sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-23 20:23:50 +03:00
Code Activity

r22478: Update the LDAP backend code to handle initialisation of multiple

Browse Source 
partitions onto the target LDAP server.

Make the LDAP provision run before smbd starts, then stop the LDAP
server.  This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).

This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2007-04-23 07:33:15 +00:00
committed by Gerald (Jerry) Carter
parent 93e2ff2e85
commit 860dfa4ea1
14 changed files with 6668 additions and 4707 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
source/script/tests/Samba4.pm
View File

@@ -22,6 +22,14 @@ sub new($$$$) {
return $self;
}
sub openldap_start($$$) {
my ($slapd_conf, $uri, $logs) = @_;
my $oldpath = $ENV{PATH};
$ENV{PATH} = "/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
system("slapd -d0 -f $slapd_conf -h $uri > $logs 2>&1 &");
$ENV{PATH} = $oldpath;
}
sub slapd_start($$)
{
my $count = 0;
@@ -34,14 +42,11 @@ sub slapd_start($$)
if ($self->{ldap} eq "fedora") {
system("$ENV{FEDORA_DS_PREFIX}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
} elsif ($self->{ldap} eq "openldap") {
my $oldpath = $ENV{PATH};
$ENV{PATH} = "/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
system("slapd -d0 -f $env_vars->{SLAPD_CONF} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &");
$ENV{PATH} = $oldpath;
openldap_start($env_vars->{SLAPD_CONF}, $uri, "$env_vars->{LDAPDIR}/logs");
}
while (system("$self->{bindir}/ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
$count++;
if ($count > 10) {
if ($count > 40) {
$self->slapd_stop($env_vars);
return 0;
}
@@ -81,15 +86,6 @@ sub check_or_start($$$)
SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE});
# Start slapd before smbd, but with the fifo on stdin
if (defined($self->{ldap})) {
$self->slapd_start($env_vars) or
die("couldn't start slapd");
print "LDAP PROVISIONING...";
$self->provision_ldap($env_vars);
}
my $valgrind = "";
if (defined($ENV{SMBD_VALGRIND})) {
$valgrind = $ENV{SMBD_VALGRIND};
@@ -97,6 +93,12 @@ sub check_or_start($$$)
$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
# Start slapd before smbd, but with the fifo on stdin
if (defined($self->{ldap})) {
$self->slapd_start($env_vars) or
die("couldn't start slapd (2nd time)");
}
my $optarg = "";
if (defined($max_time)) {
$optarg = "--maximum-runtime=$max_time ";
@@ -141,6 +143,8 @@ sub wait_for_start($$)
system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{NETBIOSNAME}");
system("bin/nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{NETBIOSNAME}");
system("bin/nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}");
system("bin/nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER} $testenv_vars->{NETBIOSNAME}");
print $self->getlog_env($testenv_vars);
}
@@ -219,7 +223,7 @@ start_server= 0
# These entries need to be added to get the container for the
# provision to be aimed at.
dn: cn=\"dc=$basedn\",cn=mapping tree,cn=config
dn: cn=\"$basedn\",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
@@ -231,11 +235,47 @@ dn: cn=userData,cn=ldbm database,cn=plugins,cn=config
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: $basedn
cn=userData
dn: cn=\"cn=Configuration,$basedn\",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: configData
nsslapd-parent-suffix: $basedn
cn: cn=Configuration,$basedn
dn: cn=configData,cn=ldbm database,cn=plugins,cn=config
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: cn=Configuration,$basedn
cn=configData
dn: cn=\"cn=Schema,cn=Configuration,$basedn\",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: schemaData
nsslapd-parent-suffix: cn=Configuration,$basedn
cn: cn=Schema,cn=Configuration,$basedn
dn: cn=schemaData,cn=ldbm database,cn=plugins,cn=config
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: cn=Schema,cn=Configuration,$basedn
cn=schemaData
";
close(LDIF);
system("perl $ENV{FEDORA_DS_PREFIX}/bin/ds_newinst.pl $fedora_ds_inf >&2") == 0 or return 0;
my $dir = getcwd();
chdir "$ENV{FEDORA_DS_PREFIX}/bin" || die;
if (system("perl $ENV{FEDORA_DS_PREFIX}/bin/ds_newinst.pl $fedora_ds_inf >&2") != 0) {
chdir $dir;
die("perl $ENV{FEDORA_DS_PREFIX}/bin/ds_newinst.pl $fedora_ds_inf FAILED: $?");
}
chdir $dir || die;
foreach(<$fedora_ds_dir/schema/*>) {
unlink unless (/00core.*/);
}
@@ -262,6 +302,40 @@ nsslapd-pluginDescription: Allow bitwise matching rules
return ($fedora_ds_dir, $pidfile);
}
sub write_openldap_dbconfig($) {
my ( $ldapdbdir ) = @_;
open(CONF, ">$ldapdbdir/DB_CONFIG");
print CONF "
#
# Set the database in memory cache size.
#
set_cachesize 0 524288 0
#
# Set database flags (this is a test environment, we don't need to fsync()).
#
set_flags DB_TXN_NOSYNC
#
# Set log values.
#
set_lg_regionmax 104857
set_lg_max 1048576
set_lg_bsize 209715
set_lg_dir $ldapdbdir/bdb-logs
#
# Set temporary file creation directory.
#
set_tmp_dir $ldapdbdir/tmp
";
close(CONF);
}
sub mk_openldap($$$$$$$$)
{
my ($self, $ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, $provision_options) = @_;
@@ -270,7 +344,7 @@ sub mk_openldap($$$$$$$$)
my $pidfile = "$ldapdir/slapd.pid";
my $modconf = "$ldapdir/modules.conf";
mkdir($_, 0777) foreach ($ldapdir, "$ldapdir/db", "$ldapdir/db/bdb-logs",
mkdir($_, 0777) foreach ($ldapdir, "$ldapdir/db", "$ldapdir/db/user", "$ldapdir/db/config", "$ldapdir/db/schema", "$ldapdir/db/bdb-logs",
"$ldapdir/db/tmp");
open(CONF, ">$slapd_conf");
@@ -299,11 +373,34 @@ include $modconf
defaultsearchbase \"$basedn\"
backend bdb
database bdb
suffix \"cn=Schema,cn=Configuration,$basedn\"
directory $ldapdir/db/schema
index objectClass eq
index samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
database bdb
suffix \"cn=Configuration,$basedn\"
directory $ldapdir/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq pres
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq pres
database bdb
suffix \"$basedn\"
rootdn \"cn=Manager,$basedn\"
rootpw $password
directory $ldapdir/db
directory $ldapdir/db/user
index objectClass eq
index samAccountName eq
index name eq
@@ -329,34 +426,9 @@ syncprov-sessionlog 100
close(CONF);
open(CONF, ">$ldapdir/db/DB_CONFIG");
print CONF "
#
# Set the database in memory cache size.
#
set_cachesize 0 524288 0
#
# Set database flags (this is a test environment, we don't need to fsync()).
#
set_flags DB_TXN_NOSYNC
#
# Set log values.
#
set_lg_regionmax 104857
set_lg_max 1048576
set_lg_bsize 209715
set_lg_dir $ldapdir/db/bdb-logs
#
# Set temporary file creation directory.
#
set_tmp_dir $ldapdir/db/tmp
";
close(CONF);
write_openldap_dbconfig("$ldapdir/db/user");
write_openldap_dbconfig("$ldapdir/db/config");
write_openldap_dbconfig("$ldapdir/db/schema");
#This uses the provision we just did, to read out the schema
system("$self->{bindir}/ad2oLschema $configuration -H $privatedir/sam.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/ad.schema >&2") == 0 or die("schema conversion for OpenLDAP failed");
@@ -382,7 +454,9 @@ moduleload syncprov
}
system("slaptest -u -f $slapd_conf") == 0 or die("slaptest still fails after adding modules");
system("slapadd -f $slapd_conf < $privatedir/$dnsname.ldif >/dev/null") == 0 or die("slapadd failed");
system("slapadd -b $basedn -f $slapd_conf -l $privatedir/$dnsname.ldif >/dev/null") == 0 or die("slapadd failed");
system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
system("slaptest -f $slapd_conf >/dev/null") == 0 or
die ("slaptest after database load failed");
@@ -571,16 +645,26 @@ sub provision($$$$$)
SOCKET_WRAPPER_DEFAULT_IFACE => $swiface
};
if (not defined($self->{ldap})) {
} elsif ($self->{ldap} eq "openldap") {
$ret->{PROVISION_OPTIONS} = join(' ', @provision_options);
if (defined($self->{ldap})) {
if ($self->{ldap} eq "openldap") {
($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $basedn, $password, $privatedir, $dnsname, $configuration, join(' ', @provision_options)) or die("Unable to create openldap directories");
} elsif ($self->{ldap} eq "fedora") {
($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora($ldapdir, $basedn, $root, $password, $privatedir, $configuration) or die("Unable to create fedora ds directories");
push (@provision_options, "--ldap-module=nsuniqueid");
}
$ret->{PROVISION_OPTIONS} = join(' ', @provision_options);
$self->slapd_start($ret) or
die("couldn't start slapd");
print "LDAP PROVISIONING...";
$self->provision_ldap($ret);
$self->slapd_stop($ret) or
die("couldn't stop slapd");
}
return $ret;
}

42
source/scripting/libjs/provision.js
View File

@@ -386,6 +386,8 @@ function provision_default_paths(subobj)
paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
paths.winsdb = "wins.ldb";
paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif";
paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif";
return paths;
}
@@ -573,6 +575,31 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
assert(modify_ok);
};
message("Adding configuration container (permitted to fail)\n");
var add_ok = setup_add_ldif("provision_configuration_basedn.ldif", info, samdb, true);
message("Modifying configuration container\n");
var modify_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
message("Failed to both add and modify the configuration container\n");
assert(modify_ok);
}
assert(modify_ok);
}
message("Adding schema container (permitted to fail)\n");
var add_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
message("Modifying schema container\n");
var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
message("Failed to both add and modify the schema container: " + samdb.errstring() + "\n");
assert(modify_ok);
}
message("Failed to modify the schema container: " + samdb.errstring() + "\n");
assert(modify_ok);
}
message("Setting up sam.ldb Samba4 schema\n");
setup_add_ldif("schema_samba4.ldif", info, samdb, false);
message("Setting up sam.ldb AD schema\n");
@@ -588,6 +615,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
samdb = open_ldb(info, paths.samdb, false);
message("Setting up sam.ldb configuration data\n");
setup_add_ldif("provision_configuration.ldif", info, samdb, false);
message("Setting up display specifiers\n");
setup_add_ldif("display_specifiers.ldif", info, samdb, false);
message("Setting up sam.ldb templates\n");
@@ -618,8 +648,6 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
message("Setting up sam.ldb data\n");
setup_add_ldif("provision.ldif", info, samdb, false);
message("Setting up sam.ldb configuration data\n");
setup_add_ldif("provision_configuration.ldif", info, samdb, false);
if (blank != false) {
message("Setting up sam.ldb index\n");
@@ -716,7 +744,15 @@ function provision_ldapbase(subobj, message, paths)
message, paths.ldap_basedn_ldif,
subobj);
message("Please install the LDIF located in " + paths.ldap_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
setup_file("provision_configuration_basedn.ldif",
message, paths.ldap_config_basedn_ldif,
subobj);
setup_file("provision_schema_basedn.ldif",
message, paths.ldap_schema_basedn_ldif,
subobj);
message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
}

7
source/setup/display_specifiers.ldif
View File

@@ -1,3 +1,9 @@
dn: CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: container
showInAdvancedViewOnly: TRUE
instanceType: 4
dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: container
@@ -5,7 +11,6 @@ cn: 409
name: 409
instanceType: 4
showInAdvancedViewOnly: TRUE
objectCategory: CN=Container,${SCHEMADN}
dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top

6
source/setup/provision
View File

@@ -123,12 +123,18 @@ if (options["aci"] != undefined) {
println("set ACI: " + subobj["ACI"]);
}
println("set DOMAIN SID: " + subobj["DOMAINSID"]);
if (ldapbackend) {
if (!ldapmodule) {
subobj["LDAPMODULE"] = "entryUUID";
}
subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"];
subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
subobj["CONFIGDN_LDB"] = subobj["LDAPBACKEND"];
subobj["CONFIGDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
subobj["SCHEMADN_LDB"] = subobj["LDAPBACKEND"];
subobj["SCHEMADN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
}
if (!provision_validate(subobj, message)) {

26
source/setup/provision_configuration.ldif
View File

@@ -1,17 +1,6 @@
###############################
# Configuration Naming Context
###############################
dn: ${CONFIGDN}
objectClass: top
objectClass: configuration
cn: Configuration
instanceType: 13
showInAdvancedViewOnly: TRUE
objectCategory: CN=Configuration,${SCHEMADN}
subRefs: ${SCHEMADN}
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
dn: CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRefContainer
@@ -165,18 +154,3 @@ lDAPAdminLimits: MaxConnIdleTime=900
lDAPAdminLimits: InitRecvTimeout=120
lDAPAdminLimits: MaxConnections=5000
###############################
# Schema Naming Context
###############################
dn: ${SCHEMADN}
objectClass: top
objectClass: dMD
cn: Schema
instanceType: 13
showInAdvancedViewOnly: TRUE
objectCategory: CN=DMD,${SCHEMADN}
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectVersion: 30

9
source/setup/provision_configuration_basedn.ldif Normal file
View File

@@ -0,0 +1,9 @@
###############################
# Configuration Naming Context
###############################
dn: ${CONFIGDN}
objectClass: top
objectClass: configuration
${EXTENSIBLEOBJECT}
${ACI}
cn: Configuration

22
source/setup/provision_configuration_basedn_modify.ldif Normal file
View File

@@ -0,0 +1,22 @@
###############################
# Configuration Naming Context
###############################
dn: ${CONFIGDN}
changetype: modify
replace: instanceType
instanceType: 13
-
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: TRUE
-
replace: objectCategory
objectCategory: CN=Configuration,${SCHEMADN}
-
replace: subRefs
subRefs: ${SCHEMADN}
-
replace: masteredBy
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
-
replace: msDs-masteredBy
msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}

9
source/setup/provision_schema_basedn.ldif Normal file
View File

@@ -0,0 +1,9 @@
###############################
# Schema Naming Context
###############################
dn: ${SCHEMADN}
objectClass: top
objectClass: dMD
${EXTENSIBLEOBJECT}
${ACI}
cn: Schema

25
source/setup/provision_schema_basedn_modify.ldif Normal file
View File

@@ -0,0 +1,25 @@
###############################
# Schema Naming Context
###############################
dn: ${SCHEMADN}
changetype: modify
replace: instanceType
instanceType: 13
-
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: TRUE
-
replace: objectCategory
objectCategory: CN=DMD,${SCHEMADN}
-
replace: masteredBy
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
-
replace: msDs-masteredBy
msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
-
replace: fSMORoleOwner
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
-
replace: objectVersion
objectVersion: 30

2
source/setup/schema-map-fedora-ds-1.0
View File

@@ -12,6 +12,8 @@ description
cn
dITContentRules
top
#This shouldn't make it to the ldap server
sambaPassword
#Skip ObjectClasses
#
#MiddleName has a conflicting OID

5
source/setup/schema-map-openldap-2.3
View File

@@ -16,9 +16,10 @@ description
cn
dITContentRules
top
#This shouldn't make it to the ldap server
sambaPassword
#Skip ObjectClasses
subSchema
#
#subSchema
#MiddleName has a conflicting OID
2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1
#defaultGroup has a conflicting OID

11013
source/setup/schema.ldif
View File

File diff suppressed because it is too large Load Diff

10
source/setup/schema_samba4.ldif
View File

@@ -83,9 +83,7 @@
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
dn: cn=sambaPassword,${SCHEMADN}
cn: sambaPassword
name: sambaPassword
dn: CN=sambaPassword,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: sambaPassword
@@ -99,8 +97,6 @@ attributeSyntax: 2.5.5.5
oMSyntax: 22
dn: cn=dnsDomain,${SCHEMADN}
cn: dnsDomain
name: dnsDomain
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: dnsDomain
@@ -108,14 +104,12 @@ isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
adminDisplayName: SAMBA-Password
adminDisplayName: DNS-Domain
attributeID: 1.3.6.1.4.1.7165.4.1.6
attributeSyntax: 2.5.5.4
oMSyntax: 20
dn: cn=privilege,${SCHEMADN}
cn: privilege
name: privilege
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: privilege

3
testprogs/ejs/minschema_classes.txt
View File

@@ -30,3 +30,6 @@ user
displaySpecifier
foreignSecurityPrincipal
trustedDomain
attributeSchema
subSchema
queryPolicy