Skip to main content

Deploy an OpenLDAP server in a zc.buildout

Project description

What is z3c.recipe.ldap ?

This recipe can be used to deploy an OpenLDAP server in a zc.buildout. More specifically it provides for initializing an LDAP database from an LDIF file and for setting up an LDAP instance in the buildout. This recipe can also be used to provide an isolated LDAP instance as a test fixture.

How to use z3c.recipe.ldap ?

Installing slapd instance

The default recipe in z3c.recipe.ldap can be used to deploy a slapd LDAP server in the buildout. Options in the slapd part not used by the recipe itself will be used to create and populate a slapd.conf file.

The only required option is the suffix argupent. Specifying the suffix with a dc requires that the “dc” LDAP attribute type configuration. Write a buildout.cfg with a suffix and include core.schema for the attribute type configuration. Also specify that the server should use a socket instead of a network port:

>>> write(sample_buildout, 'buildout.cfg',
... """
... [buildout]
... parts = slapd
... find-links = http://download.zope.org/ppix/
...
... [slapd]
... recipe = z3c.recipe.ldap
... slapd = %(openldap)s/libexec/slapd
... use-socket = True
... allow = bind_v2
... include =
...     %(openldap)s/etc/openldap/schema/core.schema
...     foo.schema
...     bar.conf
... modulepath =
... moduleload =
... suffix = "dc=localhost"
... """ % globals())

Create the files to be included:

>>> write(sample_buildout, 'foo.schema', '\n')
>>> write(sample_buildout, 'bar.conf', '\n')

Run the buildout:

>>> print system(buildout),
Installing slapd.
Generated script '/sample-buildout/bin/slapd'.

The configuration file is created in the part by default. Note that keys that can be specified multiple times in slapd.conf, such as include, will be constitued from multiple line separated values when present. Also note that keys that contain file paths in slapd.conf, such as include, will be expanded from the buildout directory. Finally note that options specified with blank values will be excluded:

>>> ls(sample_buildout, 'parts', 'slapd')
-  slapd.conf
>>> cat(sample_buildout, 'parts', 'slapd', 'slapd.conf')
include     .../etc/openldap/schema/core.schema
include     /sample-buildout/foo.schema
include     /sample-buildout/bar.conf
pidfile     /sample-buildout/parts/slapd/slapd.pid
allow       bind_v2
database    bdb
suffix      "dc=localhost"
directory   /sample-buildout/var/slapd
dbconfig    set_cachesize   0       268435456       1
dbconfig    set_lg_regionmax        262144
dbconfig    set_lg_bsize    2097152
index       objectClass     eq

The socket path is properly escaped in the configuration:

>>> cat(sample_buildout, '.installed.cfg')
[buildout]...
[slapd]...
urls = ldapi://...%2Fsample-buildout%2Fparts%2Fslapd%2Fslapd.socket
...

An empty directory is created for the LDAP database:

>>> ls(sample_buildout, 'var')
d  slapd
>>> ls(sample_buildout, 'var', 'slapd')

A script is also created for starting and stopping the slapd server:

>>> ls(sample_buildout, 'bin')
-  buildout
-  slapd

Start the slapd server:

>>> bin = join(sample_buildout, 'bin', 'slapd')
>>> print system(bin+' start'),

On first run, the LDAP database is created:

>>> ls(sample_buildout, 'var', 'slapd')
-  DB_CONFIG
-  __db.001...

While the server is running a pid file is created and also a socket in this case:

>>> ls(sample_buildout, 'parts', 'slapd')
-  slapd.conf
-  slapd.pid
-  slapd.socket

Stop the slapd server:

>>> print system(bin+' stop'),

When the slapd server finishes shutting down the pid file is deleted:

>>> ls(sample_buildout, 'parts', 'slapd')
-  slapd.conf

The slapd binary

The slapd binary to be used can be specified as we did above when we specified the slapd binary from the buildout OpenLDAP CMMI part:

>>> cat(sample_buildout, '.installed.cfg')
[buildout]...
[slapd]...
slapd = .../parts/openldap/libexec/slapd
...

If no binary is specified, it’s left up to the environment. Write a buildout.cfg with no slapd specified:

>>> write(sample_buildout, 'buildout.cfg',
... """
... [buildout]
... parts = slapd
...
... [slapd]
... recipe = z3c.recipe.ldap
... use-socket = True
... """)

Run the buildout:

>>> print system(buildout),
Uninstalling slapd.
Installing slapd.
Generated script '/sample-buildout/bin/slapd'.

Now it will find the binary on the system path:

>>> cat(sample_buildout, '.installed.cfg')
[buildout]...
[slapd]...
slapd = slapd
...

Initalizing an LDAP database

The z3c.recipe.ldap.Slapadd can be used initialize an LDAP database from an LDIF file. In the simplest form, simply provide an “ldif” option in the part with one or more filenames.

Write a buildout.cfg that lists some LDIF files:

>>> write(sample_buildout, 'buildout.cfg',
... """
... [buildout]
... parts = slapd slapadd
...
... [slapd]
... recipe = z3c.recipe.ldap
... include =
...     %(openldap)s/etc/openldap/schema/core.schema
...     %(openldap)s/etc/openldap/schema/cosine.schema
... modulepath =
... moduleload =
... suffix = "dc=localhost"
...
... [slapadd]
... recipe = z3c.recipe.ldap:slapadd
... slapadd = %(openldap)s/sbin/slapadd
... conf = ${slapd:conf}
... ldif =
...     dc.ldif
...     admin.ldif
... """ % globals())

Write the LDIF files:

>>> write(sample_buildout, 'dc.ldif',
... """
... dn: dc=localhost
... dc: localhost
... objectClass: top
... objectClass: domain
... """)
>>> write(sample_buildout, 'admin.ldif',
... """
... dn: cn=admin,dc=localhost
... objectClass: person
... cn: admin
... sn: Manager
... """)

Run the buildout:

>>> print system(buildout),
Uninstalling slapd.
Installing slapd.
Generated script '/sample-buildout/bin/slapd'.
Installing slapadd.

The entries have been added to the LDAP database:

>>> print system(os.path.join(openldap, 'sbin', 'slapcat')+' -f '+
...        os.path.join(sample_buildout,
...                     'parts', 'slapd', 'slapd.conf')),
dn: dc=localhost
dc: localhost
objectClass: top
objectClass: domain...
dn: cn=admin,dc=localhost
objectClass: person
cn: admin
sn: Manager...

The LDIF files are added on update also.

Remove the existing LDAP database:

>>> rmdir(sample_buildout, 'var', 'slapd')
>>> mkdir(sample_buildout, 'var', 'slapd')

Run the Buildout to add the LDIF files again:

>>> print system(buildout),
Updating slapd.
Updating slapadd.

The entries have been added to the LDAP database:

>>> print system(os.path.join(openldap, 'sbin', 'slapcat')+' -f '+
...        os.path.join(sample_buildout,
...                     'parts', 'slapd', 'slapd.conf')),
dn: dc=localhost
dc: localhost
objectClass: top
objectClass: domain...
dn: cn=admin,dc=localhost
objectClass: person
cn: admin
sn: Manager...

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

z3c.recipe.ldap-0.1dev-r83198.tar.gz (8.2 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page