[PATCH 1/6] s4: load the domain level of the current provision and create a provision with the same domain level

Fri Nov 27 10:50:04 MST 2009

---
 source4/scripting/bin/upgradeprovision      |   10 ++++++++--
 source4/scripting/python/samba/provision.py |    2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 2f0ce84..9eb3ba3 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -39,7 +39,7 @@ from base64 import b64encode
 import samba
 from samba.credentials import DONT_USE_KERBEROS
 from samba.auth import system_session, admin_session
-from samba import Ldb
+from samba import Ldb, DS_DOMAIN_FUNCTION_2000, DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008_R2
 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
 import ldb
 import samba.getopt as options
@@ -222,10 +222,14 @@ def guess_names_from_current_provision(credentials,session_info,paths):
 	names.ntdsguid = str(ndr_unpack( misc.GUID,res5[0]["objectGUID"][0]))
 
 	# domain guid/sid
-	attrs6 = ["objectGUID", "objectSid", ]
+	attrs6 = ["objectGUID", "objectSid","msDS-Behavior-Version" ]
 	res6 = samdb.search(expression="(objectClass=*)",base=basedn, scope=SCOPE_BASE, attrs=attrs6)
 	names.domainguid = str(ndr_unpack( misc.GUID,res6[0]["objectGUID"][0]))
 	names.domainsid = ndr_unpack( security.dom_sid,res6[0]["objectSid"][0])
+	if res6[0].get("msDS-Behavior-Version") == None or int(res6[0]["msDS-Behavior-Version"][0]) < DS_DOMAIN_FUNCTION_2000:
+		names.domainlevel = DS_DOMAIN_FUNCTION_2000
+	else:
+		names.domainlevel = int(res6[0]["msDS-Behavior-Version"][0])
 
 	# policy guid
 	attrs7 = ["cn","displayName"]
@@ -262,6 +266,7 @@ def print_names(names):
 	message(GUESS, "domainsid   :"+str(names.domainsid))
 	message(GUESS, "domainguid  :"+names.domainguid)
 	message(GUESS, "ntdsguid    :"+names.ntdsguid)
+	message(GUESS, "domainlevel :"+str(names.domainlevel))
 
 # Create a fresh new reference provision
 # This provision will be the reference for knowing what has changed in the
@@ -297,6 +302,7 @@ def newprovision(names,setup_dir,creds,session,smbconf):
 		slapd_path=None,
 		setup_ds_path=None,
 		nosync=None,
+		dom_for_fun_level=names.domainlevel,
 		ldap_dryrun_mode=None)
 	return provdir
 
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index f9f7ec9..44ccaa8 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -839,7 +839,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
     if dom_for_fun_level is None:
         dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
     if dom_for_fun_level < DS_DOMAIN_FUNCTION_2003:
-        raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level lower than Windows 2003 (Native). This isn't supported!")
+        message("You want to run SAMBA 4 on a domain and forest function level lower than Windows 2003 (Native). This is not recommended")
 
     if dom_for_fun_level > domainControllerFunctionality:
         raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008). This won't work!")
-- 
1.6.3.3


--------------040300090101090904090106
Content-Type: text/x-patch;
 name="0003-s4-Handle-the-case-in-secrets.ldb-without-name-attri.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0003-s4-Handle-the-case-in-secrets.ldb-without-name-attri.pa";
 filename*1="tch"

