On Fri, 2007-02-23 at 08:49 -0700, Richard Megginson wrote:
> Andrew Bartlett wrote:
> > In working to have the Samba4 test environment configure fedora-ds. I'm
> > using ds_newinst.pl, but it starts the DS once it is created.
> >
> > According to that script, I could modify it, but:
> >
> > # if for some reason you do not want the server started after instance
> > creation
> > # the following line can be commented out - NOTE that if you are
> > creating the
> > # Configuration DS, it will be started anyway
> > $cgiargs{start_server} = 1;
> >
> > As I understand it, a new standalone install will create the
> > configuration DS.
> >
> No, it won't.
>
> I'm going to add a start_server option to the .inf file so you won't
> have to hack ds_newinst.pl anymore.
Thanks
> Is it a problem that the server is started as a consequence of creating
> the instance?
> > Aside from wanting a separate configure/start sequence, I would like to
> > be able to modify the dse.ldif to fix up some parameters, and redo the
> > schema, before the slapd process starts.
> >
> You could do all of this with ldapmodify after the server starts, but . . .
> > For the parameter modification, another option might be to have a
> > 'modify ldif' in addition to the 'initial ldif', but I still need a way
> > to clean out the schema.
> >
> . . . this would be quite hard to do with the existing .inf file +
> ds_newinst.pl + ds_newinst (binary). The intention of ds_newinst.pl was
> to just convert the .inf file format into the format used by the
> ds_newinst binary (C code) which has a lot of code shared with ds_create
> which is used to do a lot of admin server/console related stuff, in
> addition to configuring the instance.
> > Thoughts?
> >
> I understand where you are coming from. With openldap, you just have to
> provide your own hand tuned slapd.conf file - nothing else really is
> required. That also controls what schema is loaded.
Yeah. It really does show that I did this on OpenLDAP first...
> It's not so easy to do the same thing with fedora ds. For starters, the
> dse.ldif file is much more complex (but in your case, there are only a
> few options required to be tweaked). And the schema handling (i.e.
> include /path/to/core.schema ; include /path/to/posix.schema) is
> completely out of band with this process (well, not quite - you can
> override the nsslapd-schemadir in cn=config).
So, yes, I suppose I'm just trying to turn Fedora DS into OpenLDAP, one
step at a time :-)
> So how would you like for this to work? What would be easiest for you?
A few things would be useful:
Firstly, for the path to the ldapi socket to be part of the inf file, so
I can make it identical between the two supported servers (just makes my
life easier).
If I can't get that, then I need to be able to modify the dse.inf before
it starts.
Slightly adjunct to this, i need a way to prevent the DS from binding to
anything except the unix domain socket (for security). ie, no IPv4
ports.
For the ds to be configured, but not started, so I can can copy out the
default schema, and replace it with just the core schema, and samba4's
schema.
Once I do all that, I would like to start the server for the first time,
knowing I've got full control over it's parameters.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
