source4/setup/provision-backend

   1 #!/bin/sh
   2 exec smbscript "$0" ${1+"$@"}
   3 /*
   4         provision a Samba4 server
   5         Copyright Andrew Tridgell 2005
   6         Released under the GNU GPL v2 or later
   7 */
   8
   9 options = GetOptions(ARGV,
  10                 "POPT_AUTOHELP",
  11                 "POPT_COMMON_SAMBA",
  12                 "POPT_COMMON_VERSION",
  13                 "POPT_COMMON_CREDENTIALS",
  14                 'realm=s',
  15                 'host-name=s',
  16                 'ldap-manager-pass=s',
  17                 'root=s',
  18                 'quiet',
  19                 'ldap-backend-type=s',
  20                 'ldap-backend-port=i');
  21
  22 if (options == undefined) {
  23    println("Failed to parse options");
  24    return -1;
  25 }
  26
  27 sys = sys_init();
  28
  29 libinclude("base.js");
  30 libinclude("provision.js");
  31
  32 /*
  33   print a message if quiet is not set
  34 */
  35 function message()
  36 {
  37         if (options["quiet"] == undefined) {
  38                 print(vsprintf(arguments));
  39         }
  40 }
  41
  42 /*
  43  show some help
  44 */
  45 function ShowHelp()
  46 {
  47         print("
  48 Samba4 provisioning
  49
  50 provision [options]
  51  --realm        REALM           set realm
  52  --host-name    HOSTNAME        set hostname
  53  --ldap-manager-pass    PASSWORD        choose LDAP Manager password (otherwise random)
  54  --root         USERNAME        choose 'root' unix username
  55  --quiet                        Be quiet
  56  --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
  57  --ldap-backend-port PORT       Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only)
  58 You must provide at least a realm and ldap-backend-type
  59
  60 ");
  61         exit(1);
  62 }
  63
  64 if (options['host-name'] == undefined) {
  65         options['host-name'] = hostname();
  66 }
  67
  68 /*
  69    main program
  70 */
  71 if (options["realm"] == undefined ||
  72     options["ldap-backend-type"] == undefined ||
  73     options["host-name"] == undefined) {
  74         ShowHelp();
  75 }
  76
  77 /* cope with an initially blank smb.conf */
  78 var lp = loadparm_init();
  79 lp.set("realm", options.realm);
  80 lp.reload();
  81
  82 var subobj = provision_guess();
  83 for (r in options) {
  84         var key = strupper(join("", split("-", r)));
  85         subobj[key] = options[r];
  86 }
  87
  88
  89
  90 var paths = provision_default_paths(subobj);
  91 provision_fix_subobj(subobj, paths);
  92 message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR);
  93 message("Using %s password: %s\n", subobj.LDAPMANAGERDN, subobj.LDAPMANAGERPASS);
  94 var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb";
  95 sys.mkdir(subobj.LDAPDIR, 0700);
  96
  97 provision_schema(subobj, message, tmp_schema_ldb, paths);
  98
  99 var mapping;
 100 var backend_schema;
 101 var slapd_command;
 102 if (options["ldap-backend-type"] == "fedora-ds") {
 103         mapping = "schema-map-fedora-ds-1.0";
 104         backend_schema = "backend-schema.ldif";
 105         if (options["ldap-backend-port"] != undefined) {
 106                 message("Will listen on TCP port " + options["ldap-backend-port"] + "\n");
 107                 subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"];
 108         } else {
 109                 message("Will listen on LDAPI only\n");
 110                 subobj.SERVERPORT="";
 111         }
 112         setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj);
 113         setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj);
 114
 115         slapd_command = "(see documentation)";
 116 } else if (options["ldap-backend-type"] == "openldap") {
 117         provision_ldapbase(subobj, message, paths);
 118         mapping = "schema-map-openldap-2.3";
 119         backend_schema = "99_ad.ldif";
 120         setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
 121         setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj);
 122         sys.mkdir(subobj.LDAPDIR + "/db", 0700);
 123         subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user";
 124         sys.mkdir(subobj.LDAPDBDIR, 0700);
 125         sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
 126         sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
 127         setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
 128         subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config";
 129         sys.mkdir(subobj.LDAPDBDIR, 0700);
 130         sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
 131         sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
 132         setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
 133         subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema";
 134         sys.mkdir(subobj.LDAPDBDIR, 0700);
 135         sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
 136         sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
 137         setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
 138         if (options["ldap-backend-port"] != undefined) {
 139                 message("\nStart slapd with: \n");
 140                 slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h \"ldap://0.0.0.0:" + options["ldap-backend-port"] + " " + subobj.LDAPI_URI "\"";
 141         } else {
 142                 slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI;
 143         }
 144
 145         var ldb = ldb_init();
 146         ldb.filename = tmp_schema_ldb;
 147
 148         var connect_ok = ldb.connect(ldb.filename);
 149         assert(connect_ok);
 150         var attrs = new Array("linkID", "lDAPDisplayName");
 151         var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs);
 152         assert(res.error == 0);
 153         var memberof_config = "";
 154         for (i=0; i < res.msgs.length; i++) {
 155 searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
 156                 var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName");
 157                 if (target != undefined) {
 158                         memberof_config = memberof_config + "overlay memberof
 159 memberof-dangling error
 160 memberof-refint TRUE
 161 memberof-group-oc top
 162 memberof-member-ad " + res.msgs[i].lDAPDisplayName + "
 163 memberof-memberof-ad " + target + "
 164
 165 ";
 166                 }
 167         }
 168         ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config);
 169         if (!ok) {
 170                 message("failed to create file: " + f + "\n");
 171                 assert(ok);
 172         }
 173
 174 }
 175 var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema;
 176
 177 message("\nCreate a suitable schema file with:\n%s\n", schema_command);
 178 message("\nStart slapd with: \n%s\n", slapd_command);
 179
 180 message("All OK\n");
 181 return 0;