From cf77bf338260e33e7353f1176210d5cac5a6048d Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 9 Oct 2009 13:36:04 -0500 Subject: [PATCH] s4:provision - replaced linked_attributes with FDS plugins When FDS is used as a backend, Samba should not use the linked_attributes LDB module, but instead use the built-in DS plugins for attribute linking, indexing, and referential integrity. --- source4/scripting/python/samba/provision.py | 57 ++++++++++++++++++- source4/setup/fedorads-index.ldif | 7 +++ source4/setup/fedorads-linked-attributes.ldif | 7 +++ source4/setup/fedorads-pam.ldif | 2 + source4/setup/fedorads-refint-add.ldif | 6 ++ source4/setup/fedorads-refint-delete.ldif | 20 +++++++ source4/setup/fedorads.inf | 4 ++ 7 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 source4/setup/fedorads-index.ldif create mode 100644 source4/setup/fedorads-linked-attributes.ldif create mode 100644 source4/setup/fedorads-pam.ldif create mode 100644 source4/setup/fedorads-refint-add.ldif create mode 100644 source4/setup/fedorads-refint-delete.ldif diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index bf2e22046a9..a7a50caba65 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -144,6 +144,11 @@ class ProvisionPaths(object): self.fedoradsinf = None self.fedoradspartitions = None self.fedoradssasl = None + self.fedoradspam = None + self.fedoradsrefint = None + self.fedoradslinkedattributes = None + self.fedoradsindex = None + self.fedoradssamba = None self.olmmron = None self.olmmrserveridsconf = None self.olmmrsyncreplconf = None @@ -334,7 +339,7 @@ def setup_ldb(ldb, ldif_path, subst_vars): ldb.transaction_commit() -def setup_file(template, fname, subst_vars): +def setup_file(template, fname, subst_vars=None): """Setup a file in the private dir. :param template: Path of the template file. @@ -388,8 +393,16 @@ def provision_paths_from_lp(lp, dnsdomain): "fedorads-partitions.ldif") paths.fedoradssasl = os.path.join(paths.ldapdir, "fedorads-sasl.ldif") + paths.fedoradspam = os.path.join(paths.ldapdir, + "fedorads-pam.ldif") + paths.fedoradsrefint = os.path.join(paths.ldapdir, + "fedorads-refint.ldif") + paths.fedoradslinkedattributes = os.path.join(paths.ldapdir, + "fedorads-linked-attributes.ldif") + paths.fedoradsindex = os.path.join(paths.ldapdir, + "fedorads-index.ldif") paths.fedoradssamba = os.path.join(paths.ldapdir, - "fedorads-samba.ldif") + "fedorads-samba.ldif") paths.olmmrserveridsconf = os.path.join(paths.ldapdir, "mmr_serverids.conf") paths.olmmrsyncreplconf = os.path.join(paths.ldapdir, @@ -651,7 +664,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, if ldap_backend.ldap_backend_type == "fedora-ds": backend_modules = ["nsuniqueid", "paged_searches"] # We can handle linked attributes here, as we don't have directory-side subtree operations - tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"] + tdb_modules_list = ["extended_dn_out_dereference"] elif ldap_backend.ldap_backend_type == "openldap": backend_modules = ["entryuuid", "paged_searches"] # OpenLDAP handles subtree renames, so we don't want to do any of these things @@ -1913,6 +1926,44 @@ def provision_fds_backend(result, paths=None, setup_path=None, names=None, {"SAMBADN": names.sambadn, }) + setup_file(setup_path("fedorads-pam.ldif"), paths.fedoradspam) + + lnkattr = get_linked_attributes(names.schemadn,schema.ldb) + + refint_config = data = open(setup_path("fedorads-refint-delete.ldif"), 'r').read() + memberof_config = "" + index_config = "" + argnum = 3 + + for attr in lnkattr.keys(): + if lnkattr[attr] is not None: + refint_config += read_and_sub_file(setup_path("fedorads-refint-add.ldif"), + { "ARG_NUMBER" : str(argnum) , + "LINK_ATTR" : attr }) + memberof_config += read_and_sub_file(setup_path("fedorads-linked-attributes.ldif"), + { "MEMBER_ATTR" : attr , + "MEMBEROF_ATTR" : lnkattr[attr] }) + index_config += read_and_sub_file(setup_path("fedorads-index.ldif"), + { "ATTR" : attr }) + argnum += 1 + + open(paths.fedoradsrefint, 'w').write(refint_config) + open(paths.fedoradslinkedattributes, 'w').write(memberof_config) + + attrs = ["lDAPDisplayName"] + res = schema.ldb.search(expression="(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))", base=names.schemadn, scope=SCOPE_ONELEVEL, attrs=attrs) + + for i in range (0, len(res)): + attr = res[i]["lDAPDisplayName"][0] + + if attr == "objectGUID": + attr = "nsUniqueId" + + index_config += read_and_sub_file(setup_path("fedorads-index.ldif"), + { "ATTR" : attr }) + + open(paths.fedoradsindex, 'w').write(index_config) + setup_file(setup_path("fedorads-samba.ldif"), paths.fedoradssamba, {"SAMBADN": names.sambadn, "LDAPADMINPASS": ldapadminpass diff --git a/source4/setup/fedorads-index.ldif b/source4/setup/fedorads-index.ldif new file mode 100644 index 00000000000..4b4eb234992 --- /dev/null +++ b/source4/setup/fedorads-index.ldif @@ -0,0 +1,7 @@ +dn: cn=${ATTR},cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config +objectClass: top +objectClass: nsIndex +cn: ${ATTR} +nsSystemIndex: false +nsIndexType: eq + diff --git a/source4/setup/fedorads-linked-attributes.ldif b/source4/setup/fedorads-linked-attributes.ldif new file mode 100644 index 00000000000..05abcf9500e --- /dev/null +++ b/source4/setup/fedorads-linked-attributes.ldif @@ -0,0 +1,7 @@ +# Link ${MEMBER_ATTR} to ${MEMBEROF_ATTR} +dn: cn=${MEMBER_ATTR} to ${MEMBEROF_ATTR},cn=Linked Attributes,cn=plugins,cn=config +objectClass: extensibleObject +cn: ${MEMBER_ATTR} to ${MEMBEROF_ATTR} +linkType: ${MEMBER_ATTR} +managedType: ${MEMBEROF_ATTR} + diff --git a/source4/setup/fedorads-pam.ldif b/source4/setup/fedorads-pam.ldif new file mode 100644 index 00000000000..5ffd5cf016b --- /dev/null +++ b/source4/setup/fedorads-pam.ldif @@ -0,0 +1,2 @@ +dn: cn=PAM Pass Through Auth,cn=plugins,cn=config +changetype: delete diff --git a/source4/setup/fedorads-refint-add.ldif b/source4/setup/fedorads-refint-add.ldif new file mode 100644 index 00000000000..2deb07dcbd8 --- /dev/null +++ b/source4/setup/fedorads-refint-add.ldif @@ -0,0 +1,6 @@ +dn: cn=referential integrity postoperation,cn=plugins,cn=config +changetype: modify +add: nsslapd-pluginArg${ARG_NUMBER} +nsslapd-pluginArg${ARG_NUMBER}: ${LINK_ATTR} +- + diff --git a/source4/setup/fedorads-refint-delete.ldif b/source4/setup/fedorads-refint-delete.ldif new file mode 100644 index 00000000000..cd20b839b32 --- /dev/null +++ b/source4/setup/fedorads-refint-delete.ldif @@ -0,0 +1,20 @@ +dn: cn=referential integrity postoperation,cn=plugins,cn=config +changetype: modify +delete: nsslapd-pluginArg3 +- + +dn: cn=referential integrity postoperation,cn=plugins,cn=config +changetype: modify +delete: nsslapd-pluginArg4 +- + +dn: cn=referential integrity postoperation,cn=plugins,cn=config +changetype: modify +delete: nsslapd-pluginArg5 +- + +dn: cn=referential integrity postoperation,cn=plugins,cn=config +changetype: modify +delete: nsslapd-pluginArg6 +- + diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index 90ebe6a9a5e..e0676c41df9 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -28,3 +28,7 @@ install_full_schema= 0 SchemaFile=${LDAPDIR}/99_ad.ldif ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif +ConfigFile = ${LDAPDIR}/fedorads-pam.ldif +ConfigFile = ${LDAPDIR}/fedorads-refint.ldif +ConfigFile = ${LDAPDIR}/fedorads-linked-attributes.ldif +ConfigFile = ${LDAPDIR}/fedorads-index.ldif -- 2.34.1