echo "Installing setup templates"
mkdir -p $SETUPDIR || exit 1
cp setup/schema-map-* $SETUPDIR || exit 1
+cp setup/DB_CONFIG $SETUPDIR || exit 1
cp setup/*.inf $SETUPDIR || exit 1
cp setup/*.ldif $SETUPDIR || exit 1
cp setup/*.zone $SETUPDIR || exit 1
paths.keytab = "secrets.keytab";
paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
paths.winsdb = "wins.ldb";
- paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
- paths.ldap_config_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-config.ldif";
- paths.ldap_schema_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + "-schema.ldif";
paths.ldapdir = lp.get("private dir") + "/ldap";
+ paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
+ paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
+ paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
return paths;
}
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
+ sys.mkdir(paths.ldapdir, 0700);
+
setup_file("provision_basedn.ldif",
message, paths.ldap_basedn_ldif,
subobj);
message, paths.ldap_schema_basedn_ldif,
subobj);
- message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
}
}
system("slaptest -u -f $slapd_conf") == 0 or die("slaptest still fails after adding modules");
- system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
- system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $privatedir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
+ system("slapadd -b cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-config.ldif >/dev/null") == 0 or die("slapadd failed");
+ system("slapadd -b cn=Schema,cn=Configuration,$basedn -f $slapd_conf -l $ldapdir/$dnsname-schema.ldif >/dev/null") == 0 or die("slapadd failed");
system("slaptest -u -f $slapd_conf >/dev/null") == 0 or
die ("slaptest after database load failed");
my $winbindd_socket_dir = "$prefix_abs/winbind_socket";
my $configuration = "--configfile=$conffile";
- my $ldapdir = "$prefix_abs/ldap";
+ my $ldapdir = "$privatedir/ldap";
my $tlsdir = "$privatedir/tls";
-dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config
+dn: cn="${CONFIGDN}",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-suffix: ${CONFIGDN}
cn: configData
-dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config
+dn: cn="${SCHEMADN}",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
RootDN= cn=Manager,${DOMAINDN}
RootDNPwd= ${LDAPMANAGERPASS}
ServerIdentifier= samba4
+${SERVERPORT}
inst_dir= ${LDAPDIR}/slapd-samba4
config_dir= ${LDAPDIR}/slapd-samba4
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
provision_ldapbase(subobj, message, paths);
+ message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
} else if (partitions_only) {
provision_become_dc(subobj, message, false, paths, system_session);
} else {
'ldap-manager-pass=s',
'root=s',
'quiet',
- 'ldap-backend-type=s');
+ 'ldap-backend-type=s',
+ 'ldap-backend-port=i');
if (options == undefined) {
println("Failed to parse options");
--ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random)
--root USERNAME choose 'root' unix username
--quiet Be quiet
- --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
- --ldap-module= MODULE LDB mapping module to use for the LDAP backend
+ --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
+ --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only)
You must provide at least a realm and ldap-backend-type
");
subobj[key] = options[r];
}
-var ldapbackend = (options["ldap-backend-type"] != undefined);
+
var paths = provision_default_paths(subobj);
provision_fix_subobj(subobj, message, paths);
message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR);
message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS);
-
var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb";
sys.mkdir(subobj.LDAPDIR, 0700);
if (options["ldap-backend-type"] == "fedora-ds") {
mapping = "schema-map-fedora-ds-1.0";
ext = "ldif";
+ if (options["ldap-backend-port"] != undefined) {
+ message("Will listen on TCP port " + options["ldap-backend-port"] + "\n");
+ subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"];
+ } else {
+ message("Will listen on LDAPI only\n");
+ subobj.SERVERPORT="";
+ }
setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj);
setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj);
} else if (options["ldap-backend-type"] == "openldap") {
+ provision_ldapbase(subobj, message, paths);
mapping = "schema-map-openldap-2.3";
ext = "schema";
setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
+ setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj);
+ sys.mkdir(subobj.LDAPDIR + "/db", 0700);
+ subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user";
+ sys.mkdir(subobj.LDAPDBDIR, 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+ setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+ subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config";
+ sys.mkdir(subobj.LDAPDBDIR, 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+ setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+ subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema";
+ sys.mkdir(subobj.LDAPDBDIR, 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
+ sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
+ setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
+ if (options["ldap-backend-port"] != undefined) {
+ message("NOTE: OpenLDAP TCP ports are controlled on the command line, not in the generated config file\n");
+ }
}
message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n");
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
-include $modconf
+include ${LDAPDIR}/modules.conf
-defaultsearchbase \"${DOMAINDN}\"
+defaultsearchbase ${DOMAINDN}
backend bdb
database bdb
-suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\"
+suffix ${SCHEMADN}
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index subClassOf eq
database bdb
-suffix \"cn=Configuration,${DOMAINDN}\"
+suffix ${CONFIGDN}
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index nETBIOSName eq pres
database bdb
-suffix \"${DOMAINDN}\"
-rootdn \"cn=Manager,${DOMAINDN}\"
+suffix ${DOMAINDN}
+rootdn cn=Manager,${DOMAINDN}
rootpw ${LDAPMANAGERPASS}
directory ${LDAPDIR}/db/user
index objectClass eq