[Fedora-directory-devel] Need to configure, but not start fedora-ds

Fri Feb 23 22:02:23 UTC 2007

On Fri, 2007-02-23 at 08:49 -0700, Richard Megginson wrote:
> Andrew Bartlett wrote:
> > In working to have the Samba4 test environment configure fedora-ds.  I'm
> > using ds_newinst.pl, but it starts the DS once it is created.  
> >
> > According to that script, I could modify it, but:
> >
> > # if for some reason you do not want the server started after instance
> > creation
> > # the following line can be commented out - NOTE that if you are
> > creating the
> > # Configuration DS, it will be started anyway
> > $cgiargs{start_server} = 1;
> >
> > As I understand it, a new standalone install will create the
> > configuration DS.
> >   
> No, it won't.
> 
> I'm going to add a start_server option to the .inf file so you won't 
> have to hack ds_newinst.pl anymore.

Thanks

> Is it a problem that the server is started as a consequence of creating 
> the instance?
> > Aside from wanting a separate configure/start sequence, I would like to
> > be able to modify the dse.ldif to fix up some parameters, and redo the
> > schema, before the slapd process starts.
> >   
> You could do all of this with ldapmodify after the server starts, but . . .
> > For the parameter modification, another option might be to have a
> > 'modify ldif' in addition to the 'initial ldif', but I still need a way
> > to clean out the schema.
> >   
>  . . . this would be quite hard to do with the existing .inf file + 
> ds_newinst.pl + ds_newinst (binary).  The intention of ds_newinst.pl was 
> to just convert the .inf file format into the format used by the 
> ds_newinst binary (C code) which has a lot of code shared with ds_create 
> which is used to do a lot of admin server/console related stuff, in 
> addition to configuring the instance.
> > Thoughts?
> >   
> I understand where you are coming from.  With openldap, you just have to 
> provide your own hand tuned slapd.conf file - nothing else really is 
> required.  That also controls what schema is loaded.

Yeah.  It really does show that I did this on OpenLDAP first...

> It's not so easy to do the same thing with fedora ds.  For starters, the 
> dse.ldif file is much more complex (but in your case, there are only a 
> few options required to be tweaked).  And the schema handling (i.e. 
> include /path/to/core.schema ; include /path/to/posix.schema) is 
> completely out of band with this process (well, not quite - you can 
> override the nsslapd-schemadir in cn=config).

So, yes, I suppose I'm just trying to turn Fedora DS into OpenLDAP, one
step at a time :-)

> So how would you like for this to work?  What would be easiest for you?

A few things would be useful:

Firstly, for the path to the ldapi socket to be part of the inf file, so
I can make it identical between the two supported servers (just makes my
life easier).  

If I can't get that, then I need to be able to modify the dse.inf before
it starts.

Slightly adjunct to this, i need a way to prevent the DS from binding to
anything except the unix domain socket (for security).  ie, no IPv4
ports.

For the ds to be configured, but not started, so I can can copy out the
default schema, and replace it with just the core schema, and samba4's
schema.

Once I do all that, I would like to start the server for the first time,
knowing I've got full control over it's parameters.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070224/334b7e88/attachment.sig>