Re: [openchange][devel] About change configuration defaults on mapiproxy (enable by default)

[Niklas Andersson]

Hi,

 On the note of improved automation:
 Feel free to steal/improve/continue some of my work I have done for 
automatic deployment of Samba 4 AD DC.

 I did a deb-package I called dcpromo. You just add the PPA, update the 
cache, preload the variables, install the package and run "dcpromo" and 
you're set.

Basically:

1. add-apt-repository ppa:niklas-andersson/dcpromo
2. apt-get update
3. Create /tmp/dcpromo.debconf with this content:

dcpromo dcpromo/workgroup string OPENFORCE
dcpromo dcpromo/domain string openforce
dcpromo dcpromo/dnsdomainname string openforce.org
dcpromo dcpromo/netbios_name string DC
dcpromo dcpromo/host_name string DC
dcpromo dcpromo/password string Secret007!
dcpromo dcpromo/adminpass string Secret007!
dcpromo dcpromo/krbtgtpass string Secret007!
dcpromo dcpromo/machinepass string Secret007!
dcpromo dcpromo/dnspass string Secret007!
dcpromo dcpromo/root string root
dcpromo dcpromo/nobody string nobody
dcpromo dcpromo/users string staff
dcpromo dcpromo/server_role string dc
dcpromo dcpromo/kerberos_servers string dc.openforce.org
dcpromo dcpromo/admin_server string dc.openforce.org
dcpromo dcpromo/use_rfc2307 boolean false
dcpromo dcpromo/dns_backend string SAMBA_INTERNAL

4. debconf-set-selections /tmp/dcpromo.debconf
5. apt-get install dcpromo
6. dcpromo

DONE. (You need to restart the machine as samba starts up in an 
erroneous state - also note that at least Ubuntu 14.10 if you later want 
to join with realmd, due to a NETLOGON-bug in earlier versions of Samba 4)

Afterwards you'll have these ports open:

22/tcp   open  ssh
53/tcp   open  domain
88/tcp   open  kerberos-sec
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
389/tcp  open  ldap
445/tcp  open  microsoft-ds
464/tcp  open  kpasswd5
636/tcp  open  ldapssl
1024/tcp open  kdm
3268/tcp open  globalcatLDAP
3269/tcp open  globalcatLDAPssl

Hope this can be useful to someone. The source code is available on 
Github [1]

[1] https://github.com/xnandersson/dcpromo


Best regards,
Niklas



On 10/12/14 15:39, Julien Kerihuel wrote:
Hi All,

The complexity of OpenChange setup and deployment has always been a 
constraint on the growth of deployment and community in general. I am 
therefore enthusiastic with any approaches trying to address this 
situation and improve the user experience in general.

The only thing we need to ensure is that "ease of deployment" does not 
lead to "unexpected corner cases". I agree with the suggestion Jesus 
made to remove OpenChange defaults, to not make any assumption on user 
choices and only run the endpoint if initial requirements for 
openchange to operate are met.

Cheers,
Julien.

On 09/12/14 18:16, Jesús García Sáez wrote:
Hi fellow citizens,

I'd like to discuss on the list about:

https://github.com/openchange/openchange/pull/156
https://github.com/openchange/openchange/pull/157

To sum up, with this changes we change some defaults in the 
configuration to enable openchange by default in a samba installation.

A bit of context. Right now a normal config file for openchange looks 
like this:

/etc/samba/openchange.cnf:

[global]
    dcerpc endpoint servers = +epmapper, +mapiproxy
    dcerpc_mapiproxy:server = true
    dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
exchange_ds_rfr

    mapistore:namedproperties = mysql
    namedproperties:mysql_user = openchange
    namedproperties:mysql_pass = BudbPMbT
    namedproperties:mysql_host = localhost
    namedproperties:mysql_db = openchange

    mapistore:indexing_backend = 
mysql://openchange:passw0rd@localhost/openchange
    mapiproxy:openchangedb = 
mysql://openchange:passw0rd@localhost/openchange

/etc/samba/smb.cnf:
    ...
    include = /etc/samba/openchange.conf
    ...

With this pull request the first file will be changed to this:

[global]
    mapistore:namedproperties = mysql
    namedproperties:mysql_user = openchange
    namedproperties:mysql_pass = BudbPMbT
    namedproperties:mysql_host = localhost
    namedproperties:mysql_db = openchange

    mapistore:indexing_backend = 
mysql://openchange:passw0rd@localhost/openchange
    mapiproxy:openchangedb = 
mysql://openchange:passw0rd@localhost/openchange

The problem that I see is that if you remove all those config lines, 
openchange will still be able to work (using ldb backends). So oc 
will work silently without administrator knowledge. In the case that 
you want to disable it, you will be required to include explicitly:

    dcerpc endpoint servers = -mapiproxy

I don't like at all this approach as an user. Basically I'd prefer 
explicit to implicit for "big" changes to services, like openchange 
is to a samba installation.

Obviously this is just my opinion and I understand completely 
jelmer's pov, so I'd love to heard others opinions.

Cheers.



_______________________________________________
devel mailing list
devel@lists.openchange.org
http://mailman.openchange.org/listinfo/devel

--
Julien Kerihuel
j.kerih...@openchange.org
OpenChange Project Founder

Twitter:http://twitter.com/jkerihuel

GPG Fingerprint: 0B55 783D A781 6329 108A  B609 7EF6 FE11 A35F 1F79


_______________________________________________
devel mailing list
devel@lists.openchange.org
http://mailman.openchange.org/listinfo/devel

_______________________________________________
devel mailing list
devel@lists.openchange.org
http://mailman.openchange.org/listinfo/devel