[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Sep 26 08:41:02 UTC 2018
The branch, master has been updated
via 36cb85b samba-tool domain backup: fix py2.6 incompatible format
via 4e592c9 domain_backup test: fix py2.6 incompatible format
via 26dd30d join: Support site detection when --server is specified
via 9e81d43 join: Avoid duplicating "Default-First-Site-Name" string
via 89543af selftest: Test join against DC with non-default site
via 696fa6a selftest: Change backup testenvs to use non-default site
via ce57a80 netcmd: Re-create default site for backup-restore (if missing)
via ad69aaf tests: Add test-case for restore into non-default site
via e1f255a netcmd: Add --site option when restoring a domain
via 2055b71 netcmd: Tweak backup-offline output to avoid subunit truncation
from 08a5fbd s3: Fix the build when compiling without JSON support
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 36cb85be726e03c482b82f0af7eed2c81f8df35a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 21 11:26:35 2018 +1200
samba-tool domain backup: fix py2.6 incompatible format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Sep 26 10:40:49 CEST 2018 on sn-devel-144
commit 4e592c91677db506761e872ef428ce02fca340da
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 21 11:18:19 2018 +1200
domain_backup test: fix py2.6 incompatible format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 26dd30d6d3e677ce465de174ebbfad38bbb15140
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Sep 19 10:44:48 2018 +1200
join: Support site detection when --server is specified
When a new DC is joined to the domain, samba-tool would automatically
detect an appropriate site for the new DC. However, it only did this if
the --server option wasn't specified. The new DC's site got
automatically updated as part of the finddc() work, however, this step
gets skipped if we already know the server DC to join to.
In other words, if Default-First-Site-Name doesn't exist and you specify
--server in the join, then you have to also specify --site manually,
otherwise the command fails. This is precisely what's happening in the
join_ldapcmp.sh test, now that the backupfromdc testenv no longer has the
Default-First-Site-Name present.
This patch adds a new find_dc_site() function which uses the same
net.finddc() API (except based on the server-address rather than
domain-name). Assigning DEFAULTSITE has been moved so that it only
gets done if finddc() can't determine the site.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9e81d43ac34049c602e18c03b8332bcee48ba8ce
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Sep 19 10:21:12 2018 +1200
join: Avoid duplicating "Default-First-Site-Name" string
The provision code already defines "Default-First-Site-Name" so we might
as well reuse it.
The join.py already uses a suitable default, so assigning the default in
the domain netcmd code is unnecessary.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 89543af0e8ec392a9f50599ee819496eef53f02f
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Sep 20 13:08:50 2018 +1200
selftest: Test join against DC with non-default site
Recent changes around restoring a domain that lacked
Default-First-Site-Name highlighted a problem. Normally when you join a
DC to a domain, samba-tool works out the correct site to use
automatically. However, if the join uses '--server' to select a DC, then
this doesn't work. It defaults back to Default-First-Site-Name, and the
join command fails if this site doesn't exist.
All the testenvs had Default-First-Site-Name present, so this was never
tested. Now the backupfromdc no longer has a Default-First-Site-Name
site, so running a simple join against that DC fails, highlighting the
problem.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 696fa6a1e6c615a992a3016ff32405b864b62eec
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Sep 18 16:30:15 2018 +1200
selftest: Change backup testenvs to use non-default site
Previously (i.e. up until the last patch) the backup/restore commands
only worked if the Default-First-Site-Name site was present. If this
site didn't exist, then the various restore testenvs would fail to
start. This is now fixed, but this patch changes the backupfrom testenv
so that it uses a non-default site. This will detect the problem if it
is ever re-introduced.
To do this we need to change provision_ad_dc() so the
extra_provision_options can be specified as an argument. (Note that Perl
treats undef the same as an empty array).
By default, the restore will add the new DC into the
Default-First-Site-Name site. This means the backupfromdc and restored
testenvs will now have different sites, so we need to update the ldapcmp
filters to exclude site-specific attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ce57a800c9bed7e6876cdc0baf3a2d5fdc879ecf
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Sep 18 14:54:51 2018 +1200
netcmd: Re-create default site for backup-restore (if missing)
Normally when a new DC joins a domain, samba-tool works out the new
DC's site automatically. However, it does this by querying the existing
DC using CLDAP. In the restore case, there is no DC running. We could
still query the DB on disk and work out the correct site based on the
new DC's IP, however:
- comparing between the CN=Subnet DNs and an IP-address string seems
like it'd be non-trivial to write, and
- in the lab-domain rename case, chances are the user will want a
completely different subnet to what's already in the DB.
The restore command now has a --site option so the user can specify an
appropriate site for the restored DC. This patch makes the restore
command work by default (i.e. without a --site option) even if the
default Default-First-Site-Name doesn't exist. Basically the solution is
to just check Default-First-Site-Name exists and create it if it
doesn't. As the recommended workflow is to use the restored DC as a
temporary seed that you'll later throw away, this approach seems
acceptable. Subsequent DCs will then be joined to the running restored
DC, so an appropriate site will be determined using CLDAP. The only
side-effect is potentially an extra Site object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ad69aaf7e13435111fc990954ff0bc81ed5325c5
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Sep 18 17:23:48 2018 +1200
tests: Add test-case for restore into non-default site
Add a test-case that exercises the new '--site' restore option and
ensures the restored DC gets added to the correct site.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e1f255a4d54b59924295ea875fdef62ccebb8811
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Sep 17 15:36:21 2018 +1200
netcmd: Add --site option when restoring a domain
Restoring a backup only worked if the Default-First-Site-Name site was
still present. When the new restored DC account is created, it was
trying to add the new server's DN under CN=Default-First-Site-Name.
However, if the original domain was setup using a different site, then
the restore would fail because the DN didn't exist.
When running the restore command, you should be able to specify the
site that you want the new/restored DC to be in (same as during a
DC 'join'). Passing the correct --site argument is one way to avoid
this problem. (A subsequent patch will further improve the tool so it
can work around non-default sites automatically).
Note we also need to pass the site through to where the new DNS entries
get registered (in the rename case).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2055b710abe768bfb170987f38f05af1a35df866
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Sep 18 15:24:36 2018 +1200
netcmd: Tweak backup-offline output to avoid subunit truncation
Currently a backup-offline test is occasionally flapping in autobuild,
however, the output is truncated so we can't see what the actual problem
is. The output only ever contains the list of backup dirs. I suspect
that the ']' character printed at the end of the python list might be
getting interpretted by subunit as the end of *all* the output.
If so, we should be able to avoid the problem by printing the list items
without the '['/']'s, i.e. join the list into a single string.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/join.py | 24 ++++++++++++---
python/samba/netcmd/domain.py | 3 --
python/samba/netcmd/domain_backup.py | 53 ++++++++++++++++++++++++---------
python/samba/tests/domain_backup.py | 40 +++++++++++++++++++++++--
selftest/target/Samba4.pm | 15 ++++++----
source4/selftest/tests.py | 5 ++++
testprogs/blackbox/ldapcmp_restoredc.sh | 3 ++
7 files changed, 114 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/join.py b/python/samba/join.py
index 38a1545..3869947 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -30,7 +30,8 @@ from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs, dnsserver, dnsp
from samba.dsdb import DS_DOMAIN_FUNCTION_2003
from samba.credentials import Credentials, DONT_USE_KERBEROS
-from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
+from samba.provision import (secretsdb_self_join, provision, provision_fill,
+ FILL_DRS, FILL_SUBDOMAIN, DEFAULTSITE)
from samba.provision.common import setup_path
from samba.schema import Schema
from samba import descriptor
@@ -67,8 +68,6 @@ class DCJoinContext(object):
machinepass=None, use_ntvfs=False, dns_backend=None,
promote_existing=False, plaintext_secrets=False,
backend_store=None, forced_local_samdb=None):
- if site is None:
- site = "Default-First-Site-Name"
ctx.logger = logger
ctx.creds = creds
@@ -95,7 +94,13 @@ class DCJoinContext(object):
ctx.samdb = forced_local_samdb
ctx.server = ctx.samdb.url
else:
- if not ctx.server:
+ if ctx.server:
+ # work out the DC's site (if not already specified)
+ if site is None:
+ ctx.site = ctx.find_dc_site(ctx.server)
+ else:
+ # work out the Primary DC for the domain (as well as an
+ # appropriate site for the new DC)
ctx.logger.info("Finding a writeable DC for domain '%s'" % domain)
ctx.server = ctx.find_dc(domain)
ctx.logger.info("Found DC %s" % ctx.server)
@@ -103,6 +108,9 @@ class DCJoinContext(object):
session_info=system_session(),
credentials=ctx.creds, lp=ctx.lp)
+ if ctx.site is None:
+ ctx.site = DEFAULTSITE
+
try:
ctx.samdb.search(scope=ldb.SCOPE_ONELEVEL, attrs=["dn"])
except ldb.LdbError as e4:
@@ -347,6 +355,14 @@ class DCJoinContext(object):
ctx.site = ctx.cldap_ret.client_site
return ctx.cldap_ret.pdc_dns_name
+ def find_dc_site(ctx, server):
+ site = None
+ cldap_ret = ctx.net.finddc(address=server,
+ flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
+ if cldap_ret.client_site is not None and cldap_ret.client_site != "":
+ site = cldap_ret.client_site
+ return site
+
def get_behavior_version(ctx):
res = ctx.samdb.search(base=ctx.base_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-Behavior-Version"])
if "msDS-Behavior-Version" in res[0]:
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index e90266d..ce4f36a 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -688,9 +688,6 @@ class cmd_domain_join(Command):
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
- if site is None:
- site = "Default-First-Site-Name"
-
logger = self.get_logger()
if verbose:
logger.setLevel(logging.DEBUG)
diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index bff2bdd..5ddc1c1 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -36,7 +36,7 @@ from samba.netcmd import Option, CommandError
from samba.dcerpc import misc, security
from samba import Ldb
from . fsmo import cmd_fsmo_seize
-from samba.provision import make_smbconf
+from samba.provision import make_smbconf, DEFAULTSITE
from samba.upgradehelpers import update_krbtgt_account_password
from samba.remove_dc import remove_dc
from samba.provision import secretsdb_self_join
@@ -51,6 +51,7 @@ from samba.mdb_util import mdb_copy
import errno
import tdb
from subprocess import CalledProcessError
+from samba import sites
# work out a SID (based on a free RID) to use when the domain gets restored.
@@ -104,7 +105,7 @@ def get_timestamp():
def backup_filepath(targetdir, name, time_str):
- filename = 'samba-backup-{}-{}.tar.bz2'.format(name, time_str)
+ filename = 'samba-backup-%s-%s.tar.bz2' % (name, time_str)
return os.path.join(targetdir, filename)
@@ -163,9 +164,9 @@ def set_admin_password(logger, samdb):
# match the admin user by RID
domainsid = samdb.get_domain_sid()
- match_admin = "(objectsid={}-{})".format(domainsid,
- security.DOMAIN_RID_ADMINISTRATOR)
- search_expr = "(&(objectClass=user){})".format(match_admin)
+ match_admin = "(objectsid=%s-%s)" % (domainsid,
+ security.DOMAIN_RID_ADMINISTRATOR)
+ search_expr = "(&(objectClass=user)%s)" % (match_admin,)
# retrieve the admin username (just in case it's been renamed)
res = samdb.search(base=samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
@@ -295,6 +296,7 @@ class cmd_domain_backup_restore(cmd_fsmo_seize):
help="set IPv4 ipaddress"),
Option("--host-ip6", type="string", metavar="IP6ADDRESS",
help="set IPv6 ipaddress"),
+ Option("--site", help="Site to add the new server in", type=str),
]
takes_optiongroups = {
@@ -303,7 +305,7 @@ class cmd_domain_backup_restore(cmd_fsmo_seize):
}
def register_dns_zone(self, logger, samdb, lp, ntdsguid, host_ip,
- host_ip6):
+ host_ip6, site):
'''
Registers the new realm's DNS objects when a renamed domain backup
is restored.
@@ -330,7 +332,7 @@ class cmd_domain_backup_restore(cmd_fsmo_seize):
# Add the DNS objects for the new realm (note: the backup clone already
# has the root server objects, so don't add them again)
- fill_dns_data_partitions(samdb, domainsid, names.sitename, domaindn,
+ fill_dns_data_partitions(samdb, domainsid, site, domaindn,
forestdn, dnsdomain, dnsforest, hostname,
host_ip, host_ip6, domainguid, ntdsguid,
dnsadmins_sid, add_root=False)
@@ -360,8 +362,23 @@ class cmd_domain_backup_restore(cmd_fsmo_seize):
chk.check_database(controls=controls, attrs=attrs)
samdb.transaction_commit()
+ def create_default_site(self, samdb, logger):
+ '''Creates the default site, if it doesn't already exist'''
+
+ sitename = DEFAULTSITE
+ search_expr = "(&(cn={0})(objectclass=site))".format(sitename)
+ res = samdb.search(samdb.get_config_basedn(), scope=ldb.SCOPE_SUBTREE,
+ expression=search_expr)
+
+ if len(res) == 0:
+ logger.info("Creating default site '{0}'".format(sitename))
+ sites.create_site(samdb, samdb.get_config_basedn(), sitename)
+
+ return sitename
+
def run(self, sambaopts=None, credopts=None, backup_file=None,
- targetdir=None, newservername=None, host_ip=None, host_ip6=None):
+ targetdir=None, newservername=None, host_ip=None, host_ip6=None,
+ site=None):
if not (backup_file and os.path.exists(backup_file)):
raise CommandError('Backup file not found.')
if targetdir is None:
@@ -405,6 +422,13 @@ class cmd_domain_backup_restore(cmd_fsmo_seize):
samdb_path = os.path.join(private_dir, 'sam.ldb')
samdb = SamDB(url=samdb_path, session_info=system_session(), lp=lp)
+ if site is None:
+ # There's no great way to work out the correct site to add the
+ # restored DC to. By default, add it to Default-First-Site-Name,
+ # creating the site if it doesn't already exist
+ site = self.create_default_site(samdb, logger)
+ logger.info("Adding new DC to site '{0}'".format(site))
+
# Create account using the join_add_objects function in the join object
# We need namingContexts, account control flags, and the sid saved by
# the backup process.
@@ -413,7 +437,7 @@ class cmd_domain_backup_restore(cmd_fsmo_seize):
ncs = [str(r) for r in res[0].get('namingContexts')]
creds = credopts.get_credentials(lp)
- ctx = DCJoinContext(logger, creds=creds, lp=lp,
+ ctx = DCJoinContext(logger, creds=creds, lp=lp, site=site,
forced_local_samdb=samdb,
netbios_name=newservername)
ctx.nc_list = ncs
@@ -451,7 +475,7 @@ class cmd_domain_backup_restore(cmd_fsmo_seize):
# know the new DC's IP address)
if is_rename:
self.register_dns_zone(logger, samdb, lp, ctx.ntds_guid,
- host_ip, host_ip6)
+ host_ip, host_ip6, site)
secrets_path = os.path.join(private_dir, 'secrets.ldb')
secrets_ldb = Ldb(secrets_path, session_info=system_session(), lp=lp)
@@ -826,7 +850,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
raise e
raise copy_err
if not os.path.exists(backup_path):
- s = "tdbbackup said backup succeeded but {} not found"
+ s = "tdbbackup said backup succeeded but {0} not found"
raise CommandError(s.format(backup_path))
def offline_mdb_copy(self, path):
@@ -917,7 +941,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
backup_dirs = [paths.private_dir, paths.state_dir,
os.path.dirname(paths.smbconf)] # etc dir
- logger.info('running backup on dirs: {}'.format(backup_dirs))
+ logger.info('running backup on dirs: {0}'.format(' '.join(backup_dirs)))
# Recursively get all file paths in the backup directories
all_files = []
@@ -1002,8 +1026,9 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
tar.add(path, arcname=arc_path)
tar.close()
- os.rename(temp_tar_name, os.path.join(targetdir,
- 'samba-backup-{}.tar.bz2'.format(time_str)))
+ os.rename(temp_tar_name,
+ os.path.join(targetdir,
+ 'samba-backup-{0}.tar.bz2'.format(time_str)))
os.rmdir(temp_tar_dir)
logger.info('Backup succeeded.')
diff --git a/python/samba/tests/domain_backup.py b/python/samba/tests/domain_backup.py
index 9699ed0..98863db 100644
--- a/python/samba/tests/domain_backup.py
+++ b/python/samba/tests/domain_backup.py
@@ -27,6 +27,7 @@ from samba.auth import system_session
from samba import Ldb, dn_from_dns_name
from samba.netcmd.fsmo import get_fsmo_roleowner
import re
+from samba import sites
def get_prim_dom(secrets_path, lp):
@@ -149,6 +150,32 @@ class DomainBackupBase(SambaToolCmdTest, TestCaseInTempDir):
# assert that we don't find user secrets in the DB
self.check_restored_database(lp, expect_secrets=False)
+ def _test_backup_restore_into_site(self):
+ """Does a backup and restores into a non-default site"""
+
+ # create a new non-default site
+ sitename = "Test-Site-For-Backups"
+ sites.create_site(self.ldb, self.ldb.get_config_basedn(), sitename)
+ self.addCleanup(sites.delete_site, self.ldb,
+ self.ldb.get_config_basedn(), sitename)
+
+ # restore the backup DC into the site we just created
+ backup_file = self.create_backup()
+ self.restore_backup(backup_file, ["--site=" + sitename])
+
+ lp = self.check_restored_smbconf()
+ restored_ldb = self.check_restored_database(lp)
+
+ # check the restored DC was added to the site we created, i.e. there's
+ # an entry matching the new DC sitting underneath the site DN
+ site_dn = "CN={0},CN=Sites,{1}".format(sitename,
+ restored_ldb.get_config_basedn())
+ match_server = "(&(objectClass=server)(cn={0}))".format(self.new_server)
+ res = restored_ldb.search(site_dn, scope=ldb.SCOPE_SUBTREE,
+ expression=match_server)
+ self.assertTrue(len(res) == 1,
+ "Failed to find new DC under site")
+
def create_smbconf(self, settings):
"""Creates a very basic smb.conf to pass to the restore tool"""
@@ -293,9 +320,9 @@ class DomainBackupBase(SambaToolCmdTest, TestCaseInTempDir):
"CN=Infrastructure,DC=ForestDnsZones," + forest_dn}
for role, dn in fsmos.items():
owner = get_fsmo_roleowner(samdb, ldb.Dn(samdb, dn), role)
- self.assertTrue("CN={},".format(server) in owner.extended_str(),
+ self.assertTrue("CN={0},".format(server) in owner.extended_str(),
"Expected %s to own FSMO role %s" % (server, role))
- self.assertTrue("CN={},".format(exclude_server)
+ self.assertTrue("CN={0},".format(exclude_server)
not in owner.extended_str(),
"%s found as FSMO %s role owner" % (server, role))
@@ -372,6 +399,9 @@ class DomainBackupOnline(DomainBackupBase):
def test_backup_restore_no_secrets(self):
self._test_backup_restore_no_secrets()
+ def test_backup_restore_into_site(self):
+ self._test_backup_restore_into_site()
+
class DomainBackupRename(DomainBackupBase):
@@ -400,6 +430,9 @@ class DomainBackupRename(DomainBackupBase):
def test_backup_restore_no_secrets(self):
self._test_backup_restore_no_secrets()
+ def test_backup_restore_into_site(self):
+ self._test_backup_restore_into_site()
+
def test_backup_invalid_args(self):
"""Checks that rename commands with invalid args are rejected"""
@@ -524,3 +557,6 @@ class DomainBackupOffline(DomainBackupBase):
def test_backup_restore(self):
self._test_backup_restore()
+
+ def test_backup_restore_into_site(self):
+ self._test_backup_restore_into_site()
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 68038fb..dc25e13 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1861,7 +1861,8 @@ sub read_config_h($)
sub provision_ad_dc($$$$$$)
{
- my ($self, $prefix, $hostname, $domain, $realm, $smbconf_args) = @_;
+ my ($self, $prefix, $hostname, $domain, $realm, $smbconf_args,
+ $extra_provision_options) = @_;
my $prefix_abs = abs_path($prefix);
@@ -1972,7 +1973,6 @@ sub provision_ad_dc($$$$$$)
copy = print1
";
- my $extra_provision_options = undef;
push (@{$extra_provision_options}, "--backend-store=mdb");
print "PROVISIONING AD DC...\n";
my $ret = $self->provision($prefix,
@@ -2538,7 +2538,7 @@ sub setup_ad_dc
}
my $env = $self->provision_ad_dc($path, "addc", "ADDOMAIN",
- "addom.samba.example.com", "");
+ "addom.samba.example.com", "", undef);
unless ($env) {
return undef;
}
@@ -2565,7 +2565,7 @@ sub setup_ad_dc_no_nss
}
my $env = $self->provision_ad_dc($path, "addc_no_nss", "ADNONSSDOMAIN",
- "adnonssdom.samba.example.com", "");
+ "adnonssdom.samba.example.com", "", undef);
unless ($env) {
return undef;
}
@@ -2596,7 +2596,7 @@ sub setup_ad_dc_no_ntlm
my $env = $self->provision_ad_dc($path, "addc_no_ntlm", "ADNONTLMDOMAIN",
"adnontlmdom.samba.example.com",
- "ntlm auth = disabled");
+ "ntlm auth = disabled", undef);
unless ($env) {
return undef;
}
@@ -2627,8 +2627,11 @@ sub setup_backupfromdc
return "UNKNOWN";
}
+ my $provision_args = ["--site=Backup-Site"];
+
my $env = $self->provision_ad_dc($path, "backupfromdc", "BACKUPDOMAIN",
- "backupdom.samba.example.com", "");
+ "backupdom.samba.example.com", "",
+ $provision_args);
unless ($env) {
return undef;
}
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index e391486..c841131 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -852,6 +852,11 @@ for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
["PYTHON=%s" % python,
os.path.join(bbdir, "ldapcmp_restoredc.sh"),
'$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
+
+# we also test joining backupfromdc here, as it's a bit special in that it
+# doesn't have Default-First-Site-Name
+for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
+ 'labdc']:
# basic test that we can join the testenv DC
plantestsuite("samba4.blackbox.join_ldapcmp", env,
["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
diff --git a/testprogs/blackbox/ldapcmp_restoredc.sh b/testprogs/blackbox/ldapcmp_restoredc.sh
index 51951ba..d7a51ae 100755
--- a/testprogs/blackbox/ldapcmp_restoredc.sh
+++ b/testprogs/blackbox/ldapcmp_restoredc.sh
@@ -55,6 +55,9 @@ ldapcmp_with_orig() {
# these are just differences between provisioning a domain and joining a DC
IGNORE_ATTRS="$IGNORE_ATTRS,localPolicyFlags,operatingSystem,displayName"
+ # the restored DC may use a different side compared to the original DC
+ IGNORE_ATTRS="$IGNORE_ATTRS,serverReferenceBL,msDS-IsDomainFor"
+
LDAPCMP_CMD="$PYTHON $BINDIR/samba-tool ldapcmp"
$LDAPCMP_CMD $DB1_PATH $DB2_PATH --two --filter=$IGNORE_ATTRS $BASE_DN_OPTS
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list