View | Details | Raw Unified | Return to bug 35170
Collapse All | Expand All

(-)python/univention-get-ldif-from-master.py (+137 lines)
Line 0    Link Here 
1
#!/usr/bin/python2.6
2
# -*- coding: utf-8 -*-
3
#
4
# Univention Directory Listener
5
"""Read ldap from the DC master and create ldif file (and update local schema)"""
6
#
7
# Copyright 2004-2014 Univention GmbH
8
#
9
# http://www.univention.de/
10
#
11
# All rights reserved.
12
#
13
# The source code of this program is made available
14
# under the terms of the GNU Affero General Public License version 3
15
# (GNU AGPL V3) as published by the Free Software Foundation.
16
#
17
# Binary versions of this program provided by Univention to you as
18
# well as other copyrighted, protected or trademarked materials like
19
# Logos, graphics, fonts, specific documentations and configurations,
20
# cryptographic keys etc. are subject to a license agreement between
21
# you and Univention and not subject to the GNU AGPL V3.
22
#
23
# In the case you use this program under the terms of the GNU AGPL V3,
24
# the program is provided in the hope that it will be useful,
25
# but WITHOUT ANY WARRANTY; without even the implied warranty of
26
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27
# GNU Affero General Public License for more details.
28
#
29
# You should have received a copy of the GNU Affero General Public
30
# License with the Debian GNU/Linux or Univention distribution in file
31
# /usr/share/common-licenses/AGPL-3; if not, see
32
# <http://www.gnu.org/licenses/>.
33
34
import univention.uldap as uldap
35
import univention.config_registry
36
37
import ldap
38
import ldif
39
import sys
40
import os
41
import optparse
42
43
from ldap.controls import LDAPControl
44
from ldap.controls import SimplePagedResultsControl
45
46
sys.path.append("/usr/lib/univention-directory-listener/system/") 
47
import replication
48
49
# from replication.py
50
def _update_schema(attr):
51
	fp = open('/var/lib/univention-ldap/schema.conf.new', 'w')
52
	print >>fp, '# This schema was automatically replicated from the master server'
53
	print >>fp, '# Please do not edit this file\n'
54
	subschema = ldap.schema.SubSchema(attr)
55
	for oid in replication.subschema_sort(subschema, ldap.schema.AttributeType):
56
		if oid in replication.BUILTIN_OIDS:
57
			continue
58
		obj = subschema.get_obj(ldap.schema.AttributeType, oid)
59
		print >>fp, 'attributetype', str(obj)
60
	for oid in replication.subschema_sort(subschema, ldap.schema.ObjectClass):
61
		if oid in replication.BUILTIN_OIDS:
62
			continue
63
		obj = subschema.get_obj(ldap.schema.ObjectClass, oid)
64
		print >>fp, 'objectclass', str(obj)
65
	fp.close()
66
	os.rename('/var/lib/univention-ldap/schema.conf.new', '/var/lib/univention-ldap/schema.conf')
67
68
# update the ldap schema file
69
def update_schema(lo):
70
	res = lo.search(base="cn=Subschema", scope=ldap.SCOPE_BASE, filter='(objectclass=*)', attr=['+', '*'])
71
	for r in res:
72
		dn, data = r
73
		_update_schema(data)
74
75
# create ldif file from everything from lo
76
def create_ldif_from_master(lo, ldif_file, base, page_size):
77
78
	if os.path.isfile(ldif_file):
79
		os.unlink(ldif_file)
80
81
	lc = SimplePagedResultsControl(
82
		ldap.LDAP_CONTROL_PAGE_OID, True, (page_size,'')
83
	)
84
85
	msgid = lo.lo.search_ext(base, ldap.SCOPE_SUBTREE, '(objectclass=*)', ['+', '*'], serverctrls=[lc])
86
	fh = open(ldif_file, "w")
87
	while True:
88
		rtype, rdata, rmsgid, serverctrls = lo.lo.result3(msgid)
89
		for i in rdata:
90
			dn, data = i
91
			fh.write(ldif.CreateLDIF(dn, data))
92
		fh.close()
93
		pctrls = [
94
			c
95
			for c in serverctrls
96
			if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
97
		]
98
		if pctrls:
99
			est, cookie = pctrls[0].controlValue
100
			if cookie:
101
				lc.controlValue = (page_size, cookie)
102
				msgid = lo.lo.search_ext(base, ldap.SCOPE_SUBTREE, filter, attrs, serverctrls=[lc])
103
			else:
104
				break
105
		else:
106
			print "Warning:  Server ignores RFC 2696 control."
107
			break
108
	fh.close()
109
110
if __name__ == "__main__":
111
112
	usage = "usage: %prog [options]\n"
113
	parser = optparse.OptionParser(usage=usage)
114
	parser.add_option("-l", "--ldif", dest="ldif", action="store_true", default=False, help="create ldif file")
115
	parser.add_option("-s", "--schema", dest="schema", action="store_true", default=False, help="update ldap schema")
116
	parser.add_option("-o", "--outfile", dest="outfile", default="/var/lib/univention-directory-listener/master.ldif", help="file to store ldif data")
117
	parser.add_option("-p", "--pagesize", dest="pagesize", type="int", default=10000, help="page size to use for ldap paged search")
118
	opts, args = parser.parse_args()
119
120
	ucr = univention.config_registry.ConfigRegistry()
121
	ucr.load()
122
	base = ucr.get("ldap/base")
123
	lo = uldap.getMachineConnection(ldap_master = True)
124
125
	if opts.schema:
126
		sys.stdout.write("updating schema ...")
127
		sys.stdout.flush()
128
		update_schema(lo)
129
		sys.stdout.write(" OK\n")
130
131
	if opts.ldif:
132
		sys.stdout.write("creating ldif file %s ..." % opts.outfile)
133
		sys.stdout.flush()
134
		create_ldif_from_master(lo, opts.outfile, base, opts.pagesize)
135
		sys.stdout.write(" OK\n")
136
137
	sys.exit(0)
0
  + *
138
  + *
(-)03univention-directory-listener.inst (-1 / +88 lines)
 Lines 80-87    Link Here 
80
fi
80
fi
81
options="$options -ZZ -d $debugLevel"
81
options="$options -ZZ -d $debugLevel"
82
82
83
options="$options -i -h $ldap_master -b "$ldap_base" -m $moduledir -c $cachedir"
83
# 1: fake replication.py initialization on non master systems
84
# init the listener without replication.py, instead slapadd a ldif
85
# file to the local ldap
86
if [ -n "$server_role" -a "$server_role" != "domaincontroller_master" ]; then
87
	invoke-rc.d slapd stop
88
	invoke-rc.d univention-directory-listener stop
84
89
90
	# update schema
91
	/usr/share/univention-directory-listener/univention-get-ldif-from-master.py -s
92
93
	# get and store notifier id to get changes during initialization
94
	notifier_id_master="$(/usr/share/univention-directory-listener/get_notifier_id.py)" || exit 1
95
96
	# check if we use a pre-defined ldif or if we create the ldif
97
	def_notifier_id="$(ucr get listener/join/notifier/id)"
98
	def_ldif="$(ucr get listener/join/ldif/file)"
99
	if [ -n "$def_ldif" -a -n "$def_notifier_id" -a -e "$def_ldif" ]; then
100
		# use local ldif file and defined id
101
		echo "using pre-defined ldif and notifier id"
102
		notifier_id="$def_notifier_id"
103
		ldif="$def_ldif"
104
		
105
	else
106
		echo "creating ldif file"
107
		notifier_id="$notifier_id_master"
108
		ldif="/var/lib/univention-directory-listener/master.ldif"
109
		/usr/share/univention-directory-listener/univention-get-ldif-from-master.py -l -o "$ldif"
110
	fi
111
112
	echo "using $ldif as ldif file for fake replication.py initialization"
113
	echo "using $notifier_id as notifier_id file for fake replication.py initialization"
114
115
	# set notifier id
116
	echo $notifier_id > /var/lib/univention-directory-listener/notifier_id
117
	chown listener /var/lib/univention-directory-listener/notifier_id
118
119
	# update local ldap 
120
	rm /var/lib/univention-ldap/ldap/*
121
	ucr commit /var/lib/univention-ldap/ldap/DB_CONFIG
122
	slapadd -q -l "$ldif" || exit 1
123
	sync
124
	invoke-rc.d slapd start
125
	#rm "$ldif"
126
127
	# fake replication handler initialization
128
	mkdir -p /var/lib/univention-directory-listener/handlers/
129
	echo 3 > /var/lib/univention-directory-listener/handlers/replication
130
	chown -R listener /var/lib/univention-directory-listener/handlers/
131
132
	# fake listener initialization (-P)
133
	options="$options -P -h $ldap_master -b "$ldap_base" -m $moduledir -c $cachedir"
134
else
135
	# real listener initialization
136
	options="$options -i -h $ldap_master -b "$ldap_base" -m $moduledir -c $cachedir"
137
fi
138
85
if [ -n "$server_role" ]; then
139
if [ -n "$server_role" ]; then
86
	if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" ]; then
140
	if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" ]; then
87
		/usr/sbin/univention-directory-listener $options -D "cn=admin,$ldap_base" -y /etc/ldap.secret
141
		/usr/sbin/univention-directory-listener $options -D "cn=admin,$ldap_base" -y /etc/ldap.secret
 Lines 94-99    Link Here 
94
148
95
exit_status=$?
149
exit_status=$?
96
150
151
# 2: fake replication.py initialization on non master systems
152
# copy listener cache (if defined), because cache without replication.py
153
# is not fully filled
154
if [ -n "$server_role" -a "$server_role" != "domaincontroller_master" ]; then
155
	lcache="$(ucr get listener/join/cache/file)"
156
	if [ -n "$lcache" -a -e "$lcache" ]; then
157
		cp "$lcache" /var/lib/univention-directory-listener/cache.db
158
		chown listener:nogroup /var/lib/univention-directory-listener/cache.db
159
		chmod 600 /var/lib/univention-directory-listener/cache.db
160
	fi
161
fi
162
97
univention-config-registry set ldap/database/ldbm/dbsync=$ldap_database_ldbm_dbsync
163
univention-config-registry set ldap/database/ldbm/dbsync=$ldap_database_ldbm_dbsync
98
164
99
# needed for db sync
165
# needed for db sync
 Lines 118-123    Link Here 
118
# The samba join script needs a running listener. Bug #19128
184
# The samba join script needs a running listener. Bug #19128
119
/etc/init.d/univention-directory-listener start
185
/etc/init.d/univention-directory-listener start
120
186
187
# 3: fake replication.py initialization on non master systems
188
# wait until local notifier id is equal to notifier id of the master
189
# before the fake replication.py
190
# otherwise if we use listener/join/notifier/id we could miss 
191
# the password change for the local host account
192
if [ -n "$server_role" -a "$server_role" != "domaincontroller_master" ]; then
193
	while true; do
194
		echo "waiting for replication"
195
		lid="$(cat /var/lib/univention-directory-listener/notifier_id)"
196
		if [ 1 -eq $(echo "$lid >= $notifier_id_master" | bc) ]; then
197
			break
198
		fi
199
		# wait for max 2hrs
200
		timeout=$(($timeout + 1))
201
		if [ $timeout -ge 7200 ]; then
202
			break
203
		fi
204
		sleep 1
205
	done
206
fi
207
121
test -x /usr/sbin/nscd && /usr/sbin/nscd -i passwd
208
test -x /usr/sbin/nscd && /usr/sbin/nscd -i passwd
122
test -x /usr/sbin/nscd && /usr/sbin/nscd -i group
209
test -x /usr/sbin/nscd && /usr/sbin/nscd -i group
123
210
(-)debian/univention-directory-listener.install (+1 lines)
 Lines 3-8    Link Here 
3
src/verify usr/sbin/
3
src/verify usr/sbin/
4
src/listener-ctrl usr/sbin/
4
src/listener-ctrl usr/sbin/
5
python/get_notifier_id.py usr/share/univention-directory-listener/
5
python/get_notifier_id.py usr/share/univention-directory-listener/
6
python/univention-get-ldif-from-master.py usr/share/univention-directory-listener/
6
python/ldap_server.py usr/lib/univention-directory-listener/system/
7
python/ldap_server.py usr/lib/univention-directory-listener/system/
7
python/listener.py usr/lib/python2.6/site-packages/
8
python/listener.py usr/lib/python2.6/site-packages/
8
03univention-directory-listener.inst usr/lib/univention-install/
9
03univention-directory-listener.inst usr/lib/univention-install/

Return to bug 35170