mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
28bcdf5266
heres the summary of all changes/extensions: - Andrew Bartlett's patch to generate indext - Howard Chu's idea to use nosync on the DB included, but made optional - slaptest-path is not needed any more (slapd -Ttest is used instead) and is therefore removed. slapd-path is now recommended when openldap-backend is chosen. its also used for olc-conversion - slapd-detection is now always done by ldapsearch (ldb module), looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri. - if ldapsearch was not successfull, (no slapd listening on our socket) slapd is started via special generated slapdcommand_prov (ldapi_uri only) - slapd-"provision-process" startup is done via pythons subprocess. - the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid. - after provision-backend is finished: --- slapd.pid is compared with our stored slapd_provision_pid. if the are unique, slapd.pid will be read out, and the slapd "provison"-process will be shut down. --- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri -> rootDSE. --- if the pids are different or one of the pid-files is missing, slapd will not be shut down, instead an error message is displayed to locate slapd manually --- extended help-messages (relevant to slapd) are always displayed, e.g. the commandline with which slapd has to be started when everythings finished (slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt)) - upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
128 lines
2.8 KiB
Plaintext
128 lines
2.8 KiB
Plaintext
loglevel 0
|
|
|
|
### needed for initial content load ###
|
|
sizelimit unlimited
|
|
|
|
### Multimaster-ServerIDs and URLs ###
|
|
|
|
${MMR_SERVERIDS_CONFIG}
|
|
|
|
include ${LDAPDIR}/backend-schema.schema
|
|
|
|
pidfile ${LDAPDIR}/slapd.pid
|
|
argsfile ${LDAPDIR}/slapd.args
|
|
sasl-realm ${DNSDOMAIN}
|
|
|
|
#authz-regexp
|
|
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
|
|
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
|
|
|
|
#authz-regexp
|
|
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
|
|
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
|
|
|
|
authz-regexp
|
|
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
|
|
ldap:///cn=samba??one?(cn=\$1)
|
|
|
|
authz-regexp
|
|
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
|
|
ldap:///cn=samba??one?(cn=\$1)
|
|
|
|
access to dn.base=""
|
|
by dn=cn=samba-admin,cn=samba manage
|
|
by anonymous read
|
|
by * read
|
|
|
|
access to dn.subtree="cn=samba"
|
|
by anonymous auth
|
|
|
|
access to dn.subtree="${DOMAINDN}"
|
|
by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
|
|
by dn=cn=manager manage
|
|
by * none
|
|
|
|
password-hash {CLEARTEXT}
|
|
|
|
include ${LDAPDIR}/modules.conf
|
|
|
|
defaultsearchbase ${DOMAINDN}
|
|
|
|
rootdn cn=Manager
|
|
|
|
overlay deref
|
|
|
|
${REFINT_CONFIG}
|
|
|
|
${MEMBEROF_CONFIG}
|
|
|
|
database ldif
|
|
suffix cn=Samba
|
|
directory ${LDAPDIR}/db/samba
|
|
rootdn cn=Manager,cn=Samba
|
|
|
|
########################################
|
|
## olc - configuration ###
|
|
${OLC_CONFIG_PASS}
|
|
${OLC_SYNCREPL_CONFIG}
|
|
${OLC_MMR_CONFIG}
|
|
${OLC_CONFIG_ACL}
|
|
|
|
########################################
|
|
### cn=schema ###
|
|
database hdb
|
|
suffix ${SCHEMADN}
|
|
rootdn cn=Manager,${SCHEMADN}
|
|
directory ${LDAPDIR}/db/schema
|
|
${NOSYNC}
|
|
${INDEX_CONFIG}
|
|
|
|
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
|
|
#We need this for the contextCSN attribute and mmr.
|
|
overlay syncprov
|
|
syncprov-sessionlog 100
|
|
syncprov-checkpoint 100 10
|
|
|
|
|
|
### Multimaster-Replication of cn=schema Subcontext ###
|
|
${MMR_SYNCREPL_SCHEMA_CONFIG}
|
|
${MIRRORMODE}
|
|
|
|
#########################################
|
|
### cn=config ###
|
|
database hdb
|
|
suffix ${CONFIGDN}
|
|
rootdn cn=Manager,${CONFIGDN}
|
|
directory ${LDAPDIR}/db/config
|
|
${NOSYNC}
|
|
${INDEX_CONFIG}
|
|
|
|
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
|
|
#We need this for the contextCSN attribute and mmr.
|
|
overlay syncprov
|
|
syncprov-sessionlog 100
|
|
syncprov-checkpoint 100 10
|
|
|
|
### Multimaster-Replication of cn=config Subcontext ###
|
|
${MMR_SYNCREPL_CONFIG_CONFIG}
|
|
${MIRRORMODE}
|
|
|
|
########################################
|
|
### cn=users /base-dn ###
|
|
database hdb
|
|
suffix ${DOMAINDN}
|
|
rootdn cn=Manager,${DOMAINDN}
|
|
directory ${LDAPDIR}/db/user
|
|
${NOSYNC}
|
|
${INDEX_CONFIG}
|
|
|
|
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
|
|
#We need this for the contextCSN attribute and mmr.
|
|
overlay syncprov
|
|
syncprov-sessionlog 100
|
|
syncprov-checkpoint 100 10
|
|
|
|
### Multimaster-Replication of cn=user/base-dn context ###
|
|
${MMR_SYNCREPL_USER_CONFIG}
|
|
${MIRRORMODE}
|