sub openldap_start($$$) {
my ($slapd_conf, $uri, $logs) = @_;
- my $oldpath = $ENV{PATH};
- $ENV{PATH} = "/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
- system("slapd -d0 -f $slapd_conf -h $uri > $logs 2>&1 &");
+ my $oldpath = $ENV{PATH};
+ my $olroot = "";
+ my $olpath = "";
+ if (defined $ENV{OPENLDAP_ROOT}) {
+ $olroot = "$ENV{OPENLDAP_ROOT}";
+ $olpath = "$olroot/libexec:$olroot/sbin:";
+ }
+ $ENV{PATH} = "$olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
+ system("slapd -d63 -f $slapd_conf -h $uri > $logs 2>&1 &");
$ENV{PATH} = $oldpath;
}
# running slapd in the background means it stays in the same process group, so it can be
# killed by timelimit
if ($self->{ldap} eq "fedora-ds") {
- system("$ENV{FEDORA_DS_PREFIX}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
+ system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
} elsif ($self->{ldap} eq "openldap") {
openldap_start($env_vars->{SLAPD_CONF}, $uri, "$env_vars->{LDAPDIR}/logs");
}
$ENV{KRB5_CONFIG} = $env_vars->{KRB5_CONFIG};
+ $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
+ $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
+
# Start slapd before smbd, but with the fifo on stdin
if (defined($self->{ldap})) {
$self->slapd_start($env_vars) or
system("$self->{bindir}/ad2oLschema $configuration -H $ldapdir/schema-tmp.ldb --option=convert:target=fedora-ds -I $self->{setupdir}/schema-map-fedora-ds-1.0 -O $ldapdir/99_ad.ldif >&2") == 0 or die("schema conversion for Fedora DS failed");
my $dir = getcwd();
-chdir "$ENV{FEDORA_DS_PREFIX}/bin" || die;
- if (system("perl $ENV{FEDORA_DS_PREFIX}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf >&2") != 0) {
+chdir "$ENV{FEDORA_DS_ROOT}/bin" || die;
+ if (system("perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf >&2") != 0) {
chdir $dir;
- die("perl $ENV{FEDORA_DS_PREFIX}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf FAILED: $?");
+ die("perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf FAILED: $?");
}
chdir $dir || die;
system("$self->{bindir}/ad2oLschema $configuration --option=convert:target=openldap -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/backend-schema.schema >&2") == 0 or die("schema conversion for OpenLDAP failed");
my $oldpath = $ENV{PATH};
- $ENV{PATH} = "$ENV{OPENLDAP_PATH}/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
+ my $olpath = "";
+ my $olroot = "";
+ if (defined $ENV{OPENLDAP_ROOT}) {
+ $olroot = "$ENV{OPENLDAP_ROOT}";
+ $olpath = "$olroot/libexec:$olroot/sbin:";
+ }
+ $ENV{PATH} = "$olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH}";
unlink($modconf);
open(CONF, ">$modconf"); close(CONF);
+ if (system("slaptest -u -f $slapd_conf >&2") != 0) {
+ open(CONF, ">$modconf");
+ # enable slapd modules
+ print CONF "
+modulepath $olroot/libexec/openldap
+moduleload syncprov
+moduleload memberof
+";
+ close(CONF);
+ }
+ if (system("slaptest -u -f $slapd_conf >&2") != 0) {
+ open(CONF, ">$modconf");
+ # enable slapd modules
+ print CONF "
+modulepath $olroot/libexec/openldap
+moduleload back_hdb
+moduleload syncprov
+moduleload memberof
+";
+ close(CONF);
+ }
+
if (system("slaptest -u -f $slapd_conf >&2") != 0) {
open(CONF, ">$modconf");
# enable slapd modules
print CONF "
moduleload back_hdb
moduleload syncprov
+moduleload memberof
";
close(CONF);
}
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
+moduleload memberof
";
close(CONF);
}
print CONF "
modulepath /usr/lib/openldap
moduleload syncprov
+moduleload memberof
";
close(CONF);
}
print CONF "
modulepath /usr/lib64/openldap
moduleload syncprov
+moduleload memberof
";
close(CONF);
}
my $realm = "SAMBA.EXAMPLE.COM";
my $dnsname = "samba.example.com";
my $basedn = "dc=samba,dc=example,dc=com";
- my $root = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
+ my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`);
+ chomp $unix_name;
+ my $unix_uid = $>;
+ my $unix_gids_str = $);
+ my @unix_gids = split(" ", $unix_gids_str);
my $srcdir="$RealBin/..";
-d $prefix or mkdir($prefix, 0777) or die("Unable to create $prefix");
my $prefix_abs = abs_path($prefix);
my $lockdir = "$prefix_abs/lockdir";
my $winbindd_socket_dir = "$prefix_abs/winbind_socket";
my $winbindd_priv_pipe_dir = "$piddir/smbd.tmp/winbind_pipe";
+ my $nsswrap_passwd = "$etcdir/passwd";
+ my $nsswrap_group = "$etcdir/group";
my $configuration = "--configfile=$conffile";
my $ldapdir = "$privatedir/ldap";
ncalrpc dir = $ncalrpcdir
lock dir = $lockdir
setup directory = $self->{setupdir}
+ modules dir = $self->{bindir}/modules
js include = $srcdir/scripting/libjs
winbindd socket directory = $winbindd_socket_dir
winbind separator = /
";
close(KRB5CONF);
+ open(PWD, ">$nsswrap_passwd");
+ print PWD "
+root:x:0:0:root gecos:$prefix_abs:/bin/false
+$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
+nobody:x:65534:65533:nobody gecos:$prefix_abs:/bin/false
+";
+ close(PWD);
+
+ open(GRP, ">$nsswrap_group");
+ print GRP "
+root:x:0:
+wheel:x:10:
+users:x:100:
+nobody:x:65533:
+nogroup:x:65534:nobody
+";
+ close(GRP);
+
#Ensure the config file is valid before we start
if (system("$self->{bindir}/testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) {
system("$self->{bindir}/testparm -v --suppress-prompt $configuration >&2");
die("Failed to create a valid smb.conf configuration!");
}
- (system("($self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$netbiosname\" ) >/dev/null 2>&1") == 0) or die("Failed to create a valid smb.conf configuration!");
+ (system("($self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$netbiosname\" ) >/dev/null 2>&1") == 0) or die("Failed to create a valid smb.conf configuration! $self->{bindir}/testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global");
-my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provision");
+ my @provision_options = ();
+ push (@provision_options, "NSS_WRAPPER_PASSWD=\"$nsswrap_passwd\"");
+ push (@provision_options, "NSS_WRAPPER_GROUP=\"$nsswrap_group\"");
+ if (defined($ENV{PROVISION_PYTHON})) {
+ push (@provision_options, "$self->{bindir}/smbpython");
+ push (@provision_options, "$self->{setupdir}/provision.py");
+ } else {
+ push (@provision_options, "$self->{bindir}/smbscript");
+ push (@provision_options, "$self->{setupdir}/provision");
+ }
push (@provision_options, split(' ', $configuration));
push (@provision_options, "--host-name=$netbiosname");
push (@provision_options, "--host-ip=$ifaceipv4");
push (@provision_options, "--adminpass=$password");
push (@provision_options, "--krbtgtpass=krbtgt$password");
push (@provision_options, "--machinepass=machine$password");
- push (@provision_options, "--root=$root");
+ push (@provision_options, "--root=$unix_name");
push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn");
push (@provision_options, "--password=$password");
- push (@provision_options, "--root=$root");
- push (@provision_options, "--server-role=$server_role");
+ push (@provision_options, "--server-role=\"$server_role\"");
my $ldap_uri= "$ldapdir/ldapi";
$ldap_uri =~ s|/|%2F|g;
NCALRPCDIR => $ncalrpcdir,
LOCKDIR => $lockdir,
CONFIGURATION => $configuration,
- SOCKET_WRAPPER_DEFAULT_IFACE => $swiface
+ SOCKET_WRAPPER_DEFAULT_IFACE => $swiface,
+ NSS_WRAPPER_PASSWD => $nsswrap_passwd,
+ NSS_WRAPPER_GROUP => $nsswrap_group,
};
if (defined($self->{ldap})) {
push (@provision_options, "--ldap-backend=$ldap_uri");
- system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$realm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
+ system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$unix_name --realm=$realm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
if ($self->{ldap} eq "openldap") {
($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");
die("couldn't start slapd");
}
- (system(@provision_options) == 0) or die("Unable to provision");
+ my $provision_cmd = join(" ", @provision_options);
+ (system($provision_cmd) == 0) or die("Unable to provision: \n$provision_cmd\n");
if (defined($self->{ldap})) {
$self->slapd_stop($ret) or