[SCM] Samba Shared Repository - branch master updated
Nadezhda Ivanova
nivanova at samba.org
Thu Sep 26 07:32:02 CEST 2013
The branch, master has been updated
via fc486d8 s4-openldap: Restored openldap-related options to the provision script
from 58cb40d build: get rid of vars=locals() in source3/lib/netapi/examples/wscript_build
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fc486d861c4c616407725b7adfa7cec712526c9a
Author: Nadezhda Ivanova <nivanova at symas.com>
Date: Tue Sep 24 10:26:05 2013 -0700
s4-openldap: Restored openldap-related options to the provision script
At the moment they are only available if TEST_LDAP=yes to avoid accidental use
as the openldap backend is still failing some tests
Signed-off-by: Nadezhda Ivanova <nivanova at symas.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova at samba.org>
Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
python/samba/netcmd/domain.py | 38 +++++++++++++++++++--
python/samba/provision/__init__.py | 12 ++++--
python/samba/provision/backend.py | 10 +++---
source4/setup/tests/blackbox_provision-backend.sh | 12 +++---
4 files changed, 54 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index e7269c6..0698928 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -214,6 +214,21 @@ class cmd_domain_provision(Command):
Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
]
+
+ openldap_options = [
+ Option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE",
+ action="store_true"),
+ Option("--slapd-path", type="string", metavar="SLAPD-PATH",
+ help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used."),
+ Option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT", help="Additional TCP port for LDAP backend server (to use for replication)"),
+ Option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
+ help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDA"),
+ Option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true"),
+ ]
+
+ if os.getenv('TEST_LDAP', "no") == "yes":
+ takes_options.extend(openldap_options)
+
takes_args = []
def run(self, sambaopts=None, credopts=None, versionopts=None,
@@ -246,8 +261,13 @@ class cmd_domain_provision(Command):
targetdir=None,
ol_mmr_urls=None,
use_xattrs=None,
+ slapd_path=None,
use_ntvfs=None,
- use_rfc2307=None):
+ use_rfc2307=None,
+ ldap_backend_nosync=None,
+ ldap_backend_extra_port=None,
+ ldap_backend_forced_uri=None,
+ ldap_dryrun_mode=None):
self.logger = self.get_logger("provision")
if quiet:
@@ -376,6 +396,14 @@ class cmd_domain_provision(Command):
if eadb:
self.logger.info("not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
+ if ldap_backend_type == "existing":
+ if dap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % ldap_backend_forced_uri)
+ else:
+ logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
+ else:
+ if ldap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less")
session = system_session()
try:
@@ -393,9 +421,13 @@ class cmd_domain_provision(Command):
users=users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
backend_type=ldap_backend_type,
- ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls,
+ ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, slapd_path=slapd_path,
useeadb=eadb, next_rid=next_rid, lp=lp, use_ntvfs=use_ntvfs,
- use_rfc2307=use_rfc2307, skip_sysvolacl=False)
+ use_rfc2307=use_rfc2307, skip_sysvolacl=False,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_backend_forced_uri=ldap_backend_forced_uri,
+ nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
+
except ProvisioningError, e:
raise CommandError("Provision failed", e)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 89f029a..631fff6 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1898,9 +1898,10 @@ def provision(logger, session_info, credentials, smbconf=None,
invocationid=None, machinepass=None, ntdsguid=None,
root=None, nobody=None, users=None, backup=None, aci=None,
serverrole=None, dom_for_fun_level=None, backend_type=None,
- sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false",
+ sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path=None,
useeadb=False, am_rodc=False, lp=None, use_ntvfs=False,
- use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True):
+ use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True,
+ ldap_backend_forced_uri=None, nosync=False, ldap_dryrun_mode=False, ldap_backend_extra_port=None):
"""Provision samba4
:note: caution, this wipes all existing data!
@@ -2072,7 +2073,7 @@ def provision(logger, session_info, credentials, smbconf=None,
provision_backend = ExistingBackend(backend_type, paths=paths,
lp=lp, credentials=credentials,
names=names, logger=logger,
- ldap_backend_forced_uri=None)
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type, paths=paths,
lp=lp, credentials=credentials,
@@ -2085,7 +2086,10 @@ def provision(logger, session_info, credentials, smbconf=None,
lp=lp, credentials=credentials,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
- slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls)
+ slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_dryrun_mode=ldap_dryrun_mode, nosync=nosync,
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
else:
raise ValueError("Unknown LDAP backend type selected")
diff --git a/python/samba/provision/backend.py b/python/samba/provision/backend.py
index af7f07f..93c38f7 100644
--- a/python/samba/provision/backend.py
+++ b/python/samba/provision/backend.py
@@ -154,7 +154,7 @@ class ExistingBackend(ProvisionBackend):
def init(self):
# Check to see that this 'existing' LDAP backend in fact exists
- ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
+ ldapi_db = Ldb(self.ldapi_uri)
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
@@ -163,6 +163,7 @@ class ExistingBackend(ProvisionBackend):
# into the long-term database later in the script.
self.secrets_credentials = self.credentials
+
# For now, assume existing backends at least emulate OpenLDAP
self.ldap_backend_type = "openldap"
@@ -173,7 +174,7 @@ class LDAPBackend(ProvisionBackend):
credentials=None, names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None,
slapd_path=None, ldap_backend_extra_port=None,
- ldap_backend_forced_uri=None, ldap_dryrun_mode=True):
+ ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
@@ -334,7 +335,7 @@ class OpenLDAPBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
credentials=None, names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
- ldap_backend_extra_port=None, ldap_dryrun_mode=True,
+ ldap_backend_extra_port=None, ldap_dryrun_mode=False,
ol_mmr_urls=None, nosync=False, ldap_backend_forced_uri=None):
from samba.provision import setup_path
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
@@ -588,7 +589,6 @@ class OpenLDAPBackend(LDAPBackend):
self.slapd_command = list(self.slapd_provision_command)
self.slapd_provision_command.extend([self.ldap_uri, "-d0"])
-
uris = self.ldap_uri
if server_port_string is not "":
uris = uris + " " + server_port_string
@@ -634,7 +634,7 @@ class FDSBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
credentials=None, names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
- ldap_backend_extra_port=None, ldap_dryrun_mode=True, root=None,
+ ldap_backend_extra_port=None, ldap_dryrun_mode=False, root=None,
setup_ds_path=None):
from samba.provision import setup_path
diff --git a/source4/setup/tests/blackbox_provision-backend.sh b/source4/setup/tests/blackbox_provision-backend.sh
index a65e7fc..5dec621 100755
--- a/source4/setup/tests/blackbox_provision-backend.sh
+++ b/source4/setup/tests/blackbox_provision-backend.sh
@@ -8,17 +8,17 @@ exit 1;
fi
PREFIX="$1"
+export TEST_LDAP="yes"
shift 1
-
. `dirname $0`/../../../testprogs/blackbox/subunit.sh
-testit "openldap-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --use-ntvfs
-testit "openldap-mmr-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux --use-ntvfs
-testit "fedora-ds-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --use-ntvfs
+testit "openldap-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
+testit "openldap-mmr-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
+testit "fedora-ds-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
reprovision() {
- $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --use-ntvfs
- $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --use-ntvfs
+ $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --use-ntvfs --ldap-dryrun-mode --slapd-path=/dev/null
+ $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --use-ntvfs --ldap-dryrun-mode --slapd-path=/dev/null
}
testit "reprovision-backend" reprovision
--
Samba Shared Repository
More information about the samba-cvs
mailing list