[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1032-gdf3ef12
Andrew Bartlett
abartlet at samba.org
Sun Aug 16 18:51:22 MDT 2009
The branch, master has been updated
via df3ef12cf858290ffcef650a23d32ec2271648b0 (commit)
via 498faae1a3d28ee49f4b8d273b5a02bc520e774b (commit)
via 2af06385ed4334c37191e9ccb49e86432531ff01 (commit)
via 84ee0af244887db2f0a11259484fa9c9797cc750 (commit)
via 5255ba3c4f50cf9560b15ecf026ac1e54fe21d8e (commit)
via e7bae2eb0a103f9b8a26013017f510b7c6f8e4fc (commit)
via 052da4e4d77ceb0307ad2477f2bc4a17334d6565 (commit)
via 410114e41c713ccba2ac7d46e3f5acfddd986669 (commit)
via ecd234a0f10c544ff83f79bbe8c9e0df597ccd7b (commit)
via a6c9233a128f21dc883cc9534c70eb176214faa5 (commit)
via f87811f6b39bfa8bdef906256cf7752e4a6fd999 (commit)
via 7a9030b7ce164460e662d0798c2490ec5929442d (commit)
via a58b4f8cc2446c126b15b142b78ebb1733f91712 (commit)
via 14aff84adca85fd8124212e735c54363a577450a (commit)
via 51d2d3df6db016250c12bf8c97374402dc4cb277 (commit)
via e1e99a7c7bb3a69d2c522ef272301b0ba73efd7f (commit)
via 346aa6e093508f4e2918b20df452398ef332e416 (commit)
from 2c23e7dc5a5d305406a156402ec805ed05e5a11f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit df3ef12cf858290ffcef650a23d32ec2271648b0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 17 09:52:09 2009 +1000
s4:provision Fix existing ldapi:// backend detection exception
Found by Oliver Liebel <oliver at itc.li>
Andrew Bartlett
commit 498faae1a3d28ee49f4b8d273b5a02bc520e774b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 17 09:46:47 2009 +1000
s4:install Remove provision-backend script from 'make install'
Spotted by MICHAEL BROWN <mbrown at mesainc.com>
Andrew Bartlett
commit 2af06385ed4334c37191e9ccb49e86432531ff01
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 14 14:51:44 2009 +1000
s4:provision Make sure that we don't use Kerberos to our LDAP backend
This makes no sense, and just causes trouble - we are aiming for
DIGEST-MD5 or NTLM.
Andrew Bartlett
commit 84ee0af244887db2f0a11259484fa9c9797cc750
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 14 10:28:56 2009 +1000
s4:provison Print the LDAP backend admin username/password
commit 5255ba3c4f50cf9560b15ecf026ac1e54fe21d8e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 14 10:21:04 2009 +1000
s4:selftest Confirm that there isn't a listener on the ldapi:// socket
This should help debug problems with 'make test' of the LDAP backend,
if a stray listener is still around.
Andrew Bartlett
commit e7bae2eb0a103f9b8a26013017f510b7c6f8e4fc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 14 09:37:50 2009 +1000
s4: Re-add --ldapadminpass as an option to provision
This should make setting up LDAP servers more predictable.
When not specified, it is random
Andrew Bartlett
commit 052da4e4d77ceb0307ad2477f2bc4a17334d6565
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 14 08:46:13 2009 +1000
s4:python Allow 'no such object' on the delete of the DN
This fixes the recursive delete in erase_partitions()
For reasons I cannot understand, it is possible to get 'no such
object' trying to delete a DN I just search for without error. Oh
well...
Andrew Bartlett
commit 410114e41c713ccba2ac7d46e3f5acfddd986669
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 14 08:29:19 2009 +1000
s4:provision Keep a single transaction for the erase and rebuild
Using a single transaction to both erase the bulk of the data and the
rebuild of that data means that the in-memory index list is
maintained, and not written out to disk until it is all compleated.
All the writes then occour at the end.
Andrew Bartlett
commit ecd234a0f10c544ff83f79bbe8c9e0df597ccd7b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 19:24:38 2009 +1000
s4:provision A crude update of the OpenLDAP backend HOWTO
commit a6c9233a128f21dc883cc9534c70eb176214faa5
Author: Endi Sukma Dewata <edewata at redhat.com>
Date: Thu Aug 13 19:12:28 2009 +1000
s4:provision Fixes for Fedora DS schema mapping with full AD schema
commit f87811f6b39bfa8bdef906256cf7752e4a6fd999
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 17:01:27 2009 +1000
s4:provision Rework provision-backend into provision
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
commit 7a9030b7ce164460e662d0798c2490ec5929442d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 16:59:49 2009 +1000
s4:provision Move helper functions back to provision
(These will be added back in a future commit)
commit a58b4f8cc2446c126b15b142b78ebb1733f91712
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 16:32:34 2009 +1000
s4:setup Don't manually set @ATTRIBUTES any more
We now set these as part of the schema load, and we now load the
schema before the provision loads the DB, so setting them here is
pointless
Andrew Bartlett
commit 14aff84adca85fd8124212e735c54363a577450a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 14:37:06 2009 +1000
s4:python Push some helper functions from SamDB into samba.Ldb
This makes it possible to do a bit more of the provision with Samba
helpers, but without some of the otherwise useful things (such as
loading in the global schema) that SamDB does.
Rewrite provision_erase to use a recursive search, rather than a
looping subtree search. This is much more efficient, particularly now
we have one-level indexes enabled.
Delete the @INDEX and similar records *after* deleting all other
visible records, this hopefully also assists performance.
Andrew Bartlett
commit 51d2d3df6db016250c12bf8c97374402dc4cb277
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 14:33:57 2009 +1000
s4:schema Allow a schema load on an unconnected database
This helps ensure we don't load the schema too often in the provision
(allowing a reference in of the schema before the modules load).
Andrew Bartlett
commit e1e99a7c7bb3a69d2c522ef272301b0ba73efd7f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 10:01:00 2009 +1000
s4:provision Remove the ACI element from the provision templates
We need to find a better way to apply this (used in the Fedora DS LDAP
backend), not by trying to tunnel this down the module stack.
Andrew Bartlett
commit 346aa6e093508f4e2918b20df452398ef332e416
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 13 09:58:38 2009 +1000
s4:schema Provide a way to reference a loaded schema between ldbs
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
howto-ol-backend-s4.txt | 70 +-
selftest/target/Samba4.pm | 66 +-
source4/dsdb/schema/schema_set.c | 35 +-
source4/script/installmisc.sh | 2 +-
source4/scripting/python/pyglue.c | 35 +-
source4/scripting/python/samba/__init__.py | 94 +-
source4/scripting/python/samba/provision.py | 1211 ++++++++++-----------
source4/scripting/python/samba/samdb.py | 49 -
source4/setup/ldap_backend_startup.sh | 2 +
source4/setup/olc_acl.conf | 4 -
source4/setup/olc_pass.conf | 3 -
source4/setup/provision | 38 +-
source4/setup/provision-backend | 119 --
source4/setup/provision_basedn.ldif | 1 -
source4/setup/provision_configuration_basedn.ldif | 1 -
source4/setup/provision_init.ldif | 32 -
source4/setup/provision_schema_basedn.ldif | 1 -
source4/setup/schema-map-fedora-ds-1.0 | 8 +
source4/setup/schema_samba4.ldif | 28 +-
source4/setup/slapd.conf | 10 +-
source4/setup/tests/blackbox_provision-backend.sh | 10 +-
21 files changed, 785 insertions(+), 1034 deletions(-)
create mode 100644 source4/setup/ldap_backend_startup.sh
delete mode 100644 source4/setup/olc_acl.conf
delete mode 100644 source4/setup/olc_pass.conf
delete mode 100755 source4/setup/provision-backend
Changeset truncated at 500 lines:
diff --git a/howto-ol-backend-s4.txt b/howto-ol-backend-s4.txt
index c96ce55..ef3aad6 100644
--- a/howto-ol-backend-s4.txt
+++ b/howto-ol-backend-s4.txt
@@ -23,54 +23,16 @@ before compilation.
-2.) Prepare S4 to use OL-Backend:
-Run the provision-backend Python-Script first, then "final" provision
-(these 2-step process will be merged in the future)
+2.) Final provision:
-Simple provision-backend Example:
-
-#> setup/provision-backend --realm=ldap.local.site \
- --domain=LDAP --ldap-admin-pass="linux" \
- --ldap-backend-type=openldap \
- --server-role='domain controller' \
- --ol-slapd="/usr/local/libexec/slapd"
-
-After that, you should get a similar output:
-
---------
-Your openldap Backend for Samba4 is now configured, and is ready to be started
-Server Role: domain controller
-Hostname: ldapmaster
-DNS Domain: ldap.local.site
-Base DN: DC=ldap,DC=local,DC=site
-LDAP admin user: samba-admin
-LDAP admin password: linux
-LDAP Debug-Output:
-(1, 'connection to remote LDAP server dropped?')
-Ok. - No other slapd-Instance listening on: ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi. Starting al provision.
-Started slapd for final provisioning with PID: 21728
-
-Now run final provision with: --ldap-backend=ldapi --ldap-backend-type=openldap --password=linux --username=sa=ldap.local.site --domain=LDAP --server-role='domain controller'
-
---------
-
-Since this (pre)Alpha, you dont have to run slapd manually
-any more. slapd will be started automatically, when
-provision-backend is done, listening on the
-ldapi://-Socket. System should be ready
-for final provision now:
-
-
-3.) Final provision:
-
-Use the Parameters displayed above to run final provision.
(you can add --adminpass=<yourpass> to the parameters,
otherwise a random password will be generated for
cn=Administrator,cn=users,<Your Base-DN>):
-#> setup/provision --ldap-backend=ldapi \
- --ldap-backend-type=openldap --password=linux \
+#> setup/provision \
+ --ldap-backend-type=openldap \
+ --ol-slapd="/usr/local/libexec/slapd"
--username=samba-admin --realm=ldap.local.site \
--domain=LDAP --server-role='domain controller'\
--adminpass=linux
@@ -81,18 +43,11 @@ the following output (only partial here). Read it carefully:
--------
...
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
-LDAP Debug-Output:[Message({'dn': Dn(''), 'objectClass': MessageElement(['top','OpenLDAProotDSE'])})]
-slapd-PID-File found. PID is :21728
-
-File from provision-backend with stored PID found. PID is :21728
-slapd-Process used for provisioning with PID: 21728
- will now be shut down.
-slapd-Process used for final provision was properly shut down.
Use later the following commandline to start slapd, then Samba:
/usr/local/libexec/slapd -f /usr/local/samba/private/ldap/slapd.conf -h ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi
-This slapd-Commandline is also stored under: /usr/local/samba/private/ldap/slapd_command_file.txt
+This slapd-Commandline is also stored under: /usr/local/samba/private/ldap/slapd_command_file.sh
Please install the phpLDAPadmin configuration located at /usr/local/samba/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php
Once the above files are installed, your Samba4 server will be ready to use
Server Role: domain controller
@@ -108,23 +63,20 @@ Our slapd in "provision-mode" wiil be shut down automatically
after final provision ends.
-4.) Run OL and S4:
+3.) Run OL and S4:
After you completed the other necessary steps (krb and named-specific),
start first OL with the commandline displayed in the output under (3),
-(remember: the slapd-Commandline is also stored in the file ../slapd_command_file.txt)
+(remember: the slapd-Commandline is also stored in the file ../slapd_command_file.sh)
then S4.
-5.) Special Setup-Types:
-
-a) OpenLDAP-Online Configuration (olc):
-Use the provision-backend Parameter
+4.) Special Setup-Types:
- --ol-olc=yes.
+OpenLDAP-Online Configuration is now in use by default (olc):
-In that case, the olc will be setup automatically
+The olc will be setup automatically
under ../private/slapd.d/.
olc is accessible via "cn=samba-admin,cn=samba" and Base-DN "cn=config"
olc is intended primarily for use in conjunction with MMR
@@ -141,7 +93,7 @@ Attention: You _should_not_ edit the olc-Sections
b) MultiMaster-Configuration (MMR):
At this time (S4 (pre)Alpha9) the only possible Replication setup.
-Use the provision-backend Parameter:
+Use the provision Parameter:
--ol-mmr-urls=<list of whitespace separated ldap-urls (and Ports <> 389!).
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index ef55323..3c0c4f5 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -31,25 +31,27 @@ sub bindir_path($$) {
}
sub openldap_start($$$) {
- my ($slapd_conf, $uri, $logs) = @_;
- system("$ENV{OPENLDAP_SLAPD} -d0 -f $slapd_conf -h $uri > $logs 2>&1 &");
}
sub slapd_start($$)
{
my $count = 0;
my ($self, $env_vars) = @_;
+ my $ldbsearch = $self->bindir_path("ldbsearch");
my $uri = $env_vars->{LDAP_URI};
+ if (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") == 0) {
+ print "A SLAPD is still listening to $uri before we started the LDAP backend. Aborting!";
+ return 1;
+ }
# running slapd in the background means it stays in the same process group, so it can be
# killed by timelimit
if ($self->{ldap} eq "fedora-ds") {
system("$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D $env_vars->{FEDORA_DS_DIR} -d0 -i $env_vars->{FEDORA_DS_PIDFILE}> $env_vars->{LDAPDIR}/logs 2>&1 &");
} elsif ($self->{ldap} eq "openldap") {
- openldap_start($env_vars->{SLAPD_CONF}, $uri, "$env_vars->{LDAPDIR}/logs");
+ system("$ENV{OPENLDAP_SLAPD} -d0 -F $env_vars->{SLAPD_CONF_D} -h $uri > $env_vars->{LDAPDIR}/logs 2>&1 &");
}
- my $ldbsearch = $self->bindir_path("ldbsearch");
while (system("$ldbsearch -H $uri -s base -b \"\" supportedLDAPVersion > /dev/null") != 0) {
$count++;
if ($count > 40) {
@@ -207,37 +209,26 @@ type: 0x3
");
}
-sub mk_fedora_ds($$$)
+sub mk_fedora_ds($$)
{
- my ($self, $ldapdir, $configuration) = @_;
-
- my $fedora_ds_inf = "$ldapdir/fedorads.inf";
- my $fedora_ds_extra_ldif = "$ldapdir/fedorads-partitions.ldif";
+ my ($self, $ldapdir) = @_;
#Make the subdirectory be as fedora DS would expect
my $fedora_ds_dir = "$ldapdir/slapd-samba4";
my $pidfile = "$fedora_ds_dir/logs/slapd-samba4.pid";
-my $dir = getcwd();
-chdir "$ENV{FEDORA_DS_ROOT}/bin" || die;
- if (system("perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf >&2") != 0) {
- chdir $dir;
- die("perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf FAILED: $?");
- }
- chdir $dir || die;
-
return ($fedora_ds_dir, $pidfile);
}
-sub mk_openldap($$$)
+sub mk_openldap($$)
{
- my ($self, $ldapdir, $configuration) = @_;
+ my ($self, $ldapdir) = @_;
- my $slapd_conf = "$ldapdir/slapd.conf";
+ my $slapd_conf_d = "$ldapdir/slapd.d";
my $pidfile = "$ldapdir/slapd.pid";
- return ($slapd_conf, $pidfile);
+ return ($slapd_conf_d, $pidfile);
}
sub mk_keyblobs($$)
@@ -792,41 +783,22 @@ sub provision($$$$$$$)
my $ret = $self->provision_raw_step1($ctx);
if (defined($self->{ldap})) {
- my $configuration = "--configfile=$ctx->{smb_conf}";
-
- $ret->{LDAP_URI} = $ctx->{ldap_uri};
- push (@{$ctx->{provision_options}},"--ldap-backend=$ctx->{ldap_uri}");
-
- push (@{$ctx->{provision_options}}, "--password=$ctx->{password}");
-
+ $ret->{LDAP_URI} = $ctx->{ldap_uri};
+ push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
if ($self->{ldap} eq "openldap") {
- push (@{$ctx->{provision_options}}, "--username=samba-admin");
- push (@{$ctx->{provision_options}}, "--ldap-backend-type=openldap");
-
- system("$self->{setupdir}/provision-backend $configuration --ldap-admin-pass=$ctx->{password} --root=$ctx->{unix_name} --realm=$ctx->{realm} --domain=$ctx->{domain} --host-name=$ctx->{netbiosname} --ldap-backend-type=$self->{ldap} --nosync --ol-slapd=$ENV{OPENLDAP_SLAPD}>&2") == 0 or die("backend provision failed");
-
- ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx->{ldapdir}, $configuration) or die("Unable to create openldap directories");
+ push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
+ ($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx->{ldapdir}) or die("Unable to create openldap directories");
} elsif ($self->{ldap} eq "fedora-ds") {
- push (@{$ctx->{provision_options}}, "--simple-bind-dn=cn=Manager,$ctx->{localbasedn}");
- push (@{$ctx->{provision_options}}, "--ldap-backend-type=fedora-ds");
-
- system("$self->{setupdir}/provision-backend $configuration --ldap-admin-pass=$ctx->{password} --root=$ctx->{unix_name} --realm=$ctx->{realm} --domain=$ctx->{domain} --host-name=$ctx->{netbiosname} --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
-
- ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx->{ldapdir}, $configuration) or die("Unable to create fedora ds directories");
-
- $self->slapd_start($ret) or die("couldn't start slapd");
-
+ push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
+ push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
+ ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx->{ldapdir}) or die("Unable to create fedora ds directories");
}
}
$ret = $self->provision_raw_step2($ctx, $ret);
- if (defined($self->{ldap}) && ($self->{ldap} eq "fedora-ds")) {
- $self->slapd_stop($ret) or die("couldn't stop slapd");
- }
-
return $ret;
}
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index 5d78d0a..6745bde 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -139,7 +139,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem
}
}
- if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+ if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
/* We might be on a read-only DB */
ret = LDB_SUCCESS;
}
@@ -166,7 +166,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem
ret = samdb_replace(ldb, mem_ctx, mod_msg);
}
}
- if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+ if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
/* We might be on a read-only DB */
ret = LDB_SUCCESS;
}
@@ -370,28 +370,25 @@ int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
static struct dsdb_schema *global_schema;
/**
- * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process
+ * Make this ldb use a specified schema, already fully calculated and belonging to another ldb
*/
-int dsdb_set_global_schema(struct ldb_context *ldb)
+int dsdb_reference_schema(struct ldb_context *ldb, struct dsdb_schema *schema,
+ bool write_attributes)
{
int ret;
- if (!global_schema) {
- return LDB_SUCCESS;
- }
-
- ret = ldb_set_opaque(ldb, "dsdb_schema", global_schema);
+ ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
if (ret != LDB_SUCCESS) {
return ret;
}
/* Set the new attributes based on the new schema */
- ret = dsdb_schema_set_attributes(ldb, global_schema, false);
+ ret = dsdb_schema_set_attributes(ldb, schema, write_attributes);
if (ret != LDB_SUCCESS) {
return ret;
}
- /* Keep a reference to this schema, just incase the global copy is replaced */
- if (talloc_reference(ldb, global_schema) == NULL) {
+ /* Keep a reference to this schema, just incase the original copy is replaced */
+ if (talloc_reference(ldb, schema) == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -399,6 +396,18 @@ int dsdb_set_global_schema(struct ldb_context *ldb)
}
/**
+ * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process
+ */
+int dsdb_set_global_schema(struct ldb_context *ldb)
+{
+ if (!global_schema) {
+ return LDB_SUCCESS;
+ }
+
+ return dsdb_reference_schema(ldb, global_schema, false /* Don't write attributes, it's expensive */);
+}
+
+/**
* Find the schema object for this ldb
*/
@@ -451,7 +460,7 @@ void dsdb_make_schema_global(struct ldb_context *ldb)
* schema itself to the directory.
*/
-WERROR dsdb_attach_schema_from_ldif(struct ldb_context *ldb, const char *pf, const char *df)
+WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb, const char *pf, const char *df)
{
struct ldb_ldif *ldif;
struct ldb_message *msg;
diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh
index f8fddad..8bf80b2 100755
--- a/source4/script/installmisc.sh
+++ b/source4/script/installmisc.sh
@@ -10,7 +10,7 @@ echo "Installing setup templates"
mkdir -p $SETUPDIR || exit 1
mkdir -p $SETUPDIR/ad-schema || exit 1
cp setup/ad-schema/*.txt $SETUPDIR/ad-schema || exit 1
-for p in enableaccount newuser provision provision-backend setexpiry setpassword pwsettings
+for p in enableaccount newuser provision setexpiry setpassword pwsettings
do
chmod a+x setup/$p
cp setup/$p $SETUPDIR || exit 1
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 95255dc..d4db554 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -286,7 +286,7 @@ static PyObject *py_dsdb_set_global_schema(PyObject *self, PyObject *args)
Py_RETURN_NONE;
}
-static PyObject *py_dsdb_attach_schema_from_ldif(PyObject *self, PyObject *args)
+static PyObject *py_dsdb_set_schema_from_ldif(PyObject *self, PyObject *args)
{
WERROR result;
char *pf, *df;
@@ -298,7 +298,7 @@ static PyObject *py_dsdb_attach_schema_from_ldif(PyObject *self, PyObject *args)
PyErr_LDB_OR_RAISE(py_ldb, ldb);
- result = dsdb_attach_schema_from_ldif(ldb, pf, df);
+ result = dsdb_set_schema_from_ldif(ldb, pf, df);
PyErr_WERROR_IS_ERR_RAISE(result);
Py_RETURN_NONE;
@@ -327,6 +327,33 @@ static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self, PyObject *ar
return ret;
}
+static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args)
+{
+ PyObject *py_ldb;
+ struct ldb_context *ldb;
+ PyObject *py_from_ldb;
+ struct ldb_context *from_ldb;
+ struct dsdb_schema *schema;
+ int ret;
+ if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_from_ldb))
+ return NULL;
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ PyErr_LDB_OR_RAISE(py_from_ldb, from_ldb);
+
+ schema = dsdb_get_schema(from_ldb);
+ if (!schema) {
+ PyErr_SetString(PyExc_RuntimeError, "Failed to set find a schema on 'from' ldb!\n");
+ return NULL;
+ }
+
+ ret = dsdb_reference_schema(ldb, schema, true);
+ PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+
+ Py_RETURN_NONE;
+}
+
static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
{
PyObject *py_sid;
@@ -375,7 +402,9 @@ static PyMethodDef py_misc_methods[] = {
NULL },
{ "dsdb_set_global_schema", (PyCFunction)py_dsdb_set_global_schema, METH_VARARGS,
NULL },
- { "dsdb_attach_schema_from_ldif", (PyCFunction)py_dsdb_attach_schema_from_ldif, METH_VARARGS,
+ { "dsdb_set_schema_from_ldif", (PyCFunction)py_dsdb_set_schema_from_ldif, METH_VARARGS,
+ NULL },
+ { "dsdb_set_schema_from_ldb", (PyCFunction)py_dsdb_set_schema_from_ldb, METH_VARARGS,
NULL },
{ "dsdb_convert_schema_to_openldap", (PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS,
NULL },
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index e6875b3..097d96a 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -121,17 +121,8 @@ class Ldb(ldb.Ldb):
def erase(self):
"""Erase this ldb, removing all records."""
- # delete the specials
- for attr in ["@INDEXLIST", "@ATTRIBUTES", "@SUBCLASSES", "@MODULES",
- "@OPTIONS", "@PARTITION", "@KLUDGEACL"]:
- try:
- self.delete(attr)
- except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
- # Ignore missing dn errors
- pass
-
basedn = ""
- # and the rest
+ # Delete the 'visible' records
for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
"(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
["distinguishedName"]):
@@ -144,37 +135,43 @@ class Ldb(ldb.Ldb):
res = self.search(basedn, ldb.SCOPE_SUBTREE, "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", ["distinguishedName"])
assert len(res) == 0
+ # delete the specials
+ for attr in ["@INDEXLIST", "@ATTRIBUTES", "@SUBCLASSES", "@MODULES",
+ "@OPTIONS", "@PARTITION", "@KLUDGEACL"]:
+ try:
+ self.delete(attr)
+ except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+ # Ignore missing dn errors
+ pass
+
def erase_partitions(self):
"""Erase an ldb, removing all records."""
+
+ def erase_recursive(self, dn):
+ try:
+ res = self.search(base=dn, scope=ldb.SCOPE_ONELEVEL, attrs=[])
+ except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+ # Ignore no such object errors
+ return
+ pass
+
+ for msg in res:
+ erase_recursive(self, msg.dn)
+
+ try:
+ self.delete(dn)
+ except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+ # Ignore no such object errors
+ pass
+
res = self.search("", ldb.SCOPE_BASE, "(objectClass=*)",
["namingContexts"])
assert len(res) == 1
if not "namingContexts" in res[0]:
return
for basedn in res[0]["namingContexts"]:
- previous_remaining = 1
- current_remaining = 0
-
- k = 0
- while ++k < 10 and (previous_remaining != current_remaining):
- # and the rest
- try:
- res2 = self.search(basedn, ldb.SCOPE_SUBTREE, "(|(objectclass=*)(distinguishedName=*))", ["distinguishedName"])
- except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
- # Ignore missing dn errors
- return
-
- previous_remaining = current_remaining
- current_remaining = len(res2)
- for msg in res2:
- try:
- self.delete(msg.dn)
- # Ignore no such object errors
- except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
- pass
- # Ignore not allowed on non leaf errors
- except ldb.LdbError, (ldb.ERR_NOT_ALLOWED_ON_NON_LEAF, _):
--
Samba Shared Repository
More information about the samba-cvs
mailing list