Author: rhafer
Date: Fri Nov 6 14:52:54 2009
New Revision: 59379
URL: http://svn.opensuse.org/viewcvs/yast?rev=59379&view=rev
Log:
initial implementation of a Wizard to setup cn=config replication
Modified:
branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm
branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp
branches/SuSE-Code-11-SP1-Branch/ldap-server/src/wizards.ycp
Modified: branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm?rev=59379&r1=59378&r2=59379&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm (original)
+++ branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm Fri Nov 6 14:52:54 2009
@@ -2437,5 +2437,207 @@
y2milestone("ReadPpolicyDefault ". Data::Dumper->Dump([$ppolicy_objects->{$suffix}]) );
return $ppolicy_objects->{$suffix}
}
+
+BEGIN { $TYPEINFO {SetupRemoteForReplication} = ["function", "boolean", ["map", "string", "any"] ]; }
+sub SetupRemoteForReplication
+{
+ my ( $self, $param) = @_;
+ $param->{'target'}->{'port'} = YaST::YCP::Integer($param->{'target'}->{'port'});
+ $param->{'starttls'} = YaST::YCP::Boolean($param->{'starttls'});
+
+ SCR->Execute(".ldapserver.init", $param );
+
+ my @db_changes = ();
+ my $dbs = $self->ReadDatabaseList();
+ for ( my $i=0; $i < scalar(@{$dbs})-1; $i++)
+ {
+ my $type = $dbs->[$i+1]->{'type'};
+ my $suffix = $dbs->[$i+1]->{'suffix'};
+ if ( $type eq "config" || $type eq "bdb" || $type eq "hdb" )
+ {
+ my $changes = { "index" => $i, "suffix" => $suffix };
+ my $db = SCR->Read(".ldapserver.database.{".$i."}" );
+ my $prv = SCR->Read(".ldapserver.database.{".$i."}.syncprov" );
+ if ( keys %{$prv} == 0 )
+ {
+ y2milestone("Database $i needs syncprov overlay");
+ $changes->{'needsyncprov'} = 1;
+ }
+ else
+ {
+ $changes->{'needsyncprov'} = 0;
+ }
+
+ my $cons = SCR->Read(".ldapserver.database.{".$i."}.syncrepl" );
+ if ( keys %{$cons} == 0 )
+ {
+ y2milestone("Database $i needs syncrepl config");
+ $changes->{'needsyncrepl'} = 1;
+ }
+ else
+ {
+ $changes->{'needsyncrepl'} = 0;
+ }
+ if ( lc($db->{'rootdn'}) eq lc($param->{'binddn'}) )
+ {
+ y2milestone("Repl DN is rootdn of database $i. No ACL needed");
+ $changes->{'needsyncacl'} = 0;
+ }
+ else
+ {
+ my $acl = SCR->Read(".ldapserver.database.{".$i."}.acl" );
+ my $needacl=1;
+ my @syncacl = ({
+ 'target' => {},
+ 'access' => [
+ { 'type' => "dn.base",
+ 'value' => $param->{'binddn'},
+ 'level' => "read",
+ 'control' => "" },
+ { 'type' => "*",
+ 'value' => "",
+ 'level' => "",
+ 'control' => "break" }
+ ]
+ });
+ foreach my $rule ( @{$acl} )
+ {
+ my $wholedb=0;
+ if ( keys %{$rule->{'target'}} == 0 )
+ {
+ $wholedb=1;
+ }
+ elsif ( defined $rule->{'target'}->{'dn'} &&
+ $rule->{'target'}->{'dn'}->{'style'} eq "subtree" &&
+ lc($rule->{'target'}->{'dn'}->{'value'}) eq lc($suffix)
+ )
+ {
+ $wholedb=1;
+ }
+ else
+ {
+ # rule doesn't match the whole database
+ $wholedb=0;
+ last;
+
+ }
+ if ($wholedb)
+ {
+ # this rule matches all db entries, check if it gives
+ # at least read access to the provided syncrepl id
+ foreach my $access ( @{$rule->{'access'}} )
+ {
+ if ( $access->{'type'} eq "dn.base" &&
+ lc($access->{'value'}) eq lc($param->{'binddn'} ) &&
+ ($access->{'level'} eq "read" || $access->{'level'} eq "write")
+ )
+ {
+ y2milestone("Found matching ACL in database $i");
+ $needacl = 0;
+ last;
+ }
+ }
+ if (! $needacl)
+ {
+ last;
+ }
+ }
+ }
+ if ( $needacl )
+ {
+ y2milestone("Database $i needs sync-acl");
+ $changes->{'needsyncacl'} = 1;
+ }
+ else
+ {
+ $changes->{'needsyncacl'} = 0;
+ }
+ }
+ push @db_changes, $changes;
+ }
+ }
+ foreach my $db_change (@db_changes)
+ {
+ my $i = $db_change->{'index'};
+ if ($db_change->{'needsyncacl'} )
+ {
+ y2milestone("Adding ACL for syncrepl to database $i");
+ my @syncacl = ({
+ 'target' => {},
+ 'access' => [
+ { 'type' => "dn.base",
+ 'value' => $param->{'binddn'},
+ 'level' => "read",
+ 'control' => "" },
+ { 'type' => "*",
+ 'value' => "",
+ 'level' => "",
+ 'control' => "break" }
+ ]
+ });
+ my $acl = SCR->Read(".ldapserver.database.{".$i."}.acl" );
+ push @syncacl, (@$acl);
+ my $rc = SCR->Write(".ldapserver.database.{".$i."}.acl", \@syncacl );
+ }
+ if ( $db_change->{'needsyncprov'} )
+ {
+ y2milestone("Enabling syncrepl provider overlay on database $i");
+ my $syncprov = { 'enabled' => 1,
+ 'checkpoint' => { 'ops' => YaST::YCP::Integer(100),
+ 'min' => YaST::YCP::Integer(5)
+ }
+ };
+ SCR->Write(".ldapserver.database.{".$i."}.syncprov", $syncprov);
+ }
+ if ( $db_change->{'needsyncrepl'} )
+ {
+ y2milestone("Adding syncrepl consumer configuration for database $i");
+ my $syncrepl = {
+ "provider" => {
+ "protocol" => $param->{'target'}->{'protocol'},
+ "target" => $param->{'target'}->{'target'},
+ "port" => $param->{'target'}->{'port'}
+ },
+ "type" => "refreshAndPersist",
+ "binddn" => $param->{'binddn'},
+ "credentials" => $param->{'credentials'},
+ "basedn" => $db_change->{"suffix"},
+ "starttls" => $param->{'starttls'}
+ };
+ SCR->Write(".ldapserver.database.{".$i."}.syncrepl", $syncrepl );
+ }
+ }
+ y2milestone("Comminting changes to provider LDAP");
+ SCR->Execute(".ldapserver.commitChanges" );
+ SCR->Execute(".ldapserver.reset" );
+
+ # Remote should be ready now. Now create the local config stub required
+ # to initiate cn=config replication
+ SCR->Execute(".ldapserver.initGlobals" );
+
+ #SCR->Write(".ldapserver.global.serverIds", [ $ownServerId ] );
+ my $cfgdatabase = { 'type' => 'config',
+ 'rootdn' => 'cn=config' };
+ my $frontenddb = { 'type' => 'frontend' };
+ SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase ] );
+ my $syncrepl = {
+ "provider" => {
+ "protocol" => $param->{'target'}->{'protocol'},
+ "target" => $param->{'target'}->{'target'},
+ "port" => $param->{'target'}->{'port'}
+ },
+ "type" => "refreshAndPersist",
+ "binddn" => $param->{'binddn'},
+ "credentials" => $param->{'credentials'},
+ "basedn" => "cn=config",
+ "starttls" => $param->{'starttls'},
+ "updateref" => {}
+ };
+ SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl );
+ $overwriteConfig = 1;
+ $isSyncreplSlave = 1;
+
+ return 1;
+}
1;
# EOF
Modified: branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp?rev=59379&r1=59378&r2=59379&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp (original)
+++ branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp Fri Nov 6 14:52:54 2009
@@ -275,6 +275,58 @@
return ret;
}
+any ServerTypeDialog()
+{
+ term serverTypeWidget =
+ `HSquash(
+ `VBox(
+ `Heading( _("Please select Server type") ),
+ `VSpacing(),
+ `RadioButtonGroup(
+ `id( `rbg_servertype ),
+ `VBox(
+ `Left(
+ `RadioButton(
+ `id( `rb_master ),
+ _("This will be a standalone or master server"),
+ true
+ )
+ ),
+ `VSpacing(),
+ `Left(
+ `RadioButton(
+ `id( `rb_slave ),
+ _("This will be a replica (slave) server.\n") +
+ _("All data including configuration will replicated from a remote server."),
+ false
+ )
+ )
+ )
+ )
+ )
+ );
+ Wizard::SetContentsButtons( caption,
+ serverTypeWidget,
+ HELPS["server_type"]:"help not found",
+ Label::BackButton(),
+ Label::NextButton() );
+ any ret = nil;
+ while ( true )
+ {
+ ret = UI::UserInput();
+ y2milestone( "TlsConfigDialog: seeing return value '%1'", ret );
+ if ( ret == `next )
+ {
+ if (UI::QueryWidget( `id( `rbg_servertype ), `CurrentButton) == `rb_slave )
+ {
+ ret = `slave_setup;
+ }
+ }
+ return ret;
+ }
+ return ret;
+}
+
any TlsConfigDialog()
{
Wizard::SetContentsButtons( caption,
@@ -467,5 +519,130 @@
return ret;
}
+any SlaveSetupDialog()
+{
+ term widget =
+ `HSquash(
+ `VBox(
+ `Heading( _("Slave server setup") ),
+ `VSpacing(),
+ `VSquash(
+ `HBox(
+ `ComboBox( `id( `cb_sync_prot ), `opt(`notify), _("Protocol"), [ "ldap", "ldaps" ] ),
+ `HSpacing(),
+ `InputField( `id( `te_sync_target ), `opt(`hstretch), _("Provider Hostname"), "" ),
+ `HSpacing(),
+ `HSquash(
+ `IntField( `id(`if_sync_port), "Port", 0, 65536, 389)
+ ),
+ `HSpacing(),
+ `VBox(
+ `Bottom(
+ `CheckBox( `id( `cb_start_tls ), _("Use StartTLS"), true )
+ ),
+ `VSpacing(0.3)
+ )
+ )
+ ),
+ `VSpacing(0.3),
+ `Password( `id( `te_config_cred ), `opt(`hstretch), _("Administration Password for the \"cn=config\" Database"), "" ),
+ `VSpacing(0.3),
+ `HBox(
+ `InputField( `id( `te_sync_binddn ), `opt(`hstretch), _("Authentication DN to use for replication"), "" ),
+ `HSpacing(),
+ `Password( `id( `te_sync_cred ), `opt(`hstretch), _("Password"), "" )
+ )
+ )
+ );
+
+ Wizard::SetContentsButtons( caption,
+ widget,
+ HELPS["slave_dialog"]:"help not found",
+ Label::BackButton(),
+ Label::NextButton() );
+ any ret = nil;
+ while ( true )
+ {
+ UI::ChangeWidget(`cb_start_tls, `Enabled, false );
+ ret = UI::UserInput();
+ y2milestone( "SlaveSetupDialog: seeing return value '%1'", ret );
+ if ( ret == `next )
+ {
+ // test connection
+ map