On Fri, 2007-02-23 at 08:49 -0700, Richard Megginson wrote:
Andrew Bartlett wrote:
> In working to have the Samba4 test environment configure fedora-ds. I'm
> using ds_newinst.pl, but it starts the DS once it is created.
>
> According to that script, I could modify it, but:
>
> # if for some reason you do not want the server started after instance
> creation
> # the following line can be commented out - NOTE that if you are
> creating the
> # Configuration DS, it will be started anyway
> $cgiargs{start_server} = 1;
>
> As I understand it, a new standalone install will create the
> configuration DS.
>
No, it won't.
I'm going to add a start_server option to the .inf file so you won't
have to hack ds_newinst.pl anymore.
Thanks
Is it a problem that the server is started as a consequence of
creating
the instance?
> Aside from wanting a separate configure/start sequence, I would like to
> be able to modify the dse.ldif to fix up some parameters, and redo the
> schema, before the slapd process starts.
>
You could do all of this with ldapmodify after the server starts, but . . .
> For the parameter modification, another option might be to have a
> 'modify ldif' in addition to the 'initial ldif', but I still need a
way
> to clean out the schema.
>
. . . this would be quite hard to do with the existing .inf file +
ds_newinst.pl + ds_newinst (binary). The intention of ds_newinst.pl was
to just convert the .inf file format into the format used by the
ds_newinst binary (C code) which has a lot of code shared with ds_create
which is used to do a lot of admin server/console related stuff, in
addition to configuring the instance.
> Thoughts?
>
I understand where you are coming from. With openldap, you just have to
provide your own hand tuned slapd.conf file - nothing else really is
required. That also controls what schema is loaded.
Yeah. It really does show that I did this on OpenLDAP first...
It's not so easy to do the same thing with fedora ds. For
starters, the
dse.ldif file is much more complex (but in your case, there are only a
few options required to be tweaked). And the schema handling (i.e.
include /path/to/core.schema ; include /path/to/posix.schema) is
completely out of band with this process (well, not quite - you can
override the nsslapd-schemadir in cn=config).
So, yes, I suppose I'm just trying to turn Fedora DS into OpenLDAP, one
step at a time :-)
So how would you like for this to work? What would be easiest for
you?
A few things would be useful:
Firstly, for the path to the ldapi socket to be part of the inf file, so
I can make it identical between the two supported servers (just makes my
life easier).
If I can't get that, then I need to be able to modify the dse.inf before
it starts.
Slightly adjunct to this, i need a way to prevent the DS from binding to
anything except the unix domain socket (for security). ie, no IPv4
ports.
For the ds to be configured, but not started, so I can can copy out the
default schema, and replace it with just the core schema, and samba4's
schema.
Once I do all that, I would like to start the server for the first time,
knowing I've got full control over it's parameters.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
http://samba.org
Samba Developer, Red Hat Inc.
http://redhat.com