r20495: Further notes on joining with fedora DS.

author Andrew Bartlett <abartlet@samba.org>

Wed, 3 Jan 2007 05:31:50 +0000 (05:31 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 19:36:00 +0000 (14:36 -0500)
author Andrew Bartlett <abartlet@samba.org>
Wed, 3 Jan 2007 05:31:50 +0000 (05:31 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 19:36:00 +0000 (14:36 -0500)
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js

index 96e55bc4ae1fdbe1b55f5f22acd0d73c184763dc..954335d335f4ed67ea89187fed32d705f1303ab0 100644 (file)
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -701,6 +701,7 @@ function provision_guess()
         subobj.LDAPMODULE = "entryUUID";
         subobj.LDAPMODULES = "objectguid";
         subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
+       subobj.ACI = "# no aci for local ldb";
         return subobj;
  }
  
diff --git a/source4/setup/fedora-ds-init.ldif b/source4/setup/fedora-ds-init.ldif

index f7d350c550acb3d55258c478de8236395340a4de..83cdb6b392eb16005b8df3d3e20457ec37f027f2 100644 (file)
--- a/source4/setup/fedora-ds-init.ldif
+++ b/source4/setup/fedora-ds-init.ldif
@@ -22,5 +22,6 @@ nsslapd-suffix: dc=tammy,dc=abartlet,dc=net
  #
  
  
-# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid
+# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid --aci='aci: (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)'
+
  
diff --git a/source4/setup/provision b/source4/setup/provision

index 8912b28792b4a7bd0d4dc13adbbe98e9ef9836c9..8f1d422f512994be7a17ec8a9b623952c737bf33 100755 (executable)
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -31,7 +31,8 @@ options = GetOptions(ARGV,
                 'blank',
                 'ldap-base',
                 'ldap-backend=s',
-                'ldap-module=s');
+                'ldap-module=s',
+                'aci=s');
  
  if (options == undefined) {
     println("Failed to parse options");
@@ -81,7 +82,7 @@ provision [options]
   --ldap-base                   output only an LDIF file, suitable for creating an LDAP baseDN
   --ldap-backend LDAPSERVER      LDAP server to use for this provision
   --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
-
+ --aci=         ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
  You must provide at least a realm and domain
  
  ");
@@ -112,6 +113,9 @@ for (r in options) {
         var key = strupper(join("", split("-", r)));
         subobj[key] = options[r];
  }
+if (options["aci"] != undefined) {
+       println("set ACI: " + subobj["ACI"]);
+}
  
  if (options["ldap-backend"] != undefined) {
         subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches";
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif

index ab79319f20b9c2e88274fb85b164e8ab20a76fd9..e8cf8005f3cb4790b3293464068e88b076be2ad6 100644 (file)
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -6,5 +6,6 @@ objectClass: top
  objectClass: domain
  objectClass: domainDNS
  ${EXTENSIBLEOBJECT}
+${ACI}
  dc: ${RDN_DC}
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 3 Jan 2007 05:31:50 +0000 (05:31 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 19:36:00 +0000 (14:36 -0500)
source4/scripting/libjs/provision.js		patch \| blob \| history
source4/setup/fedora-ds-init.ldif		patch \| blob \| history
source4/setup/provision		patch \| blob \| history
source4/setup/provision_basedn.ldif		patch \| blob \| history