diff options
author | Oliver Liebel <oliver@itc.li> | 2008-09-08 14:39:54 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-09-08 14:39:54 +1000 |
commit | b76f383eefe961e8a2f42ac782031e3e09ff7192 (patch) | |
tree | 61660ccf360213e6e4609b308726b31cfb13c9f2 /source4/scripting/python | |
parent | a33eaf564fed201994e799c0f724cd41a3848dc5 (diff) | |
download | samba-b76f383eefe961e8a2f42ac782031e3e09ff7192.tar.gz samba-b76f383eefe961e8a2f42ac782031e3e09ff7192.tar.bz2 samba-b76f383eefe961e8a2f42ac782031e3e09ff7192.zip |
Use DIGEST-MD5 authentication for OpenLDAP replication
This avoids passing rootdn passwords or replicated data in cleartext
across the network.
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
Diffstat (limited to 'source4/scripting/python')
-rw-r--r-- | source4/scripting/python/samba/provision.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 9c2a208460..f37d09d5e0 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1266,6 +1266,7 @@ def provision_backend(setup_dir=None, message=None, # generate serverids, ldap-urls and syncrepl-blocks for mmr hosts mmr_on_config = "" + mmr_replicator_acl = "" mmr_serverids_config = "" mmr_syncrepl_schema_config = "" mmr_syncrepl_config_config = "" @@ -1278,6 +1279,7 @@ def provision_backend(setup_dir=None, message=None, mmr_on_config = "MirrorMode On" + mmr_replicator_acl = " by dn=cn=replicator,cn=samba read" serverid=0 for url in url_list: serverid=serverid+1 @@ -1315,6 +1317,7 @@ def provision_backend(setup_dir=None, message=None, "SCHEMADN": names.schemadn, "MEMBEROF_CONFIG": memberof_config, "MIRRORMODE": mmr_on_config, + "REPLICATOR_ACL": mmr_replicator_acl, "MMR_SERVERIDS_CONFIG": mmr_serverids_config, "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config, "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config, @@ -1340,6 +1343,15 @@ def provision_backend(setup_dir=None, message=None, {"LDAPADMINPASS_B64": b64encode(adminpass), "UUID": str(uuid.uuid4()), "LDAPTIME": timestring(int(time.time()))} ) + + if ol_mmr_urls is not None: + setup_file(setup_path("cn=replicator.ldif"), + os.path.join(paths.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"), + {"LDAPADMINPASS_B64": b64encode(adminpass), + "UUID": str(uuid.uuid4()), + "LDAPTIME": timestring(int(time.time()))} ) + + mapping = "schema-map-openldap-2.3" backend_schema = "backend-schema.schema" |