Update for OpenLDAP 2.5

OpenLDAP 2.5 switches from HDB to MDB. Update schema to match. Signed-off-by: Timothy Pearson <kb9vqf@pearsoncomputing.net>
3 months ago · 0d53fc4ef4
parent 132d640313
commit 0d53fc4ef4
6 changed files with 17 additions and 29 deletions
--- a/confskel/openldap/ldap/slapd.conf
+++ b/confskel/openldap/ldap/slapd.conf
@ -21,7 +21,7 @@ allow bind_v2
 loglevel 256

 modulepath /usr/lib/ldap
-moduleload back_hdb
+moduleload back_mdb
 moduleload syncprov
 moduleload back_monitor
 moduleload auditlog
@ -32,14 +32,14 @@ moduleload ppolicy
 sizelimit 500
 tool-threads 1

-backend hdb
+backend mdb

 database monitor
 database config
 rootdn cn=config
 rootpw {SHA}@@@ROOTPW_SHA@@@

-database hdb
+database mdb
 overlay syncprov
 overlay auditlog
 overlay smbk5pwd
--- a/confskel/openldap/ldif/hdb.ldif
+++ b/confskel/openldap/ldif/hdb.ldif
@ -1,6 +1,6 @@
-dn: cn={@@@LDIFSCHEMANUMBER@@@}hdb
+dn: cn={@@@LDIFSCHEMANUMBER@@@}mdb
 objectClass: olcSchemaConfig
-cn: {@@@LDIFSCHEMANUMBER@@@}hdb
+cn: {@@@LDIFSCHEMANUMBER@@@}mdb
 olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.10.1.1 NAME 'krb5PrincipalName' DESC 
 'The unparsed Kerberos principal name' EQUALITY caseExactIA5Match SYNTAX 1.3.
 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
--- a/confskel/openldap/ldif/moduleConfig.ldif
+++ b/confskel/openldap/ldif/moduleConfig.ldif
@ -2,7 +2,7 @@ dn: cn=module{0}
 objectClass: olcModuleList
 cn: module{0}
 olcModulePath: /usr/lib/ldap
-olcModuleLoad: {0}back_hdb
+olcModuleLoad: {0}back_mdb
 olcModuleLoad: {1}syncprov
 olcModuleLoad: {2}back_monitor
 olcModuleLoad: {3}auditlog
--- a/confskel/openldap/ldif/olcDatabase.ldif
+++ b/confskel/openldap/ldif/olcDatabase.ldif
@ -1,7 +1,7 @@
-dn: olcDatabase={@@@LDIFSCHEMANUMBER@@@}hdb
+dn: olcDatabase={@@@LDIFSCHEMANUMBER@@@}mdb
 objectClass: olcDatabaseConfig
-objectClass: olcHdbConfig
-olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb
+objectClass: olcMdbConfig
+olcDatabase: {@@@LDIFSCHEMANUMBER@@@}mdb
 olcDbDirectory: /var/lib/ldap
 olcSuffix: @@@REALM_DCNAME@@@
 olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,privateRootCertificateKey,pkiCertificate
@ -26,14 +26,8 @@ olcReadOnly: FALSE
 olcRootDN: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@
 olcRootPW: {SHA}@@@ROOTPW_SHA@@@
 olcMonitoring: TRUE
-olcDbCacheSize: 1000
 olcDbCheckpoint: 512 30
-olcDbConfig: {0}set_cachesize 0 67108864 1
-olcDbConfig: {1}set_lg_regionmax 262144
-olcDbConfig: {2}set_lg_bsize 2097152
 olcDbNoSync: FALSE
-olcDbDirtyRead: FALSE
-olcDbIDLcacheSize: 0
 olcDbIndex: entryCSN eq
 olcDbIndex: entryUUID eq
 olcDbIndex: objectClass eq
@ -43,14 +37,10 @@ olcDbIndex: mail eq,pres
 olcDbIndex: uid pres,eq,sub
 olcDbIndex: uidNumber eq
 olcDbIndex: gidNumber eq
-olcDbLinearIndex: FALSE
 olcDbMode: 0600
 olcDbSearchStack: 16
-olcDbShmKey: 0
-olcDbCacheFree: 1
-olcDbDNcacheSize: 0
 olcPlugin: postoperation @@@TDELIBDIR@@@/slapi-acl-manager.so plugin_init admingroup-dn:=cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ realm:=@@@REALM_UCNAME@@@ aclfile:=@@@HEIMDALACLFILE@@@  builtinadmin:=@@@ROOTUSER@@@
-structuralObjectClass: olcHdbConfig
+structuralObjectClass: olcMdbConfig
 creatorsName: cn=config
 createTimestamp: @@@TIMESTAMP@@@Z
 entryCSN: @@@TIMESTAMP@@@.@@@TIMESTAMP_MICROSECONDS@@@Z#000000#000#000000
--- a/confskel/openldap/ldif/schema.ldif
+++ b/confskel/openldap/ldif/schema.ldif
@ -665,7 +665,7 @@ olcObjectClasses: ( OLcfgGlOc:8 NAME 'olcModuleList' DESC 'OpenLDAP dynamic mo
 ) )
 olcObjectClasses: ( OLcfgDbOc:2.1 NAME 'olcLdifConfig' DESC 'LDIF backend conf
 iguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory )
-olcObjectClasses: ( OLcfgDbOc:1.2 NAME 'olcHdbConfig' DESC 'HDB backend config
+olcObjectClasses: ( OLcfgDbOc:1.2 NAME 'olcMdbConfig' DESC 'MDB backend config
 uration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcDbCach
 eSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcD
 bNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex 
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@ -811,8 +811,8 @@ void LDAPController::btnChangeLDAPRootPassword() {
 		sha.process(rootPassword2, rootPassword2.length());
 		TQString rootpw_hash = sha.base64Hash();
 	
-		TQString oldconfigfilename = "/etc/ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif.bkp").arg(1);
-		TQString newconfigfilename = "/etc/ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif").arg(1);
+		TQString oldconfigfilename = "/etc/ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}mdb.ldif.bkp").arg(1);
+		TQString newconfigfilename = "/etc/ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}mdb.ldif").arg(1);
 	
 		if (controlLDAPServer(SC_STOP) == 0) {
 			rename(newconfigfilename.ascii(), oldconfigfilename.ascii());
@ -1941,7 +1941,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/olcConfig.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}config.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/moduleConfig.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("cn=module{%1}.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 1;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/olcDatabase.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/olcDatabase.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}mdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);

 	// Schema files
 	ldifSchemaNumber = 0;
@ -1955,14 +1955,12 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	ldifSchemaNumber = 4;
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2739.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2739.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 5;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/ppolicy.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ppolicy.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
-	ldifSchemaNumber = 6;
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/ems-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ems-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
-	ldifSchemaNumber = 7;
+	ldifSchemaNumber = 6;
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/hdb.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
-	ldifSchemaNumber = 8;
+	ldifSchemaNumber = 7;
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
-// 	ldifSchemaNumber = 9;
+// 	ldifSchemaNumber = 8;
 // 	replacePlaceholdersInFile(templateDir + "openldap/ldif/samba.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}samba.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, standardUserGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);

 	// Set permissions