4:45 a.m.
I've been working to allow Fedora DS to backend Samba4, much as OpenLDAP
can. This, I hope, will bring us the benefits of a replicated backend
between Samba4 servers.
To set this up, I've placed some notes in setup/fedora-ds-init.ldif and
extended the provision script. The provision now succeeds, and Win2k3
can join and log into the Samba4/FDS domain.
The next step is to test the Fedora DS backend in our 'make test'
script. For that, I'll need some help. I need to automatically
configure and start fedora DS, from within the test scripts. I
understand some testing scripts to do this exist...
To integrate such scripts with Samba4, I need a few things:
Ideally it would bind to an ldapi:// socket (this is redhat bug 219573:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 ), but for
now a high port would do.
Likewise, it would be ideal if fedora DS could terminate with the
process group, so we don't risk leaving ldap servers around after a
failed test.
Finally, I need USN support in Fedora DS, or something very much like
the contextCSN attribute in OpenLDAP. (With a way to obtain a highest
value, preferably also a way to get a 'new' value too).
Later, we need to figure out how ACLs should behave for all our
backends.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
8:52 a.m.
Andrew Bartlett wrote:
I've been working to allow Fedora DS to backend Samba4, much as
OpenLDAP
can. This, I hope, will bring us the benefits of a replicated backend
between Samba4 servers.
To set this up, I've placed some notes in setup/fedora-ds-init.ldif and
extended the provision script. The provision now succeeds, and Win2k3
can join and log into the Samba4/FDS domain.
Excellent!
The next step is to test the Fedora DS backend in our 'make
test'
script. For that, I'll need some help. I need to automatically
configure and start fedora DS, from within the test scripts. I
understand some testing scripts to do this exist...
Basically, you create a .inf file, and pass this file to
bin/slapd/admin/bin/ds_create or ds_newinst.pl - see
http://directory.fedora.redhat.com/wiki/Install_Guide#Creating_an_instanc...
To integrate such scripts with Samba4, I need a few things:
Ideally it would bind to an ldapi:// socket (this is redhat bug 219573:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 ), but for
now a high port would do.
Likewise, it would be ideal if fedora DS could terminate with the
process group, so we don't risk leaving ldap servers around after a
failed test.
You can start the server with the "-d 0" argument - this causes the
server to not detach from the controlling terminal.
Finally, I need USN support in Fedora DS, or something very much
like
the contextCSN attribute in OpenLDAP. (With a way to obtain a highest
value, preferably also a way to get a 'new' value too).
Do you need this to work even if the server does not participate in
replication? CSNs are only generated if the server is configured to
participate in replication.
Later, we need to figure out how ACLs should behave for all our
backends.
Andrew Bartlett
------------------------------------------------------------------------
--
Fedora-directory-devel mailing list
Fedora-directory-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
12:25 a.m.
On Wed, 2007-01-03 at 07:52 -0700, Richard Megginson wrote:
Andrew Bartlett wrote:
> I've been working to allow Fedora DS to backend Samba4, much as OpenLDAP
> can. This, I hope, will bring us the benefits of a replicated backend
> between Samba4 servers.
>
> To set this up, I've placed some notes in setup/fedora-ds-init.ldif and
> extended the provision script. The provision now succeeds, and Win2k3
> can join and log into the Samba4/FDS domain.
>
Excellent!
> The next step is to test the Fedora DS backend in our 'make test'
> script. For that, I'll need some help. I need to automatically
> configure and start fedora DS, from within the test scripts. I
> understand some testing scripts to do this exist...
>
Basically, you create a .inf file, and pass this file to
bin/slapd/admin/bin/ds_create or ds_newinst.pl - see
http://directory.fedora.redhat.com/wiki/Install_Guide#Creating_an_instanc...
I'll give that a shot.
> To integrate such scripts with Samba4, I need a few things:
>
> Ideally it would bind to an ldapi:// socket (this is redhat bug 219573:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 ), but for
> now a high port would do.
>
> Likewise, it would be ideal if fedora DS could terminate with the
> process group, so we don't risk leaving ldap servers around after a
> failed test.
>
You can start the server with the "-d 0" argument - this causes the
server to not detach from the controlling terminal.
Thanks
> Finally, I need USN support in Fedora DS, or something very much
like
> the contextCSN attribute in OpenLDAP. (With a way to obtain a highest
> value, preferably also a way to get a 'new' value too).
>
Do you need this to work even if the server does not participate in
replication? CSNs are only generated if the server is configured to
participate in replication.
Yes, I need it no matter how the server is configured. Of course, I'm
happy to have replication configured, just unused.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
6319
days inactive
6320
days old
389-devel@lists.fedoraproject.org
2 comments
2 participants
participants (2)
-
Andrew Bartlett -
Rich Megginson