Tuesday, September 1, 2020

[389-commits] [389-ds-base] branch 389-ds-base-1.4.2 updated: Issue 51253 - dscreate should LDAPI to bootstrap the config

This is an automated email from the git hooks/post-receive script.

mreynolds pushed a commit to branch 389-ds-base-1.4.2
in repository 389-ds-base.

The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push:
new f856e52 Issue 51253 - dscreate should LDAPI to bootstrap the config
f856e52 is described below

commit f856e520a4f90527ff13a1cd364a5d3786976f6a
Author: Mark Reynolds <mreynolds@redhat.com>
AuthorDate: Sun Aug 30 20:17:28 2020 -0400

Issue 51253 - dscreate should LDAPI to bootstrap the config

Description: There are cases where DNS is not setup yet, and trying to
automate the installation fails. Using LDAPI bypasses this
issue and allows for more robust deployment options

relates: https://pagure.io/389-ds-base/issue/51253

Reviewed by: minfrin, firstyear, and tbordaz (Thanks!!!)
---
ldap/admin/src/defaults.inf.in | 2 ++
ldap/admin/src/scripts/DSCreate.pm.in | 10 ++++++++++
ldap/admin/src/scripts/DSUtil.pm.in | 3 +++
ldap/admin/src/scripts/dscreate.map.in | 3 +++
ldap/admin/src/scripts/dsupdate.map.in | 3 +++
ldap/ldif/template-dse-minimal.ldif.in | 4 ++++
ldap/ldif/template-dse.ldif.in | 4 ++++
src/lib389/lib389/instance/setup.py | 22 +++++++++++-----------
8 files changed, 40 insertions(+), 11 deletions(-)

diff --git a/ldap/admin/src/defaults.inf.in b/ldap/admin/src/defaults.inf.in
index f749295..52903ce 100644
--- a/ldap/admin/src/defaults.inf.in
+++ b/ldap/admin/src/defaults.inf.in
@@ -37,6 +37,8 @@ local_state_dir = @localstatedir@
run_dir = @localstatedir@/run/dirsrv
# This is the expected location of ldapi.
ldapi = @localstatedir@/run/slapd-{instance_name}.socket
+ldapi_listen = on
+ldapi_autobind = on
pid_file = @localstatedir@/run/dirsrv/slapd-{instance_name}.pid
inst_dir = @serverdir@/slapd-{instance_name}
plugin_dir = @serverplugindir@
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index b586cef..6ef9d97 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -952,6 +952,16 @@ sub setDefaults {
}
}

+ if (!defined($inf->{slapd}->{ldapi})) {
+ $inf->{slapd}->{ldapi} = "$localstatedir/run/slapd-$servid.socket";
+ }
+ if (!defined($inf->{slapd}->{ldapi_listen})) {
+ $inf->{slapd}->{ldapi_listen} = "on";
+ }
+ if (!defined($inf->{slapd}->{ldapi_autobind})) {
+ $inf->{slapd}->{ldapi_autobind} = "on";
+ }
+
if (!defined($inf->{slapd}->{bak_dir})) {
if ("@with_fhs_opt@") {
$inf->{slapd}->{bak_dir} = "$localstatedir/@PACKAGE_NAME@/slapd-$servid/bak";
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index 197aafa..c994faa 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -964,6 +964,9 @@ sub createInfFromConfig {
$inf->{slapd}->{RootDNPwd} = $ent->getValues('nsslapd-rootpw');
$inf->{slapd}->{ServerPort} = $ent->getValues('nsslapd-port');
$inf->{slapd}->{ServerIdentifier} = $id;
+ $inf->{slapd}->{ldapi} = $ent->getValues('nsslapd-ldapifilepath');
+ $inf->{slapd}->{ldapi_listen} = $ent->getValues('nsslapd-ldapilisten');
+ $inf->{slapd}->{ldapi_autobind} = $ent->getValues('nsslapd-ldapiautobind');

my $suffix = "";
$ent = $conn->search("cn=ldbm database,cn=plugins,cn=config",
diff --git a/ldap/admin/src/scripts/dscreate.map.in b/ldap/admin/src/scripts/dscreate.map.in
index fcf6e7a..354d332 100644
--- a/ldap/admin/src/scripts/dscreate.map.in
+++ b/ldap/admin/src/scripts/dscreate.map.in
@@ -37,3 +37,6 @@ log_dir = log_dir
config_dir = config_dir
db_dir = db_dir
run_dir = run_dir
+ldapi_enabled = ldapi_listen
+ldapi = ldapi
+ldapi_autobind = ldapi_autobind
diff --git a/ldap/admin/src/scripts/dsupdate.map.in b/ldap/admin/src/scripts/dsupdate.map.in
index 843fd34..e911a94 100644
--- a/ldap/admin/src/scripts/dsupdate.map.in
+++ b/ldap/admin/src/scripts/dsupdate.map.in
@@ -34,3 +34,6 @@ log_dir = log_dir
config_dir = config_dir
db_dir = db_dir
run_dir = run_dir
+ldapi_enabled = ldapi_listen
+ldapi = ldapi
+ldapi_autobind = ldapi_autobind
diff --git a/ldap/ldif/template-dse-minimal.ldif.in b/ldap/ldif/template-dse-minimal.ldif.in
index 0be9c17..0084e7e 100644
--- a/ldap/ldif/template-dse-minimal.ldif.in
+++ b/ldap/ldif/template-dse-minimal.ldif.in
@@ -20,6 +20,10 @@ nsslapd-auditlog: %log_dir%/audit
nsslapd-auditfaillog: %log_dir%/audit
nsslapd-rootdn: %rootdn%
nsslapd-rootpw: %ds_passwd%
+nsslapd-ldapilisten: %ldapi_enabled%
+nsslapd-ldapifilepath: %ldapi%
+nsslapd-ldapiautobind: %ldapi_autobind%
+nsslapd-ldapimaprootdn: %rootdn%

dn: cn=features,cn=config
objectclass: top
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 9efff58..92adc86 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -20,6 +20,10 @@ nsslapd-auditlog: %log_dir%/audit
nsslapd-auditfaillog: %log_dir%/audit
nsslapd-rootdn: %rootdn%
nsslapd-rootpw: %ds_passwd%
+nsslapd-ldapilisten: %ldapi_enabled%
+nsslapd-ldapifilepath: %ldapi%
+nsslapd-ldapiautobind: %ldapi_autobind%
+nsslapd-ldapimaprootdn: %rootdn%

dn: cn=encryption,cn=config
objectClass: top
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
index f0a8857..2d046a3 100644
--- a/src/lib389/lib389/instance/setup.py
+++ b/src/lib389/lib389/instance/setup.py
@@ -730,6 +730,7 @@ class SetupDs(object):
dse += line.replace('%', '{', 1).replace('%', '}', 1)

with open(os.path.join(slapd['config_dir'], 'dse.ldif'), 'w') as file_dse:
+ ldapi_path = os.path.join(slapd['local_state_dir'], "run/slapd-%s.socket" % slapd['instance_name'])
file_dse.write(dse.format(
schema_dir=slapd['schema_dir'],
lock_dir=slapd['lock_dir'],
@@ -745,11 +746,15 @@ class SetupDs(object):
ds_user=slapd['user'],
rootdn=slapd['root_dn'],
ds_passwd=self._secure_password, # We set our own password here, so we can connect and mod.
- # This is because we never know the users input root password as they can validily give
+ # This is because we never know the users input root password as they can validly give
# us a *hashed* input.
ds_suffix=ds_suffix,
config_dir=slapd['config_dir'],
db_dir=slapd['db_dir'],
+ db_home_dir=slapd['db_home_dir'],
+ ldapi_enabled="on",
+ ldapi=ldapi_path,
+ ldapi_autobind="on",
))

# Create all the needed paths
@@ -838,7 +843,7 @@ class SetupDs(object):
# it's the only stable and guaranteed way to connect to the instance
# at this point.
#
- # Alternately, we could use ldapi instead, which would prevent the need
+ # Use ldapi which would prevent the need
# to configure a temp root pw in the setup phase.
args = {
SER_HOST: "localhost",
@@ -846,7 +851,10 @@ class SetupDs(object):
SER_SERVERID_PROP: slapd['instance_name'],
SER_ROOT_DN: slapd['root_dn'],
SER_ROOT_PW: self._raw_secure_password,
- SER_DEPLOYED_DIR: slapd['prefix']
+ SER_DEPLOYED_DIR: slapd['prefix'],
+ SER_LDAPI_ENABLED: 'on',
+ SER_LDAPI_SOCKET: ldapi_path,
+ SER_LDAPI_AUTOBIND: 'on'
}

ds_instance.allocate(args)
@@ -949,14 +957,6 @@ class SetupDs(object):
# Unsupported rdn
raise ValueError("Suffix RDN '{}' in '{}' is not supported. Supported RDN's are: 'c', 'cn', 'dc', 'o', and 'ou'".format(suffix_rdn_attr, backend['nsslapd-suffix']))

- # Initialise ldapi socket information. IPA expects this ....
- ldapi_path = os.path.join(slapd['local_state_dir'], "run/slapd-%s.socket" % slapd['instance_name'])
- ds_instance.config.set('nsslapd-ldapifilepath', ldapi_path)
- ds_instance.config.set('nsslapd-ldapilisten', 'on')
- ds_instance.config.set('nsslapd-ldapiautobind', 'on')
- ds_instance.config.set('nsslapd-ldapimaprootdn', slapd['root_dn'])
-
-
# Create all required sasl maps: if we have a single backend ...
# our default maps are really really bad, and we should feel bad.
# they basically only work with a single backend, and they'll break

--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-commits@lists.fedoraproject.org
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)