svn commit: samba r23720 - in branches/SAMBA_4_0/source: scripting/libjs selftest setup

abartlet at samba.org abartlet at samba.org
Thu Jul 5 06:15:42 GMT 2007


Author: abartlet
Date: 2007-07-05 06:15:40 +0000 (Thu, 05 Jul 2007)
New Revision: 23720

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23720

Log:
Allow the member server to work against an LDAP Backend.  Another case
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal.  (Easier to just skip the useless self-join).

Andrew Bartlett

Added:
   branches/SAMBA_4_0/source/setup/provision_self_join.ldif
Modified:
   branches/SAMBA_4_0/source/scripting/libjs/provision.js
   branches/SAMBA_4_0/source/selftest/Samba4.pm
   branches/SAMBA_4_0/source/setup/provision_users.ldif


Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===================================================================
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-07-05 03:30:46 UTC (rev 23719)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-07-05 06:15:40 UTC (rev 23720)
@@ -700,6 +700,11 @@
 	message("Setting up sam.ldb users and groups\n");
 	setup_add_ldif("provision_users.ldif", info, samdb, false);
 
+	if (lp.get("server role") == "domain controller") {
+		message("Setting up self join\n");
+		setup_add_ldif("provision_self_join.ldif", info, samdb, false);
+	}
+
 	if (setup_name_mappings(info, samdb) == false) {
 		return false;
 	}
@@ -769,6 +774,11 @@
 /* Write out a DNS zone file, from the info in the current database */
 function provision_dns(subobj, message, paths, session_info, credentials)
 {
+	var lp = loadparm_init();
+	if (lp.get("server role") != "domain controller") {
+		message("No DNS zone required for role %s\n", lp.get("server role"));
+		return;
+	}
 	message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
 	var ldb = ldb_init();
 	ldb.session_info = session_info;

Modified: branches/SAMBA_4_0/source/selftest/Samba4.pm
===================================================================
--- branches/SAMBA_4_0/source/selftest/Samba4.pm	2007-07-05 03:30:46 UTC (rev 23719)
+++ branches/SAMBA_4_0/source/selftest/Samba4.pm	2007-07-05 06:15:40 UTC (rev 23720)
@@ -281,6 +281,8 @@
 	$localdomain = $netbiosname if $server_role eq "member server";
 	my $localrealm = $realm;
 	$localrealm = $netbiosname if $server_role eq "member server";
+	my $localbasedn = $basedn;
+	$localbasedn = "DC=$netbiosname" if $server_role eq "member server";
 
 	open(CONFFILE, ">$conffile");
 	print CONFFILE "
@@ -400,7 +402,7 @@
 	push (@provision_options, "--krbtgtpass=krbtgt$password");
 	push (@provision_options, "--machinepass=machine$password");
 	push (@provision_options, "--root=$root");
-	push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn");
+	push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn");
 	push (@provision_options, "--password=$password");
 	push (@provision_options, "--root=$root");
 
@@ -430,7 +432,7 @@
 	if (defined($self->{ldap})) {
 
                 push (@provision_options, "--ldap-backend=$ldap_uri");
-	        system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
+	        system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$localrealm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
 
 	        if ($self->{ldap} eq "openldap") {
 		       ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");

Added: branches/SAMBA_4_0/source/setup/provision_self_join.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_self_join.ldif	2007-07-05 03:30:46 UTC (rev 23719)
+++ branches/SAMBA_4_0/source/setup/provision_self_join.ldif	2007-07-05 06:15:40 UTC (rev 23720)
@@ -0,0 +1,23 @@
+#Join the DC to itself by default
+
+dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
+objectClass: computer
+cn: ${NETBIOSNAME}
+userAccountControl: 532480
+localPolicyFlags: 0
+primaryGroupID: 516
+accountExpires: 9223372036854775807
+sAMAccountName: ${NETBIOSNAME}$
+sAMAccountType: 805306369
+operatingSystem: Samba
+operatingSystemVersion: 4.0
+dNSHostName: ${DNSNAME}
+isCriticalSystemObject: TRUE
+sambaPassword: ${MACHINEPASS}
+servicePrincipalName: HOST/${DNSNAME}
+servicePrincipalName: HOST/${NETBIOSNAME}
+servicePrincipalName: HOST/${DNSNAME}/${REALM}
+servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
+servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
+servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
+${HOSTGUID_ADD}

Modified: branches/SAMBA_4_0/source/setup/provision_users.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_users.ldif	2007-07-05 03:30:46 UTC (rev 23719)
+++ branches/SAMBA_4_0/source/setup/provision_users.ldif	2007-07-05 06:15:40 UTC (rev 23720)
@@ -67,29 +67,6 @@
 privilege: SeNetworkLogonRight
 privilege: SeRemoteInteractiveLogonRight
 
-
-dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
-objectClass: computer
-cn: ${NETBIOSNAME}
-userAccountControl: 532480
-localPolicyFlags: 0
-primaryGroupID: 516
-accountExpires: 9223372036854775807
-sAMAccountName: ${NETBIOSNAME}$
-sAMAccountType: 805306369
-operatingSystem: Samba
-operatingSystemVersion: 4.0
-dNSHostName: ${DNSNAME}
-isCriticalSystemObject: TRUE
-sambaPassword: ${MACHINEPASS}
-servicePrincipalName: HOST/${DNSNAME}
-servicePrincipalName: HOST/${NETBIOSNAME}
-servicePrincipalName: HOST/${DNSNAME}/${REALM}
-servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
-servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
-servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
-${HOSTGUID_ADD}
-
 dn: CN=Users,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group



More information about the samba-cvs mailing list