...and load it to AD server. AD if Kolab Schema can be used as LDAP server then.
Kind of finished version of Pykolab way of Active Directory setup:
- For AD LDAP modification I decided to use Jinja2 templates, which are in templates folder. Several reasons for that:
- Long texts of changes to be performed in python code does not look nice, especially when AD Kolab schema needs to be added.
- Ansible uses Jinja2 for templates, so templates used by setup_ldap.py can be reused with Ansible.
- It becomes easier to load additional data to LDAP (like data to for testing purposes) or setup OpenLDAP for use with Kolab.
Using Jinja2 creates python-jinja2 package dependency
TODO - Need to decide where Jinja2 templates should be installed. Currently /etc/kolab/templates/, /usr/share/kolab/templates/ and os.path.join(__file__, '..', '..', '..', 'share', 'templates' paths are used to find templates.
- I changed setup_ldap.py code flow. Now it first tries to determine all configuration options and then execute required steps (be it setup of Directory Server or Active Directory). If setup is not using alternative --config file then get_answers() function should gather all required information otherwise all information is from alternative config file.
- A change in pykolab/conf/__init__.py file may affect other components of pykolab. It is not clear why would default config_file and file supplied with --config CLI argument should be the same. Not sure what other implications will this have, but it helps to solve the issue with setup_ldap.py to follow 2 different code flow paths when --config is supplied and when it is not.
Now to setup Active Directory to work with Kolab you need to run:
setup-kolab ldap --with-ad
setup-kolab ldap --with-ad --config path.to.config.file
- ask questions what is your domain, base_dn (in AD), Administrator's bind_dn and password, AD server LDAP URI, Kolab dedicated LDAP tree DN (this is where we keep domains, groups, shared folders, resources).
- connect to AD LDAP and find where to load Kolab schema (in case of AD Forest only one server can be used to load schema, need to make sure we load schema onto right server)
- connect to AD LDAP and create necessary LDAP tree for Kolab related LDAP objects. This is done using Jinja2 templates.
- connect to AD LDAP and add service users (kolab-service and cyrus-admin) using templates. Users passwords can be set up using ldaps:// connection, therefore that if LDAP URI is just ldap:// users passwords need to be set via Windows Active Directory interface.
- write all the information to default config file /etc/kolab/kolab.conf
TODO - next steps is to review other components setup. Active Directory uses different object class for groups - objectclass=group instead of objectclass=groupofuniquenames. That needs to be reflected in all components setup.
- fix error message by showing which template file was not found
- Move find_template function to utils as there is a plan to use it elsewhere.
- Changes to setup-kolab mta utility to support AD. Postfix LDAP lookup tables are now created using Jinja2 templates.
- Log clamav updates to /var/log/freshclam.log file. Don't want to create a dir.
- Jinja2 templates for Postfix and Amavisd configuration.