Author: rhafer Date: Wed Feb 10 13:39:08 2010 New Revision: 60785 URL: http://svn.opensuse.org/viewcvs/yast?rev=60785&view=rev Log: Merged latest chunk of replication changes from sle-11-sp1 branch (revisions 60065-60723) Modified: trunk/ldap-server/ (props changed) trunk/ldap-server/src/LdapDatabase.ycp trunk/ldap-server/src/LdapServer.pm trunk/ldap-server/src/agent/SlapdConfigAgent.cc trunk/ldap-server/src/dialogs.ycp trunk/ldap-server/src/helps.ycp Modified: trunk/ldap-server/src/LdapDatabase.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapDatabase.ycp?... ============================================================================== --- trunk/ldap-server/src/LdapDatabase.ycp (original) +++ trunk/ldap-server/src/LdapDatabase.ycp Wed Feb 10 13:39:08 2010 @@ -1556,6 +1556,20 @@ if ( UI::QueryWidget( `cb_syncrepl, `Value ) == true ) { UI::ChangeWidget( `f_synccons, `Enabled, true ); + if ( (boolean)UI::QueryWidget( `cb_update_ref, `Value ) == true ) + { + UI::ChangeWidget( `te_updateref_target, `Enabled, true ); + UI::ChangeWidget( `cb_updateref_prot, `Enabled, true ); + UI::ChangeWidget( `if_updateref_port, `Enabled, true ); + UI::ChangeWidget( `te_updateref_target, `Value, "" ); + } + else + { + UI::ChangeWidget( `te_updateref_target, `Enabled, false ); + UI::ChangeWidget( `cb_updateref_prot, `Enabled, false ); + UI::ChangeWidget( `if_updateref_port, `Enabled, false ); + UI::ChangeWidget( `te_updateref_target, `Value, "" ); + } } else { @@ -1680,7 +1694,7 @@ + "\n\n"" + (string)err["summary"]:"" + ""\n"" + (string)err["description"]:"" + ""\n\n" + - _("Do you want to still want to continue?")); + _("Do you still want to continue?")); } if(!(boolean)SCR::Execute( .ldapserver.remoteLdapSyncCheck, testparm ) ) { @@ -1692,7 +1706,7 @@ + "\n"" + (string)err["summary"]:""+ ""\n"" + (string)err["description"]:"" + ""\n\n" + - _("Do you want to still want to continue?")); + _("Do you still want to continue?")); } } return true; @@ -1742,7 +1756,7 @@ if ( (boolean) UI::QueryWidget( `cb_update_ref, `Value) ) { map<string,any> updateref = $[]; - if ( (string)UI::QueryWidget(`cb_updateref_prot, `Value) != "" ) + if ( (string)UI::QueryWidget(`te_updateref_target, `Value) != "" ) { updateref = add(updateref, "protocol", (string)UI::QueryWidget(`cb_updateref_prot, `Value) ); updateref = add(updateref, "target", (string)UI::QueryWidget(`te_updateref_target, `Value) ); @@ -1931,7 +1945,7 @@ { string caption = _("Replication settings"); term contents = GetSyncConsWidget(); - Wizard::SetContentsButtons(caption, contents, HELPS["syncrepl_edit"]:"", + Wizard::SetContentsButtons(caption, contents, HELPS["synccons_edit"]:"", Label::BackButton(), Label::NextButton()); symbol ret = `next; DbSyncConsRead(-1, $[] ); @@ -1992,7 +2006,7 @@ ], "syncrepl" : $[ `next : "ppolicy", - `syncrepl : "last", + `syncrepl : `next, `abort : `abort ], "ppolicy" : $[ Modified: trunk/ldap-server/src/LdapServer.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev... ============================================================================== --- trunk/ldap-server/src/LdapServer.pm (original) +++ trunk/ldap-server/src/LdapServer.pm Wed Feb 10 13:39:08 2010 @@ -1794,7 +1794,7 @@ "credentials" => $syncpw, "basedn" => "cn=config", "starttls" => YaST::YCP::Boolean(1), - "updateref" => {} + "syncrepl" => { 'use_provider' => YaST::YCP::Boolean(1) } }; SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl ); $syncrepl->{'basedn'} = $dbDefaults{'suffix'}; @@ -1947,6 +1947,54 @@ { my ($self, $dbIndex, $acllist ) = @_; y2debug("ChangeDatabaseAcl: ".Data::Dumper->Dump([$acllist]) ); + + # Check whether this is a slave database, if yes locate the + # syncrepl related ACL and move it to the top. This is to ensure + # that syncrepl clients have read access to everything + my $syncrepl = $self->ReadSyncRepl( $dbIndex ); + if ( $syncrepl && scalar(keys %{$syncrepl}) && $syncrepl->{'binddn'} ne "" ) + { + my $acllist_sorted=[]; + my $syncacl={}; + my $found=0; + + foreach my $rule ( @{$acllist} ) + { + if ( !$found && (keys %{$rule->{'target'}} == 0) ) + { + # this rule matches all db entries, check if it gives + # read access to the syncrepl id + foreach my $access ( @{$rule->{'access'}} ) + { + if ( $access->{'type'} eq "dn.base" && + lc($access->{'value'}) eq lc($syncrepl->{'binddn'} ) && + ($access->{'level'} eq "read" || $access->{'level'} eq "write") + ) + { + y2milestone("Found syncrepl ACL, moving to first position"); + $syncacl=$rule; + $found=1; + last; + } + } + if( $found ) + { + next; + } + } + push @{$acllist_sorted}, $rule; + } + if ( $found ) + { + # push syncrepl acl on top + push @{$acllist_sorted}, $syncacl; + $acllist = [ $syncacl ]; + push @{$acllist}, @{$acllist_sorted}; + } + } + + + my $rc = SCR->Write(".ldapserver.database.{".$dbIndex."}.acl", $acllist ); if ( ! $rc ) { Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfig... ============================================================================== --- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original) +++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Wed Feb 10 13:39:08 2010 @@ -1734,6 +1734,25 @@ { sr = boost::shared_ptr<OlcSyncRepl>(new OlcSyncRepl()); srl.push_back(sr); + + // find available rid (rid must be unique accross the server) + OlcDatabaseList::const_iterator k; + int largest_rid=0; + for ( k = databases.begin(); k != databases.end() ; k++ ) + { + OlcSyncReplList srl1 = (*k)->getSyncRepl(); + if ( srl1.empty() ) + { + continue; + } + boost::shared_ptr<OlcSyncRepl> sr1; + int currid = (*srl1.begin())->getRid(); + if ( currid > largest_rid ) + { + largest_rid=currid; + } + } + sr->setRid(largest_rid+1); } else { @@ -1814,11 +1833,23 @@ YCPMap updaterefMap = argMap->value(YCPString("updateref"))->asMap(); if ( updaterefMap.size() > 0 ) { - LDAPUrl updaterefUrl; - updaterefUrl.setScheme( updaterefMap->value(YCPString("protocol"))->asString()->value_cstr() ); - updaterefUrl.setHost( updaterefMap->value(YCPString("target"))->asString()->value_cstr() ); - updaterefUrl.setPort( updaterefMap->value(YCPString("port"))->asInteger()->value() ); - (*i)->setStringValue("olcUpdateRef", updaterefUrl.getURLString() ); + if ( !updaterefMap->value(YCPString("use_provider")).isNull() && + updaterefMap->value(YCPString("use_provider"))->asBoolean()->value() ) + { + (*i)->setStringValue("olcUpdateRef", prvuri.getURLString() ); + } + else + { + LDAPUrl updaterefUrl; + updaterefUrl.setScheme( updaterefMap->value(YCPString("protocol"))->asString()->value_cstr() ); + updaterefUrl.setHost( updaterefMap->value(YCPString("target"))->asString()->value_cstr() ); + updaterefUrl.setPort( updaterefMap->value(YCPString("port"))->asInteger()->value() ); + (*i)->setStringValue("olcUpdateRef", updaterefUrl.getURLString() ); + } + } + else + { + (*i)->setStringValue("olcUpdateRef", "" ); } } } @@ -2251,7 +2282,8 @@ try{ // Simple LDAPSync Request Control (refreshOnly, no cookie) const char ctrl[] = { 0x30, 0x03, 0x0a, 0x01, 0x01 }; - LDAPCtrl syncCtrl( "1.3.6.1.4.1.4203.1.9.1.1", true, ctrl, sizeof(ctrl) ); + std::string ctrlStr(ctrl, sizeof(ctrl) ); + LDAPCtrl syncCtrl( std::string("1.3.6.1.4.1.4203.1.9.1.1"), true, ctrlStr ); LDAPControlSet cs; cs.add(syncCtrl); LDAPConstraints searchCons; Modified: trunk/ldap-server/src/dialogs.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/dialogs.ycp?rev=6... ============================================================================== --- trunk/ldap-server/src/dialogs.ycp (original) +++ trunk/ldap-server/src/dialogs.ycp Wed Feb 10 13:39:08 2010 @@ -913,7 +913,7 @@ } if ( ! setupok ) { - Popup::Error( _("The Replication Configuration on the master server indicates that\nis already acting as a Repliation Consumer.\n") + + Popup::Error( _("The Replication Configuration on the master server indicates that\nit is already acting as a Replication Consumer.\n") + _("Setting up cascaded replication of the cn=config is not supported currently.") ); ret = `cancel; break; @@ -1034,7 +1034,7 @@ `HSquash( `VSquash( `VBox( - `Heading( _("Repliation Master setup") ), + `Heading( _("Replication Master setup") ), `VSpacing( 0.5 ), `Label( _("In order to act as a Master Server for Replication, the Configuration database needs\nto be remotely accessible. Please set a password for the Configuration database." ) + _("\n(Remote access to the Configuration database will be restricted to encrypted\nLDAP Connections)") Modified: trunk/ldap-server/src/helps.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/helps.ycp?rev=607... ============================================================================== --- trunk/ldap-server/src/helps.ycp (original) +++ trunk/ldap-server/src/helps.ycp Wed Feb 10 13:39:08 2010 @@ -134,6 +134,49 @@ (DN, filter and Attributes) matches the entry being access. You might need to order the rules according to your needs. You can use the <b>Up</b> and <b>Down</b> buttons for that</p>"), + "syncprov_edit" : + _("<h3>Replication Provider Settings</h3>") + + _("<p>Select the "<b>Enable ldapsync provider for this database</b>" checkbox, if you want to +be able to replicate the currently selected database to another server.</p>") + + _("<h4>Checkpoint Settings</h4>") + + _("<p>Here you can specify how often the synchronization state indicator (stored in the +"<i>contextCSN</i>"-Attribute) is written to the database. It is synced out to the database if +"<i>Operations</i>" write operations or more than "<i>Minutes</i>" have passed since the +last time the indicator was written. By default (both values are '0') the state indicator is only +written after a clean shutdown. Writing it more often can result in faster startup times after an +unclean shutdown but might result in a small performance hit in environments with many LDAP Write +Operations.</p>")+ + _("<h4>Session log</h4>") + + _("<p>Configures an in-memory session log for recording information about write operations +made on the database. Specify how many write operation should be recorded in the session log. +Configuring a session log is only useful for "<i>refreshOnly</i>" replication. In +such a case it can speed up replication and reduce the load on the master server.</p>"), + + "synccons_edit" : + _("<h3>Replication Consumer Settings</h3>") + + _("<p>Select the "<b>This database is a Replication Consumer</b>" if you want the database to be a replica +of a database on another server.</p>") + + _("<h4>Provider</h4>") + + _("Enter the connection details for the replication connection to the master server here. For that, select the +protocol to use (<b>ldap</b> or <b>ldaps</b>) and enter the fully qualified hostname of the master server here. It is +important to use the fully qualified hostname here to be able to verify the master server's TLS/SSL certificate. Adjust +the port number if the master server is using non-standard ldap ports.") + + _("<h4>Replication Type</h4>") + + _("<p>OpenLDAP supports different modes of replication:</p>") + + _("<p><b>refreshOnly</b>: The slave server will periodically open a new connection, trigger a +synchronization and close the connection again. The intervall how often this synchronization happens can be configured +through the <b>Replication Interval</b> settings.</p>") + + _("<p><b>refreshAndPersist</b>: The slave server will open a persistent connection to the master server for +synchronization. Updated entries on the master server are immediately sent to the slave through that connection.</p>") + + _("<h4>Authentication</h4>") + + _("<p>Specify a DN and password here that the slave server should use to authenticate against the master. +The specified DN needs to have read access to all entries in the replicated database on the master.</p>") + + _("<h4>Update Referral</h4>") + + _("<p>As the slave database is readonly. The slave server will answer write operations with an LDAP referral. +This referral by default points the client to the master server. You can configure a differen update referral here. +This is e.g. useful in a cascaded replication setup i.e. when the provider for the slave server is as slave server +itself. </p>"), + /* Read dialog help */ "read" : _("<p><b><big>Initializing LDAP Server Configuration</big></b><br>Please wait...<br></p>") + @@ -156,14 +199,24 @@ created. Click <b>Finish</b> to write that configuration and leave the LDAP Server module</p>"), - /* Configuration Startup Dialog 1/2 */ + /* Configuration Wizard Step 1 */ "service_dialog" : _("<p>With <b>Start LDAP Server Yes or No</b>, start or stop the LDAP server.</p> ") + _("<p>If <b>Yes</b> is selected, you can click <b>Next</b> to start the configuration wizard</p>")+ - /* Configuration Startup Dialog 2/2 */ _("<p>If the Firewall is enabled you can open the required network ports for OpenLDAP by checking the corresponding Checkbox.</p>"), + /* Configuration Wizard Step 2 */ + "server_type" : + _("<p>Select the type of LDAP Server you want to setup. The following scenarios are available:</p>") + + _("<p><b>Standalone Server</b>: Setup a single standalone OpenLDAP Server with no preparations for +replication</p>") + + _("<p><b>Replication Master (Provider)</b>: Create an OpenLDAP setup that is prepared to act as a master server +(provider) in a replication setup.</p>") + + _("<p><b>Replication Slave (Consumer)</b>: Setup an OpenLDAP slave server that replicates all its data, +including configuration, from a master server.</p>"), + + /* Configuration Wizard Step 3 */ "tls_dialog" : _("<h3>TLS Settings</h3>") + @@ -232,7 +285,16 @@ /* Tree Item Dialog "databases" 2/2 */ _("<p>To add a new database, press <b>Add Database...</b>.</p>") + _("<p>To delete a database, select a database from the List and press <b>Delete Database...</b>. -You can not delete the "config" and "frontend" databases.</p>") +You can not delete the "config" and "frontend" databases.</p>"), + + "master_setup_dialog" : + _("<p>Enter a password for the configuration database ("<i>cn=config</i>") here. This is required to make +the configuration database accessible remotely.</p>"), + + "slave_dialog" : + _("<p>To setup a slave server some details need to be queried from the master server. Please enter the master +server's hostname, adjust the protocol (either "<i>ldap</i>" or "<i>ldaps</i>") and port number as needed and enter the password +for the master's configuration database ("<i>cn=config</i>").</p>"), ]; /* EOF */ -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org