[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Oct 11 02:28:02 MDT 2013
The branch, master has been updated
via af3138e samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only
via d5077ba join.py: Reconnect to the DC based on the DC name in dnsHostName to allow connection to IPC$
via 5a9265d join.py: Remove special full_ncs handling, we only need to updateRefs on an NC we replicate
via ca7c3fb join.py: Use ctx.forestdns_zone variable
via a8c6dd5 join.py: Correct ctx.forestdns_zone and so remove the need for duplicate repl.replicate() call
via 48b979c provision: Remove --username and --password options from samba-tool domain provision
from a2d45cf provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDN
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit af3138e9b6813ef88698c3e6eeb280c6e988c4cc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 9 11:54:23 2013 +1200
samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only
This skips handling the ForestDNSZone when we are setting up a subdomain.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
commit d5077baee26c593eb55cedf90ae440f50aa32e14
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 25 17:09:30 2013 -0700
join.py: Reconnect to the DC based on the DC name in dnsHostName to allow connection to IPC$
The treeConnect&X of the GUID name fails against Windows 2003.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5a9265de88bd5a1e9582ce57b5c5076826e01a85
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 11 09:47:29 2013 +1300
join.py: Remove special full_ncs handling, we only need to updateRefs on an NC we replicate
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ca7c3fb279ba8367e00053fe344a72af063bdbcd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 11 09:37:41 2013 +1300
join.py: Use ctx.forestdns_zone variable
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a8c6dd54381412201051fdc78f13e60ec9c47de6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 11 09:36:53 2013 +1300
join.py: Correct ctx.forestdns_zone and so remove the need for duplicate repl.replicate() call
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 48b979c4fec39c8d3b9684b4a759715c0f93e9cc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 26 10:19:18 2013 -0700
provision: Remove --username and --password options from samba-tool domain provision
This avoids confusion, because the LDAP backend does not use these,
and they do not set the password for the administrator account either!
This may break support for the 'existing' backend LDAP backend, but
that is nothing more than a stub for future development anyway, and
new work in this area should use EXTERNAL in any case.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/join.py | 25 +++---
python/samba/netcmd/domain.py | 18 ++---
python/samba/provision/__init__.py | 26 +++---
python/samba/provision/backend.py | 52 +++---------
python/samba/provision/common.py | 5 +
python/samba/provision/sambadns.py | 90 +++++++++++++--------
python/samba/upgrade.py | 5 +-
python/samba/upgradehelpers.py | 7 +-
source4/scripting/bin/samba_upgradedns | 5 +-
source4/scripting/bin/samba_upgradeprovision | 2 +-
source4/setup/provision_dnszones_add.ldif | 51 ++----------
source4/setup/provision_dnszones_modify.ldif | 31 ++-----
source4/setup/provision_dnszones_partitions.ldif | 9 +--
source4/setup/tests/blackbox_provision-backend.sh | 2 +-
14 files changed, 135 insertions(+), 193 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/join.py b/python/samba/join.py
index 2379d5f..9cac8f5 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -24,6 +24,7 @@ from samba import gensec, Ldb, drs_utils
import ldb, samba, sys, uuid
from samba.ndr import ndr_pack
from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs
+from samba.dsdb import DS_DOMAIN_FUNCTION_2003
from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
from samba.provision.common import setup_path
@@ -65,7 +66,6 @@ class dc_join(object):
ctx.promote_from_dn = None
ctx.nc_list = []
- ctx.full_nc_list = []
ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
@@ -119,7 +119,7 @@ class dc_join(object):
ctx.dnsdomain = ctx.samdb.domain_dns_name()
ctx.dnsforest = ctx.samdb.forest_dns_name()
ctx.domaindns_zone = 'DC=DomainDnsZones,%s' % ctx.base_dn
- ctx.forestdns_zone = 'DC=ForestDnsZones,%s' % ctx.base_dn
+ ctx.forestdns_zone = 'DC=ForestDnsZones,%s' % ctx.root_dn
res_domaindns = ctx.samdb.search(scope=ldb.SCOPE_ONELEVEL,
attrs=[],
@@ -717,7 +717,7 @@ class dc_join(object):
smbconf = ctx.lp.configfile
- presult = provision(ctx.logger, system_session(), None, smbconf=smbconf,
+ presult = provision(ctx.logger, system_session(), smbconf=smbconf,
targetdir=ctx.targetdir, samdb_fill=FILL_DRS, realm=ctx.realm,
rootdn=ctx.root_dn, domaindn=ctx.base_dn,
schemadn=ctx.schema_dn, configdn=ctx.config_dn,
@@ -766,6 +766,7 @@ class dc_join(object):
presult = provision_fill(ctx.local_samdb, secrets_ldb,
ctx.logger, ctx.names, ctx.paths, domainsid=security.dom_sid(ctx.domsid),
domainguid=domguid,
+ dom_for_fun_level=DS_DOMAIN_FUNCTION_2003,
targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN,
machinepass=ctx.acct_pass, serverrole="active directory domain controller",
lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6,
@@ -830,10 +831,6 @@ class dc_join(object):
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.replica_flags)
- if 'DC=ForestDnsZones,%s' % ctx.root_dn in ctx.nc_list:
- repl.replicate('DC=ForestDnsZones,%s' % ctx.root_dn, source_dsa_invocation_id,
- destination_dsa_guid, rodc=ctx.RODC,
- replica_flags=ctx.replica_flags)
# FIXME At this point we should add an entry in the forestdns and domaindns NC
# (those under CN=Partions,DC=...)
# in order to indicate that we hold a replica for this NC
@@ -879,8 +876,8 @@ class dc_join(object):
# DC we just replicated from then we don't need to send the updatereplicateref
# as replication between sites is time based and on the initiative of the
# requesting DC
- ctx.logger.info("Sending DsReplicateUpdateRefs for all the replicated partitions")
- for nc in ctx.full_nc_list:
+ ctx.logger.info("Sending DsReplicaUpdateRefs for all the replicated partitions")
+ for nc in ctx.nc_list:
ctx.send_DsReplicaUpdateRefs(nc)
if ctx.RODC:
@@ -1057,7 +1054,6 @@ class dc_join(object):
# full_nc_list is the list of naming context (NC) for which we will
# send a updateRef command to the partner DC
ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
- ctx.full_nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
if not ctx.subdomain:
ctx.nc_list += [ctx.base_dn]
@@ -1065,10 +1061,7 @@ class dc_join(object):
ctx.nc_list += [ctx.domaindns_zone]
if ctx.dns_backend != "NONE":
- if not ctx.subdomain:
- ctx.full_nc_list += ['DC=DomainDnsZones,%s' % ctx.base_dn]
- ctx.full_nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
- ctx.nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
+ ctx.nc_list += [ctx.forestdns_zone]
if ctx.promote_existing:
ctx.promote_possible()
@@ -1202,6 +1195,10 @@ def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None,
ctx.samdb = SamDB(url="ldap://%s" % ctx.server,
session_info=system_session(),
credentials=ctx.creds, lp=ctx.lp)
+ res = ctx.samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=['dnsHostName'],
+ controls=[])
+ ctx.server = res[0]["dnsHostName"]
+ logger.info("DNS name of new naming master is %s" % ctx.server)
ctx.base_dn = samba.dn_from_dns_name(dnsdomain)
ctx.domsid = str(security.random_sid())
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 0698928..9824da1 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -67,11 +67,14 @@ from samba.dsdb import (
from samba.credentials import DONT_USE_KERBEROS
from samba.provision import (
provision,
+ ProvisioningError
+ )
+
+from samba.provision.common import (
FILL_FULL,
FILL_NT4SYNC,
- FILL_DRS,
- ProvisioningError,
- )
+ FILL_DRS
+)
def get_testparm_var(testparm, smbconf, varname):
cmd = "%s -s -l --parameter-name='%s' %s 2>/dev/null" % (testparm, varname, smbconf)
@@ -144,7 +147,6 @@ class cmd_domain_provision(Command):
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
- "credopts": options.CredentialsOptions,
}
takes_options = [
@@ -231,7 +233,7 @@ class cmd_domain_provision(Command):
takes_args = []
- def run(self, sambaopts=None, credopts=None, versionopts=None,
+ def run(self, sambaopts=None, versionopts=None,
interactive=None,
domain=None,
domain_guid=None,
@@ -278,10 +280,6 @@ class cmd_domain_provision(Command):
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
- creds = credopts.get_credentials(lp)
-
- creds.set_kerberos_state(DONT_USE_KERBEROS)
-
if dns_forwarder is not None:
suggested_forwarder = dns_forwarder
else:
@@ -408,7 +406,7 @@ class cmd_domain_provision(Command):
session = system_session()
try:
result = provision(self.logger,
- session, creds, smbconf=smbconf, targetdir=targetdir,
+ session, smbconf=smbconf, targetdir=targetdir,
samdb_fill=samdb_fill, realm=realm, domain=domain,
domainguid=domain_guid, domainsid=domain_sid,
hostname=host_name,
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 7f6d96d..d8f353f 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -101,7 +101,11 @@ from samba.provision.common import (
setup_path,
setup_add_ldif,
setup_modify_ldif,
- )
+ FILL_FULL,
+ FILL_SUBDOMAIN,
+ FILL_NT4SYNC,
+ FILL_DRS
+)
from samba.provision.sambadns import (
get_dnsadmins_sid,
setup_ad_dns,
@@ -1462,10 +1466,6 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
return samdb
-FILL_FULL = "FULL"
-FILL_SUBDOMAIN = "SUBDOMAIN"
-FILL_NT4SYNC = "NT4SYNC"
-FILL_DRS = "DRS"
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)"
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)"
SYSVOL_SERVICE="sysvol"
@@ -1795,7 +1795,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
setup_ad_dns(samdb, secrets_ldb, domainsid, names, paths, lp, logger,
hostip=hostip, hostip6=hostip6, dns_backend=dns_backend,
dnspass=dnspass, os_level=dom_for_fun_level,
- targetdir=targetdir, site=DEFAULTSITE)
+ targetdir=targetdir, site=DEFAULTSITE, fill_level=samdb_fill)
domainguid = samdb.searchone(basedn=samdb.get_default_basedn(),
attribute="objectGUID")
@@ -1888,7 +1888,7 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
samdb.transaction_commit()
-def provision(logger, session_info, credentials, smbconf=None,
+def provision(logger, session_info, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domaindn=None, schemadn=None, configdn=None, serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
@@ -2065,25 +2065,25 @@ def provision(logger, session_info, credentials, smbconf=None,
if backend_type == "ldb":
provision_backend = LDBBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger)
elif backend_type == "existing":
# If support for this is ever added back, then the URI will need to be
# specified again
provision_backend = ExistingBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger,
ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
slapd_path=slapd_path,
root=root)
elif backend_type == "openldap":
provision_backend = OpenLDAPBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls,
@@ -2105,7 +2105,7 @@ def provision(logger, session_info, credentials, smbconf=None,
logger.info("Setting up secrets.ldb")
secrets_ldb = setup_secretsdb(paths,
session_info=session_info,
- backend_credentials=provision_backend.secrets_credentials, lp=lp)
+ backend_credentials=provision_backend.credentials, lp=lp)
try:
logger.info("Setting up the registry")
@@ -2227,7 +2227,7 @@ def provision_become_dc(smbconf=None, targetdir=None,
logger = logging.getLogger("provision")
samba.set_debug_level(debuglevel)
- res = provision(logger, system_session(), None,
+ res = provision(logger, system_session(),
smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
configdn=configdn, serverdn=serverdn, domain=domain,
diff --git a/python/samba/provision/backend.py b/python/samba/provision/backend.py
index 93c38f7..1180642 100644
--- a/python/samba/provision/backend.py
+++ b/python/samba/provision/backend.py
@@ -63,19 +63,11 @@ class BackendResult(object):
class LDAPBackendResult(BackendResult):
- def __init__(self, credentials, slapd_command_escaped, ldapdir):
- self.credentials = credentials
+ def __init__(self, slapd_command_escaped, ldapdir):
self.slapd_command_escaped = slapd_command_escaped
self.ldapdir = ldapdir
def report_logger(self, logger):
- if self.credentials.get_bind_dn() is not None:
- logger.info("LDAP Backend Admin DN: %s" %
- self.credentials.get_bind_dn())
- else:
- logger.info("LDAP Admin User: %s" %
- self.credentials.get_username())
-
if self.slapd_command_escaped is not None:
# now display slapd_command_file.txt to show how slapd must be
# started next time
@@ -90,11 +82,11 @@ class LDAPBackendResult(BackendResult):
class ProvisionBackend(object):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None):
+ names=None, logger=None):
"""Provision a backend for samba4"""
self.paths = paths
self.lp = lp
- self.credentials = credentials
+ self.credentials = None
self.names = names
self.logger = logger
@@ -127,7 +119,6 @@ class LDBBackend(ProvisionBackend):
def init(self):
self.credentials = None
- self.secrets_credentials = None
# Wipe the old sam.ldb databases away
shutil.rmtree(self.paths.samdb + ".d", True)
@@ -145,11 +136,11 @@ class LDBBackend(ProvisionBackend):
class ExistingBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, ldapi_uri=None):
+ names=None, logger=None, ldapi_uri=None):
super(ExistingBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
ldap_backend_forced_uri=ldapi_uri)
def init(self):
@@ -158,27 +149,21 @@ class ExistingBackend(ProvisionBackend):
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
- # If we have got here, then we must have a valid connection to the LDAP
- # server, with valid credentials supplied This caused them to be set
- # into the long-term database later in the script.
- self.secrets_credentials = self.credentials
-
-
- # For now, assume existing backends at least emulate OpenLDAP
+ # For now, assume existing backends at least emulate OpenLDAP
self.ldap_backend_type = "openldap"
class LDAPBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
+ names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None,
slapd_path=None, ldap_backend_extra_port=None,
ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger)
+ names=names, logger=logger)
self.domainsid = domainsid
self.schema = schema
@@ -253,19 +238,12 @@ class LDAPBackend(ProvisionBackend):
self.credentials = Credentials()
self.credentials.guess(self.lp)
- # Kerberos to an ldapi:// backend makes no sense
+ # Kerberos to an ldapi:// backend makes no sense (we also force EXTERNAL)
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
+ self.credentials.set_username("samba-admin")
self.credentials.set_password(self.ldapadminpass)
self.credentials.set_forced_sasl_mech("EXTERNAL")
- self.secrets_credentials = Credentials()
- self.secrets_credentials.guess(self.lp)
- # Kerberos to an ldapi:// backend makes no sense
- self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
- self.secrets_credentials.set_username("samba-admin")
- self.secrets_credentials.set_password(self.ldapadminpass)
- self.secrets_credentials.set_forced_sasl_mech("EXTERNAL")
-
self.provision()
def provision(self):
@@ -340,7 +318,7 @@ class OpenLDAPBackend(LDAPBackend):
from samba.provision import setup_path
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
@@ -595,10 +573,6 @@ class OpenLDAPBackend(LDAPBackend):
self.slapd_command.append(uris)
- # Set the username - done here because Fedora DS still uses the admin
- # DN and simple bind
- self.credentials.set_username("samba-admin")
-
# Wipe the old sam.ldb databases away
shutil.rmtree(self.olcdir, True)
os.makedirs(self.olcdir, 0770)
@@ -632,7 +606,7 @@ class OpenLDAPBackend(LDAPBackend):
class FDSBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
+ names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
ldap_backend_extra_port=None, ldap_dryrun_mode=False, root=None,
setup_ds_path=None):
@@ -641,7 +615,7 @@ class FDSBackend(LDAPBackend):
super(FDSBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
diff --git a/python/samba/provision/common.py b/python/samba/provision/common.py
index f96704b..03e2278 100644
--- a/python/samba/provision/common.py
+++ b/python/samba/provision/common.py
@@ -31,6 +31,11 @@ import os
from samba import read_and_sub_file
from samba.param import setup_dir
+FILL_FULL = "FULL"
+FILL_SUBDOMAIN = "SUBDOMAIN"
+FILL_NT4SYNC = "NT4SYNC"
+FILL_DRS = "DRS"
+
def setup_path(file):
"""Return an absolute path to the provision tempate file specified by file"""
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 46cfc89..5fd3805 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -48,7 +48,11 @@ from samba.provision.common import (
setup_path,
setup_add_ldif,
setup_modify_ldif,
- setup_ldb
+ setup_ldb,
+ FILL_FULL,
+ FILL_SUBDOMAIN,
+ FILL_NT4SYNC,
+ FILL_DRS,
)
@@ -230,15 +234,20 @@ class AgingEnabledTimeProperty(dnsp.DnsProperty):
def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
- serverdn):
+ serverdn, fill_level):
domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
descriptor = get_dns_partition_descriptor(domainsid)
+
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
- "DOMAINZONE_DN": domainzone_dn,
- "FORESTZONE_DN": forestzone_dn,
+ "ZONE_DN": domainzone_dn,
"SECDESC" : b64encode(descriptor)
})
+ if fill_level != FILL_SUBDOMAIN:
+ setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
+ "ZONE_DN": forestzone_dn,
+ "SECDESC" : b64encode(descriptor)
+ })
domainzone_guid = get_domainguid(samdb, domainzone_dn)
forestzone_guid = get_domainguid(samdb, forestzone_dn)
@@ -252,25 +261,36 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
protected1_desc = get_domain_delete_protected1_descriptor(domainsid)
protected2_desc = get_domain_delete_protected2_descriptor(domainsid)
setup_add_ldif(samdb, setup_path("provision_dnszones_add.ldif"), {
- "DOMAINZONE_DN": domainzone_dn,
- "FORESTZONE_DN": forestzone_dn,
- "DOMAINZONE_GUID": domainzone_guid,
- "FORESTZONE_GUID": forestzone_guid,
- "DOMAINZONE_DNS": domainzone_dns,
- "FORESTZONE_DNS": forestzone_dns,
+ "ZONE_DN": domainzone_dn,
+ "ZONE_GUID": domainzone_guid,
+ "ZONE_DNS": domainzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc),
})
-
setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), {
"CONFIGDN": configdn,
"SERVERDN": serverdn,
- "DOMAINZONE_DN": domainzone_dn,
- "FORESTZONE_DN": forestzone_dn,
+ "ZONE_DN": domainzone_dn,
})
+ if fill_level != FILL_SUBDOMAIN:
+ setup_add_ldif(samdb, setup_path("provision_dnszones_add.ldif"), {
+ "ZONE_DN": forestzone_dn,
+ "ZONE_GUID": forestzone_guid,
+ "ZONE_DNS": forestzone_dns,
+ "CONFIGDN": configdn,
+ "SERVERDN": serverdn,
+ "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc),
+ "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc),
+ })
+ setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), {
+ "CONFIGDN": configdn,
--
Samba Shared Repository
More information about the samba-cvs
mailing list