summaryrefslogtreecommitdiffstats
path: root/source4/setup
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-10-19 10:38:10 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-10-19 18:57:06 +1100
commitf9c7365e535727b1d6d6ef55ed8c196368c625b9 (patch)
treee0439c5d6b1b7ac5251e39d087855eb38b495b7a /source4/setup
parent4d9b12ae8f9fc7c097b94e6c02df3cb1c38a52ce (diff)
downloadsamba-f9c7365e535727b1d6d6ef55ed8c196368c625b9.tar.gz
samba-f9c7365e535727b1d6d6ef55ed8c196368c625b9.tar.xz
samba-f9c7365e535727b1d6d6ef55ed8c196368c625b9.zip
s4-provisionbackend Allow a fixed URI to be specified for LDAP backend
This is added to make the 'existing' LDAP backend class more useful, and to allow debuging of our OpenLDAP backend class with wireshark, by forcing the traffic over loopback TCP, which is much easier to sniff. Andrew Bartlett
Diffstat (limited to 'source4/setup')
-rwxr-xr-xsource4/setup/provision12
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/setup/provision b/source4/setup/provision
index 21d94cba27..c809c4afc3 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -93,6 +93,8 @@ parser.add_option("--blank", action="store_true",
help="do not add users or groups, just the structure")
parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT",
help="Additional TCP port for LDAP backend server (to use for replication)")
+parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
+ help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
help="LDAP backend type (fedora-ds or openldap)",
choices=["fedora-ds", "openldap"])
@@ -230,6 +232,15 @@ elif opts.use_xattrs == "auto":
file.close()
+if opts.ldap_backend_type == "existing":
+ if opts.ldap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
+ else:
+ logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
+else:
+ if opts.ldap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
+
session = system_session()
try:
provision(setup_dir, logger,
@@ -245,6 +256,7 @@ try:
wheel=opts.wheel, users=opts.users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
ldap_backend_extra_port=opts.ldap_backend_extra_port,
+ ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
backend_type=opts.ldap_backend_type,
ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,