diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-09-08 15:09:06 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-09-08 15:09:06 +1000 |
commit | ef9169bfa6fcaa682ff5baf729301dd63f6bb029 (patch) | |
tree | 05a620f866e5e9b7a6dd901c6fc15180780f301c | |
parent | b76f383eefe961e8a2f42ac782031e3e09ff7192 (diff) | |
download | samba-ef9169bfa6fcaa682ff5baf729301dd63f6bb029.tar.gz samba-ef9169bfa6fcaa682ff5baf729301dd63f6bb029.tar.bz2 samba-ef9169bfa6fcaa682ff5baf729301dd63f6bb029.zip |
Make it clear that the MMR password can differ from the admin passsword
In the future, we might simply randomly generate this, or allow the
admin to specify it seperate to the admin password. However, both are
highly sensitive, as they imply read access to the krbtgt.
Andrew Bartlett
(This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
-rw-r--r-- | source4/scripting/python/samba/provision.py | 14 | ||||
-rw-r--r-- | source4/setup/cn=replicator.ldif | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index f37d09d5e0..68f61532ad 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1273,7 +1273,10 @@ def provision_backend(setup_dir=None, message=None, mmr_syncrepl_user_config = "" if ol_mmr_urls is not None: - url_list=filter(None,ol_mmr_urls.split(' ')) + # For now, make these equal + mmr_pass = adminpass + + url_list=filter(None,ol_mmr_urls.split(' ')) if (len(url_list) == 1): url_list=filter(None,ol_mmr_urls.split(',')) @@ -1292,21 +1295,21 @@ def provision_backend(setup_dir=None, message=None, { "RID" : str(rid), "MMRDN": names.schemadn, "LDAPSERVER" : url, - "MMR_PASSWORD": adminpass}) + "MMR_PASSWORD": mmr_pass}) rid=rid+1 mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), { "RID" : str(rid), "MMRDN": names.configdn, "LDAPSERVER" : url, - "MMR_PASSWORD": adminpass}) + "MMR_PASSWORD": mmr_pass}) rid=rid+1 mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), { "RID" : str(rid), "MMRDN": names.domaindn, "LDAPSERVER" : url, - "MMR_PASSWORD": adminpass }) + "MMR_PASSWORD": mmr_pass }) setup_file(setup_path("slapd.conf"), paths.slapdconf, @@ -1322,7 +1325,6 @@ def provision_backend(setup_dir=None, message=None, "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config, "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config, "MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config, - "MMR_PASSWORD": adminpass, "REFINT_CONFIG": refint_config}) setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) @@ -1347,7 +1349,7 @@ def provision_backend(setup_dir=None, message=None, if ol_mmr_urls is not None: setup_file(setup_path("cn=replicator.ldif"), os.path.join(paths.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"), - {"LDAPADMINPASS_B64": b64encode(adminpass), + {"MMR_PASSWORD_B64": b64encode(mmr_pass), "UUID": str(uuid.uuid4()), "LDAPTIME": timestring(int(time.time()))} ) diff --git a/source4/setup/cn=replicator.ldif b/source4/setup/cn=replicator.ldif index e7c5a2408c..6001456b4d 100644 --- a/source4/setup/cn=replicator.ldif +++ b/source4/setup/cn=replicator.ldif @@ -2,7 +2,7 @@ dn: cn=replicator objectClass: top objectClass: person cn: replicator -userPassword:: ${LDAPADMINPASS_B64} +userPassword:: ${MMR_PASSWORD_B64} structuralObjectClass: person entryUUID: ${UUID} creatorsName: |