Author: rhafer
Date: Wed Feb 10 13:39:08 2010
New Revision: 60785
URL: http://svn.opensuse.org/viewcvs/yast?rev=60785&view=rev
Log:
Merged latest chunk of replication changes from sle-11-sp1 branch
(revisions 60065-60723)
Modified:
trunk/ldap-server/ (props changed)
trunk/ldap-server/src/LdapDatabase.ycp
trunk/ldap-server/src/LdapServer.pm
trunk/ldap-server/src/agent/SlapdConfigAgent.cc
trunk/ldap-server/src/dialogs.ycp
trunk/ldap-server/src/helps.ycp
Modified: trunk/ldap-server/src/LdapDatabase.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapDatabase.ycp?rev=60785&r1=60784&r2=60785&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapDatabase.ycp (original)
+++ trunk/ldap-server/src/LdapDatabase.ycp Wed Feb 10 13:39:08 2010
@@ -1556,6 +1556,20 @@
if ( UI::QueryWidget( `cb_syncrepl, `Value ) == true )
{
UI::ChangeWidget( `f_synccons, `Enabled, true );
+ if ( (boolean)UI::QueryWidget( `cb_update_ref, `Value ) == true )
+ {
+ UI::ChangeWidget( `te_updateref_target, `Enabled, true );
+ UI::ChangeWidget( `cb_updateref_prot, `Enabled, true );
+ UI::ChangeWidget( `if_updateref_port, `Enabled, true );
+ UI::ChangeWidget( `te_updateref_target, `Value, "" );
+ }
+ else
+ {
+ UI::ChangeWidget( `te_updateref_target, `Enabled, false );
+ UI::ChangeWidget( `cb_updateref_prot, `Enabled, false );
+ UI::ChangeWidget( `if_updateref_port, `Enabled, false );
+ UI::ChangeWidget( `te_updateref_target, `Value, "" );
+ }
}
else
{
@@ -1680,7 +1694,7 @@
+ "\n\n\"" +
(string)err["summary"]:"" + "\"\n\"" + (string)err["description"]:""
+ "\"\n\n" +
- _("Do you want to still want to continue?"));
+ _("Do you still want to continue?"));
}
if(!(boolean)SCR::Execute( .ldapserver.remoteLdapSyncCheck, testparm ) )
{
@@ -1692,7 +1706,7 @@
+ "\n\"" +
(string)err["summary"]:""+ "\"\n\"" + (string)err["description"]:""
+ "\"\n\n" +
- _("Do you want to still want to continue?"));
+ _("Do you still want to continue?"));
}
}
return true;
@@ -1742,7 +1756,7 @@
if ( (boolean) UI::QueryWidget( `cb_update_ref, `Value) )
{
map updateref = $[];
- if ( (string)UI::QueryWidget(`cb_updateref_prot, `Value) != "" )
+ if ( (string)UI::QueryWidget(`te_updateref_target, `Value) != "" )
{
updateref = add(updateref, "protocol", (string)UI::QueryWidget(`cb_updateref_prot, `Value) );
updateref = add(updateref, "target", (string)UI::QueryWidget(`te_updateref_target, `Value) );
@@ -1931,7 +1945,7 @@
{
string caption = _("Replication settings");
term contents = GetSyncConsWidget();
- Wizard::SetContentsButtons(caption, contents, HELPS["syncrepl_edit"]:"",
+ Wizard::SetContentsButtons(caption, contents, HELPS["synccons_edit"]:"",
Label::BackButton(), Label::NextButton());
symbol ret = `next;
DbSyncConsRead(-1, $[] );
@@ -1992,7 +2006,7 @@
],
"syncrepl" : $[
`next : "ppolicy",
- `syncrepl : "last",
+ `syncrepl : `next,
`abort : `abort
],
"ppolicy" : $[
Modified: trunk/ldap-server/src/LdapServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=60785&r1=60784&r2=60785&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapServer.pm (original)
+++ trunk/ldap-server/src/LdapServer.pm Wed Feb 10 13:39:08 2010
@@ -1794,7 +1794,7 @@
"credentials" => $syncpw,
"basedn" => "cn=config",
"starttls" => YaST::YCP::Boolean(1),
- "updateref" => {}
+ "syncrepl" => { 'use_provider' => YaST::YCP::Boolean(1) }
};
SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl );
$syncrepl->{'basedn'} = $dbDefaults{'suffix'};
@@ -1947,6 +1947,54 @@
{
my ($self, $dbIndex, $acllist ) = @_;
y2debug("ChangeDatabaseAcl: ".Data::Dumper->Dump([$acllist]) );
+
+ # Check whether this is a slave database, if yes locate the
+ # syncrepl related ACL and move it to the top. This is to ensure
+ # that syncrepl clients have read access to everything
+ my $syncrepl = $self->ReadSyncRepl( $dbIndex );
+ if ( $syncrepl && scalar(keys %{$syncrepl}) && $syncrepl->{'binddn'} ne "" )
+ {
+ my $acllist_sorted=[];
+ my $syncacl={};
+ my $found=0;
+
+ foreach my $rule ( @{$acllist} )
+ {
+ if ( !$found && (keys %{$rule->{'target'}} == 0) )
+ {
+ # this rule matches all db entries, check if it gives
+ # read access to the syncrepl id
+ foreach my $access ( @{$rule->{'access'}} )
+ {
+ if ( $access->{'type'} eq "dn.base" &&
+ lc($access->{'value'}) eq lc($syncrepl->{'binddn'} ) &&
+ ($access->{'level'} eq "read" || $access->{'level'} eq "write")
+ )
+ {
+ y2milestone("Found syncrepl ACL, moving to first position");
+ $syncacl=$rule;
+ $found=1;
+ last;
+ }
+ }
+ if( $found )
+ {
+ next;
+ }
+ }
+ push @{$acllist_sorted}, $rule;
+ }
+ if ( $found )
+ {
+ # push syncrepl acl on top
+ push @{$acllist_sorted}, $syncacl;
+ $acllist = [ $syncacl ];
+ push @{$acllist}, @{$acllist_sorted};
+ }
+ }
+
+
+
my $rc = SCR->Write(".ldapserver.database.{".$dbIndex."}.acl", $acllist );
if ( ! $rc )
{
Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfigAgent.cc?rev=60785&r1=60784&r2=60785&view=diff
==============================================================================
--- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original)
+++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Wed Feb 10 13:39:08 2010
@@ -1734,6 +1734,25 @@
{
sr = boost::shared_ptr<OlcSyncRepl>(new OlcSyncRepl());
srl.push_back(sr);
+
+ // find available rid (rid must be unique accross the server)
+ OlcDatabaseList::const_iterator k;
+ int largest_rid=0;
+ for ( k = databases.begin(); k != databases.end() ; k++ )
+ {
+ OlcSyncReplList srl1 = (*k)->getSyncRepl();
+ if ( srl1.empty() )
+ {
+ continue;
+ }
+ boost::shared_ptr<OlcSyncRepl> sr1;
+ int currid = (*srl1.begin())->getRid();
+ if ( currid > largest_rid )
+ {
+ largest_rid=currid;
+ }
+ }
+ sr->setRid(largest_rid+1);
}
else
{
@@ -1814,11 +1833,23 @@
YCPMap updaterefMap = argMap->value(YCPString("updateref"))->asMap();
if ( updaterefMap.size() > 0 )
{
- LDAPUrl updaterefUrl;
- updaterefUrl.setScheme( updaterefMap->value(YCPString("protocol"))->asString()->value_cstr() );
- updaterefUrl.setHost( updaterefMap->value(YCPString("target"))->asString()->value_cstr() );
- updaterefUrl.setPort( updaterefMap->value(YCPString("port"))->asInteger()->value() );
- (*i)->setStringValue("olcUpdateRef", updaterefUrl.getURLString() );
+ if ( !updaterefMap->value(YCPString("use_provider")).isNull() &&
+ updaterefMap->value(YCPString("use_provider"))->asBoolean()->value() )
+ {
+ (*i)->setStringValue("olcUpdateRef", prvuri.getURLString() );
+ }
+ else
+ {
+ LDAPUrl updaterefUrl;
+ updaterefUrl.setScheme( updaterefMap->value(YCPString("protocol"))->asString()->value_cstr() );
+ updaterefUrl.setHost( updaterefMap->value(YCPString("target"))->asString()->value_cstr() );
+ updaterefUrl.setPort( updaterefMap->value(YCPString("port"))->asInteger()->value() );
+ (*i)->setStringValue("olcUpdateRef", updaterefUrl.getURLString() );
+ }
+ }
+ else
+ {
+ (*i)->setStringValue("olcUpdateRef", "" );
}
}
}
@@ -2251,7 +2282,8 @@
try{
// Simple LDAPSync Request Control (refreshOnly, no cookie)
const char ctrl[] = { 0x30, 0x03, 0x0a, 0x01, 0x01 };
- LDAPCtrl syncCtrl( "1.3.6.1.4.1.4203.1.9.1.1", true, ctrl, sizeof(ctrl) );
+ std::string ctrlStr(ctrl, sizeof(ctrl) );
+ LDAPCtrl syncCtrl( std::string("1.3.6.1.4.1.4203.1.9.1.1"), true, ctrlStr );
LDAPControlSet cs;
cs.add(syncCtrl);
LDAPConstraints searchCons;
Modified: trunk/ldap-server/src/dialogs.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/dialogs.ycp?rev=60785&r1=60784&r2=60785&view=diff
==============================================================================
--- trunk/ldap-server/src/dialogs.ycp (original)
+++ trunk/ldap-server/src/dialogs.ycp Wed Feb 10 13:39:08 2010
@@ -913,7 +913,7 @@
}
if ( ! setupok )
{
- Popup::Error( _("The Replication Configuration on the master server indicates that\nis already acting as a Repliation Consumer.\n") +
+ Popup::Error( _("The Replication Configuration on the master server indicates that\nit is already acting as a Replication Consumer.\n") +
_("Setting up cascaded replication of the cn=config is not supported currently.") );
ret = `cancel;
break;
@@ -1034,7 +1034,7 @@
`HSquash(
`VSquash(
`VBox(
- `Heading( _("Repliation Master setup") ),
+ `Heading( _("Replication Master setup") ),
`VSpacing( 0.5 ),
`Label( _("In order to act as a Master Server for Replication, the Configuration database needs\nto be remotely accessible. Please set a password for the Configuration database." ) +
_("\n(Remote access to the Configuration database will be restricted to encrypted\nLDAP Connections)")
Modified: trunk/ldap-server/src/helps.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/helps.ycp?rev=60785&r1=60784&r2=60785&view=diff
==============================================================================
--- trunk/ldap-server/src/helps.ycp (original)
+++ trunk/ldap-server/src/helps.ycp Wed Feb 10 13:39:08 2010
@@ -134,6 +134,49 @@
(DN, filter and Attributes) matches the entry being access. You might need to order the rules according
to your needs. You can use the <b>Up</b> and <b>Down</b> buttons for that</p>"),
+ "syncprov_edit" :
+ _("<h3>Replication Provider Settings</h3>") +
+ _("<p>Select the \"<b>Enable ldapsync provider for this database</b>\" checkbox, if you want to
+be able to replicate the currently selected database to another server.</p>") +
+ _("<h4>Checkpoint Settings</h4>") +
+ _("<p>Here you can specify how often the synchronization state indicator (stored in the
+\"<i>contextCSN</i>\"-Attribute) is written to the database. It is synced out to the database if
+\"<i>Operations</i>\" write operations or more than \"<i>Minutes</i>\" have passed since the
+last time the indicator was written. By default (both values are '0') the state indicator is only
+written after a clean shutdown. Writing it more often can result in faster startup times after an
+unclean shutdown but might result in a small performance hit in environments with many LDAP Write
+Operations.</p>")+
+ _("<h4>Session log</h4>") +
+ _("<p>Configures an in-memory session log for recording information about write operations
+made on the database. Specify how many write operation should be recorded in the session log.
+Configuring a session log is only useful for \"<i>refreshOnly</i>\" replication. In
+such a case it can speed up replication and reduce the load on the master server.</p>"),
+
+ "synccons_edit" :
+ _("<h3>Replication Consumer Settings</h3>") +
+ _("<p>Select the \"<b>This database is a Replication Consumer</b>\" if you want the database to be a replica
+of a database on another server.</p>") +
+ _("<h4>Provider</h4>") +
+ _("Enter the connection details for the replication connection to the master server here. For that, select the
+protocol to use (<b>ldap</b> or <b>ldaps</b>) and enter the fully qualified hostname of the master server here. It is
+important to use the fully qualified hostname here to be able to verify the master server's TLS/SSL certificate. Adjust
+the port number if the master server is using non-standard ldap ports.") +
+ _("<h4>Replication Type</h4>") +
+ _("<p>OpenLDAP supports different modes of replication:</p>") +
+ _("<p><b>refreshOnly</b>: The slave server will periodically open a new connection, trigger a
+synchronization and close the connection again. The intervall how often this synchronization happens can be configured
+through the <b>Replication Interval</b> settings.</p>") +
+ _("<p><b>refreshAndPersist</b>: The slave server will open a persistent connection to the master server for
+synchronization. Updated entries on the master server are immediately sent to the slave through that connection.</p>") +
+ _("<h4>Authentication</h4>") +
+ _("<p>Specify a DN and password here that the slave server should use to authenticate against the master.
+The specified DN needs to have read access to all entries in the replicated database on the master.</p>") +
+ _("<h4>Update Referral</h4>") +
+ _("<p>As the slave database is readonly. The slave server will answer write operations with an LDAP referral.
+This referral by default points the client to the master server. You can configure a differen update referral here.
+This is e.g. useful in a cascaded replication setup i.e. when the provider for the slave server is as slave server
+itself. </p>"),
+
/* Read dialog help */
"read" :
_("<p><b><big>Initializing LDAP Server Configuration</big></b><br>Please wait...<br></p>") +
@@ -156,14 +199,24 @@
created. Click <b>Finish</b> to write that configuration and leave the LDAP
Server module</p>"),
- /* Configuration Startup Dialog 1/2 */
+ /* Configuration Wizard Step 1 */
"service_dialog" :
_("<p>With <b>Start LDAP Server Yes or No</b>, start or stop the LDAP server.</p> ") +
_("<p>If <b>Yes</b> is selected, you can click <b>Next</b> to start the configuration wizard</p>")+
- /* Configuration Startup Dialog 2/2 */
_("<p>If the Firewall is enabled you can open the required network ports
for OpenLDAP by checking the corresponding Checkbox.</p>"),
+ /* Configuration Wizard Step 2 */
+ "server_type" :
+ _("<p>Select the type of LDAP Server you want to setup. The following scenarios are available:</p>") +
+ _("<p><b>Standalone Server</b>: Setup a single standalone OpenLDAP Server with no preparations for
+replication</p>") +
+ _("<p><b>Replication Master (Provider)</b>: Create an OpenLDAP setup that is prepared to act as a master server
+(provider) in a replication setup.</p>") +
+ _("<p><b>Replication Slave (Consumer)</b>: Setup an OpenLDAP slave server that replicates all its data,
+including configuration, from a master server.</p>"),
+
+ /* Configuration Wizard Step 3 */
"tls_dialog" :
_("<h3>TLS Settings</h3>") +
@@ -232,7 +285,16 @@
/* Tree Item Dialog "databases" 2/2 */
_("<p>To add a new database, press <b>Add Database...</b>.</p>") +
_("<p>To delete a database, select a database from the List and press <b>Delete Database...</b>.
-You can not delete the \"config\" and \"frontend\" databases.</p>")
+You can not delete the \"config\" and \"frontend\" databases.</p>"),
+
+ "master_setup_dialog" :
+ _("<p>Enter a password for the configuration database (\"<i>cn=config</i>\") here. This is required to make
+the configuration database accessible remotely.</p>"),
+
+ "slave_dialog" :
+ _("<p>To setup a slave server some details need to be queried from the master server. Please enter the master
+server's hostname, adjust the protocol (either \"<i>ldap</i>\" or \"<i>ldaps</i>\") and port number as needed and enter the password
+for the master's configuration database (\"<i>cn=config</i>\").</p>"),
];
/* EOF */
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org
rhafer@svn.opensuse.org