[PATCH] s4: Improve provisioning: use relax control
Matthieu Patou
mat at matws.net
Tue Sep 22 15:49:22 MDT 2009
Give the possibility to specify controls when loading ldif files.
Relax control is specified by default for all ldb_add_diff (request Andrew B).
Set domainguid if specified at the creation of object instead of modifying afterward
Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
---
source4/scripting/python/samba/__init__.py | 4 +-
source4/scripting/python/samba/provision.py | 35 ++++++++++++++------------
source4/setup/provision_basedn.ldif | 2 +-
source4/setup/provision_basedn_modify.ldif | 1 -
source4/setup/provision_self_join.ldif | 1 +
5 files changed, 23 insertions(+), 20 deletions(-)
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 82df496..57cefdd 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -234,14 +234,14 @@ class Ldb(ldb.Ldb):
"""
self.add_ldif(open(ldif_path, 'r').read())
- def add_ldif(self, ldif):
+ def add_ldif(self, ldif,controls=None):
"""Add data based on a LDIF string.
:param ldif: LDIF text.
"""
for changetype, msg in self.parse_ldif(ldif):
assert changetype == ldb.CHANGETYPE_NONE
- self.add(msg)
+ self.add(msg,controls)
def modify_ldif(self, ldif):
"""Modify database based on a LDIF string.
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 64491c2..b8bd87c 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -288,17 +288,17 @@ def read_and_sub_file(file, subst_vars):
return data
-def setup_add_ldif(ldb, ldif_path, subst_vars=None):
+def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
"""Setup a ldb in the private dir.
:param ldb: LDB file to import data into
:param ldif_path: Path of the LDIF file to load
:param subst_vars: Optional variables to subsitute in LDIF.
+ :param nocontrols: Optional list of controls, can be None for no controls
"""
assert isinstance(ldif_path, str)
-
data = read_and_sub_file(ldif_path, subst_vars)
- ldb.add_ldif(data)
+ ldb.add_ldif(data,controls)
def setup_modify_ldif(ldb, ldif_path, subst_vars=None):
@@ -874,9 +874,13 @@ def setup_samdb_rootdse(samdb, setup_path, names):
def setup_self_join(samdb, names,
machinepass, dnspass,
domainsid, invocationid, setup_path,
- policyguid, policyguid_dc, domainControllerFunctionality):
+ policyguid, policyguid_dc, domainControllerFunctionality,ntdsguid):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
+ if ntdsguid is not None:
+ ntdsguid_mod = "objectGUID: %s\n"%ntdsguid
+ else:
+ ntdsguid_mod = ""
setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
@@ -892,6 +896,7 @@ def setup_self_join(samdb, names,
"DOMAIN": names.domain,
"DNSDOMAIN": names.dnsdomain,
"SAMBA_VERSION_STRING": version,
+ "NTDSGUID": ntdsguid_mod,
"DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)})
setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
@@ -925,7 +930,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
names, message,
domainsid, domainguid, policyguid, policyguid_dc,
fill, adminpass, krbtgtpass,
- machinepass, invocationid, dnspass,
+ machinepass, invocationid, dnspass,ntdsguid,
serverrole, schema=None, ldap_backend=None):
"""Setup a complete SAM Database.
@@ -997,17 +1002,16 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
#impersonate domain admin
admin_session_info = admin_session(lp, str(domainsid))
samdb.set_session_info(admin_session_info)
-
+ if domainguid is not None:
+ domainguid_mod = "objectGUID: %s\n-" % domainguid
+ else:
+ domainguid_mod = ""
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
- "DOMAIN_OC": domain_oc
+ "DOMAIN_OC": domain_oc,
+ "DOMAINGUID": domainguid_mod
})
- message("Modifying DomainDN: " + names.domaindn + "")
- if domainguid is not None:
- domainguid_mod = "replace: objectGUID\nobjectGUID: %s\n-" % domainguid
- else:
- domainguid_mod = ""
setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
"CREATTIME": str(int(time.time()) * 1e7), # seconds -> ticks
@@ -1019,7 +1023,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
"SERVERDN": names.serverdn,
"POLICYGUID": policyguid,
"DOMAINDN": names.domaindn,
- "DOMAINGUID_MOD": domainguid_mod,
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"SAMBA_VERSION_STRING": version
})
@@ -1105,7 +1108,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
domainsid=domainsid, policyguid=policyguid,
policyguid_dc=policyguid_dc,
setup_path=setup_path,
- domainControllerFunctionality=domainControllerFunctionality)
+ domainControllerFunctionality=domainControllerFunctionality,ntdsguid=ntdsguid)
ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
names.ntdsguid = samdb.searchone(basedn=ntds_dn,
@@ -1134,7 +1137,7 @@ def provision(setup_dir, message, session_info,
domainsid=None, adminpass=None, ldapadminpass=None,
krbtgtpass=None, domainguid=None,
policyguid=None, policyguid_dc=None, invocationid=None,
- machinepass=None,
+ machinepass=None,ntdsguid=None,
dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None,
ldap_backend_extra_port=None, ldap_backend_type=None,
@@ -1288,7 +1291,7 @@ def provision(setup_dir, message, session_info,
fill=samdb_fill,
adminpass=adminpass, krbtgtpass=krbtgtpass,
invocationid=invocationid,
- machinepass=machinepass, dnspass=dnspass,
+ machinepass=machinepass, dnspass=dnspass,ntdsguid=ntdsguid,
serverrole=serverrole, ldap_backend=provision_backend)
if serverrole == "domain controller":
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index df34e4b..0d81df3 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -4,4 +4,4 @@
dn: ${DOMAINDN}
objectClass: top
objectClass: ${DOMAIN_OC}
-
+${DOMAINGUID}
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 39fd08e..7fc5c6b 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -110,4 +110,3 @@ wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
-
-${DOMAINGUID_MOD}
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 639bc96..0d28b51 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -67,6 +67,7 @@ msDS-hasMasterNCs: ${SCHEMADN}
msDS-hasMasterNCs: ${DOMAINDN}
options: 1
systemFlags: 33554432
+${NTDSGUID}
# Provides an account for DNS keytab export
dn: CN=dns,CN=Users,${DOMAINDN}
--
1.6.0.4
--------------090207080602070406020105--
More information about the samba-technical
mailing list