provision: simplfy by removing old code to manually create baseDNs.

Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.

We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.

Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.

Andrew Bartlett

source/scripting/libjs/provision.js

@@ -398,9 +398,6 @@ function provision_default_paths(subobj)
 	paths.named_conf = lp.get("private dir") + "/named.conf";
 	paths.winsdb = "wins.ldb";
 	paths.ldapdir = lp.get("private dir") + "/ldap";
-	paths.ldap_basedn_ldif = paths.ldapdir + "/" + dnsdomain + ".ldif";
-	paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-config.ldif";
-	paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-schema.ldif";
 
 	paths.s4_ldapi_socket = lp.get("private dir") + "/ldapi";
 	paths.phpldapadminconfig = lp.get("private dir") + "/phpldapadmin-config.php";
@@ -866,6 +863,12 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
 	/* This will erase anything in the tmp db */
 	var samdb = open_ldb(info, tmp_schema_path, true);
 
+	message("Setting up sam.ldb attributes\n");
+	setup_add_ldif("provision_init.ldif", info, samdb, false);
+
+	message("Setting up sam.ldb rootDSE\n");
+	setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
+
 	message("Adding schema container (permitted to fail)\n");
 	var add_ok = setup_add_ldif("provision_schema_basedn.ldif", info, samdb, true);
 	message("Modifying schema container\n");
@@ -934,34 +937,6 @@ function provision_dns(subobj, message, paths, session_info, credentials)
 	message("Please install the zone located in " + paths.dns + " into your DNS server.  A sample BIND configuration snippit is at " + paths.named_conf + "\n");
 }
 
-/* Write out a DNS zone file, from the info in the current database */
-function provision_ldapbase(subobj, message, paths)
-{
-	var ok = provision_fix_subobj(subobj, paths);
-	assert(ok);
-
-	message("Setting up LDAP base entry: " + subobj.DOMAINDN + " \n");
-	var rdns = split(",", subobj.DOMAINDN);
-	subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
-
-	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
-
-	sys.mkdir(paths.ldapdir, 0700);
-
-	setup_file("provision_basedn.ldif", 
-		   message, paths.ldap_basedn_ldif, 
-		   subobj);
-
-	setup_file("provision_configuration_basedn.ldif", 
-		   message, paths.ldap_config_basedn_ldif, 
-		   subobj);
-
-	setup_file("provision_schema_basedn.ldif", 
-		   message, paths.ldap_schema_basedn_ldif, 
-		   subobj);
-
-}
-
 
 /*
   guess reasonably default options for provisioning
@@ -1045,7 +1020,6 @@ function provision_guess()
 	subobj.CONFIGDN_MOD2 = ",objectguid";
 	subobj.SCHEMADN_MOD2 = ",objectguid";
 
-	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
 	subobj.ACI		= "# no aci for local ldb";
 
 	return subobj;

source/setup/provision

@@ -123,7 +123,6 @@ for (r in options) {
 }
 
 var blank = (options["blank"] != undefined);
-var ldapbase = (options["ldap-base"] != undefined);
 var ldapbackend = (options["ldap-backend"] != undefined);
 var ldapmodule = (options["ldap-module"] != undefined);
 var partitions_only = (options["partitions-only"] != undefined);
@@ -161,10 +160,7 @@ var system_session = system_session();
 var creds = options.get_credentials();
 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 message("Using administrator password: %s\n", subobj.ADMINPASS);
-if (ldapbase) {
+if (partitions_only) {
-	provision_ldapbase(subobj, message, paths);
-	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
-} else if (partitions_only) {
 	provision_become_dc(subobj, message, false, paths, system_session);
 } else {
 	provision(subobj, message, blank, paths, system_session, creds, ldapbackend);

source/setup/provision-backend

@@ -101,7 +101,7 @@ var backend_schema;
 var slapd_command;
 if (options["ldap-backend-type"] == "fedora-ds") {
 	mapping = "schema-map-fedora-ds-1.0";
-	backend_schema = "backend-schema.ldif";
+	backend_schema = "99_ad.ldif";
 	if (options["ldap-backend-port"] != undefined) {
 		message("Will listen on TCP port " + options["ldap-backend-port"] + "\n");
 		subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"];
@@ -114,9 +114,8 @@ if (options["ldap-backend-type"] == "fedora-ds") {
 
 	slapd_command = "(see documentation)";
 } else if (options["ldap-backend-type"] == "openldap") {
-	provision_ldapbase(subobj, message, paths);
 	mapping = "schema-map-openldap-2.3";
-	backend_schema = "99_ad.ldif";
+	backend_schema = "backend-schema.schema";
 	setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
 	setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj);
 	sys.mkdir(subobj.LDAPDIR + "/db", 0700);

source/setup/provision_basedn.ldif

@@ -5,7 +5,6 @@ dn: ${DOMAINDN}
 objectClass: top
 objectClass: domain
 objectClass: domainDNS
-${EXTENSIBLEOBJECT}
 ${ACI}
 dc: ${RDN_DC}
 

source/setup/provision_configuration_basedn.ldif

@@ -4,6 +4,5 @@
 dn: ${CONFIGDN}
 objectClass: top
 objectClass: configuration
-${EXTENSIBLEOBJECT}
 ${ACI}
 cn: Configuration

source/setup/provision_schema_basedn.ldif

@@ -4,6 +4,5 @@
 dn: ${SCHEMADN}
 objectClass: top
 objectClass: dMD
-${EXTENSIBLEOBJECT}
 ${ACI}
 cn: Schema