Installation

How to install the MMC (Mandriva Management Console) on a Linux distribution

Repositories configuration and packages installation

Mandriva users are lucky

... because Mandriva RPM packages for the MDS and the MMC are available.

Packages for Mandriva 2010.0, 2010.2, 2011.0 and Cooker are available on Mandriva official repositories. You will find an official mirror using the Mandriva mirror finder module.

You can also add the repositories with the following command:

urpmi.addmedia --distrib --mirrorlist '$MIRRORLIST'

To install the MMC base packages, just type:

# urpmi mmc-agent mmc-web-base python-mmc-base

Debian packages

For Debian Squeeze, add this in your sources.list:

deb http://mds.mandriva.org/pub/mds/debian squeeze main

For Debian Wheezy:

deb http://mds.mandriva.org/pub/mds/debian wheezy main

To install MMC base packages, just type:

# apt-get update
# apt-get install mmc-agent mmc-web-base python-mmc-base

Other packages

We also provide packages for other distribution trough OpenBuildSystem here :

Note

CentOS DAG repository

For some packages, you will need to add the DAG repository to yum. Create a file named /etc/yum.repos.d/DAG.repo containing:

# DAG Repository for RedHat Enterprise 4 / CentOS 4
[dag]
name=DAG Repository
baseurl = http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
gpgcheck=1
enabled=0

Packages naming conventions

Here are the packages naming conventions:

  • mmc-agent: the MMC agent package
  • python-mmc-PLUGIN: MMC agent plugin
  • mmc-web-PLUGIN: web interface plugin

Note

Sample configuration files

All MMC related sample configuration files are available in the python-mmc-base package, in the directory /usr/share/doc/python-mmc-base/contrib/ or on our repository.

You will find there OpenLDAP, SAMBA and Postfix configuration files and also OpenLDAP schemas.

Installation from source tarball

Note

If you are using packages you can skip this part

Pre-requisites

This python modules are needed for MMC to run :

  • python-twisted-web
  • python-ldap
  • pylibacl
  • pyopenssl
  • python-gobject

The MMC web interface is written in PHP4. Basically, you just need to install an Apache 2 server with PHP5 support.

The XML-RPC module of PHP is needed too.

Installation

Get the current tarball at this URL: ftp://mds.mandriva.org/pub/mmc-core/sources/current/

# tar xzvf mmc-core-x.y.z.tar.gz
# cd mmc-core-x.y.z
# ./configure --sysconfdir=/etc --localstatedir=/var
# make
# make install
# tar xzvf mds-x.y.z.tar.gz

If you want also MDS modules:

# cd mds-x.y.z
# ./configure --sysconfdir=/etc --localstatedir=/var
# make
# make install

The default $PREFIX for installation is /usr/local. You can change it on the ./configure line by adding the option --prefix=/usr for example.

Here are how the files are installed:

  • $PREFIX/sbin/mmc-agent: the MMC agent
  • $PREFIX/lib/mmc/: helpers for some MMC plugins
  • /etc/mmc/: all MMC configuration files. There files are sample files you will need to edit.
  • /etc/init.d/mmc-agent: MMC agent init script
  • $PREFIX/lib/pythonX.Y/site-packages/mmc: MMC Python libraries and plugins.
  • $PREFIX/lib/pythonX.Y/site-packages/mmc/plugins/: MMC Python plugins
  • $PREFIX/share/mmc/: all MMC web interface related files (PHP, images, ...l)
  • $PREFIX/share/mmc/modules/: MMC web interface plugins
  • /etc/mmc/mmc.ini: MMC web configuration file

LDAP server configuration

MMC currently supports OpenLDAP.

One LDAP schema called MMC schema is mandatory. This schema and others are available in the /usr/share/doc/mmc/contrib/base/ directory provided by the python-mmc-base package.

Mandriva

The OpenLDAP configuration can be easily done using the openldap-mandriva-dit-package.

# urpmi openldap-mandriva-dit
...
# /usr/share/openldap/scripts/mandriva-dit-setup.sh
Please enter your DNS domain name [localdomain]:
mandriva.com
Administrator account
The administrator account for this directory is
uid=LDAP Admin,ou=System Accounts,dc=mandriva,dc=com
Please choose a password for this account:
New password: [type password]
Re-enter new password: [type password]
Summary
=======
Domain:        mandriva.com
LDAP suffix:   dc=mandriva,dc=com
Administrator: uid=LDAP Admin,ou=System Accounts,dc=mandriva,dc=com
Confirm? (Y/n)
Y
config file testing succeeded
Stopping ldap service
Finished, starting ldap service
Running /usr/bin/db_recover on /var/lib/ldap
remove /var/lib/ldap/alock
Starting slapd (ldap + ldaps): [  OK  ]

And you’re done, the LDAP directory has been populated and the LDAP service has been started.

Some tweaks needs to be done to the LDAP configuration so that the LDAP service suits to the MDS.

First, copy the MMC LDAP schema you need to the LDAP schemas directory.

# cp /usr/share/doc/mmc/contrib/base/mmc.schema /etc/openldap/schema/

Then, add these line to the file /etc/openldap/schema/local.schema:

include /etc/openldap/schema/mmc.schema

Then, to avoid LDAP schemas conflicts, comment or remove these lines at the beginning of the file /etc/openldap/slapd.conf:

#include /usr/share/openldap/schema/misc.schema
#include /usr/share/openldap/schema/kolab.schema
#include /usr/share/openldap/schema/dnszone.schema
#include /usr/share/openldap/schema/dhcp.schema

Last, comment or remove these lines at the end of the file /etc/openldap/mandriva-dit-access.conf:

#access to dn.one="ou=People,dc=mandriva,dc=com"
#        attrs=@inetLocalMailRecipient,mail
#        by group.exact="cn=MTA Admins,ou=System Groups,dc=mandriva,dc=com" write
#        by * read

To check that the LDAP service configuration is right, run slaptest:

# slaptest
config file testing succeeded

Now you can restart the LDAP service:

# service ldap restart
Checking config file /etc/openldap/slapd.conf: [  OK  ]
Stopping slapd:                                [  OK  ]
Starting slapd (ldap + ldaps):                 [  OK  ]

Debian

When installing the slapd package, debconf allows you to configure the root DN of your LDAP directory, set the LDAP manager password and populate the directory. By default debconf will not ask you to configure the root DN, you can run dpkg-reconfigure for this. If you choose “mandriva.com” as your domain, the LDAP DN suffix will be “dc=mandriva,dc=com”.

# dpkg-reconfigure slapd

After that you only need to include the mmc.schema in slapd configuration and you are done.

Note

Debian Squeeze and later

Debian’s OpenLDAP uses its own database for storing its configuration. So there is no more slapd.conf. You can use the mmc-add-schema script to load new schema in the OpenLDAP configuration database:

# mmc-add-schema /usr/share/doc/mmc/contrib/base/mmc.schema /etc/ldap/schema/
Adding schema for inclusion: mmc... ok

You can also write a regular slapd.conf file like before, and issue the followind commands to convert the file in the new format:

# /etc/init.d/slapd stop
# rm -rf /etc/ldap/slapd.d/*
# slaptest -f /path/to/slapd.conf -F /etc/ldap/slapd.d
# chown -R openldap.openldap /etc/ldap/slapd.d
# /etc/init.d/slapd start

Other distributions

Note

OpenLDAP example configuration

You will find an example of OpenLDAP configuration in the directory agent/contrib/ldap/ of the mmc-core tarball.

Note

Already existing directory

If you already have an OpenLDAP directory, all you need to do is to include the mmc.schema file.

Get the file mmc.schema from the /usr/share/doc/mmc/contrib/base directory, and copy it to /etc/openldap/schema/ (or maybe /etc/ldap/schema/).

Include this schema in the OpenLDAP configuration, in /etc/ldap/slapd.conf (or maybe /etc/openldap/slapd.conf):

include /etc/openldap/schema/mmc.schema

This schema must be included after the inetorgperson.schema file.

In the OpenLDAP configuration file, we also define the LDAP DN suffix, the LDAP manager (rootdn) and its password (rootpw):

suffix          "dc=mandriva,dc=com"
rootdn          "cn=admin,dc=mandriva,dc=com"
rootpw          {SSHA}gqNR92aL44vUg8aoQ9wcZYzvUxMqU6/8

The SSHA password is computed using the slappasswd command:

# slappasswd -s secret
{SSHA}gqNR92aL44vUg8aoQ9wcZYzvUxMqU6/8

Once the OpenLDAP server is configured, the base LDAP directory architecture must be created. Create a file called /tmp/ldap-init.ldif containing:

dn: dc=mandriva,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: mandriva
o: mandriva
dn: cn=admin,dc=mandriva,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP Administrator
userPassword: gqNR92aL44vUg8aoQ9wcZYzvUxMqU6/8

The userPassword field must be filled with the output of the slappasswd command. Now we inject the LDIF file into the directory:

# /etc/init.d/ldap stop
# slapadd -l /tmp/ldap-init.ldif
# chown -R ldap.ldap /var/lib/ldap (use the openldap user for your distribution)
# /etc/init.d/ldap start

Note

LDAP suffix

In this example, the LDAP suffix is dc=mandriva,dc=com. Of course, you can choose another suffix.

Note

Changing the OpenLDAP manager password

You can’t change this password using the MMC interface. You must use this command line:

$ ldappasswd -s NewPassword -D "cn=admin,dc=mandriva,dc=com" -w OldPassword -x cn=admin,dc=mandriva,dc=com

NSS LDAP configuration

To use LDAP users and groups, the OS needs to know where to look in LDAP.

To do this, /etc/nsswitch.conf and /etc/ldap.conf (/etc/libnss-ldap.conf for Debian based distros) should be configured.

Note

On Debian install the package libnss-ldap

Your /etc/nsswitch.conf should look like this:

passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files dns
bootparams: files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  files
automount:  files
aliases:    files

Your /etc/ldap.conf:

Note

On Debian wheezy the configuration is located in

/etc/libnss-ldap.conf

host 127.0.0.1
base dc=mandriva,dc=com