diff options
author | Matthieu Patou <mat@matws.net> | 2009-09-23 01:49:22 +0400 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-10-02 12:45:01 +0200 |
commit | 8bf517d340b4abbbcbda39c35e449d3c896a3728 (patch) | |
tree | a1e48ead70a6b350703b84a16669ba2348ecba00 /source4 | |
parent | 977a0aa273cf355408c51639bc1b30cab41f5642 (diff) | |
download | samba-8bf517d340b4abbbcbda39c35e449d3c896a3728.tar.gz samba-8bf517d340b4abbbcbda39c35e449d3c896a3728.tar.bz2 samba-8bf517d340b4abbbcbda39c35e449d3c896a3728.zip |
s4: Improve provisioning: use relax control
Give the possibility to specify controls when loading ldif files.
Relax control is specified by default for all ldb_add_diff (request Andrew B).
Set domainguid if specified at the creation of object instead of modifying afterward
Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
Diffstat (limited to 'source4')
-rw-r--r-- | source4/scripting/python/samba/__init__.py | 4 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 36 | ||||
-rw-r--r-- | source4/setup/provision_basedn.ldif | 2 | ||||
-rw-r--r-- | source4/setup/provision_basedn_modify.ldif | 1 | ||||
-rw-r--r-- | source4/setup/provision_self_join.ldif | 1 |
5 files changed, 24 insertions, 20 deletions
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 82df4960cf..57cefdd137 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -234,14 +234,14 @@ class Ldb(ldb.Ldb): """ self.add_ldif(open(ldif_path, 'r').read()) - def add_ldif(self, ldif): + def add_ldif(self, ldif,controls=None): """Add data based on a LDIF string. :param ldif: LDIF text. """ for changetype, msg in self.parse_ldif(ldif): assert changetype == ldb.CHANGETYPE_NONE - self.add(msg) + self.add(msg,controls) def modify_ldif(self, ldif): """Modify database based on a LDIF string. diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 45a4062c02..c14870ecd0 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -288,17 +288,17 @@ def read_and_sub_file(file, subst_vars): return data -def setup_add_ldif(ldb, ldif_path, subst_vars=None): +def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]): """Setup a ldb in the private dir. :param ldb: LDB file to import data into :param ldif_path: Path of the LDIF file to load :param subst_vars: Optional variables to subsitute in LDIF. + :param nocontrols: Optional list of controls, can be None for no controls """ assert isinstance(ldif_path, str) - data = read_and_sub_file(ldif_path, subst_vars) - ldb.add_ldif(data) + ldb.add_ldif(data,controls) def setup_modify_ldif(ldb, ldif_path, subst_vars=None): @@ -874,9 +874,13 @@ def setup_samdb_rootdse(samdb, setup_path, names): def setup_self_join(samdb, names, machinepass, dnspass, domainsid, invocationid, setup_path, - policyguid, policyguid_dc, domainControllerFunctionality): + policyguid, policyguid_dc, domainControllerFunctionality,ntdsguid): """Join a host to its own domain.""" assert isinstance(invocationid, str) + if ntdsguid is not None: + ntdsguid_mod = "objectGUID: %s\n"%ntdsguid + else: + ntdsguid_mod = "" setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, @@ -892,6 +896,7 @@ def setup_self_join(samdb, names, "DOMAIN": names.domain, "DNSDOMAIN": names.dnsdomain, "SAMBA_VERSION_STRING": version, + "NTDSGUID": ntdsguid_mod, "DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)}) setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { @@ -925,7 +930,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, names, message, domainsid, domainguid, policyguid, policyguid_dc, fill, adminpass, krbtgtpass, - machinepass, invocationid, dnspass, + machinepass, invocationid, dnspass, ntdsguid, serverrole, dom_for_fun_level=None, schema=None, ldap_backend=None): """Setup a complete SAM Database. @@ -1008,17 +1013,16 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, #impersonate domain admin admin_session_info = admin_session(lp, str(domainsid)) samdb.set_session_info(admin_session_info) - + if domainguid is not None: + domainguid_mod = "objectGUID: %s\n-" % domainguid + else: + domainguid_mod = "" setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), { "DOMAINDN": names.domaindn, - "DOMAIN_OC": domain_oc + "DOMAIN_OC": domain_oc, + "DOMAINGUID": domainguid_mod }) - message("Modifying DomainDN: " + names.domaindn + "") - if domainguid is not None: - domainguid_mod = "replace: objectGUID\nobjectGUID: %s\n-" % domainguid - else: - domainguid_mod = "" setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), { "CREATTIME": str(int(time.time()) * 1e7), # seconds -> ticks @@ -1030,7 +1034,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "SERVERDN": names.serverdn, "POLICYGUID": policyguid, "DOMAINDN": names.domaindn, - "DOMAINGUID_MOD": domainguid_mod, "DOMAIN_FUNCTIONALITY": str(domainFunctionality), "SAMBA_VERSION_STRING": version }) @@ -1116,7 +1119,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, domainsid=domainsid, policyguid=policyguid, policyguid_dc=policyguid_dc, setup_path=setup_path, - domainControllerFunctionality=domainControllerFunctionality) + domainControllerFunctionality=domainControllerFunctionality,ntdsguid=ntdsguid) ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) names.ntdsguid = samdb.searchone(basedn=ntds_dn, @@ -1145,7 +1148,7 @@ def provision(setup_dir, message, session_info, domainsid=None, adminpass=None, ldapadminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, invocationid=None, - machinepass=None, + machinepass=None,ntdsguid=None, dnspass=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, dom_for_fun_level=None, @@ -1299,7 +1302,8 @@ def provision(setup_dir, message, session_info, fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass, invocationid=invocationid, - machinepass=machinepass, dnspass=dnspass, + machinepass=machinepass, dnspass=dnspass, + ntdsguid=ntdsguid, serverrole=serverrole, dom_for_fun_level=dom_for_fun_level, ldap_backend=provision_backend) diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index df34e4bbf0..0d81df3453 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -4,4 +4,4 @@ dn: ${DOMAINDN} objectClass: top objectClass: ${DOMAIN_OC} - +${DOMAINGUID} diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 39fd08e0d8..7fc5c6bf86 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -110,4 +110,3 @@ wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${ wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN} wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN} - -${DOMAINGUID_MOD} diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 639bc96040..0d28b51a43 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -67,6 +67,7 @@ msDS-hasMasterNCs: ${SCHEMADN} msDS-hasMasterNCs: ${DOMAINDN} options: 1 systemFlags: 33554432 +${NTDSGUID} # Provides an account for DNS keytab export dn: CN=dns,CN=Users,${DOMAINDN} |