summaryrefslogtreecommitdiff
path: root/source4/scripting/python
diff options
context:
space:
mode:
authorOliver Liebel <oliver@itc.li>2008-09-08 14:39:54 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-09-08 14:39:54 +1000
commitb76f383eefe961e8a2f42ac782031e3e09ff7192 (patch)
tree61660ccf360213e6e4609b308726b31cfb13c9f2 /source4/scripting/python
parenta33eaf564fed201994e799c0f724cd41a3848dc5 (diff)
downloadsamba-b76f383eefe961e8a2f42ac782031e3e09ff7192.tar.gz
samba-b76f383eefe961e8a2f42ac782031e3e09ff7192.tar.bz2
samba-b76f383eefe961e8a2f42ac782031e3e09ff7192.zip
Use DIGEST-MD5 authentication for OpenLDAP replication
This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
Diffstat (limited to 'source4/scripting/python')
-rw-r--r--source4/scripting/python/samba/provision.py12
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 9c2a208460..f37d09d5e0 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1266,6 +1266,7 @@ def provision_backend(setup_dir=None, message=None,
# generate serverids, ldap-urls and syncrepl-blocks for mmr hosts
mmr_on_config = ""
+ mmr_replicator_acl = ""
mmr_serverids_config = ""
mmr_syncrepl_schema_config = ""
mmr_syncrepl_config_config = ""
@@ -1278,6 +1279,7 @@ def provision_backend(setup_dir=None, message=None,
mmr_on_config = "MirrorMode On"
+ mmr_replicator_acl = " by dn=cn=replicator,cn=samba read"
serverid=0
for url in url_list:
serverid=serverid+1
@@ -1315,6 +1317,7 @@ def provision_backend(setup_dir=None, message=None,
"SCHEMADN": names.schemadn,
"MEMBEROF_CONFIG": memberof_config,
"MIRRORMODE": mmr_on_config,
+ "REPLICATOR_ACL": mmr_replicator_acl,
"MMR_SERVERIDS_CONFIG": mmr_serverids_config,
"MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config,
"MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config,
@@ -1340,6 +1343,15 @@ def provision_backend(setup_dir=None, message=None,
{"LDAPADMINPASS_B64": b64encode(adminpass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
+
+ if ol_mmr_urls is not None:
+ setup_file(setup_path("cn=replicator.ldif"),
+ os.path.join(paths.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"),
+ {"LDAPADMINPASS_B64": b64encode(adminpass),
+ "UUID": str(uuid.uuid4()),
+ "LDAPTIME": timestring(int(time.time()))} )
+
+
mapping = "schema-map-openldap-2.3"
backend_schema = "backend-schema.schema"