svn commit: samba r20495 - in branches/SAMBA_4_0/source: scripting/libjs setup

abartlet at samba.org abartlet at samba.org
Wed Jan 3 05:31:51 GMT 2007 

Author: abartlet
Date: 2007-01-03 05:31:50 +0000 (Wed, 03 Jan 2007)
New Revision: 20495

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20495

Log:
Further notes on joining with fedora DS.

Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/scripting/libjs/provision.js
   branches/SAMBA_4_0/source/setup/fedora-ds-init.ldif
   branches/SAMBA_4_0/source/setup/provision
   branches/SAMBA_4_0/source/setup/provision_basedn.ldif


Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===================================================================
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-01-03 04:11:22 UTC (rev 20494)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-01-03 05:31:50 UTC (rev 20495)
@@ -701,6 +701,7 @@
 	subobj.LDAPMODULE = "entryUUID";
 	subobj.LDAPMODULES = "objectguid";
 	subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
+	subobj.ACI = "# no aci for local ldb";
 	return subobj;
 }
 

Modified: branches/SAMBA_4_0/source/setup/fedora-ds-init.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/fedora-ds-init.ldif	2007-01-03 04:11:22 UTC (rev 20494)
+++ branches/SAMBA_4_0/source/setup/fedora-ds-init.ldif	2007-01-03 05:31:50 UTC (rev 20495)
@@ -22,5 +22,6 @@
 #
 
 
-# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid
+# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid --aci='aci: (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)'
 
+

Modified: branches/SAMBA_4_0/source/setup/provision
===================================================================
--- branches/SAMBA_4_0/source/setup/provision	2007-01-03 04:11:22 UTC (rev 20494)
+++ branches/SAMBA_4_0/source/setup/provision	2007-01-03 05:31:50 UTC (rev 20495)
@@ -31,7 +31,8 @@
 		'blank',
 		'ldap-base',
 		'ldap-backend=s',
-                'ldap-module=s');
+                'ldap-module=s',
+                'aci=s');
 
 if (options == undefined) {
    println("Failed to parse options");
@@ -81,7 +82,7 @@
  --ldap-base			output only an LDIF file, suitable for creating an LDAP baseDN
  --ldap-backend LDAPSERVER      LDAP server to use for this provision
  --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
-
+ --aci=         ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
 You must provide at least a realm and domain
 
 ");
@@ -112,6 +113,9 @@
 	var key = strupper(join("", split("-", r)));
 	subobj[key] = options[r];
 }
+if (options["aci"] != undefined) {
+	println("set ACI: " + subobj["ACI"]);
+}
 
 if (options["ldap-backend"] != undefined) {
 	subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches";

Modified: branches/SAMBA_4_0/source/setup/provision_basedn.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_basedn.ldif	2007-01-03 04:11:22 UTC (rev 20494)
+++ branches/SAMBA_4_0/source/setup/provision_basedn.ldif	2007-01-03 05:31:50 UTC (rev 20495)
@@ -6,5 +6,6 @@
 objectClass: domain
 objectClass: domainDNS
 ${EXTENSIBLEOBJECT}
+${ACI}
 dc: ${RDN_DC}

More information about the samba-cvs mailing list