r26610: Write out a memberof.conf, to run the memberof plugin on all linked

attributes, as found in the schema.

Index 'cn', as otherwise exact match searches on this attribute always
fail (need to figure out what is so special about cn in OpenLDAP).

Andrew Bartlett
(This used to be commit 5a4a2d10bc5729d4adac4b173b0dc05e2e076c32)

diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index b713595a7e935c63a7590de77f36022abc9ae916..83fda335199d0966d400381f7ad3a5d0b7cb550c 100755 (executable)
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -141,6 +141,36 @@ if (options["ldap-backend-type"] == "fedora-ds") {
        } else {
                slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI;
        }
+
+       var ldb = ldb_init();
+       ldb.filename = tmp_schema_ldb;
+
+       var connect_ok = ldb.connect(ldb.filename);
+       assert(connect_ok);
+       var attrs = new Array("linkID", "lDAPDisplayName");
+       var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs);
+       assert(res.error == 0);
+       var memberof_config = "";
+       for (i=0; i < res.msgs.length; i++) {
+searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
+               var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName");
+               if (target != undefined) {
+                       memberof_config = memberof_config + "overlay memberof
+memberof-dangling error
+memberof-refint TRUE
+memberof-group-oc top
+memberof-member-ad " + res.msgs[i].lDAPDisplayName + "
+memberof-memberof-ad " + target + "
+
+";
+               }
+       }
+       ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config);
+       if (!ok) {
+               message("failed to create file: " + f + "\n");
+               assert(ok);
+       }
+
 }
 var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema;
 

diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 446facbf3d6d4c53a7a1b645581c4a4071958013..d50e5708fb4044179453673cc319a96db6c0c85d 100644 (file)
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -31,6 +31,7 @@ index name eq
 index objectCategory eq
 index lDAPDisplayName eq
 index subClassOf eq
+index cn eq
 
 database        hdb
 suffix         ${CONFIGDN}
@@ -44,6 +45,7 @@ index nCName eq
 index subClassOf eq
 index dnsRoot eq
 index nETBIOSName eq
+index cn eq
 
 database        hdb
 suffix         ${DOMAINDN}
@@ -65,9 +67,12 @@ index lDAPDisplayName eq
 index subClassOf eq
 index dnsRoot eq
 index nETBIOSName eq
+index cn eq
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We only need this for the contextCSN attribute anyway....
 overlay syncprov
 syncprov-checkpoint 100 10
 syncprov-sessionlog 100
+
+include ${LDAPDIR}/memberof.conf