summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/libjs/provision.js146
-rw-r--r--source4/setup/schema.ldif26
-rw-r--r--source4/setup/schema_samba4.ldif149
3 files changed, 224 insertions, 97 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 232d15d66f..8830c273f5 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -189,24 +189,12 @@ function ldb_erase(ldb)
/*
erase an ldb, removing all records
*/
-function ldb_erase_partitions(info, dbname)
+function ldb_erase_partitions(info, ldb)
{
var rootDSE_attrs = new Array("namingContexts");
- var ldb = ldb_init();
var lp = loadparm_init();
var j;
- ldb.session_info = info.session_info;
- ldb.credentials = info.credentials;
-
-
- ldb.filename = dbname;
-
- var connect_ok = ldb.connect(dbname);
- assert(connect_ok);
-
- ldb.transaction_start();
-
var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
assert(typeof(res) != "undefined");
assert(res.length == 1);
@@ -237,45 +225,13 @@ function ldb_erase_partitions(info, dbname)
}
}
}
-
- var commit_ok = ldb.transaction_commit();
- if (!commit_ok) {
- info.message("ldb commit failed: " + ldb.errstring() + "\n");
- assert(add_ok);
- }
}
-/*
- setup a ldb in the private dir
- */
-function setup_ldb(ldif, info, dbname)
+function open_ldb(info, dbname, erase)
{
- var erase = true;
- var extra = "";
- var failok = false;
var ldb = ldb_init();
- var lp = loadparm_init();
ldb.session_info = info.session_info;
ldb.credentials = info.credentials;
-
- if (arguments.length >= 4) {
- extra = arguments[3];
- }
-
- if (arguments.length >= 5) {
- erase = arguments[4];
- }
-
- if (arguments.length == 6) {
- failok = arguments[5];
- }
-
- var src = lp.get("setup directory") + "/" + ldif;
-
- var data = sys.file_load(src);
- data = data + extra;
- data = substitute_var(data, info.subobj);
-
ldb.filename = dbname;
var connect_ok = ldb.connect(dbname);
@@ -290,6 +246,20 @@ function setup_ldb(ldif, info, dbname)
if (erase) {
ldb_erase(ldb);
}
+ return ldb;
+}
+
+
+/*
+ setup a ldb in the private dir
+ */
+function setup_add_ldif(ldif, info, ldb, failok)
+{
+ var lp = loadparm_init();
+ var src = lp.get("setup directory") + "/" + ldif;
+
+ var data = sys.file_load(src);
+ data = substitute_var(data, info.subobj);
var add_ok = ldb.add(data);
if (!add_ok) {
@@ -298,7 +268,22 @@ function setup_ldb(ldif, info, dbname)
assert(add_ok);
}
}
- if (add_ok) {
+ return add_ok;
+}
+
+function setup_ldb(ldif, info, dbname)
+{
+ var erase = true;
+ var failok = false;
+
+ if (arguments.length >= 4) {
+ erase = arguments[3];
+ }
+ if (arguments.length == 5) {
+ failok = arguments[4];
+ }
+ var ldb = open_ldb(info, dbname, erase);
+ if (setup_add_ldif(ldif, info, ldb, erase, failok)) {
var commit_ok = ldb.transaction_commit();
if (!commit_ok) {
info.message("ldb commit failed: " + ldb.errstring() + "\n");
@@ -310,35 +295,20 @@ function setup_ldb(ldif, info, dbname)
/*
setup a ldb in the private dir
*/
-function setup_ldb_modify(ldif, info, dbname)
+function setup_ldb_modify(ldif, info, ldb)
{
- var ldb = ldb_init();
var lp = loadparm_init();
- ldb.session_info = info.session_info;
- ldb.credentials = info.credentials;
var src = lp.get("setup directory") + "/" + ldif;
var data = sys.file_load(src);
data = substitute_var(data, info.subobj);
- ldb.filename = dbname;
-
- var connect_ok = ldb.connect(dbname);
- assert(connect_ok);
-
- ldb.transaction_start();
-
var mod_ok = ldb.modify(data);
if (!mod_ok) {
info.message("ldb load failed: " + ldb.errstring() + "\n");
assert(mod_ok);
}
- var commit_ok = ldb.transaction_commit();
- if (!commit_ok) {
- info.message("ldb commit failed: " + ldb.errstring() + "\n");
- assert(commit_ok);
- }
}
/*
@@ -386,16 +356,9 @@ function provision_default_paths(subobj)
/*
setup reasonable name mappings for sam names to unix names
*/
-function setup_name_mappings(info, subobj, session_info, credentials)
+function setup_name_mappings(info, subobj, ldb)
{
var lp = loadparm_init();
- var ldb = ldb_init();
- ldb.session_info = session_info;
- ldb.credentials = credentials;
- var ok = ldb.connect(lp.get("sam database"));
- if (!ok) {
- return false;
- }
var attrs = new Array("objectSid");
res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
assert(res.length == 1 && res[0].objectSid != undefined);
@@ -436,7 +399,6 @@ function setup_name_mappings(info, subobj, session_info, credentials)
*/
function provision(subobj, message, blank, paths, session_info, credentials)
{
- var data = "";
var lp = loadparm_init();
var sys = sys_init();
var info = new Object();
@@ -480,38 +442,54 @@ function provision(subobj, message, blank, paths, session_info, credentials)
setup_ldb("hklm.ldif", info, paths.hklm);
message("Setting up sam.ldb partitions\n");
+ /* Also wipes the database */
setup_ldb("provision_partitions.ldif", info, paths.samdb);
+ var samdb = open_ldb(info, paths.samdb, false);
+
message("Setting up sam.ldb attributes\n");
- setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false);
+ setup_add_ldif("provision_init.ldif", info, samdb, false);
message("Erasing data from partitions\n");
- ldb_erase_partitions(info, paths.samdb);
+ ldb_erase_partitions(info, samdb);
- message("Adding baseDN: " + subobj.BASEDN + "\n");
- setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true);
+ message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
+ setup_add_ldif("provision_basedn.ldif", info, samdb, true);
message("Modifying baseDN: " + subobj.BASEDN + "\n");
- setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb)
+ setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
- message("Setting up sam.ldb schema\n");
- setup_ldb("schema.ldif", info, paths.samdb, NULL, false);
+ message("Setting up sam.ldb Samba4 schema\n");
+ setup_add_ldif("schema_samba4.ldif", info, samdb, false);
+ message("Setting up sam.ldb AD schema\n");
+ setup_add_ldif("schema.ldif", info, samdb, false);
message("Setting up display specifiers\n");
- setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false);
+ setup_add_ldif("display_specifiers.ldif", info, samdb, false);
message("Setting up sam.ldb templates\n");
- setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
+ setup_add_ldif("provision_templates.ldif", info, samdb, false);
message("Setting up sam.ldb data\n");
- setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
+ setup_add_ldif("provision.ldif", info, samdb, false);
if (blank != false) {
+ var commit_ok = samdb.transaction_commit();
+ if (!commit_ok) {
+ info.message("ldb commit failed: " + samdb.errstring() + "\n");
+ assert(commit_ok);
+ }
return true;
}
message("Setting up sam.ldb users and groups\n");
- setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
+ setup_add_ldif("provision_users.ldif", info, samdb, false);
- if (setup_name_mappings(info, subobj, session_info, credentials) == false) {
+ if (setup_name_mappings(info, subobj, samdb) == false) {
return false;
}
+ var commit_ok = samdb.transaction_commit();
+ if (!commit_ok) {
+ info.message("samdb commit failed: " + samdb.errstring() + "\n");
+ assert(commit_ok);
+ }
+
return true;
}
diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif
index e7d7fcec2d..ca21ee923d 100644
--- a/source4/setup/schema.ldif
+++ b/source4/setup/schema.ldif
@@ -548,19 +548,19 @@ adminDisplayName: houseIdentifier
attributeID: 2.5.4.51
attributeSyntax: 2.5.5.12
-dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
-cn: middleName
-name: middleName
-objectClass: top
-objectClass: attributeSchema
-lDAPDisplayName: middleName
-isSingleValued: TRUE
-systemFlags: 16
-systemOnly: FALSE
-schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
-adminDisplayName: Other-Name
-attributeID: 2.16.840.1.113730.3.1.34
-attributeSyntax: 2.5.5.12
+#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
+#cn: middleName
+#name: middleName
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: middleName
+#isSingleValued: TRUE
+#systemFlags: 16
+#systemOnly: FALSE
+#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
+#adminDisplayName: Other-Name
+#attributeID: 2.16.840.1.113730.3.1.34
+#attributeSyntax: 2.5.5.12
dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN}
cn: replTopologyStayOfExecution
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
new file mode 100644
index 0000000000..94b79bd31f
--- /dev/null
+++ b/source4/setup/schema_samba4.ldif
@@ -0,0 +1,149 @@
+#
+# Schema elements which do not exist in AD, but which we use in Samba4
+#
+## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
+## 1.3.6.1.4.1.7165.4.1.x - attributetypes
+## 1.3.6.1.4.1.7165.4.2.x - objectclasses
+#
+#
+
+
+dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN}
+cn: ntpwdHash
+name: NTPWDHash
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: ntpwdhash
+isSingleValued: TRUE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
+adminDisplayName: NT-PWD-Hash
+attributeID: 1.3.6.1.4.1.7165.4.1.1
+attributeSyntax: 2.5.5.10
+
+dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN}
+cn: lmpwdHash
+name: lmpwdHash
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: lmpwdhash
+isSingleValued: TRUE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
+adminDisplayName: LM-PWD-Hash
+attributeID: 1.3.6.1.4.1.7165.4.1.2
+attributeSyntax: 2.5.5.10
+
+dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN}
+cn: sambaNtPwdHistory
+name: sambaNtPwdHistory
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: sambaNtPwdHistory
+isSingleValued: TRUE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
+adminDisplayName: SAMBA-NT-PWD-History
+attributeID: 1.3.6.1.4.1.7165.4.1.3
+attributeSyntax: 2.5.5.10
+
+dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN}
+cn: sambaLmPwdHistory
+name: sambaLmPwdHistory
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: sambaLmPwdHistory
+isSingleValued: FALSE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
+adminDisplayName: SAMBA-LM-PWDHistory
+attributeID: 1.3.6.1.4.1.7165.4.1.4
+attributeSyntax: 2.5.5.10
+
+dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN}
+cn: sambaPassword
+name: sambaPassword
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: sambaPassword
+isSingleValued: FALSE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
+adminDisplayName: SAMBA-Password
+attributeID: 1.3.6.1.4.1.7165.4.1.5
+attributeSyntax: 2.5.5.5
+
+dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN}
+cn: dnsDomain
+name: dnsDomain
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: dnsDomain
+isSingleValued: FALSE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
+adminDisplayName: SAMBA-Password
+attributeID: 1.3.6.1.4.1.7165.4.1.6
+attributeSyntax: 2.5.5.4
+
+dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN}
+cn: privilege
+name: privilege
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: privilege
+isSingleValued: FALSE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
+adminDisplayName: Privilege
+attributeID: 1.3.6.1.4.1.7165.4.1.7
+attributeSyntax: 2.5.5.4
+
+dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
+cn: middleName
+name: middleName
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: middleName
+sSingleValued: TRUE
+systemFlags: 16
+systemOnly: FALSE
+schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
+adminDisplayName: Other-Name
+attributeID: 1.3.6.1.4.1.7165.4.1.8
+attributeSyntax: 2.5.5.12
+
+dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN}
+cn: unixName
+name: unixName
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: unixName
+sSingleValued: TRUE
+systemFlags: 16
+systemOnly: FALSE
+schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
+adminDisplayName: Unix-Name
+attributeID: 1.3.6.1.4.1.7165.4.1.9
+attributeSyntax: 2.5.5.4
+
+dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN}
+cn: krb5Key
+name: krb5Key
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: krb5Key
+isSingleValued: FALSE
+systemFlags: 17
+systemOnly: TRUE
+schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
+adminDisplayName: krb5-Key
+attributeID: 1.3.6.1.4.1.5322.10.1.10
+attributeSyntax: 2.5.5.10