),
+ "LDAPSERVER" : url})
+
+ setup_file(setup_path("olc_seed.ldif"), paths.olcseedldif,
+ {"OLC_SERVER_ID_CONF": olc_serverids_config,
+ "OLC_PW": adminpass,
+ "OLC_SYNCREPL_CONF": olc_syncrepl_seed_config})
+
+ # end olc
setup_file(setup_path("slapd.conf"), paths.slapdconf,
{"DNSDOMAIN": names.dnsdomain,
@@ -1336,8 +1400,12 @@
"MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config,
"MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config,
"MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config,
+ "OLC_CONFIG_PASS": olc_config_pass,
+ "OLC_SYNCREPL_CONFIG": olc_syncrepl_config,
+ "OLC_CONFIG_ACL": olc_config_acl,
+ "OLC_MMR_CONFIG": olc_mmr_config,
"REFINT_CONFIG": refint_config})
- setup_file(setup_path("modules.conf"), paths.modulesconf,
+ setup_file(setup_path("modules.conf"), paths.modulesconf,
{"REALM": names.realm})
setup_db_config(setup_path, os.path.join(paths.ldapdir, "db", "user"))
@@ -1356,16 +1424,15 @@
{"LDAPADMINPASS_B64": b64encode(adminpass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
-
- if ol_mmr_urls is not None:
- setup_file(setup_path("cn=replicator.ldif"),
+
+ if ol_mmr_urls is not None:
+ setup_file(setup_path("cn=replicator.ldif"),
os.path.join(paths.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"),
{"MMR_PASSWORD_B64": b64encode(mmr_pass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
-
mapping = "schema-map-openldap-2.3"
backend_schema = "backend-schema.schema"
@@ -1375,7 +1442,19 @@
else:
server_port_string = ""
- slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string
+ # generate help-messages depending on chosen setup-type (standalone, mmr, olc, mmr+olc)
+ if ol_olc != "yes" and ol_mmr_urls is None:
+ slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string
+
+ if ol_olc == "yes" and ol_mmr_urls is None:
+ slapdcommand="Start slapd with: slapd -F " + paths.olcdir + " -h \"" + ldapi_uri + " ldap://<FQHN>:<PORT>\""
+
+ if ol_olc != "yes" and ol_mmr_urls is not None:
+ slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h \"" + ldapi_uri + " ldap://<FQHN>:<PORT>\""
+
+ if ol_olc == "yes" and ol_mmr_urls is not None:
+ slapdcommand="Start slapd with: slapd -F " + paths.olcdir + " -h \"" + ldapi_uri + " ldap://<FQHN>:<PORT>\""
+
ldapuser = "--username=samba-admin"
@@ -1399,6 +1478,16 @@
message(slapdcommand)
message("Run provision with: --ldap-backend=ldapi --ldap-backend-type=" + ldap_backend_type + " --password=" + adminpass + " " + ldapuser)
+ # if --ol-olc=yes, generate online-configuration in ../private/ldap/slapd.d
+ if ol_olc == "yes":
+ if not os.path.isdir(paths.olcdir):
+ os.makedirs(paths.olcdir, 0770)
+ paths.olslaptest = str(ol_slaptest)
+ olc_command = paths.olslaptest + " -f" + paths.slapdconf + " -F" + paths.olcdir + " >/dev/null 2>&1"
+ os.system(olc_command)
+ os.remove(paths.slapdconf)
+
+
def create_phpldapadmin_config(path, setup_path, ldapi_uri):
"""Create a PHP LDAP admin configuration file.
-------------- next part --------------
--- setup/provision-backend.org 2009-01-06 13:01:01.000000000 +0100
+++ setup/provision-backend 2009-02-23 13:57:39.000000000 +0100
@@ -4,6 +4,7 @@
# provision a Samba4 server
# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2007-2008
# Copyright (C) Andrew Bartlett <abartlet at samba.org> 2008
+# Copyright (C) Oliver Liebel <o.liebel at itc.li> 2008-2009
#
# Based on the original in EJS:
# Copyright (C) Andrew Tridgell 2005
@@ -65,8 +66,12 @@
parser.add_option("--targetdir", type="string", metavar="DIR",
help="Set target directory")
parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
- help="List of LDAP-URLS [ ldap://<FQDN>:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR")
-
+ help="List of LDAP-URLS [ ldap://<FQDN>:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)")
+parser.add_option("--ol-olc", type="choice", metavar="OPENLDAP-OLC",
+ help="To setup OpenLDAP-Backend with Online-Configuration [slapd.d] choose 'yes'",
+ choices=["yes", "no"])
+parser.add_option("--ol-slaptest", type="string", metavar="SLAPTEST-PATH",
+ help="Path to slaptest-binary [e.g.:'/usr/local/sbin']. Only for use with --ol-olc='yes'")
opts = parser.parse_args()[0]
@@ -103,5 +108,7 @@
root=opts.root, serverrole=server_role,
ldap_backend_type=opts.ldap_backend_type,
ldap_backend_port=opts.ldap_backend_port,
- ol_mmr_urls=opts.ol_mmr_urls)
+ ol_mmr_urls=opts.ol_mmr_urls,
+ ol_olc=opts.ol_olc,
+ ol_slaptest=opts.ol_slaptest)
-------------- next part --------------
loglevel 0
### needed for initial content load ###
sizelimit unlimited
### Multimaster-ServerIDs and URLs ###
${MMR_SERVERIDS_CONFIG}
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
#authz-regexp
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
#authz-regexp
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///cn=samba??one?(cn=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
ldap:///cn=samba??one?(cn=\$1)
access to dn.base=""
by dn=cn=samba-admin,cn=samba manage
by anonymous read
by * read
access to dn.subtree="cn=samba"
by anonymous auth
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
overlay deref
${REFINT_CONFIG}
${MEMBEROF_CONFIG}
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
rootdn cn=Manager,cn=Samba
########################################
## olc - configuration ###
${OLC_CONFIG_PASS}
${OLC_SYNCREPL_CONFIG}
${OLC_MMR_CONFIG}
${OLC_CONFIG_ACL}
########################################
### cn=schema ###
database hdb
suffix ${SCHEMADN}
rootdn cn=Manager,${SCHEMADN}
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10
### Multimaster-Replication of cn=schema Subcontext ###
${MMR_SYNCREPL_SCHEMA_CONFIG}
${MIRRORMODE}
#########################################
### cn=config ###
database hdb
suffix ${CONFIGDN}
rootdn cn=Manager,${CONFIGDN}
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10
### Multimaster-Replication of cn=config Subcontext ###
${MMR_SYNCREPL_CONFIG_CONFIG}
${MIRRORMODE}
########################################
### cn=users /base-dn ###
database hdb
suffix ${DOMAINDN}
rootdn cn=Manager,${DOMAINDN}
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10
### Multimaster-Replication of cn=user/base-dn context ###
${MMR_SYNCREPL_USER_CONFIG}
${MIRRORMODE}
-------------- next part --------------
dn: cn=replicator
objectClass: top
objectClass: person
cn: replicator
userPassword:: ${MMR_PASSWORD_B64}
structuralObjectClass: person
entryUUID: ${UUID}
creatorsName:
createTimestamp: ${LDAPTIME}
entryCSN: 20080714010529.241039Z#000000#000#000000
modifiersName:
modifyTimestamp: ${LDAPTIME}
-------------- next part --------------
set_cachesize 0 524288 0
set_lg_regionmax 104857
set_lg_max 1048576
set_lg_bsize 209715
set_lg_dir ${LDAPDBDIR}/bdb-logs
set_tmp_dir ${LDAPDBDIR}/tmp
-------------- next part --------------
ServerID ${SERVERID} "${LDAPSERVER}"
-------------- next part --------------
# Generated from template mmr_syncrepl.conf
syncrepl rid=${RID}
provider="${LDAPSERVER}"
searchbase="${MMRDN}"
type=refreshAndPersist
retry="10 +"
bindmethod=sasl
saslmech=DIGEST-MD5
authcid="replicator"
credentials="${MMR_PASSWORD}"
-------------- next part --------------
database config
rootdn cn=config
-------------- next part --------------
access to dn.sub="cn=config"
by dn="cn=samba-admin,cn=samba" write
by dn="cn=replicator,cn=samba" read
-------------- next part --------------
overlay syncprov
MirrorMode on
-------------- next part --------------
# Generated from template olc_syncrepl.conf
syncrepl rid=${RID}
provider="${LDAPSERVER}"
searchbase="cn=config"
filter="(!(olcDatabase={0}config))"
type=refreshAndPersist
retry="10 +"
bindmethod=sasl
saslmech=DIGEST-MD5
authcid="replicator"
credentials="${MMR_PASSWORD}"
-------------- next part --------------
olcServerID: ${SERVERID} "${LDAPSERVER}"
-------------- next part --------------
olcSyncRepl: rid=${RID} provider="${LDAPSERVER}"
binddn="cn=config" bindmethod=sasl saslmech=DIGEST-MD5
authcid="replicator" credentials="linux"
searchbase="cn=config" filter="(!(olcDatabase={0}config))"
type=refreshAndPersist retry="10 +"
-------------- next part --------------
dn: cn=config
objectClass: olcGlobal
cn: config
${OLC_SERVER_ID_CONF}
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=config
olcRootPW: ${OLC_PW}
${OLC_SYNCREPL_CONF}olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
objectClass: olcSyncProvConfig
olcOverlay: syncprov
More information about the samba-technical
mailing list