[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-142-gf85e77c

Thu Sep 10 03:52:31 MDT 2009

The branch, master has been updated
       via  f85e77c43f896c649e139f7aafa43c9afda774a3 (commit)
      from  3e7a3bc9bd33fd7ad490278b910f934415f58a95 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f85e77c43f896c649e139f7aafa43c9afda774a3
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Sep 10 19:45:53 2009 +1000

    s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP
    
    We need to be more careful to do the cleanup functions for the right
    backend.  In future, these perhaps should be provided by the
    ProvisionBackend class.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 source4/scripting/python/samba/provision.py |   61 +++++++++++++--------------
 1 files changed, 30 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 0ed2a57..cb485c3 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1220,45 +1220,44 @@ def provision(setup_dir, message, session_info,
             message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf)
 
 
-    if provision_backend is not None:
-      ldapi_db = Ldb(provision_backend.ldapi_uri, lp=lp, credentials=credentials)
-
-      # delete default SASL mappings
-      res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"])
-
-      for i in range (0, len(res)):
-        dn = str(res[i]["dn"])
-        ldapi_db.delete(dn)
-
-        # configure aci
+    if provision_backend is not None: 
       if ldap_backend_type == "fedora-ds":
+        ldapi_db = Ldb(provision_backend.ldapi_uri, lp=lp, credentials=credentials)
 
-        aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % names.sambadn
+        # delete default SASL mappings
+        res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"])
 
-        m = ldb.Message()
-        m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
+        # configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket)
+        for i in range (0, len(res)):
+          dn = str(res[i]["dn"])
+          ldapi_db.delete(dn)
 
-        m.dn = ldb.Dn(1, names.domaindn)
-        ldapi_db.modify(m)
+          aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % names.sambadn
 
-        m.dn = ldb.Dn(1, names.configdn)
-        ldapi_db.modify(m)
+          m = ldb.Message()
+          m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
+        
+          m.dn = ldb.Dn(1, names.domaindn)
+          ldapi_db.modify(m)
+
+          m.dn = ldb.Dn(1, names.configdn)
+          ldapi_db.modify(m)
 
-        m.dn = ldb.Dn(1, names.schemadn)
-        ldapi_db.modify(m)
+          m.dn = ldb.Dn(1, names.schemadn)
+          ldapi_db.modify(m)
 
-    # if backend is openldap, terminate slapd after final provision and check its proper termination
-    if provision_backend is not None and provision_backend.slapd is not None:
-        if provision_backend.slapd.poll() is None:
-            #Kill the slapd
-            if hasattr(provision_backend.slapd, "terminate"):
-                provision_backend.slapd.terminate()
-            else:
-                import signal
-                os.kill(provision_backend.slapd.pid, signal.SIGTERM)
+      # if an LDAP backend is in use, terminate slapd after final provision and check its proper termination
+      if provision_backend.slapd.poll() is None:
+        #Kill the slapd
+        if hasattr(provision_backend.slapd, "terminate"):
+          provision_backend.slapd.terminate()
+        else:
+          # Older python versions don't have .terminate()
+          import signal
+          os.kill(provision_backend.slapd.pid, signal.SIGTERM)
             
-            #and now wait for it to die
-            provision_backend.slapd.communicate()
+        #and now wait for it to die
+        provision_backend.slapd.communicate()
             
     # now display slapd_command_file.txt to show how slapd must be started next time
         message("Use later the following commandline to start slapd, then Samba:")


-- 
Samba Shared Repository
