summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-09-08 15:09:06 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-09-08 15:09:06 +1000
commitef9169bfa6fcaa682ff5baf729301dd63f6bb029 (patch)
tree05a620f866e5e9b7a6dd901c6fc15180780f301c
parentb76f383eefe961e8a2f42ac782031e3e09ff7192 (diff)
downloadsamba-ef9169bfa6fcaa682ff5baf729301dd63f6bb029.tar.gz
samba-ef9169bfa6fcaa682ff5baf729301dd63f6bb029.tar.bz2
samba-ef9169bfa6fcaa682ff5baf729301dd63f6bb029.zip
Make it clear that the MMR password can differ from the admin passsword
In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
-rw-r--r--source4/scripting/python/samba/provision.py14
-rw-r--r--source4/setup/cn=replicator.ldif2
2 files changed, 9 insertions, 7 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index f37d09d5e0..68f61532ad 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1273,7 +1273,10 @@ def provision_backend(setup_dir=None, message=None,
mmr_syncrepl_user_config = ""
if ol_mmr_urls is not None:
- url_list=filter(None,ol_mmr_urls.split(' '))
+ # For now, make these equal
+ mmr_pass = adminpass
+
+ url_list=filter(None,ol_mmr_urls.split(' '))
if (len(url_list) == 1):
url_list=filter(None,ol_mmr_urls.split(','))
@@ -1292,21 +1295,21 @@ def provision_backend(setup_dir=None, message=None,
{ "RID" : str(rid),
"MMRDN": names.schemadn,
"LDAPSERVER" : url,
- "MMR_PASSWORD": adminpass})
+ "MMR_PASSWORD": mmr_pass})
rid=rid+1
mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
{ "RID" : str(rid),
"MMRDN": names.configdn,
"LDAPSERVER" : url,
- "MMR_PASSWORD": adminpass})
+ "MMR_PASSWORD": mmr_pass})
rid=rid+1
mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
{ "RID" : str(rid),
"MMRDN": names.domaindn,
"LDAPSERVER" : url,
- "MMR_PASSWORD": adminpass })
+ "MMR_PASSWORD": mmr_pass })
setup_file(setup_path("slapd.conf"), paths.slapdconf,
@@ -1322,7 +1325,6 @@ def provision_backend(setup_dir=None, message=None,
"MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config,
"MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config,
"MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config,
- "MMR_PASSWORD": adminpass,
"REFINT_CONFIG": refint_config})
setup_file(setup_path("modules.conf"), paths.modulesconf,
{"REALM": names.realm})
@@ -1347,7 +1349,7 @@ def provision_backend(setup_dir=None, message=None,
if ol_mmr_urls is not None:
setup_file(setup_path("cn=replicator.ldif"),
os.path.join(paths.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"),
- {"LDAPADMINPASS_B64": b64encode(adminpass),
+ {"MMR_PASSWORD_B64": b64encode(mmr_pass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
diff --git a/source4/setup/cn=replicator.ldif b/source4/setup/cn=replicator.ldif
index e7c5a2408c..6001456b4d 100644
--- a/source4/setup/cn=replicator.ldif
+++ b/source4/setup/cn=replicator.ldif
@@ -2,7 +2,7 @@ dn: cn=replicator
objectClass: top
objectClass: person
cn: replicator
-userPassword:: ${LDAPADMINPASS_B64}
+userPassword:: ${MMR_PASSWORD_B64}
structuralObjectClass: person
entryUUID: ${UUID}
creatorsName: