summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/scripting/python/samba/provision.py76
-rw-r--r--source4/scripting/python/samba/provisionbackend.py38
-rwxr-xr-xsource4/setup/provision12
3 files changed, 72 insertions, 54 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index fe27d882b2..80c9bfdf48 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -644,7 +644,7 @@ def setup_samdb_partitions(samdb_path, setup_path, logger, lp, session_info,
ldap_backend_line = "# No LDAP backend"
if provision_backend.type is not "ldb":
- ldap_backend_line = "ldapBackend: %s" % provision_backend.ldapi_uri
+ ldap_backend_line = "ldapBackend: %s" % provision_backend.ldap_uri
samdb.transaction_start()
try:
@@ -1338,7 +1338,7 @@ def provision(setup_dir, logger, session_info,
dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None,
dom_for_fun_level=None,
- ldap_backend_extra_port=None, backend_type=None,
+ ldap_backend_extra_port=None, ldap_backend_forced_uri=None, backend_type=None,
sitename=None,
ol_mmr_urls=None, ol_olc=None,
setup_ds_path=None, slapd_path=None, nosync=False,
@@ -1469,47 +1469,49 @@ def provision(setup_dir, logger, session_info,
if backend_type == "ldb":
provision_backend = LDBBackend(backend_type,
- paths=paths, setup_path=setup_path,
- lp=lp, credentials=credentials,
- names=names,
- logger=logger)
+ paths=paths, setup_path=setup_path,
+ lp=lp, credentials=credentials,
+ names=names,
+ logger=logger)
elif backend_type == "existing":
provision_backend = ExistingBackend(backend_type,
- paths=paths, setup_path=setup_path,
- lp=lp, credentials=credentials,
- names=names,
- logger=logger,
- ldapi_url=ldapi_url)
+ paths=paths, setup_path=setup_path,
+ lp=lp, credentials=credentials,
+ names=names,
+ logger=logger,
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type,
- paths=paths, setup_path=setup_path,
- lp=lp, credentials=credentials,
- names=names,
- logger=logger,
- domainsid=domainsid,
- schema=schema,
- hostname=hostname,
- ldapadminpass=ldapadminpass,
- slapd_path=slapd_path,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_dryrun_mode=ldap_dryrun_mode,
- root=root,
- setup_ds_path=setup_ds_path)
+ paths=paths, setup_path=setup_path,
+ lp=lp, credentials=credentials,
+ names=names,
+ logger=logger,
+ domainsid=domainsid,
+ schema=schema,
+ hostname=hostname,
+ ldapadminpass=ldapadminpass,
+ slapd_path=slapd_path,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_dryrun_mode=ldap_dryrun_mode,
+ root=root,
+ setup_ds_path=setup_ds_path,
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "openldap":
provision_backend = OpenLDAPBackend(backend_type,
- paths=paths, setup_path=setup_path,
- lp=lp, credentials=credentials,
- names=names,
- logger=logger,
- domainsid=domainsid,
- schema=schema,
- hostname=hostname,
- ldapadminpass=ldapadminpass,
- slapd_path=slapd_path,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_dryrun_mode=ldap_dryrun_mode,
- ol_mmr_urls=ol_mmr_urls,
- nosync=nosync)
+ paths=paths, setup_path=setup_path,
+ lp=lp, credentials=credentials,
+ names=names,
+ logger=logger,
+ domainsid=domainsid,
+ schema=schema,
+ hostname=hostname,
+ ldapadminpass=ldapadminpass,
+ slapd_path=slapd_path,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_dryrun_mode=ldap_dryrun_mode,
+ ol_mmr_urls=ol_mmr_urls,
+ nosync=nosync,
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
else:
raise ValueError("Unknown LDAP backend type selected")
diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py
index 0848d9c364..25563517c6 100644
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -112,9 +112,8 @@ class ExistingBackend(ProvisionBackend):
super(ExistingBackend, self).__init__(backend_type=backend_type,
paths=paths, setup_path=setup_path, lp=lp,
- credentials=credentials, names=names, logger=logger)
-
- self.ldapi_uri = ldapi_uri
+ credentials=credentials, names=names, logger=logger,
+ ldap_backend_forced_uri=ldap_backend_forced_uri)
def init(self):
# Check to see that this 'existing' LDAP backend in fact exists
@@ -134,9 +133,10 @@ class ExistingBackend(ProvisionBackend):
class LDAPBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, setup_path=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
- schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
- ldap_backend_extra_port=None, ldap_dryrun_mode=False):
+ credentials=None, names=None, logger=None, domainsid=None,
+ schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
+ ldap_backend_extra_port=None,
+ ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
paths=paths, setup_path=setup_path, lp=lp,
@@ -157,7 +157,10 @@ class LDAPBackend(ProvisionBackend):
self.ldap_backend_extra_port = ldap_backend_extra_port
self.ldap_dryrun_mode = ldap_dryrun_mode
- self.ldapi_uri = "ldapi://%s" % urllib.quote(os.path.join(self.ldapdir, "ldapi"), safe="")
+ if ldap_backend_forced_uri is not None:
+ self.ldap_uri = ldap_backend_forced_uri
+ else:
+ self.ldap_uri = "ldapi://%s" % urllib.quote(os.path.join(self.ldapdir, "ldapi"), safe="")
if not os.path.exists(self.ldapdir):
os.mkdir(self.ldapdir)
@@ -165,10 +168,10 @@ class LDAPBackend(ProvisionBackend):
def init(self):
from samba.provision import ProvisioningError
# we will shortly start slapd with ldapi for final provisioning. first
- # check with ldapsearch -> rootDSE via self.ldapi_uri if another
+ # check with ldapsearch -> rootDSE via self.ldap_uri if another
# instance of slapd is already running
try:
- ldapi_db = Ldb(self.ldapi_uri)
+ ldapi_db = Ldb(self.ldap_uri)
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
try:
@@ -180,7 +183,7 @@ class LDAPBackend(ProvisionBackend):
p = f.read()
f.close()
self.logger.info("Check for slapd Process with PID: " + str(p) + " and terminate it manually.")
- raise SlapdAlreadyRunning(self.ldapi_uri)
+ raise SlapdAlreadyRunning(self.ldap_uri)
except LdbError:
# XXX: We should never be catching all Ldb errors
pass
@@ -243,7 +246,7 @@ class LDAPBackend(ProvisionBackend):
while self.slapd.poll() is None:
# Wait until the socket appears
try:
- ldapi_db = Ldb(self.ldapi_uri, lp=self.lp, credentials=self.credentials)
+ ldapi_db = Ldb(self.ldap_uri, lp=self.lp, credentials=self.credentials)
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
# If we have got here, then we must have a valid connection to the LDAP server!
@@ -282,13 +285,14 @@ class OpenLDAPBackend(LDAPBackend):
credentials=None, names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
ldap_backend_extra_port=None, ldap_dryrun_mode=False,
- ol_mmr_urls=None, nosync=False):
+ ol_mmr_urls=None, nosync=False, ldap_backend_forced_uri=None):
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
paths=paths, setup_path=setup_path, lp=lp,
credentials=credentials, names=names, logger=logger,
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_backend_forced_uri=ldap_backend_forced_uri,
ldap_dryrun_mode=ldap_dryrun_mode)
self.ol_mmr_urls = ol_mmr_urls
@@ -496,7 +500,6 @@ class OpenLDAPBackend(LDAPBackend):
f.close()
# now we generate the needed strings to start slapd automatically,
- # first ldapi_uri...
if self.ldap_backend_extra_port is not None:
# When we use MMR, we can't use 0.0.0.0 as it uses the name
# specified there as part of it's clue as to it's own name,
@@ -515,12 +518,12 @@ class OpenLDAPBackend(LDAPBackend):
"-h"]
# copy this command so we have two version, one with -d0 and only
- # ldapi, and one with all the listen commands
+ # ldapi (or the forced ldap_uri), and one with all the listen commands
self.slapd_command = list(self.slapd_provision_command)
- self.slapd_provision_command.extend([self.ldapi_uri, "-d0"])
+ self.slapd_provision_command.extend([self.ldap_uri, "-d0"])
- uris = self.ldapi_uri
+ uris = self.ldap_uri
if server_port_string is not "":
uris = uris + " " + server_port_string
@@ -569,6 +572,7 @@ class FDSBackend(LDAPBackend):
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
+ ldap_backend_forced_uri=ldap_backend_forced_uri,
ldap_dryrun_mode=ldap_dryrun_mode)
self.root = root
@@ -737,7 +741,7 @@ class FDSBackend(LDAPBackend):
raise ProvisioningError("ldif2db failed")
def post_setup(self):
- ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
+ ldapi_db = Ldb(self.ldap_uri, credentials=self.credentials)
# configure in-directory access control on Fedora DS via the aci
# attribute (over a direct ldapi:// socket)
diff --git a/source4/setup/provision b/source4/setup/provision
index 21d94cba27..c809c4afc3 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -93,6 +93,8 @@ parser.add_option("--blank", action="store_true",
help="do not add users or groups, just the structure")
parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT",
help="Additional TCP port for LDAP backend server (to use for replication)")
+parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
+ help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
help="LDAP backend type (fedora-ds or openldap)",
choices=["fedora-ds", "openldap"])
@@ -230,6 +232,15 @@ elif opts.use_xattrs == "auto":
file.close()
+if opts.ldap_backend_type == "existing":
+ if opts.ldap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
+ else:
+ logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
+else:
+ if opts.ldap_backend_forced_uri is not None:
+ logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
+
session = system_session()
try:
provision(setup_dir, logger,
@@ -245,6 +256,7 @@ try:
wheel=opts.wheel, users=opts.users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
ldap_backend_extra_port=opts.ldap_backend_extra_port,
+ ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
backend_type=opts.ldap_backend_type,
ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
generated by cgit (git 2.34.1) at 2024-11-27 23:40:37 +0000