The branch, master has been updated
via e11f92b... s4:provision Make OpenLDAP backend more robust
via 47e7e48... s4:ldap-backend Fix LSA test failures with OpenLDAP
backend - convert SIDs
via 466fbe2... s4:provison Pass nosync in for the OpenLDAP cn=config too
via fe3d872... s4:selftest Ensure we don't fsync() all day in the LDAP
backend test
via cbb8182... s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
via 9eacde8... s4:dsdb Revert accidentilly commited change for LDAP
backends
via a50f6aa... s4:provision Use more reasonable values for DB_CONFIG
from d950e9e... build: added --enable-auto-reconfigure
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e11f92ba73028b608207ed91aaa22376756d7a73
Author: Andrew Bartlett <[email protected]>
Date: Thu Apr 22 17:20:21 2010 +1000
s4:provision Make OpenLDAP backend more robust
With the extra moduleload lines (which succeed if it's already
staticly linked), we now work with OpenLDAP overlays as modules.
Andrew Bartlett
commit 47e7e487469fa1f3fafe0a52560e0049801a5ac7
Author: Andrew Bartlett <[email protected]>
Date: Thu Apr 22 11:39:21 2010 +1000
s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDs
The SIDs in some queries were not being passed as binary, but as
strings in comparison with the securityIdentifer object. We need to
recognise that these are SIDs in the simple_ldap_map.
Andrew Bartlett
commit 466fbe278a6f96f1b9942954a164262a14894bfe
Author: Andrew Bartlett <[email protected]>
Date: Thu Apr 22 11:38:43 2010 +1000
s4:provison Pass nosync in for the OpenLDAP cn=config too
commit fe3d872656ff68de60c1af91ccf292e2565fde8b
Author: Andrew Bartlett <[email protected]>
Date: Thu Apr 22 11:37:41 2010 +1000
s4:selftest Ensure we don't fsync() all day in the LDAP backend test
Passing this option greatly reduces the time spent in the test.
Andrew Bartlett
commit cbb818222aea20b47adbcd5e4461949d7e5d5107
Author: Andrew Bartlett <[email protected]>
Date: Tue Apr 20 15:35:51 2010 +1000
s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
This is rather than rdn_name, which tries to do the job on the client
side. We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).
Andrew Bartlett
commit 9eacde808ee464343620a311bb2bdea5ac7b5ee8
Author: Andrew Bartlett <[email protected]>
Date: Tue Apr 20 14:49:30 2010 +1000
s4:dsdb Revert accidentilly commited change for LDAP backends
In the future, LDAP backends will be resposible for maintaining the
'name' attributes.
Andrew Bartlett
commit a50f6aad85b5fcbefafa52869651eb503b719cc6
Author: Andrew Bartlett <[email protected]>
Date: Wed Apr 21 08:00:44 2010 +1000
s4:provision Use more reasonable values for DB_CONFIG
With the OpenLDAP backend, the old DB_CONFIG caused OpenLDAP to abort
on startup, and was very inefficient. This new one, kindly supplied
by Matthew Backes <[email protected]> uses a more reasonable set of
buffer sizes.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba4.pm | 1 +
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 7 +++++-
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 26 +++++++++++++++++++++-
source4/setup/DB_CONFIG | 18 +++++++++++----
source4/setup/schema-map-openldap-2.3 | 6 +++-
source4/setup/slapd.conf | 14 +++++++++++
6 files changed, 63 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 4d6bca9..c5b6d77 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -806,6 +806,7 @@ sub provision($$$$$$$)
if (defined($self->{ldap})) {
$ret->{LDAP_URI} = $ctx->{ldap_uri};
push (@{$ctx->{provision_options}}, "--ldap-backend-type=" .
$self->{ldap});
+ push (@{$ctx->{provision_options}}, "--ldap-backend-nosync");
if ($self->{ldap} eq "openldap") {
push (@{$ctx->{provision_options}}, "--slapd-path=" .
$ENV{OPENLDAP_SLAPD});
($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) =
$self->mk_openldap($ctx) or die("Unable to create openldap directories");
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 0e635de..bbdb768 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -188,6 +188,10 @@ static int samba_dsdb_init(struct ldb_module *module)
NULL };
const char **link_modules;
+ static const char *fedora_ds_modules[] = {
+ "rdn_name", NULL };
+ static const char *openldap_modules[] = {
+ NULL };
static const char *tdb_modules_list[] = {
"rdn_name",
"subtree_delete",
@@ -252,11 +256,12 @@ static int samba_dsdb_init(struct ldb_module *module)
extended_dn_module = extended_dn_module_ldb;
link_modules = tdb_modules_list;
} else {
- link_modules = NULL;
if (strcasecmp(backendType, "fedora-ds") == 0) {
+ link_modules = fedora_ds_modules;
backend_modules = fedora_ds_backend_modules;
extended_dn_module = extended_dn_module_fds;
} else if (strcasecmp(backendType, "openldap") == 0) {
+ link_modules = openldap_modules;
backend_modules = openldap_backend_modules;
extended_dn_module = extended_dn_module_openldap;
}
diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
index bf9cd4f..1bf72d9 100644
--- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
+++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
@@ -282,12 +282,24 @@ static const struct ldb_map_attribute
entryuuid_attributes[] =
},
},
},
+ /* securityIdentifier */
+ {
+ .local_name = "securityIdentifier",
+ .type = LDB_MAP_CONVERT,
+ .u = {
+ .convert = {
+ .remote_name = "securityIdentifier",
+ .convert_local = sid_always_binary,
+ .convert_remote = val_copy,
+ },
+ },
+ },
{
.local_name = "name",
.type = LDB_MAP_RENAME,
.u = {
.rename = {
- .remote_name = "samba4RDN"
+ .remote_name = "rdnValue"
}
}
},
@@ -492,6 +504,18 @@ static const struct ldb_map_attribute
nsuniqueid_attributes[] =
}
}
},
+ /* securityIdentifier */
+ {
+ .local_name = "securityIdentifier",
+ .type = LDB_MAP_CONVERT,
+ .u = {
+ .convert = {
+ .remote_name = "securityIdentifier",
+ .convert_local = sid_always_binary,
+ .convert_remote = val_copy,
+ },
+ },
+ },
{
.local_name = "whenCreated",
.type = LDB_MAP_RENAME,
diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG
index 74bb09d..f94bf08 100644
--- a/source4/setup/DB_CONFIG
+++ b/source4/setup/DB_CONFIG
@@ -1,6 +1,14 @@
-set_cachesize 0 524288 0
-set_lg_regionmax 104857
-set_lg_max 1048576
-set_lg_bsize 209715
+# set 32MiB, single-segment cache
+set_cachesize 0 33554432 1
+
+# set transaction log autoremoval; disable if you use them for backups
+set_flags DB_LOG_AUTOREMOVE
+
+# these should be left at default for most installs
+set_lg_max 10485760
+set_lg_bsize 2097152
+
set_lg_dir ${LDAPDBDIR}/bdb-logs
-set_tmp_dir ${LDAPDBDIR}/tmp
+
+# tmp_dir stuff is not used by OpenLDAP
+#set_tmp_dir ${LDAPDBDIR}/tmp
diff --git a/source4/setup/schema-map-openldap-2.3
b/source4/setup/schema-map-openldap-2.3
index 0d38652..09808b6 100644
--- a/source4/setup/schema-map-openldap-2.3
+++ b/source4/setup/schema-map-openldap-2.3
@@ -15,6 +15,10 @@ uidNumber
gidNumber
#The memberOf plugin provides this attribute
memberOf
+#'name' is the RDN in AD, but 'name' means something else in
+#OpenLDAP. We use rdnValue for the mapping, but this is provided by
+#the rdnval overlay.
+name
#These conflict with OpenLDAP builtins
attributeTypes:samba4AttributeTypes
2.5.21.5:1.3.6.1.4.1.7165.4.255.7
@@ -24,8 +28,6 @@ objectClasses:samba4ObjectClasses
2.5.21.6:1.3.6.1.4.1.7165.4.255.5
subSchema:samba4SubSchema
2.5.20.1:1.3.6.1.4.1.7165.4.255.4
-#'name' is the RDN in AD, but something else in OpenLDAP
-name:samba4RDN
#Remap these so that we don't put operational attributes in a schema MAY
modifyTimeStamp:samba4ModifyTimestamp
2.5.18.2:1.3.6.1.4.1.7165.4.255.3
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 0077a22..c592b6e 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -48,12 +48,20 @@ defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
+moduleload rdnval
+
+moduleload deref
overlay deref
+moduleload refint
${REFINT_CONFIG}
+moduleload memberof
${MEMBEROF_CONFIG}
+moduleload syncprov
+moduleload hdb
+
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
@@ -66,6 +74,7 @@ rootdn cn=config
${OLC_SYNCREPL_CONFIG}
${OLC_MMR_CONFIG}
+${NOSYNC}
access to dn.sub="cn=config"
by dn="cn=samba-admin,cn=samba" write
@@ -87,6 +96,7 @@ overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10
+overlay rdnval
### Multimaster-Replication of cn=schema Subcontext ###
${MMR_SYNCREPL_SCHEMA_CONFIG}
@@ -107,6 +117,8 @@ overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10
+overlay rdnval
+
### Multimaster-Replication of cn=config Subcontext ###
${MMR_SYNCREPL_CONFIG_CONFIG}
${MIRRORMODE}
@@ -126,6 +138,8 @@ overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10
+overlay rdnval
+
### Multimaster-Replication of cn=user/base-dn context ###
${MMR_SYNCREPL_USER_CONFIG}
${MIRRORMODE}
--
Samba Shared Repository
