summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorMatthieu Patou <mat@matws.net>2009-09-23 01:49:22 +0400
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-10-02 12:45:01 +0200
commit8bf517d340b4abbbcbda39c35e449d3c896a3728 (patch)
treea1e48ead70a6b350703b84a16669ba2348ecba00 /source4
parent977a0aa273cf355408c51639bc1b30cab41f5642 (diff)
downloadsamba-8bf517d340b4abbbcbda39c35e449d3c896a3728.tar.gz
samba-8bf517d340b4abbbcbda39c35e449d3c896a3728.tar.bz2
samba-8bf517d340b4abbbcbda39c35e449d3c896a3728.zip
s4: Improve provisioning: use relax control
Give the possibility to specify controls when loading ldif files. Relax control is specified by default for all ldb_add_diff (request Andrew B). Set domainguid if specified at the creation of object instead of modifying afterward Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/__init__.py4
-rw-r--r--source4/scripting/python/samba/provision.py36
-rw-r--r--source4/setup/provision_basedn.ldif2
-rw-r--r--source4/setup/provision_basedn_modify.ldif1
-rw-r--r--source4/setup/provision_self_join.ldif1
5 files changed, 24 insertions, 20 deletions
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 82df4960cf..57cefdd137 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -234,14 +234,14 @@ class Ldb(ldb.Ldb):
"""
self.add_ldif(open(ldif_path, 'r').read())
- def add_ldif(self, ldif):
+ def add_ldif(self, ldif,controls=None):
"""Add data based on a LDIF string.
:param ldif: LDIF text.
"""
for changetype, msg in self.parse_ldif(ldif):
assert changetype == ldb.CHANGETYPE_NONE
- self.add(msg)
+ self.add(msg,controls)
def modify_ldif(self, ldif):
"""Modify database based on a LDIF string.
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 45a4062c02..c14870ecd0 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -288,17 +288,17 @@ def read_and_sub_file(file, subst_vars):
return data
-def setup_add_ldif(ldb, ldif_path, subst_vars=None):
+def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
"""Setup a ldb in the private dir.
:param ldb: LDB file to import data into
:param ldif_path: Path of the LDIF file to load
:param subst_vars: Optional variables to subsitute in LDIF.
+ :param nocontrols: Optional list of controls, can be None for no controls
"""
assert isinstance(ldif_path, str)
-
data = read_and_sub_file(ldif_path, subst_vars)
- ldb.add_ldif(data)
+ ldb.add_ldif(data,controls)
def setup_modify_ldif(ldb, ldif_path, subst_vars=None):
@@ -874,9 +874,13 @@ def setup_samdb_rootdse(samdb, setup_path, names):
def setup_self_join(samdb, names,
machinepass, dnspass,
domainsid, invocationid, setup_path,
- policyguid, policyguid_dc, domainControllerFunctionality):
+ policyguid, policyguid_dc, domainControllerFunctionality,ntdsguid):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
+ if ntdsguid is not None:
+ ntdsguid_mod = "objectGUID: %s\n"%ntdsguid
+ else:
+ ntdsguid_mod = ""
setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
@@ -892,6 +896,7 @@ def setup_self_join(samdb, names,
"DOMAIN": names.domain,
"DNSDOMAIN": names.dnsdomain,
"SAMBA_VERSION_STRING": version,
+ "NTDSGUID": ntdsguid_mod,
"DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)})
setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
@@ -925,7 +930,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
names, message,
domainsid, domainguid, policyguid, policyguid_dc,
fill, adminpass, krbtgtpass,
- machinepass, invocationid, dnspass,
+ machinepass, invocationid, dnspass, ntdsguid,
serverrole, dom_for_fun_level=None,
schema=None, ldap_backend=None):
"""Setup a complete SAM Database.
@@ -1008,17 +1013,16 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
#impersonate domain admin
admin_session_info = admin_session(lp, str(domainsid))
samdb.set_session_info(admin_session_info)
-
+ if domainguid is not None:
+ domainguid_mod = "objectGUID: %s\n-" % domainguid
+ else:
+ domainguid_mod = ""
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
- "DOMAIN_OC": domain_oc
+ "DOMAIN_OC": domain_oc,
+ "DOMAINGUID": domainguid_mod
})
- message("Modifying DomainDN: " + names.domaindn + "")
- if domainguid is not None:
- domainguid_mod = "replace: objectGUID\nobjectGUID: %s\n-" % domainguid
- else:
- domainguid_mod = ""
setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
"CREATTIME": str(int(time.time()) * 1e7), # seconds -> ticks
@@ -1030,7 +1034,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
"SERVERDN": names.serverdn,
"POLICYGUID": policyguid,
"DOMAINDN": names.domaindn,
- "DOMAINGUID_MOD": domainguid_mod,
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"SAMBA_VERSION_STRING": version
})
@@ -1116,7 +1119,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
domainsid=domainsid, policyguid=policyguid,
policyguid_dc=policyguid_dc,
setup_path=setup_path,
- domainControllerFunctionality=domainControllerFunctionality)
+ domainControllerFunctionality=domainControllerFunctionality,ntdsguid=ntdsguid)
ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
names.ntdsguid = samdb.searchone(basedn=ntds_dn,
@@ -1145,7 +1148,7 @@ def provision(setup_dir, message, session_info,
domainsid=None, adminpass=None, ldapadminpass=None,
krbtgtpass=None, domainguid=None,
policyguid=None, policyguid_dc=None, invocationid=None,
- machinepass=None,
+ machinepass=None,ntdsguid=None,
dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None,
dom_for_fun_level=None,
@@ -1299,7 +1302,8 @@ def provision(setup_dir, message, session_info,
fill=samdb_fill,
adminpass=adminpass, krbtgtpass=krbtgtpass,
invocationid=invocationid,
- machinepass=machinepass, dnspass=dnspass,
+ machinepass=machinepass, dnspass=dnspass,
+ ntdsguid=ntdsguid,
serverrole=serverrole,
dom_for_fun_level=dom_for_fun_level,
ldap_backend=provision_backend)
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index df34e4bbf0..0d81df3453 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -4,4 +4,4 @@
dn: ${DOMAINDN}
objectClass: top
objectClass: ${DOMAIN_OC}
-
+${DOMAINGUID}
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 39fd08e0d8..7fc5c6bf86 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -110,4 +110,3 @@ wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
-
-${DOMAINGUID_MOD}
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 639bc96040..0d28b51a43 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -67,6 +67,7 @@ msDS-hasMasterNCs: ${SCHEMADN}
msDS-hasMasterNCs: ${DOMAINDN}
options: 1
systemFlags: 33554432
+${NTDSGUID}
# Provides an account for DNS keytab export
dn: CN=dns,CN=Users,${DOMAINDN}