[PATCH] s4:provision - replaced linked_attributes with FDS plugins
Endi S. Dewata
edewata at redhat.com
Fri Oct 9 12:36:04 MDT 2009
When FDS is used as a backend, Samba should not use the
linked_attributes LDB module, but instead use the built-in
DS plugins for attribute linking, indexing, and referential
integrity.
---
source4/scripting/python/samba/provision.py | 57 +++++++++++++++++++++++-
source4/setup/fedorads-index.ldif | 7 +++
source4/setup/fedorads-linked-attributes.ldif | 7 +++
source4/setup/fedorads-pam.ldif | 2 +
source4/setup/fedorads-refint-add.ldif | 6 +++
source4/setup/fedorads-refint-delete.ldif | 20 +++++++++
source4/setup/fedorads.inf | 4 ++
7 files changed, 100 insertions(+), 3 deletions(-)
create mode 100644 source4/setup/fedorads-index.ldif
create mode 100644 source4/setup/fedorads-linked-attributes.ldif
create mode 100644 source4/setup/fedorads-pam.ldif
create mode 100644 source4/setup/fedorads-refint-add.ldif
create mode 100644 source4/setup/fedorads-refint-delete.ldif
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 869cd75..aff7473 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -144,6 +144,11 @@ class ProvisionPaths(object):
self.fedoradsinf = None
self.fedoradspartitions = None
self.fedoradssasl = None
+ self.fedoradspam = None
+ self.fedoradsrefint = None
+ self.fedoradslinkedattributes = None
+ self.fedoradsindex = None
+ self.fedoradssamba = None
self.olmmron = None
self.olmmrserveridsconf = None
self.olmmrsyncreplconf = None
@@ -334,7 +339,7 @@ def setup_ldb(ldb, ldif_path, subst_vars):
ldb.transaction_commit()
-def setup_file(template, fname, subst_vars):
+def setup_file(template, fname, subst_vars=None):
"""Setup a file in the private dir.
:param template: Path of the template file.
@@ -388,8 +393,16 @@ def provision_paths_from_lp(lp, dnsdomain):
"fedorads-partitions.ldif")
paths.fedoradssasl = os.path.join(paths.ldapdir,
"fedorads-sasl.ldif")
+ paths.fedoradspam = os.path.join(paths.ldapdir,
+ "fedorads-pam.ldif")
+ paths.fedoradsrefint = os.path.join(paths.ldapdir,
+ "fedorads-refint.ldif")
+ paths.fedoradslinkedattributes = os.path.join(paths.ldapdir,
+ "fedorads-linked-attributes.ldif")
+ paths.fedoradsindex = os.path.join(paths.ldapdir,
+ "fedorads-index.ldif")
paths.fedoradssamba = os.path.join(paths.ldapdir,
- "fedorads-samba.ldif")
+ "fedorads-samba.ldif")
paths.olmmrserveridsconf = os.path.join(paths.ldapdir,
"mmr_serverids.conf")
paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
@@ -652,7 +665,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
if ldap_backend.ldap_backend_type == "fedora-ds":
backend_modules = ["nsuniqueid", "paged_searches"]
# We can handle linked attributes here, as we don't have directory-side subtree operations
- tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"]
+ tdb_modules_list = ["extended_dn_out_dereference"]
elif ldap_backend.ldap_backend_type == "openldap":
backend_modules = ["entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
@@ -1919,6 +1932,44 @@ def provision_fds_backend(result, paths=None, setup_path=None, names=None,
{"SAMBADN": names.sambadn,
})
+ setup_file(setup_path("fedorads-pam.ldif"), paths.fedoradspam)
+
+ lnkattr = get_linked_attributes(names.schemadn,schema.ldb)
+
+ refint_config = data = open(setup_path("fedorads-refint-delete.ldif"), 'r').read()
+ memberof_config = ""
+ index_config = ""
+ argnum = 3
+
+ for attr in lnkattr.keys():
+ if lnkattr[attr] is not None:
+ refint_config += read_and_sub_file(setup_path("fedorads-refint-add.ldif"),
+ { "ARG_NUMBER" : str(argnum) ,
+ "LINK_ATTR" : attr })
+ memberof_config += read_and_sub_file(setup_path("fedorads-linked-attributes.ldif"),
+ { "MEMBER_ATTR" : attr ,
+ "MEMBEROF_ATTR" : lnkattr[attr] })
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+ argnum += 1
+
+ open(paths.fedoradsrefint, 'w').write(refint_config)
+ open(paths.fedoradslinkedattributes, 'w').write(memberof_config)
+
+ attrs = ["lDAPDisplayName"]
+ res = schema.ldb.search(expression="(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))", base=names.schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
+
+ for i in range (0, len(res)):
+ attr = res[i]["lDAPDisplayName"][0]
+
+ if attr == "objectGUID":
+ attr = "nsUniqueId"
+
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+
+ open(paths.fedoradsindex, 'w').write(index_config)
+
setup_file(setup_path("fedorads-samba.ldif"), paths.fedoradssamba,
{"SAMBADN": names.sambadn,
"LDAPADMINPASS": ldapadminpass
diff --git a/source4/setup/fedorads-index.ldif b/source4/setup/fedorads-index.ldif
new file mode 100644
index 0000000..4b4eb23
--- /dev/null
+++ b/source4/setup/fedorads-index.ldif
@@ -0,0 +1,7 @@
+dn: cn=${ATTR},cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
+objectClass: top
+objectClass: nsIndex
+cn: ${ATTR}
+nsSystemIndex: false
+nsIndexType: eq
+
diff --git a/source4/setup/fedorads-linked-attributes.ldif b/source4/setup/fedorads-linked-attributes.ldif
new file mode 100644
index 0000000..05abcf9
--- /dev/null
+++ b/source4/setup/fedorads-linked-attributes.ldif
@@ -0,0 +1,7 @@
+# Link ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
+dn: cn=${MEMBER_ATTR} to ${MEMBEROF_ATTR},cn=Linked Attributes,cn=plugins,cn=config
+objectClass: extensibleObject
+cn: ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
+linkType: ${MEMBER_ATTR}
+managedType: ${MEMBEROF_ATTR}
+
diff --git a/source4/setup/fedorads-pam.ldif b/source4/setup/fedorads-pam.ldif
new file mode 100644
index 0000000..5ffd5cf
--- /dev/null
+++ b/source4/setup/fedorads-pam.ldif
@@ -0,0 +1,2 @@
+dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
+changetype: delete
diff --git a/source4/setup/fedorads-refint-add.ldif b/source4/setup/fedorads-refint-add.ldif
new file mode 100644
index 0000000..2deb07d
--- /dev/null
+++ b/source4/setup/fedorads-refint-add.ldif
@@ -0,0 +1,6 @@
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+add: nsslapd-pluginArg${ARG_NUMBER}
+nsslapd-pluginArg${ARG_NUMBER}: ${LINK_ATTR}
+-
+
diff --git a/source4/setup/fedorads-refint-delete.ldif b/source4/setup/fedorads-refint-delete.ldif
new file mode 100644
index 0000000..cd20b83
--- /dev/null
+++ b/source4/setup/fedorads-refint-delete.ldif
@@ -0,0 +1,20 @@
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg3
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg4
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg5
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg6
+-
+
diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf
index 90ebe6a..e0676c4 100644
--- a/source4/setup/fedorads.inf
+++ b/source4/setup/fedorads.inf
@@ -28,3 +28,7 @@ install_full_schema= 0
SchemaFile=${LDAPDIR}/99_ad.ldif
ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif
ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif
+ConfigFile = ${LDAPDIR}/fedorads-pam.ldif
+ConfigFile = ${LDAPDIR}/fedorads-refint.ldif
+ConfigFile = ${LDAPDIR}/fedorads-linked-attributes.ldif
+ConfigFile = ${LDAPDIR}/fedorads-index.ldif
--
1.6.0.6
------=_Part_8793_988388400.1255556019351
Content-Type: text/x-patch;
name=0002-s4-auth-fixed-problem-reading-bind-DN-from-secrets.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=0002-s4-auth-fixed-problem-reading-bind-DN-from-secrets.patch
More information about the samba-technical
mailing list