backend provision samba4-ol-multimaster working
Oliver Liebel
oliver at itc.li
Fri Aug 15 21:11:00 GMT 2008
hi andrew,
as you have said:
> The biggest challenge will be making the
> configuration completely general (ie, working for any number of
> replicas).
here are the good news: i got the provision-backend script working with
(n) mmr-servers now, tested it with 4 ...
the provisioning-backend script takes now --ol-mmr-urls=<list of (n)
whitespace-separated urls> as
input, the urls are splitted internally; thanks to michael for the
"(none,*.split(' '))"-tip.
i made use of all mmr-related pre-configured variables, but i didnt
made it with templating. instead, the script generates 4 configs on the
fly with everything needed:
- auto-generated server-ids with correspondig ldap-urls:<port>
- replica -blocks for all 3 subcontexts (schema|config|user) with
auto-generated rids, provider-dns, searchbases and binddns for every
mmr-node
which are included into slapd.conf.
if mmr is not chosen during setup, the confs are created empty with just
a comment line (### no mmr config active ###).
so the include-statements dont cause any trouble.
the advantage of the excluded confs is a more clearly structure of
slapd.conf,
in particular when a high count of mmr-nodes has been set up.
apropos high count of mmr-nodes:
although its surely a nice feature to use (n) ol- (or fds-) server in
multimaster-setup
configuration - maybe we should mark with a little comment during
setup, that a
high count of mmr-servers may (or better -will-) cause a lot of
additional traffic on the net.
phhh... think i got me a beer or two tomorrow, before i start with the
to-do list ;-)
have a nice weekend,
oliver
____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.5001 from 15.08.2008
Virus news: www.antiviruslab.com
-------------- next part --------------
loglevel 0
### Multimaster-ServerIDs and URLs ###
include ${LDAPDIR}/mmr_srv_ids.conf
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
#authz-regexp
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
#authz-regexp
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///cn=samba??one?(cn=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
ldap:///cn=samba??one?(cn=\$1)
access to dn.base=""
by dn=cn=samba-admin,cn=samba manage
by anonymous read
by * read
access to dn.subtree="cn=samba"
by anonymous auth
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage
by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
${REFINT_CONFIG}
${MEMBEROF_CONFIG}
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
rootdn cn=Manager,cn=Samba
########################################
### cn=schema ###
database hdb
suffix ${SCHEMADN}
rootdn cn=Manager,${SCHEMADN}
rootpw linux
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Include File for Multimaster-Replication of cn=schema Subcontext ###
include ${LDAPDIR}/mmr_schema.conf
#########################################
### cn=config ###
database hdb
suffix ${CONFIGDN}
rootdn cn=Manager,${CONFIGDN}
rootpw linux
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Include File for Multimaster-Replication of cn=config Subcontext ###
include ${LDAPDIR}/mmr_config.conf
########################################
### cn=users /base-dn ###
database hdb
suffix ${DOMAINDN}
rootdn cn=Manager,${DOMAINDN}
rootpw linux
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Include File for Multimaster-Replication of cn=users/base-DN ###
include ${LDAPDIR}/mmr_user.conf
-------------- next part --------------
--- scripting/python/samba/provision.py.bak 2008-08-12 10:35:33.000000000 +0200
+++ scripting/python/samba/provision.py 2008-08-15 22:01:19.000000000 +0200
@@ -76,7 +76,6 @@
self.memberofconf = None
self.fedoradsinf = None
self.fedoradspartitions = None
-
class ProvisionNames(object):
def __init__(self):
@@ -242,8 +241,6 @@
"memberof.conf")
paths.fedoradsinf = os.path.join(paths.ldapdir,
"fedorads.inf")
- paths.fedoradspartitions = os.path.join(paths.ldapdir,
- "fedorads-partitions.ldif")
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
paths.hkcu = "hkcu.ldb"
@@ -331,7 +328,7 @@
names.hostname = hostname
names.sitename = sitename
names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn)
-
+
return names
@@ -1141,7 +1138,8 @@
smbconf=None, targetdir=None, realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
domain=None, hostname=None, adminpass=None, root=None, serverrole=None,
- ldap_backend_type=None, ldap_backend_port=None):
+ ldap_backend_type=None, ldap_backend_port=None,
+ ol_mmr_urls=None):
def setup_path(file):
return os.path.join(setup_dir, file)
@@ -1255,7 +1253,97 @@
refint_config = read_and_sub_file(setup_path("refint.conf"),
{ "LINK_ATTRS" : refint_attributes})
-
+
+########################################################
+### generate serverids and ldap-urls for mmr hosts ###
+### and store it in $LDAPDIR/serverids.conf ###
+### (included by slapd.conf) ###
+########################################################
+ if ol_mmr_urls is not None:
+ mmr_hosts=ol_mmr_urls
+ mmr_hosts=filter(None,mmr_hosts.split(' '))
+ z=1
+ f = open(paths.ldapdir+"/mmr_srv_ids.conf", "w")
+ for i in mmr_hosts:
+ print >> f, 'ServerID',' ',z,' ','"'+i+':9000\"'
+ z=z+1
+ f.close()
+ else:
+ f = open(paths.ldapdir+"/mmr_srv_ids.conf", "w")
+ print >> f, '## no mmr configuration active ##'
+ f.close()
+
+########################################################
+### generate syncrepl-configurations for schema, ###
+### config and user/base-dn and store it in ###
+### $LDAPDIR/mmr_(schema|config|user).conf ###
+### (included by slapd.conf) ###
+########################################################
+
+ if ol_mmr_urls is not None:
+ mmr_hosts=ol_mmr_urls
+ mmr_hosts=filter(None,mmr_hosts.split(' '))
+ z=1
+ f = open(paths.ldapdir+"/mmr_schema.conf", "w")
+ for i in mmr_hosts:
+ print >> f, 'syncrepl rid='+str(z)
+ print >> f, ' provider=\"'+i+':9000\"'
+ print >> f, ' searchbase=\"'+names.schemadn+'\"'
+ print >> f, ' bindmethod=simple'
+ print >> f, ' binddn="CN=Manager,'+names.schemadn+'\"'
+ print >> f, ' credentials=\"linux\"'
+ print >> f, ' type=refreshAndPersist'
+ print >> f, ' retry=\"10 +\"'
+ print >> f, ' '
+ z=z+1
+ f.close()
+
+ f = open(paths.ldapdir+"/mmr_config.conf", "w")
+ for i in mmr_hosts:
+ print >> f, 'syncrepl rid='+str(z)
+ print >> f, ' provider=\"'+i+':9000\"'
+ print >> f, ' searchbase=\"'+names.configdn+'\"'
+ print >> f, ' bindmethod=simple'
+ print >> f, ' binddn="CN=Manager,'+names.configdn+'\"'
+ print >> f, ' credentials=\"linux\"'
+ print >> f, ' type=refreshAndPersist'
+ print >> f, ' retry=\"10 +\"'
+ print >> f, ' '
+ z=z+1
+ f.close()
+
+ f = open(paths.ldapdir+"/mmr_user.conf", "w")
+ for i in mmr_hosts:
+ print >> f, 'syncrepl rid='+str(z)
+ print >> f, ' provider=\"'+i+':9000\"'
+ print >> f, ' searchbase=\"'+names.domaindn+'\"'
+ print >> f, ' bindmethod=simple'
+ print >> f, ' binddn="CN=Manager,'+names.domaindn+'\"'
+ print >> f, ' credentials=\"linux\"'
+ print >> f, ' type=refreshAndPersist'
+ print >> f, ' retry=\"10 +\"'
+ print >> f, ' '
+ z=z+1
+ f.close()
+
+########################################################
+### else generate empty confs for include-statements ###
+########################################################
+ else:
+ f = open(paths.ldapdir+"/mmr_schema.conf", "w")
+ print >> f, '## no mmr configuration active ##'
+ f.close()
+ f = open(paths.ldapdir+"/mmr_config.conf", "w")
+ print >> f, '## no mmr configuration active ##'
+ f.close()
+ f = open(paths.ldapdir+"/mmr_user.conf", "w")
+ print >> f, '## no mmr configuration active ##'
+ f.close()
+#######################################################
+### end of openldap-mmr - section ###
+#######################################################
+
+
setup_file(setup_path("slapd.conf"), paths.slapdconf,
{"DNSDOMAIN": names.dnsdomain,
"LDAPDIR": paths.ldapdir,
-------------- next part --------------
--- setup/provision-backend.bak 2008-08-12 11:46:13.000000000 +0200
+++ setup/provision-backend 2008-08-15 13:35:41.000000000 +0200
@@ -64,6 +64,9 @@
help="Set server role to provision for (default standalone)")
parser.add_option("--targetdir", type="string", metavar="DIR",
help="Set target directory")
+parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
+ help="List of LDAP-URLS separated with whitespaces for Use with OpenLDAP-MMR")
+
opts = parser.parse_args()[0]
@@ -99,4 +102,6 @@
adminpass=opts.ldap_admin_pass,
root=opts.root, serverrole=server_role,
ldap_backend_type=opts.ldap_backend_type,
- ldap_backend_port=opts.ldap_backend_port)
+ ldap_backend_port=opts.ldap_backend_port,
+ ol_mmr_urls=opts.ol_mmr_urls)
+
More information about the samba-technical
mailing list