diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-08-11 22:11:29 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:15:30 -0500 |
commit | 6e4940cf791c1a8009216a92b398e49250e71a53 (patch) | |
tree | 2ea6ff718d5ef23151a0d87fbf67c7720483be8f | |
parent | d120eb8128f008576553dc9891935e17968cc98b (diff) | |
download | samba-6e4940cf791c1a8009216a92b398e49250e71a53.tar.gz samba-6e4940cf791c1a8009216a92b398e49250e71a53.tar.bz2 samba-6e4940cf791c1a8009216a92b398e49250e71a53.zip |
r17499: Open the main database only the minimum times during a provision.
This causes things to operate as just one transaction (locally), and
to make a minimum of TCP connections when connecting to a remote LDAP
server.
Taking advantage of this, create another file to handle loading the
Samba4 specific schema extensions. Also comment out 'middleName' and
reassign the OID to one in the Samba4 range, as it is 'stolen' from a
netscape range that is used in OpenLDAP and interenet standards for
'ref'.
Andrew Bartlett
(This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35)
-rw-r--r-- | source4/scripting/libjs/provision.js | 146 | ||||
-rw-r--r-- | source4/setup/schema.ldif | 26 | ||||
-rw-r--r-- | source4/setup/schema_samba4.ldif | 149 |
3 files changed, 224 insertions, 97 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 232d15d66f..8830c273f5 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -189,24 +189,12 @@ function ldb_erase(ldb) /* erase an ldb, removing all records */ -function ldb_erase_partitions(info, dbname) +function ldb_erase_partitions(info, ldb) { var rootDSE_attrs = new Array("namingContexts"); - var ldb = ldb_init(); var lp = loadparm_init(); var j; - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; - - - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs); assert(typeof(res) != "undefined"); assert(res.length == 1); @@ -237,45 +225,13 @@ function ldb_erase_partitions(info, dbname) } } } - - var commit_ok = ldb.transaction_commit(); - if (!commit_ok) { - info.message("ldb commit failed: " + ldb.errstring() + "\n"); - assert(add_ok); - } } -/* - setup a ldb in the private dir - */ -function setup_ldb(ldif, info, dbname) +function open_ldb(info, dbname, erase) { - var erase = true; - var extra = ""; - var failok = false; var ldb = ldb_init(); - var lp = loadparm_init(); ldb.session_info = info.session_info; ldb.credentials = info.credentials; - - if (arguments.length >= 4) { - extra = arguments[3]; - } - - if (arguments.length >= 5) { - erase = arguments[4]; - } - - if (arguments.length == 6) { - failok = arguments[5]; - } - - var src = lp.get("setup directory") + "/" + ldif; - - var data = sys.file_load(src); - data = data + extra; - data = substitute_var(data, info.subobj); - ldb.filename = dbname; var connect_ok = ldb.connect(dbname); @@ -290,6 +246,20 @@ function setup_ldb(ldif, info, dbname) if (erase) { ldb_erase(ldb); } + return ldb; +} + + +/* + setup a ldb in the private dir + */ +function setup_add_ldif(ldif, info, ldb, failok) +{ + var lp = loadparm_init(); + var src = lp.get("setup directory") + "/" + ldif; + + var data = sys.file_load(src); + data = substitute_var(data, info.subobj); var add_ok = ldb.add(data); if (!add_ok) { @@ -298,7 +268,22 @@ function setup_ldb(ldif, info, dbname) assert(add_ok); } } - if (add_ok) { + return add_ok; +} + +function setup_ldb(ldif, info, dbname) +{ + var erase = true; + var failok = false; + + if (arguments.length >= 4) { + erase = arguments[3]; + } + if (arguments.length == 5) { + failok = arguments[4]; + } + var ldb = open_ldb(info, dbname, erase); + if (setup_add_ldif(ldif, info, ldb, erase, failok)) { var commit_ok = ldb.transaction_commit(); if (!commit_ok) { info.message("ldb commit failed: " + ldb.errstring() + "\n"); @@ -310,35 +295,20 @@ function setup_ldb(ldif, info, dbname) /* setup a ldb in the private dir */ -function setup_ldb_modify(ldif, info, dbname) +function setup_ldb_modify(ldif, info, ldb) { - var ldb = ldb_init(); var lp = loadparm_init(); - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; var src = lp.get("setup directory") + "/" + ldif; var data = sys.file_load(src); data = substitute_var(data, info.subobj); - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var mod_ok = ldb.modify(data); if (!mod_ok) { info.message("ldb load failed: " + ldb.errstring() + "\n"); assert(mod_ok); } - var commit_ok = ldb.transaction_commit(); - if (!commit_ok) { - info.message("ldb commit failed: " + ldb.errstring() + "\n"); - assert(commit_ok); - } } /* @@ -386,16 +356,9 @@ function provision_default_paths(subobj) /* setup reasonable name mappings for sam names to unix names */ -function setup_name_mappings(info, subobj, session_info, credentials) +function setup_name_mappings(info, subobj, ldb) { var lp = loadparm_init(); - var ldb = ldb_init(); - ldb.session_info = session_info; - ldb.credentials = credentials; - var ok = ldb.connect(lp.get("sam database")); - if (!ok) { - return false; - } var attrs = new Array("objectSid"); res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs); assert(res.length == 1 && res[0].objectSid != undefined); @@ -436,7 +399,6 @@ function setup_name_mappings(info, subobj, session_info, credentials) */ function provision(subobj, message, blank, paths, session_info, credentials) { - var data = ""; var lp = loadparm_init(); var sys = sys_init(); var info = new Object(); @@ -480,38 +442,54 @@ function provision(subobj, message, blank, paths, session_info, credentials) setup_ldb("hklm.ldif", info, paths.hklm); message("Setting up sam.ldb partitions\n"); + /* Also wipes the database */ setup_ldb("provision_partitions.ldif", info, paths.samdb); + var samdb = open_ldb(info, paths.samdb, false); + message("Setting up sam.ldb attributes\n"); - setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("provision_init.ldif", info, samdb, false); message("Erasing data from partitions\n"); - ldb_erase_partitions(info, paths.samdb); + ldb_erase_partitions(info, samdb); - message("Adding baseDN: " + subobj.BASEDN + "\n"); - setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true); + message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n"); + setup_add_ldif("provision_basedn.ldif", info, samdb, true); message("Modifying baseDN: " + subobj.BASEDN + "\n"); - setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb) + setup_ldb_modify("provision_basedn_modify.ldif", info, samdb); - message("Setting up sam.ldb schema\n"); - setup_ldb("schema.ldif", info, paths.samdb, NULL, false); + message("Setting up sam.ldb Samba4 schema\n"); + setup_add_ldif("schema_samba4.ldif", info, samdb, false); + message("Setting up sam.ldb AD schema\n"); + setup_add_ldif("schema.ldif", info, samdb, false); message("Setting up display specifiers\n"); - setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("display_specifiers.ldif", info, samdb, false); message("Setting up sam.ldb templates\n"); - setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("provision_templates.ldif", info, samdb, false); message("Setting up sam.ldb data\n"); - setup_ldb("provision.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("provision.ldif", info, samdb, false); if (blank != false) { + var commit_ok = samdb.transaction_commit(); + if (!commit_ok) { + info.message("ldb commit failed: " + samdb.errstring() + "\n"); + assert(commit_ok); + } return true; } message("Setting up sam.ldb users and groups\n"); - setup_ldb("provision_users.ldif", info, paths.samdb, data, false); + setup_add_ldif("provision_users.ldif", info, samdb, false); - if (setup_name_mappings(info, subobj, session_info, credentials) == false) { + if (setup_name_mappings(info, subobj, samdb) == false) { return false; } + var commit_ok = samdb.transaction_commit(); + if (!commit_ok) { + info.message("samdb commit failed: " + samdb.errstring() + "\n"); + assert(commit_ok); + } + return true; } diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index e7d7fcec2d..ca21ee923d 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -548,19 +548,19 @@ adminDisplayName: houseIdentifier attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 -dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} -cn: middleName -name: middleName -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: middleName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Other-Name -attributeID: 2.16.840.1.113730.3.1.34 -attributeSyntax: 2.5.5.12 +#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +#cn: middleName +#name: middleName +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: middleName +#isSingleValued: TRUE +#systemFlags: 16 +#systemOnly: FALSE +#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +#adminDisplayName: Other-Name +#attributeID: 2.16.840.1.113730.3.1.34 +#attributeSyntax: 2.5.5.12 dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN} cn: replTopologyStayOfExecution diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif new file mode 100644 index 0000000000..94b79bd31f --- /dev/null +++ b/source4/setup/schema_samba4.ldif @@ -0,0 +1,149 @@ +# +# Schema elements which do not exist in AD, but which we use in Samba4 +# +## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema +## 1.3.6.1.4.1.7165.4.1.x - attributetypes +## 1.3.6.1.4.1.7165.4.2.x - objectclasses +# +# + + +dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: ntpwdHash +name: NTPWDHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ntpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592 +adminDisplayName: NT-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.1 +attributeSyntax: 2.5.5.10 + +dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: lmpwdHash +name: lmpwdHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lmpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253 +adminDisplayName: LM-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.2 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaNtPwdHistory +name: sambaNtPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaNtPwdHistory +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B +adminDisplayName: SAMBA-NT-PWD-History +attributeID: 1.3.6.1.4.1.7165.4.1.3 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaLmPwdHistory +name: sambaLmPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaLmPwdHistory +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: SAMBA-LM-PWDHistory +attributeID: 1.3.6.1.4.1.7165.4.1.4 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaPassword +name: sambaPassword +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaPassword +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.5 +attributeSyntax: 2.5.5.5 + +dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: dnsDomain +name: dnsDomain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dnsDomain +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.6 +attributeSyntax: 2.5.5.4 + +dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN} +cn: privilege +name: privilege +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: privilege +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 +adminDisplayName: Privilege +attributeID: 1.3.6.1.4.1.7165.4.1.7 +attributeSyntax: 2.5.5.4 + +dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +cn: middleName +name: middleName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: middleName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Other-Name +attributeID: 1.3.6.1.4.1.7165.4.1.8 +attributeSyntax: 2.5.5.12 + +dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} +cn: unixName +name: unixName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: unixName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Unix-Name +attributeID: 1.3.6.1.4.1.7165.4.1.9 +attributeSyntax: 2.5.5.4 + +dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN} +cn: krb5Key +name: krb5Key +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: krb5Key +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: krb5-Key +attributeID: 1.3.6.1.4.1.5322.10.1.10 +attributeSyntax: 2.5.5.10 |