Developers Documentation

×

Warning

0 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Directory Layers in the ClearOS Directory Architecture

Have you ever wondered what was going on when initializing directory is shown in the web-based interface? In turns out, there's a lot going on! This document provides a more in-depth view of the directory architecture in ClearOS.

There are 4 distinct layers in the ClearOS directory architecture and all are discussed in detail below.

LayerDrivers
System Mode (Master/Slave)- Simple Mode
- Central Management
LDAP Server- OpenLDAP
Accounts (Users and Groups)- OpenLDAP Directory Server
- Samba Directory (Samba 4)
Windows LDAP Layer- Windows Networking (Samba)

If you have a fresh install of ClearOS Professional Edition running in a VM, you can follow along with this document.

System Mode - Master/Slave

Before the directory architecture is initialized, there's an important configuration option that needs to be selected - the mode:

  • master
  • slave
  • standalone

As you can imagine, a directory will be configured slightly differently depending on the mode. On a ClearOS Professional Edition, this option is selected by the user in the first boot install wizard. On a ClearOS Community Edition, this option is automatically set to standalone mode (the only available option in that edition).

FileDescription
/var/clearos/mode/mode.confA simple state file with master/slave information

LDAP Server

The foundation of the ClearOS directory architecture is provided by the LDAP layer. There's no users or groups yet, this layer just provides a way to initialize and configure an LDAP server. Here's a sample of the API to give you an idea:

  • get_base_dn()
  • get_bind_dn()
  • import()
  • initialize_master()
  • initialize_slave()
  • initialize_standalone()

On a ClearOS Professional Edition, the basic LDAP system is initialized when the mode (master/slave/standalone) is chosen. On a ClearOS Community Edition, the LDAP system is automatically initialized in standalone mode.

If you have a ClearOS Professional Edition, you can see what's in OpenLDAP at this point by running:

slapcat -n3 

You will see the basic structure of LDAP, but not much else. In fact, some of the defaults that you see (e.g. the “Users” container and some default user accounts) should not exist at this point! This will be cleaned up one day, but just be aware that those accounts are not active at this point.

Files

FileDescription
/var/clearos/ldap/initializedA flag indicating the basic LDAP server was initialized
/var/clearos/openldap/config.phpThe configuration (e.g. bind DN) for the LDAP server

Accounts - Users and Groups

The next layer in the directory architecture is the accounts systems. This is the point where users and groups are initialized.

Files

FileDescription
/var/clearos/accounts/initializedA flag indicating the accounts system was initialize
/var/clearos/accounts/configBasic configuration information about the accounts system

Windows LDAP Layer

The final layer in the directory architecture is all about Windows. As you can imagine, there are a bunch of LDAP attributes attached to users and groups that are required for interoperating in a Windows environment. Samba to the rescue! This is a delicate part of the directory initialization process – a lot of things need to get done for Samba. To give you an idea, here's a sample of the /var/log/system log file:

Apr 24 12:39:37 system samba: initializing master/standalone LDAP
Apr 24 12:39:37 system samba: archiving old state files
Apr 24 12:39:37 system samba: configuring smb.conf
Apr 24 12:39:43 system samba: initializing SIDs
Apr 24 12:39:45 system samba: adding sambaDomainName LDAP attribute
Apr 24 12:39:46 system samba: adding Idmap LDAP attribute
Apr 24 12:39:46 system samba: updating built-in user: cn=Windows Administrator,ou=Users,...
Apr 24 12:39:46 system samba: updating built-in user: cn=Guest Account,ou=Users,...
Apr 24 12:39:46 system samba: adding built-in group domain_admins
Apr 24 12:40:04 system samba: updating members for domain_admins
Apr 24 12:40:05 system samba: adding built-in group domain_users
Apr 24 12:40:06 system samba: adding built-in group domain_guests
Apr 24 12:40:07 system samba: updating members for domain_guests
Apr 24 12:40:08 system samba: adding built-in group domain_computers
Apr 24 12:40:09 system samba: adding built-in group administrators
Apr 24 12:40:10 system samba: adding built-in group users
Apr 24 12:40:11 system samba: updating built-in group guests
Apr 24 12:40:12 system samba: adding built-in group power_users
Apr 24 12:40:13 system samba: adding built-in group account_operators
Apr 24 12:40:14 system samba: adding built-in group server_operators
Apr 24 12:40:16 system samba: adding built-in group print_operators
Apr 24 12:40:17 system samba: adding built-in group backup_operators
Apr 24 12:40:18 system samba: populating domain_users group
Apr 24 12:40:19 system samba: adding samba mappings to group allusers
Apr 24 12:40:20 system samba: storing LDAP credentials
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/netlogon
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/profiles
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers/IA64
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers/W32ALPHA
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers/W32MIPS
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers/W32PPC
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers/W32X86
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers/WIN40
Apr 24 12:40:27 system samba: adding samba directory: /var/samba/drivers/x64
Apr 24 12:40:27 system samba: updating secrets
Apr 24 12:40:27 system samba: starting winbind
Apr 24 12:40:28 system samba: finished directory initialization... whew

Files

FileDescription
/var/clearos/samba/initialized_openldapA flag indicating Samba has been initialized in LDAP
/var/clearos/samba/initializedA flag indicating non-LDAP components of Samba has been initialized
content/en_us/dev_architecture_directory_layers_in_the_clearos_directory_architecture.txt · Last modified: 2015/03/03 11:10 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Adev_architecture_directory_layers_in_the_clearos_directory_architecture&1568668262