[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Mar 1 20:30:20 MST 2010
The branch, master has been updated
via c54699f... s4:provision - Moved default FDS SASL mappings deletion from post_setup() to init().
via 7ad931d... s4:provision - Moved setup_db_config() into OpenLDAPBackend class.
via fc6d9e7... s4:provision - Moved backend-specific variables into backend class.
via 02533c9... s4:provision - Use netbios name for FDS instance name.
via 07669b0... s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and LDB_CONTROL_AS_SYSTEM_OID
from be026a6... s3:groupmap revert to tdb storage
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c54699faf2796e1e8acbb2215fab835a6d86318e
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Jan 29 16:05:22 2010 -0600
s4:provision - Moved default FDS SASL mappings deletion from post_setup() to init().
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 7ad931dda929e230b90d6ce3f35db7480321d6b0
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Jan 29 03:24:20 2010 -0600
s4:provision - Moved setup_db_config() into OpenLDAPBackend class.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit fc6d9e7b4f191ec7efea4c87fdeb461f8ed43bba
Author: Endi S. Dewata <edewata at redhat.com>
Date: Thu Jan 28 19:51:11 2010 -0600
s4:provision - Moved backend-specific variables into backend class.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 02533c9f1ba9434aabc92fac06995a858874c002
Author: Endi S. Dewata <edewata at redhat.com>
Date: Thu Jan 28 19:35:29 2010 -0600
s4:provision - Use netbios name for FDS instance name.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 07669b0704eac9db46e241e681c92b09ee5a4c2e
Author: Endi S. Dewata <edewata at redhat.com>
Date: Mon Jan 18 20:57:01 2010 -0600
s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and LDB_CONTROL_AS_SYSTEM_OID
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba4.pm | 21 ++--
source4/libcli/ldap/ldap_controls.c | 4 +
source4/scripting/python/samba/provision.py | 33 +-----
source4/scripting/python/samba/provisionbackend.py | 137 ++++++++++---------
source4/setup/fedorads-sasl.ldif | 11 ++
source4/setup/fedorads.inf | 24 ++--
6 files changed, 114 insertions(+), 116 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 9a808d3..7a65847 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -67,7 +67,7 @@ sub slapd_stop($$)
{
my ($self, $envvars) = @_;
if ($self->{ldap} eq "fedora-ds") {
- system("$envvars->{LDAPDIR}/slapd-samba4/stop-slapd");
+ system("$envvars->{LDAPDIR}/slapd-$envvars->{LDAP_INSTANCE}/stop-slapd");
} elsif ($self->{ldap} eq "openldap") {
open(IN, "<$envvars->{OPENLDAP_PIDFILE}") or
die("unable to open slapd pid file: $envvars->{OPENLDAP_PIDFILE}");
@@ -211,22 +211,22 @@ type: 0x3
sub mk_fedora_ds($$)
{
- my ($self, $ldapdir) = @_;
+ my ($self, $ctx) = @_;
#Make the subdirectory be as fedora DS would expect
- my $fedora_ds_dir = "$ldapdir/slapd-samba4";
+ my $fedora_ds_dir = "$ctx->{ldapdir}/slapd-$ctx->{ldap_instance}";
- my $pidfile = "$fedora_ds_dir/logs/slapd-samba4.pid";
+ my $pidfile = "$fedora_ds_dir/logs/slapd-$ctx->{ldap_instance}.pid";
return ($fedora_ds_dir, $pidfile);
}
sub mk_openldap($$)
{
- my ($self, $ldapdir) = @_;
+ my ($self, $ctx) = @_;
- my $slapd_conf_d = "$ldapdir/slapd.d";
- my $pidfile = "$ldapdir/slapd.pid";
+ my $slapd_conf_d = "$ctx->{ldapdir}/slapd.d";
+ my $pidfile = "$ctx->{ldapdir}/slapd.pid";
return ($slapd_conf_d, $pidfile);
}
@@ -683,6 +683,7 @@ nogroup:x:65534:nobody
REALM => $ctx->{realm},
PASSWORD => $ctx->{password},
LDAPDIR => $ctx->{ldapdir},
+ LDAP_INSTANCE => $ctx->{ldap_instance},
WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir},
NCALRPCDIR => $ctx->{ncalrpcdir},
LOCKDIR => $ctx->{lockdir},
@@ -792,6 +793,8 @@ sub provision($$$$$$$)
if ($self->{ldap} eq "fedora-ds") {
$ctx->{sid_generator} = "backend";
}
+
+ $ctx->{ldap_instance} = lc($ctx->{netbiosname});
}
my $ret = $self->provision_raw_step1($ctx);
@@ -801,12 +804,12 @@ sub provision($$$$$$$)
push (@{$ctx->{provision_options}}, "--ldap-backend-type=" . $self->{ldap});
if ($self->{ldap} eq "openldap") {
push (@{$ctx->{provision_options}}, "--slapd-path=" . $ENV{OPENLDAP_SLAPD});
- ($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx->{ldapdir}) or die("Unable to create openldap directories");
+ ($ret->{SLAPD_CONF_D}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ctx) or die("Unable to create openldap directories");
} elsif ($self->{ldap} eq "fedora-ds") {
push (@{$ctx->{provision_options}}, "--slapd-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/ns-slapd");
push (@{$ctx->{provision_options}}, "--setup-ds-path=" . "$ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl");
- ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx->{ldapdir}) or die("Unable to create fedora ds directories");
+ ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ctx) or die("Unable to create fedora ds directories");
}
}
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index 0ea80a6..94b32b3 100644
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -1309,6 +1309,10 @@ static const struct ldap_control_handler ldap_known_controls[] = {
{ "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response },
/* DSDB_CONTROL_CURRENT_PARTITION_OID is internal only, and has no network representation */
{ "1.3.6.1.4.1.7165.4.3.2", NULL, NULL },
+/* DSDB_CONTROL_DN_STORAGE_FORMAT_OID is internal only, and has no network representation */
+ { "1.3.6.1.4.1.7165.4.3.4", NULL, NULL },
+/* LDB_CONTROL_AS_SYSTEM_OID is internal only, and has no network representation */
+ { "1.3.6.1.4.1.7165.4.3.7", NULL, NULL },
/* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network representation */
{ "1.3.6.1.4.1.7165.4.4.1", NULL, NULL },
{ LDB_CONTROL_RECALCULATE_SD_OID, decode_recalculate_sd_request, encode_recalculate_sd_request},
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 7287a89..450881c 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -167,16 +167,6 @@ class ProvisionPaths(object):
self.dns = None
self.winsdb = None
self.private_dir = None
- self.ldapdir = None
- self.slapdconf = None
- self.modulesconf = None
- self.memberofconf = None
- self.olmmron = None
- self.olmmrserveridsconf = None
- self.olmmrsyncreplconf = None
- self.olcdir = None
- self.olslapd = None
- self.olcseedldif = None
class ProvisionNames(object):
@@ -305,24 +295,6 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
paths.phpldapadminconfig = os.path.join(paths.private_dir,
"phpldapadmin-config.php")
- paths.ldapdir = os.path.join(paths.private_dir,
- "ldap")
- paths.slapdconf = os.path.join(paths.ldapdir,
- "slapd.conf")
- paths.slapdpid = os.path.join(paths.ldapdir,
- "slapd.pid")
- paths.modulesconf = os.path.join(paths.ldapdir,
- "modules.conf")
- paths.memberofconf = os.path.join(paths.ldapdir,
- "memberof.conf")
- paths.olmmrserveridsconf = os.path.join(paths.ldapdir,
- "mmr_serverids.conf")
- paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
- "mmr_syncrepl.conf")
- paths.olcdir = os.path.join(paths.ldapdir,
- "slapd.d")
- paths.olcseedldif = os.path.join(paths.ldapdir,
- "olc_seed.ldif")
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
paths.hkcu = "hkcu.ldb"
@@ -1256,7 +1228,8 @@ def provision(setup_dir, message, session_info,
paths=paths, setup_path=setup_path,
lp=lp, credentials=credentials,
names=names,
- message=message)
+ message=message,
+ ldapi_url=ldapi_url)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type,
paths=paths, setup_path=setup_path,
@@ -1445,7 +1418,7 @@ def provision(setup_dir, message, session_info,
# now display slapd_command_file.txt to show how slapd must be started next time
message("Use later the following commandline to start slapd, then Samba:")
message(provision_backend.slapd_command_escaped)
- message("This slapd-Commandline is also stored under: " + paths.ldapdir + "/ldap_backend_startup.sh")
+ message("This slapd-Commandline is also stored under: " + provision_backend.ldapdir + "/ldap_backend_startup.sh")
result = ProvisionResult()
diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py
index 083f1dc..1919c5d 100644
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -42,19 +42,6 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.schema import Schema
from samba.provisionexceptions import ProvisioningError
-def setup_db_config(setup_path, dbdir):
- """Setup a Berkeley database.
-
- :param setup_path: Setup path function.
- :param dbdir: Database directory."""
- if not os.path.isdir(os.path.join(dbdir, "bdb-logs")):
- os.makedirs(os.path.join(dbdir, "bdb-logs"), 0700)
- if not os.path.isdir(os.path.join(dbdir, "tmp")):
- os.makedirs(os.path.join(dbdir, "tmp"), 0700)
-
- setup_file(setup_path("DB_CONFIG"), os.path.join(dbdir, "DB_CONFIG"),
- {"LDAPDBDIR": dbdir})
-
class ProvisionBackend(object):
def __init__(self, backend_type, paths=None, setup_path=None, lp=None, credentials=None,
names=None, message=None):
@@ -105,7 +92,8 @@ class LDBBackend(ProvisionBackend):
class ExistingBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, setup_path=None, lp=None, credentials=None,
- names=None, message=None):
+ names=None, message=None,
+ ldapi_uri=None):
super(ExistingBackend, self).__init__(
backend_type=backend_type,
@@ -114,7 +102,7 @@ class ExistingBackend(ProvisionBackend):
names=names,
message=message)
- self.ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.ldapdir, "ldapi"), safe="")
+ self.ldapi_uri = ldapi_uri
def init(self):
#Check to see that this 'existing' LDAP backend in fact exists
@@ -150,19 +138,22 @@ class LDAPBackend(ProvisionBackend):
self.domainsid = domainsid
self.schema = schema
self.hostname = hostname
+
+ self.ldapdir = os.path.join(paths.private_dir, "ldap")
self.ldapadminpass = ldapadminpass
self.slapd_path = slapd_path
self.slapd_command = None
self.slapd_command_escaped = None
+ self.slapd_pid = os.path.join(self.ldapdir, "slapd.pid")
self.ldap_backend_extra_port = ldap_backend_extra_port
self.ldap_dryrun_mode = ldap_dryrun_mode
- self.ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.ldapdir, "ldapi"), safe="")
+ self.ldapi_uri = "ldapi://" + urllib.quote(os.path.join(self.ldapdir, "ldapi"), safe="")
- if not os.path.exists(self.paths.ldapdir):
- os.mkdir(self.paths.ldapdir)
+ if not os.path.exists(self.ldapdir):
+ os.mkdir(self.ldapdir)
def init(self):
# we will shortly start slapd with ldapi for final provisioning. first check with ldapsearch -> rootDSE via self.ldapi_uri
@@ -172,7 +163,7 @@ class LDAPBackend(ProvisionBackend):
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
try:
- f = open(self.paths.slapdpid, "r")
+ f = open(self.slapd_pid, "r")
p = f.read()
f.close()
self.message("Check for slapd Process with PID: " + str(p) + " and terminate it manually.")
@@ -192,13 +183,13 @@ class LDAPBackend(ProvisionBackend):
raise ProvisioningError("Warning: Given Path to slapd does not exist!")
- if not os.path.isdir(self.paths.ldapdir):
- os.makedirs(self.paths.ldapdir, 0700)
+ if not os.path.isdir(self.ldapdir):
+ os.makedirs(self.ldapdir, 0700)
# Put the LDIF of the schema into a database so we can search on
# it to generate schema-dependent configurations in Fedora DS and
# OpenLDAP
- schemadb_path = os.path.join(self.paths.ldapdir, "schema-tmp.ldb")
+ schemadb_path = os.path.join(self.ldapdir, "schema-tmp.ldb")
try:
os.unlink(schemadb_path)
except OSError:
@@ -226,7 +217,7 @@ class LDAPBackend(ProvisionBackend):
def start(self):
self.slapd_command_escaped = "\'" + "\' \'".join(self.slapd_command) + "\'"
- open(self.paths.ldapdir + "/ldap_backend_startup.sh", 'w').write("#!/bin/sh\n" + self.slapd_command_escaped + "\n")
+ open(self.ldapdir + "/ldap_backend_startup.sh", 'w').write("#!/bin/sh\n" + self.slapd_command_escaped + "\n")
# Now start the slapd, so we can provision onto it. We keep the
# subprocess context around, to kill this off at the successful
@@ -291,6 +282,14 @@ class OpenLDAPBackend(LDAPBackend):
self.ol_mmr_urls = ol_mmr_urls
self.nosync = nosync
+ self.slapdconf = os.path.join(self.ldapdir, "slapd.conf")
+ self.modulesconf = os.path.join(self.ldapdir, "modules.conf")
+ self.memberofconf = os.path.join(self.ldapdir, "memberof.conf")
+ self.olmmrserveridsconf = os.path.join(self.ldapdir, "mmr_serverids.conf")
+ self.olmmrsyncreplconf = os.path.join(self.ldapdir, "mmr_syncrepl.conf")
+ self.olcdir = os.path.join(self.ldapdir, "slapd.d")
+ self.olcseedldif = os.path.join(self.ldapdir, "olc_seed.ldif")
+
self.schema = Schema(
self.setup_path,
self.domainsid,
@@ -298,9 +297,22 @@ class OpenLDAPBackend(LDAPBackend):
serverdn=self.names.serverdn,
files=[setup_path("schema_samba4.ldif")])
+ def setup_db_config(self, dbdir):
+ """Setup a Berkeley database.
+
+ :param setup_path: Setup path function.
+ :param dbdir: Database directory."""
+ if not os.path.isdir(os.path.join(dbdir, "bdb-logs")):
+ os.makedirs(os.path.join(dbdir, "bdb-logs"), 0700)
+ if not os.path.isdir(os.path.join(dbdir, "tmp")):
+ os.makedirs(os.path.join(dbdir, "tmp"), 0700)
+
+ setup_file(self.setup_path("DB_CONFIG"), os.path.join(dbdir, "DB_CONFIG"),
+ {"LDAPDBDIR": dbdir})
+
def provision(self):
# Wipe the directories so we can start
- shutil.rmtree(os.path.join(self.paths.ldapdir, "db"), True)
+ shutil.rmtree(os.path.join(self.ldapdir, "db"), True)
#Allow the test scripts to turn off fsync() for OpenLDAP as for TDB and LDB
nosync_config = ""
@@ -405,15 +417,15 @@ class OpenLDAPBackend(LDAPBackend):
{ "RID" : str(rid),
"LDAPSERVER" : url})
- setup_file(self.setup_path("olc_seed.ldif"), self.paths.olcseedldif,
+ setup_file(self.setup_path("olc_seed.ldif"), self.olcseedldif,
{"OLC_SERVER_ID_CONF": olc_serverids_config,
"OLC_PW": self.ldapadminpass,
"OLC_SYNCREPL_CONF": olc_syncrepl_seed_config})
# end olc
- setup_file(self.setup_path("slapd.conf"), self.paths.slapdconf,
+ setup_file(self.setup_path("slapd.conf"), self.slapdconf,
{"DNSDOMAIN": self.names.dnsdomain,
- "LDAPDIR": self.paths.ldapdir,
+ "LDAPDIR": self.ldapdir,
"DOMAINDN": self.names.domaindn,
"CONFIGDN": self.names.configdn,
"SCHEMADN": self.names.schemadn,
@@ -430,26 +442,26 @@ class OpenLDAPBackend(LDAPBackend):
"INDEX_CONFIG": index_config,
"NOSYNC": nosync_config})
- setup_db_config(self.setup_path, os.path.join(self.paths.ldapdir, "db", "user"))
- setup_db_config(self.setup_path, os.path.join(self.paths.ldapdir, "db", "config"))
- setup_db_config(self.setup_path, os.path.join(self.paths.ldapdir, "db", "schema"))
+ self.setup_db_config(os.path.join(self.ldapdir, "db", "user"))
+ self.setup_db_config(os.path.join(self.ldapdir, "db", "config"))
+ self.setup_db_config(os.path.join(self.ldapdir, "db", "schema"))
- if not os.path.exists(os.path.join(self.paths.ldapdir, "db", "samba", "cn=samba")):
- os.makedirs(os.path.join(self.paths.ldapdir, "db", "samba", "cn=samba"), 0700)
+ if not os.path.exists(os.path.join(self.ldapdir, "db", "samba", "cn=samba")):
+ os.makedirs(os.path.join(self.ldapdir, "db", "samba", "cn=samba"), 0700)
setup_file(self.setup_path("cn=samba.ldif"),
- os.path.join(self.paths.ldapdir, "db", "samba", "cn=samba.ldif"),
+ os.path.join(self.ldapdir, "db", "samba", "cn=samba.ldif"),
{ "UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
setup_file(self.setup_path("cn=samba-admin.ldif"),
- os.path.join(self.paths.ldapdir, "db", "samba", "cn=samba", "cn=samba-admin.ldif"),
+ os.path.join(self.ldapdir, "db", "samba", "cn=samba", "cn=samba-admin.ldif"),
{"LDAPADMINPASS_B64": b64encode(self.ldapadminpass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
if self.ol_mmr_urls is not None:
setup_file(self.setup_path("cn=replicator.ldif"),
- os.path.join(self.paths.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"),
+ os.path.join(self.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"),
{"MMR_PASSWORD_B64": b64encode(mmr_pass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
@@ -460,7 +472,7 @@ class OpenLDAPBackend(LDAPBackend):
backend_schema_data = self.schema.ldb.convert_schema_to_openldap("openldap", open(self.setup_path(mapping), 'r').read())
assert backend_schema_data is not None
- open(os.path.join(self.paths.ldapdir, backend_schema), 'w').write(backend_schema_data)
+ open(os.path.join(self.ldapdir, backend_schema), 'w').write(backend_schema_data)
# now we generate the needed strings to start slapd automatically,
# first ldapi_uri...
@@ -478,7 +490,7 @@ class OpenLDAPBackend(LDAPBackend):
# Prepare the 'result' information - the commands to return in particular
self.slapd_provision_command = [self.slapd_path]
- self.slapd_provision_command.append("-F" + self.paths.olcdir)
+ self.slapd_provision_command.append("-F" + self.olcdir)
self.slapd_provision_command.append("-h")
@@ -504,10 +516,10 @@ class OpenLDAPBackend(LDAPBackend):
sys.exit(0)
# Finally, convert the configuration into cn=config style!
- if not os.path.isdir(self.paths.olcdir):
- os.makedirs(self.paths.olcdir, 0770)
+ if not os.path.isdir(self.olcdir):
+ os.makedirs(self.olcdir, 0770)
- retcode = subprocess.call([self.slapd_path, "-Ttest", "-f", self.paths.slapdconf, "-F", self.paths.olcdir], close_fds=True, shell=False)
+ retcode = subprocess.call([self.slapd_path, "-Ttest", "-f", self.slapdconf, "-F", self.olcdir], close_fds=True, shell=False)
# We can't do this, as OpenLDAP is strange. It gives an error
# output to the above, but does the conversion sucessfully...
@@ -515,11 +527,11 @@ class OpenLDAPBackend(LDAPBackend):
# if retcode != 0:
# raise ProvisioningError("conversion from slapd.conf to cn=config failed")
- if not os.path.exists(os.path.join(self.paths.olcdir, "cn=config.ldif")):
+ if not os.path.exists(os.path.join(self.olcdir, "cn=config.ldif")):
raise ProvisioningError("conversion from slapd.conf to cn=config failed")
# Don't confuse the admin by leaving the slapd.conf around
- os.remove(self.paths.slapdconf)
+ os.remove(self.slapdconf)
class FDSBackend(LDAPBackend):
@@ -551,21 +563,22 @@ class FDSBackend(LDAPBackend):
self.root = root
self.setup_ds_path = setup_ds_path
+ self.ldap_instance = self.names.netbiosname.lower()
self.sambadn = "CN=Samba"
- self.fedoradsinf = os.path.join(paths.ldapdir, "fedorads.inf")
- self.partitions_ldif = os.path.join(paths.ldapdir, "fedorads-partitions.ldif")
- self.sasl_ldif = os.path.join(paths.ldapdir, "fedorads-sasl.ldif")
- self.dna_ldif = os.path.join(paths.ldapdir, "fedorads-dna.ldif")
- self.pam_ldif = os.path.join(paths.ldapdir, "fedorads-pam.ldif")
- self.refint_ldif = os.path.join(paths.ldapdir, "fedorads-refint.ldif")
- self.linked_attrs_ldif = os.path.join(paths.ldapdir, "fedorads-linked-attributes.ldif")
- self.index_ldif = os.path.join(paths.ldapdir, "fedorads-index.ldif")
- self.samba_ldif = os.path.join(paths.ldapdir, "fedorads-samba.ldif")
+ self.fedoradsinf = os.path.join(self.ldapdir, "fedorads.inf")
+ self.partitions_ldif = os.path.join(self.ldapdir, "fedorads-partitions.ldif")
+ self.sasl_ldif = os.path.join(self.ldapdir, "fedorads-sasl.ldif")
+ self.dna_ldif = os.path.join(self.ldapdir, "fedorads-dna.ldif")
+ self.pam_ldif = os.path.join(self.ldapdir, "fedorads-pam.ldif")
+ self.refint_ldif = os.path.join(self.ldapdir, "fedorads-refint.ldif")
+ self.linked_attrs_ldif = os.path.join(self.ldapdir, "fedorads-linked-attributes.ldif")
+ self.index_ldif = os.path.join(self.ldapdir, "fedorads-index.ldif")
+ self.samba_ldif = os.path.join(self.ldapdir, "fedorads-samba.ldif")
self.samba3_schema = self.setup_path("../../examples/LDAP/samba.schema")
- self.samba3_ldif = os.path.join(self.paths.ldapdir, "samba3.ldif")
+ self.samba3_ldif = os.path.join(self.ldapdir, "samba3.ldif")
self.retcode = subprocess.call(["bin/oLschema2ldif", "-H", "NONE",
"-I", self.samba3_schema,
@@ -594,8 +607,9 @@ class FDSBackend(LDAPBackend):
{"ROOT": self.root,
"HOSTNAME": self.hostname,
"DNSDOMAIN": self.names.dnsdomain,
- "LDAPDIR": self.paths.ldapdir,
+ "LDAPDIR": self.ldapdir,
"DOMAINDN": self.names.domaindn,
+ "LDAP_INSTANCE": self.ldap_instance,
"LDAPMANAGERDN": self.names.ldapmanagerdn,
"LDAPMANAGERPASS": self.ldapadminpass,
"SERVERPORT": serverport})
@@ -665,20 +679,20 @@ class FDSBackend(LDAPBackend):
# Build a schema file in Fedora DS format
backend_schema_data = self.schema.ldb.convert_schema_to_openldap("fedora-ds", open(self.setup_path(mapping), 'r').read())
assert backend_schema_data is not None
- open(os.path.join(self.paths.ldapdir, backend_schema), 'w').write(backend_schema_data)
+ open(os.path.join(self.ldapdir, backend_schema), 'w').write(backend_schema_data)
self.credentials.set_bind_dn(self.names.ldapmanagerdn)
# Destory the target directory, or else setup-ds.pl will complain
- fedora_ds_dir = os.path.join(self.paths.ldapdir, "slapd-samba4")
+ fedora_ds_dir = os.path.join(self.ldapdir, "slapd-" + self.ldap_instance)
shutil.rmtree(fedora_ds_dir, True)
- self.slapd_provision_command = [self.slapd_path, "-D", fedora_ds_dir, "-i", self.paths.slapdpid]
+ self.slapd_provision_command = [self.slapd_path, "-D", fedora_ds_dir, "-i", self.slapd_pid]
#In the 'provision' command line, stay in the foreground so we can easily kill it
self.slapd_provision_command.append("-d0")
#the command for the final run is the normal script
- self.slapd_command = [os.path.join(self.paths.ldapdir, "slapd-samba4", "start-slapd")]
+ self.slapd_command = [os.path.join(self.ldapdir, "slapd-" + self.ldap_instance, "start-slapd")]
# If we were just looking for crashes up to this point, it's a
# good time to exit before we realise we don't have Fedora DS on
@@ -699,7 +713,7 @@ class FDSBackend(LDAPBackend):
# Load samba-admin
retcode = subprocess.call([
- os.path.join(self.paths.ldapdir, "slapd-samba4", "ldif2db"), "-s", self.sambadn, "-i", self.samba_ldif],
+ os.path.join(self.ldapdir, "slapd-" + self.ldap_instance, "ldif2db"), "-s", self.sambadn, "-i", self.samba_ldif],
close_fds=True, shell=False)
if retcode != 0:
raise ProvisioningError("ldif2db failed")
@@ -707,14 +721,7 @@ class FDSBackend(LDAPBackend):
def post_setup(self):
ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
- # delete default SASL mappings
- res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"])
-
# configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket)
- for i in range (0, len(res)):
- dn = str(res[i]["dn"])
- ldapi_db.delete(dn)
-
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
m = ldb.Message()
diff --git a/source4/setup/fedorads-sasl.ldif b/source4/setup/fedorads-sasl.ldif
index 99bb6a7..d0f954f 100644
--- a/source4/setup/fedorads-sasl.ldif
+++ b/source4/setup/fedorads-sasl.ldif
@@ -7,3 +7,14 @@ nsSaslMapRegexString: ^samba-admin$
nsSaslMapBaseDNTemplate: CN=samba-admin,${SAMBADN}
nsSaslMapFilterTemplate: (objectclass=*)
+dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config
+changetype: delete
--
Samba Shared Repository
More information about the samba-cvs
mailing list