This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.3
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.3 by this push:
new 65c01bb Issue 51253 - dscreate should LDAPI to bootstrap the config
65c01bb is described below
commit 65c01bbae365aeb30f9817d31ec38eead730a22e
Author: Mark Reynolds <mreynolds@redhat.com>
AuthorDate: Sun Aug 30 20:17:28 2020 -0400
Issue 51253 - dscreate should LDAPI to bootstrap the config
Description: There are cases where DNS is not setup yet, and trying to
automate the installation fails. Using LDAPI bypasses this
issue and allows for more robust deployment options
relates: https://pagure.io/389-ds-base/issue/51253
Reviewed by: minfrin, firstyear, and tbordaz (Thanks!!!)
---
ldap/admin/src/defaults.inf.in | 2 ++
ldap/admin/src/scripts/DSCreate.pm.in | 9 +++++++++
ldap/admin/src/scripts/DSUtil.pm.in | 3 +++
ldap/admin/src/scripts/dscreate.map.in | 3 +++
ldap/admin/src/scripts/dsupdate.map.in | 3 +++
ldap/ldif/template-dse-minimal.ldif.in | 4 ++++
ldap/ldif/template-dse.ldif.in | 4 ++++
src/lib389/lib389/instance/setup.py | 23 +++++++++++------------
8 files changed, 39 insertions(+), 12 deletions(-)
diff --git a/ldap/admin/src/defaults.inf.in b/ldap/admin/src/defaults.inf.in
index 2f630f9..e67d65e 100644
--- a/ldap/admin/src/defaults.inf.in
+++ b/ldap/admin/src/defaults.inf.in
@@ -38,6 +38,8 @@ local_state_dir = @localstatedir@
run_dir = @localstatedir@/run/dirsrv
# This is the expected location of ldapi.
ldapi = @localstatedir@/run/slapd-{instance_name}.socket
+ldapi_listen = on
+ldapi_autobind = on
pid_file = @localstatedir@/run/dirsrv/slapd-{instance_name}.pid
inst_dir = @serverdir@/slapd-{instance_name}
plugin_dir = @serverplugindir@
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index a2f15f9..ad619db 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -956,6 +956,15 @@ sub setDefaults {
if (!defined($inf->{slapd}->{db_home_dir})) {
$inf->{slapd}->{db_home_dir} = $inf->{slapd}->{db_dir};
}
+ if (!defined($inf->{slapd}->{ldapi})) {
+ $inf->{slapd}->{ldapi} = "$localstatedir/run/slapd-$servid.socket";
+ }
+ if (!defined($inf->{slapd}->{ldapi_listen})) {
+ $inf->{slapd}->{ldapi_listen} = "on";
+ }
+ if (!defined($inf->{slapd}->{ldapi_autobind})) {
+ $inf->{slapd}->{ldapi_autobind} = "on";
+ }
if (!defined($inf->{slapd}->{bak_dir})) {
if ("@with_fhs_opt@") {
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index 197aafa..c994faa 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -964,6 +964,9 @@ sub createInfFromConfig {
$inf->{slapd}->{RootDNPwd} = $ent->getValues('nsslapd-rootpw');
$inf->{slapd}->{ServerPort} = $ent->getValues('nsslapd-port');
$inf->{slapd}->{ServerIdentifier} = $id;
+ $inf->{slapd}->{ldapi} = $ent->getValues('nsslapd-ldapifilepath');
+ $inf->{slapd}->{ldapi_listen} = $ent->getValues('nsslapd-ldapilisten');
+ $inf->{slapd}->{ldapi_autobind} = $ent->getValues('nsslapd-ldapiautobind');
my $suffix = "";
$ent = $conn->search("cn=ldbm database,cn=plugins,cn=config",
diff --git a/ldap/admin/src/scripts/dscreate.map.in b/ldap/admin/src/scripts/dscreate.map.in
index 4c47b08..fd6d3e8 100644
--- a/ldap/admin/src/scripts/dscreate.map.in
+++ b/ldap/admin/src/scripts/dscreate.map.in
@@ -39,3 +39,6 @@ db_dir = db_dir
db_home_dir = db_home_dir
run_dir = run_dir
instance_name = ServerIdentifier
+ldapi_enabled = ldapi_listen
+ldapi = ldapi
+ldapi_autobind = ldapi_autobind
diff --git a/ldap/admin/src/scripts/dsupdate.map.in b/ldap/admin/src/scripts/dsupdate.map.in
index f6912b6..429b742 100644
--- a/ldap/admin/src/scripts/dsupdate.map.in
+++ b/ldap/admin/src/scripts/dsupdate.map.in
@@ -35,3 +35,6 @@ config_dir = config_dir
db_dir = db_dir
db_home_dir = db_home_dir
run_dir = run_dir
+ldapi_enabled = ldapi_listen
+ldapi = ldapi
+ldapi_autobind = ldapi_autobind
diff --git a/ldap/ldif/template-dse-minimal.ldif.in b/ldap/ldif/template-dse-minimal.ldif.in
index 0be9c17..0084e7e 100644
--- a/ldap/ldif/template-dse-minimal.ldif.in
+++ b/ldap/ldif/template-dse-minimal.ldif.in
@@ -20,6 +20,10 @@ nsslapd-auditlog: %log_dir%/audit
nsslapd-auditfaillog: %log_dir%/audit
nsslapd-rootdn: %rootdn%
nsslapd-rootpw: %ds_passwd%
+nsslapd-ldapilisten: %ldapi_enabled%
+nsslapd-ldapifilepath: %ldapi%
+nsslapd-ldapiautobind: %ldapi_autobind%
+nsslapd-ldapimaprootdn: %rootdn%
dn: cn=features,cn=config
objectclass: top
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 19abcf8..2cfc985 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -20,6 +20,10 @@ nsslapd-auditlog: %log_dir%/audit
nsslapd-auditfaillog: %log_dir%/audit
nsslapd-rootdn: %rootdn%
nsslapd-rootpw: %ds_passwd%
+nsslapd-ldapilisten: %ldapi_enabled%
+nsslapd-ldapifilepath: %ldapi%
+nsslapd-ldapiautobind: %ldapi_autobind%
+nsslapd-ldapimaprootdn: %rootdn%
dn: cn=encryption,cn=config
objectClass: top
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
index e1862f0..7d42ba2 100644
--- a/src/lib389/lib389/instance/setup.py
+++ b/src/lib389/lib389/instance/setup.py
@@ -731,6 +731,7 @@ class SetupDs(object):
dse += line.replace('%', '{', 1).replace('%', '}', 1)
with open(os.path.join(slapd['config_dir'], 'dse.ldif'), 'w') as file_dse:
+ ldapi_path = os.path.join(slapd['local_state_dir'], "run/slapd-%s.socket" % slapd['instance_name'])
dse_fmt = dse.format(
schema_dir=slapd['schema_dir'],
lock_dir=slapd['lock_dir'],
@@ -747,12 +748,15 @@ class SetupDs(object):
rootdn=slapd['root_dn'],
instance_name=slapd['instance_name'],
ds_passwd=self._secure_password, # We set our own password here, so we can connect and mod.
- # This is because we never know the users input root password as they can validily give
+ # This is because we never know the users input root password as they can validly give
# us a *hashed* input.
ds_suffix=ds_suffix,
config_dir=slapd['config_dir'],
db_dir=slapd['db_dir'],
- db_home_dir=slapd['db_home_dir']
+ db_home_dir=slapd['db_home_dir'],
+ ldapi_enabled="on",
+ ldapi=ldapi_path,
+ ldapi_autobind="on",
)
file_dse.write(dse_fmt)
@@ -842,7 +846,7 @@ class SetupDs(object):
# it's the only stable and guaranteed way to connect to the instance
# at this point.
#
- # Alternately, we could use ldapi instead, which would prevent the need
+ # Use ldapi which would prevent the need
# to configure a temp root pw in the setup phase.
args = {
SER_HOST: "localhost",
@@ -850,7 +854,10 @@ class SetupDs(object):
SER_SERVERID_PROP: slapd['instance_name'],
SER_ROOT_DN: slapd['root_dn'],
SER_ROOT_PW: self._raw_secure_password,
- SER_DEPLOYED_DIR: slapd['prefix']
+ SER_DEPLOYED_DIR: slapd['prefix'],
+ SER_LDAPI_ENABLED: 'on',
+ SER_LDAPI_SOCKET: ldapi_path,
+ SER_LDAPI_AUTOBIND: 'on'
}
ds_instance.allocate(args)
@@ -954,14 +961,6 @@ class SetupDs(object):
# Unsupported rdn
raise ValueError("Suffix RDN '{}' in '{}' is not supported. Supported RDN's are: 'c', 'cn', 'dc', 'o', and 'ou'".format(suffix_rdn_attr, backend['nsslapd-suffix']))
- # Initialise ldapi socket information. IPA expects this ....
- ldapi_path = os.path.join(slapd['local_state_dir'], "run/slapd-%s.socket" % slapd['instance_name'])
- ds_instance.config.set('nsslapd-ldapifilepath', ldapi_path)
- ds_instance.config.set('nsslapd-ldapilisten', 'on')
- ds_instance.config.set('nsslapd-ldapiautobind', 'on')
- ds_instance.config.set('nsslapd-ldapimaprootdn', slapd['root_dn'])
-
-
# Create all required sasl maps: if we have a single backend ...
# our default maps are really really bad, and we should feel bad.
# they basically only work with a single backend, and they'll break
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-commits@lists.fedoraproject.org
No comments:
Post a Comment