bugfixes for ol-mmr
Oliver Liebel
oliver at itc.li
Tue Mar 9 13:50:51 MST 2010
andrew, the bugfixes for:
- new rid-range
- ol-mmr-url split and
- slapd-startup-helpline (for mmr)
are attached. ol-mmr provision works now again.
the slapd-startup error is caused by slapd 2.4.21:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6465
and is fixed in HEAD.
who wants to test ol-backend at the moment should do this with 2.4.20 or
2.4.21 HEAD
one more time sorry for the "naked" diffs, maybe one day
i will learn that git-stuff...
a short comment to the point "external provision-config-file":
i had written down some ideas for that in our last thread
http://lists.samba.org/archive/samba-technical/2010-March/069884.html
but maybe we should pickup our talk/brainstorm about that in a new one.
thanks
oliver
to pick up our talk, we three had a feew weeks ago, about external
conf/ini-files for use
with provision:
i think the main goal for future s4-releases should be to minimize the
necessary interaction
during provision - means: no need to create a (complex) provision
string, especially
with backend-params like ol-mmr.
from my point of view a good approach for an enhancement/simplification
could be to put _all_ provision-settings (not only backend) in a
linux-conf-style file, thats
basically syntax/value-checked when starting provision (e.g.: provision
-f provision.conf) ,
before the params are applied to the procedures inside
provision.py/provisionbackend.py.
the admin has no need to handle a (complex) provision-string, instead he
uses typical
linux-conf-file templates for the case he needs, e.g. like that:
## provision.conf - for use with built-in ldap-DB #
## this file will be removed for security reasons after provisioning#
#
# enter your kerberos-realm here:
realm=
# enter your domain here:
domain=
....
------
## provisionbackend.conf - for use with external ldap-backend #
## this file will be removed for security reasons after provisioning#
#
# enter your krb-realm here:
realm=
# enter your domain here:
domain=
# enter your backend-type here (only openldap|fedora valid):
ldap-backend=
# enter all your openldap-server and ports here (hostname:port)
backend-server1=
backend-server2=
....
and so on.
the empty templates (one "normal" template for internal ldap-db, one
for use with external ldap-backend
with the needed extra-params) could be copied during "make install" into
../private/[ldap].
as they would keep password values, the "used" templates (with values in
it) had to be automatically removed
after succesfull setup (raise a message to admin to inform him about
this), to risk no security breaches.
thats all just an idea, the pros and cons must be surely discussed.
thanks
oliver
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: provisionbackend.py.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100309/c651140e/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: provision.py.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100309/c651140e/attachment-0001.ksh>
More information about the samba-technical
mailing list