diff options
Diffstat (limited to 'source4/scripting/python')
-rw-r--r-- | source4/scripting/python/samba/provision.py | 212 |
1 files changed, 106 insertions, 106 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 1db1ae34b7..85d883f9ae 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -13,12 +13,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # @@ -227,22 +227,22 @@ class ProvisionNames(object): def update_provision_usn(samdb, low, high, replace=False): """Update the field provisionUSN in sam.ldb - This field is used to track range of USN modified by provision and + This field is used to track range of USN modified by provision and upgradeprovision. - This value is used afterward by next provision to figure out if + This value is used afterward by next provision to figure out if the field have been modified since last provision. :param samdb: An LDB object connect to sam.ldb :param low: The lowest USN modified by this upgrade :param high: The highest USN modified by this upgrade - :param replace: A boolean indicating if the range should replace any + :param replace: A boolean indicating if the range should replace any existing one or appended (default) """ tab = [] if not replace: entry = samdb.search(expression="(&(dn=@PROVISION)(%s=*))" % \ - LAST_PROVISION_USN_ATTRIBUTE, base="", + LAST_PROVISION_USN_ATTRIBUTE, base="", scope=ldb.SCOPE_SUBTREE, attrs=[LAST_PROVISION_USN_ATTRIBUTE, "dn"]) for e in entry[0][LAST_PROVISION_USN_ATTRIBUTE]: @@ -291,12 +291,12 @@ def get_max_usn(samdb,basedn): "server_sort:1:1:uSNChanged", "paged_results:1:1"]) return res[0]["uSNChanged"] - + def get_last_provision_usn(sam): """Get the lastest USN modified by a provision or an upgradeprovision :param sam: An LDB object pointing to the sam.ldb - :return an integer corresponding to the highest USN modified by + :return an integer corresponding to the highest USN modified by (upgrade)provision, 0 is this value is unknown""" entry = sam.search(expression="(&(dn=@PROVISION)(%s=*))" % \ @@ -327,14 +327,14 @@ class ProvisionResult(object): def check_install(lp, session_info, credentials): """Check whether the current install seems ok. - + :param lp: Loadparm context :param session_info: Session information :param credentials: Credentials """ if lp.get("realm") == "": raise Exception("Realm empty") - samdb = Ldb(lp.get("sam database"), session_info=session_info, + samdb = Ldb(lp.get("sam database"), session_info=session_info, credentials=credentials, lp=lp) if len(samdb.search("(cn=Administrator)")) != 1: raise ProvisioningError("No administrator account found") @@ -342,7 +342,7 @@ def check_install(lp, session_info, credentials): def findnss(nssfn, names): """Find a user or group from a list of possibilities. - + :param nssfn: NSS Function to try (should raise KeyError if not found) :param names: Names to check. :return: Value return by first names list. @@ -361,7 +361,7 @@ findnss_gid = lambda names: findnss(grp.getgrnam, names)[2] def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]): """Setup a ldb in the private dir. - + :param ldb: LDB file to import data into :param ldif_path: Path of the LDIF file to load :param subst_vars: Optional variables to subsitute in LDIF. @@ -374,7 +374,7 @@ def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]): def setup_modify_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]): """Modify a ldb in the private dir. - + :param ldb: LDB object. :param ldif_path: LDIF file path. :param subst_vars: Optional dictionary with substitution variables. @@ -431,7 +431,7 @@ def provision_paths_from_lp(lp, dnsdomain): paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf") paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") - paths.phpldapadminconfig = os.path.join(paths.private_dir, + paths.phpldapadminconfig = os.path.join(paths.private_dir, "phpldapadmin-config.php") paths.hklm = "hklm.ldb" paths.hkcr = "hkcr.ldb" @@ -508,10 +508,10 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, domain = netbiosname if domaindn is None: domaindn = "DC=" + netbiosname - + if not valid_netbios_name(domain): raise InvalidNetbiosName(domain) - + if hostname.upper() == realm: raise ProvisioningError("guess_names: Realm '%s' must not be equal to hostname '%s'!" % (realm, hostname)) if netbiosname == realm: @@ -521,7 +521,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, if rootdn is None: rootdn = domaindn - + if configdn is None: configdn = "CN=Configuration," + rootdn if schemadn is None: @@ -543,11 +543,11 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, names.hostname = hostname names.sitename = sitename names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn) - + return names - -def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, + +def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir, sid_generator="internal", eadb=False): """Create a new smb.conf file based on a couple of basic settings. """ @@ -622,7 +622,7 @@ def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, sysvol = os.path.join(default_lp.get("lock dir"), "sysvol") netlogon = os.path.join(sysvol, realm.lower(), "scripts") - setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), + setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), smbconf, { "NETBIOS_NAME": netbiosname, "DOMAIN": domain, @@ -652,22 +652,22 @@ def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, :param wheel_gid: gid of the UNIX wheel group.""" idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid) idmap.setup_name_mapping("S-1-5-32-544", idmap.TYPE_GID, wheel_gid) - + idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid) idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid) -def setup_samdb_partitions(samdb_path, setup_path, logger, lp, session_info, - provision_backend, names, schema, serverrole, +def setup_samdb_partitions(samdb_path, setup_path, logger, lp, session_info, + provision_backend, names, schema, serverrole, erase=False): - """Setup the partitions for the SAM database. - + """Setup the partitions for the SAM database. + Alternatively, provision() may call this, and then populate the database. - + :note: This will wipe the Sam Database! - - :note: This function always removes the local SAM LDB file. The erase - parameter controls whether to erase the existing data, which + + :note: This function always removes the local SAM LDB file. The erase + parameter controls whether to erase the existing data, which may not be stored locally but in LDAP. """ @@ -681,7 +681,7 @@ def setup_samdb_partitions(samdb_path, setup_path, logger, lp, session_info, except OSError: pass - samdb = Ldb(url=samdb_path, session_info=session_info, + samdb = Ldb(url=samdb_path, session_info=session_info, lp=lp, options=["modules:"]) ldap_backend_line = "# No LDAP backend" @@ -692,13 +692,13 @@ def setup_samdb_partitions(samdb_path, setup_path, logger, lp, session_info, try: logger.info("Setting up sam.ldb partitions and settings") setup_add_ldif(samdb, setup_path("provision_partitions.ldif"), { - "SCHEMADN": ldb.Dn(schema.ldb, names.schemadn).get_casefold(), + "SCHEMADN": ldb.Dn(schema.ldb, names.schemadn).get_casefold(), "CONFIGDN": ldb.Dn(schema.ldb, names.configdn).get_casefold(), "DOMAINDN": ldb.Dn(schema.ldb, names.domaindn).get_casefold(), "LDAP_BACKEND_LINE": ldap_backend_line, }) - + setup_add_ldif(samdb, setup_path("provision_init.ldif"), { "BACKEND_TYPE": provision_backend.type, "SERVER_ROLE": serverrole @@ -712,15 +712,15 @@ def setup_samdb_partitions(samdb_path, setup_path, logger, lp, session_info, else: samdb.transaction_commit() - -def secretsdb_self_join(secretsdb, domain, + +def secretsdb_self_join(secretsdb, domain, netbiosname, machinepass, domainsid=None, realm=None, dnsdomain=None, - keytab_path=None, + keytab_path=None, key_version_number=1, secure_channel_type=SEC_CHAN_WKSTA): """Add domain join-specific bits to a secrets database. - + :param secretsdb: Ldb Handle to the secrets database :param machinepass: Machine password """ @@ -738,7 +738,7 @@ def secretsdb_self_join(secretsdb, domain, else: dnsname = None shortname = netbiosname.lower() - + #We don't need to set msg["flatname"] here, because rdn_name will handle it, and it causes problems for modifies anyway msg = ldb.Message(ldb.Dn(secretsdb, "flatname=%s,cn=Primary Domains" % domain)) msg["secureChannelType"] = [str(secure_channel_type)] @@ -755,16 +755,16 @@ def secretsdb_self_join(secretsdb, domain, msg["secureChannelType"] = [str(secure_channel_type)] if domainsid is not None: msg["objectSid"] = [ndr_pack(domainsid)] - + # This complex expression tries to ensure that we don't have more # than one record for this SID, realm or netbios domain at a time, # but we don't delete the old record that we are about to modify, # because that would delete the keytab and previous password. - res = secretsdb.search(base="cn=Primary Domains", - attrs=attrs, + res = secretsdb.search(base="cn=Primary Domains", + attrs=attrs, expression=("(&(|(flatname=%s)(realm=%s)(objectSid=%s))(objectclass=primaryDomain)(!(dn=%s)))" % (domain, realm, str(domainsid), str(msg.dn))), scope=ldb.SCOPE_ONELEVEL) - + for del_msg in res: secretsdb.delete(del_msg.dn) @@ -804,7 +804,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir, realm, dnsdomain, dns_keytab_path, dnspass): """Add DNS specific bits to a secrets database. - + :param secretsdb: Ldb Handle to the secrets database :param setup_path: Setup path function :param machinepass: Machine password @@ -814,7 +814,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir, except OSError: pass - setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { + setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { "REALM": realm, "DNSDOMAIN": dnsdomain, "DNS_KEYTAB": dns_keytab_path, @@ -850,11 +850,11 @@ def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp): path = paths.secrets - secrets_ldb = Ldb(path, session_info=session_info, + secrets_ldb = Ldb(path, session_info=session_info, lp=lp) secrets_ldb.erase() secrets_ldb.load_ldif_file_add(setup_path("secrets_init.ldif")) - secrets_ldb = Ldb(path, session_info=session_info, + secrets_ldb = Ldb(path, session_info=session_info, lp=lp) secrets_ldb.transaction_start() try: @@ -897,7 +897,7 @@ def setup_privileges(path, setup_path, session_info, lp): def setup_registry(path, setup_path, session_info, lp): """Setup the registry. - + :param path: Path to the registry database :param setup_path: Function that returns the path to a setup. :param session_info: Session information @@ -905,7 +905,7 @@ def setup_registry(path, setup_path, session_info, lp): :param lp: Loadparm context """ reg = samba.registry.Registry() - hive = samba.registry.open_ldb(path, session_info=session_info, + hive = samba.registry.open_ldb(path, session_info=session_info, lp_ctx=lp) reg.mount_hive(hive, samba.registry.HKEY_LOCAL_MACHINE) provision_reg = setup_path("provision.reg") @@ -940,16 +940,16 @@ def setup_samdb_rootdse(samdb, setup_path, names): :param setup_path: Obtain setup path """ setup_add_ldif(samdb, setup_path("provision_rootdse_add.ldif"), { - "SCHEMADN": names.schemadn, + "SCHEMADN": names.schemadn, "DOMAINDN": names.domaindn, "ROOTDN": names.rootdn, "CONFIGDN": names.configdn, "SERVERDN": names.serverdn, }) - + def setup_self_join(samdb, names, - machinepass, dnspass, + machinepass, dnspass, domainsid, next_rid, invocationid, setup_path, policyguid, policyguid_dc, domainControllerFunctionality, ntdsguid): @@ -959,8 +959,8 @@ def setup_self_join(samdb, names, ntdsguid_line = "objectGUID: %s\n"%ntdsguid else: ntdsguid_line = "" - setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { - "CONFIGDN": names.configdn, + setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { + "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, "DOMAINDN": names.domaindn, "SERVERDN": names.serverdn, @@ -974,12 +974,12 @@ def setup_self_join(samdb, names, "NTDSGUID": ntdsguid_line, "DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)}) - setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { + setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { "POLICYGUID": policyguid, "POLICYGUID_DC": policyguid_dc, "DNSDOMAIN": names.dnsdomain, "DOMAINDN": names.domaindn}) - + # add the NTDSGUID based SPNs ntds_dn = "CN=NTDS Settings,%s" % names.serverdn names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID", @@ -990,7 +990,7 @@ def setup_self_join(samdb, names, setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), { "DOMAINDN": names.domaindn, "CONFIGDN": names.configdn, - "SCHEMADN": names.schemadn, + "SCHEMADN": names.schemadn, "DEFAULTSITE": names.sitename, "SERVERDN": names.serverdn, "NETBIOSNAME": names.netbiosname, @@ -1057,7 +1057,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names, serverrole, am_rodc=False, dom_for_fun_level=None, schema=None, next_rid=1000): """Setup a complete SAM Database. - + :note: This will wipe the main SAM database file! """ @@ -1110,7 +1110,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names, if fill == FILL_DRS: return samdb - + samdb.transaction_start() try: # Set the domain functionality levels onto the database. @@ -1158,7 +1158,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names, logger.info("Adding configuration container") descr = b64encode(get_config_descriptor(domainsid)) setup_add_ldif(samdb, setup_path("provision_configuration_basedn.ldif"), { - "CONFIGDN": names.configdn, + "CONFIGDN": names.configdn, "DESCRIPTOR": descr, }) @@ -1168,7 +1168,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names, samdb.modify_ldif(schema.schema_dn_modify) samdb.write_prefixes_from_schema() samdb.add_ldif(schema.schema_data, controls=["relax:0"]) - setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), + setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), {"SCHEMADN": names.schemadn}) logger.info("Reopening sam.ldb with new schema") @@ -1314,10 +1314,10 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp): expression="", scope=ldb.SCOPE_ONELEVEL) for policy in res: - acl = ndr_unpack(security.descriptor, + acl = ndr_unpack(security.descriptor, str(policy["nTSecurityDescriptor"])).as_sddl() policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"])) - set_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp, + set_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp, str(domainsid)) def setsysvolacl(samdb, netlogon, sysvol, gid, domainsid, dnsdomain, domaindn, @@ -1356,27 +1356,27 @@ def setsysvolacl(samdb, netlogon, sysvol, gid, domainsid, dnsdomain, domaindn, set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp) -def provision(setup_dir, logger, session_info, +def provision(setup_dir, logger, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, - realm=None, - rootdn=None, domaindn=None, schemadn=None, configdn=None, + realm=None, + rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, - domain=None, hostname=None, hostip=None, hostip6=None, + domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, next_rid=1000, adminpass=None, ldapadminpass=None, - krbtgtpass=None, domainguid=None, + krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, invocationid=None, machinepass=None, ntdsguid=None, - dnspass=None, root=None, nobody=None, users=None, + dnspass=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, dom_for_fun_level=None, ldap_backend_extra_port=None, ldap_backend_forced_uri=None, backend_type=None, sitename=None, - ol_mmr_urls=None, ol_olc=None, + ol_mmr_urls=None, ol_olc=None, setup_ds_path=None, slapd_path=None, nosync=False, ldap_dryrun_mode=False, useeadb=False, am_rodc=False): """Provision samba4 - + :note: caution, this wipes all existing data! """ @@ -1447,8 +1447,8 @@ def provision(setup_dir, logger, session_info, if data is None or data == "": make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir, sid_generator, useeadb) - else: - make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, + else: + make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, targetdir, sid_generator, useeadb) lp = samba.param.LoadParm() @@ -1478,7 +1478,7 @@ def provision(setup_dir, logger, session_info, hostip6 = ip[-1][0] if hostip6 == '::1' and ip[-1][0] != '::1': hostip6 = ip[-1][0] - except socket.gaierror, (socket.EAI_NODATA, msg): + except socket.gaierror, (socket.EAI_NODATA, msg): hostip6 = None if serverrole is None: @@ -1494,26 +1494,26 @@ def provision(setup_dir, logger, session_info, os.mkdir(os.path.join(paths.private_dir, "tls")) ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="") - + schema = Schema(setup_path, domainsid, invocationid=invocationid, schemadn=names.schemadn) if backend_type == "ldb": provision_backend = LDBBackend(backend_type, paths=paths, setup_path=setup_path, - lp=lp, credentials=credentials, + lp=lp, credentials=credentials, names=names, logger=logger) elif backend_type == "existing": provision_backend = ExistingBackend(backend_type, paths=paths, setup_path=setup_path, - lp=lp, credentials=credentials, + lp=lp, credentials=credentials, names=names, logger=logger, ldap_backend_forced_uri=ldap_backend_forced_uri) elif backend_type == "fedora-ds": provision_backend = FDSBackend(backend_type, paths=paths, setup_path=setup_path, - lp=lp, credentials=credentials, + lp=lp, credentials=credentials, names=names, logger=logger, domainsid=domainsid, @@ -1529,7 +1529,7 @@ def provision(setup_dir, logger, session_info, elif backend_type == "openldap": provision_backend = OpenLDAPBackend(backend_type, paths=paths, setup_path=setup_path, - lp=lp, credentials=credentials, + lp=lp, credentials=credentials, names=names, logger=logger, domainsid=domainsid, @@ -1539,7 +1539,7 @@ def provision(setup_dir, logger, session_info, slapd_path=slapd_path, ldap_backend_extra_port=ldap_backend_extra_port, ldap_dryrun_mode=ldap_dryrun_mode, - ol_mmr_urls=ol_mmr_urls, + ol_mmr_urls=ol_mmr_urls, nosync=nosync, ldap_backend_forced_uri=ldap_backend_forced_uri) else: @@ -1551,7 +1551,7 @@ def provision(setup_dir, logger, session_info, # only install a new shares config db if there is none if not os.path.exists(paths.shareconf): logger.info("Setting up share.ldb") - share_ldb = Ldb(paths.shareconf, session_info=session_info, + share_ldb = Ldb(paths.shareconf, session_info=session_info, lp=lp) share_ldb.load_ldif_file_add(setup_path("share.ldif")) @@ -1562,7 +1562,7 @@ def provision(setup_dir, logger, session_info, try: logger.info("Setting up the registry") - setup_registry(paths.hklm, setup_path, session_info, + setup_registry(paths.hklm, setup_path, session_info, lp=lp) logger.info("Setting up the privileges database") @@ -1573,16 +1573,16 @@ def provision(setup_dir, logger, session_info, lp=lp) logger.info("Setting up SAM db") - samdb = setup_samdb(paths.samdb, setup_path, session_info, + samdb = setup_samdb(paths.samdb, setup_path, session_info, provision_backend, lp, names, - logger=logger, - domainsid=domainsid, + logger=logger, + domainsid=domainsid, schema=schema, domainguid=domainguid, policyguid=policyguid, policyguid_dc=policyguid_dc, - fill=samdb_fill, + fill=samdb_fill, adminpass=adminpass, krbtgtpass=krbtgtpass, - invocationid=invocationid, - machinepass=machinepass, dnspass=dnspass, + invocationid=invocationid, + machinepass=machinepass, dnspass=dnspass, ntdsguid=ntdsguid, serverrole=serverrole, dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc, next_rid=next_rid) @@ -1590,14 +1590,14 @@ def provision(setup_dir, logger, session_info, if serverrole == "domain controller": if paths.netlogon is None: logger.info("Existing smb.conf does not have a [netlogon] share, but you are configuring a DC.") - logger.info("Please either remove %s or see the template at %s" % + logger.info("Please either remove %s or see the template at %s" % (paths.smbconf, setup_path("provision.smb.conf.dc"))) assert paths.netlogon is not None if paths.sysvol is None: logger.info("Existing smb.conf does not have a [sysvol] share, but you" " are configuring a DC.") - logger.info("Please either remove %s or see the template at %s" % + logger.info("Please either remove %s or see the template at %s" % (paths.smbconf, setup_path("provision.smb.conf.dc"))) assert paths.sysvol is not None @@ -1612,7 +1612,7 @@ def provision(setup_dir, logger, session_info, if serverrole == "domain controller": # Set up group policies (domain policy and domain controller policy) create_default_gpo(paths.sysvol, names.dnsdomain, policyguid, policyguid_dc) - setsysvolacl(samdb, paths.netlogon, paths.sysvol, wheel_gid, + setsysvolacl(samdb, paths.netlogon, paths.sysvol, wheel_gid, domainsid, names.dnsdomain, names.domaindn, lp) logger.info("Setting up sam.ldb rootDSE marking as synchronized") @@ -1622,7 +1622,7 @@ def provision(setup_dir, logger, session_info, realm=names.realm, dnsdomain=names.dnsdomain, netbiosname=names.netbiosname, - domainsid=domainsid, + domainsid=domainsid, machinepass=machinepass, secure_channel_type=SEC_CHAN_BDC) @@ -1632,8 +1632,8 @@ def provision(setup_dir, logger, session_info, try: msg = ldb.Message(ldb.Dn(samdb, samdb.searchone("distinguishedName", expression="samAccountName=%s$" % names.netbiosname, scope=ldb.SCOPE_SUBTREE))) - msg["msDS-SupportedEncryptionTypes"] = ldb.MessageElement(elements=kerberos_enctypes, - flags=ldb.FLAG_MOD_REPLACE, + msg["msDS-SupportedEncryptionTypes"] = ldb.MessageElement(elements=kerberos_enctypes, + flags=ldb.FLAG_MOD_REPLACE, name="msDS-SupportedEncryptionTypes") samdb.modify(msg) except ldb.LdbError, (ldb.ERR_NO_SUCH_ATTRIBUTE, _): @@ -1655,7 +1655,7 @@ def provision(setup_dir, logger, session_info, # with DNS replication create_zone_file(lp, logger, paths, targetdir, setup_path, dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6, - hostname=names.hostname, realm=names.realm, + hostname=names.hostname, realm=names.realm, domainguid=domainguid, ntdsguid=names.ntdsguid) create_named_conf(paths, setup_path, realm=names.realm, @@ -1687,7 +1687,7 @@ def provision(setup_dir, logger, session_info, provision_backend.post_setup() provision_backend.shutdown() - create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, + create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, ldapi_url) except: secrets_ldb.transaction_cancel() @@ -1731,7 +1731,7 @@ def provision(setup_dir, logger, session_info, # now display slapd_command_file.txt to show how slapd must be started next time logger.info("Use later the following commandline to start slapd, then Samba:") logger.info(provision_backend.slapd_command_escaped) - logger.info("This slapd-Commandline is also stored under: %s/ldap_backend_startup.sh", + logger.info("This slapd-Commandline is also stored under: %s/ldap_backend_startup.sh", provision_backend.ldapdir) result = ProvisionResult() @@ -1743,15 +1743,15 @@ def provision(setup_dir, logger, session_info, def provision_become_dc(setup_dir=None, - smbconf=None, targetdir=None, realm=None, + smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, - domain=None, hostname=None, domainsid=None, - adminpass=None, krbtgtpass=None, domainguid=None, + domain=None, hostname=None, domainsid=None, + adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, invocationid=None, - machinepass=None, - dnspass=None, root=None, nobody=None, users=None, - wheel=None, backup=None, serverrole=None, + machinepass=None, + dnspass=None, root=None, nobody=None, users=None, + wheel=None, backup=None, serverrole=None, ldap_backend=None, ldap_backend_type=None, sitename=None, debuglevel=1): @@ -1775,7 +1775,7 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri): :param path: Path to write the configuration to. :param setup_path: Function to generate setup paths. """ - setup_file(setup_path("phpldapadmin-config.php"), path, + setup_file(setup_path("phpldapadmin-config.php"), path, {"S4_LDAPI_URI": ldapi_uri}) @@ -1879,7 +1879,7 @@ def create_named_conf(paths, setup_path, realm, dnsdomain, private_dir): """Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). - + :param paths: all paths :param setup_path: Setup path function. :param realm: Realm name @@ -1904,7 +1904,7 @@ def create_named_txt(path, setup_path, realm, dnsdomain, private_dir, keytab_name): """Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). - + :param path: Path of the new named.conf file. :param setup_path: Setup path function. :param realm: Realm name @@ -1925,7 +1925,7 @@ def create_named_txt(path, setup_path, realm, dnsdomain, def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm): """Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). - + :param path: Path of the new named.conf file. :param setup_path: Setup path function. :param dnsdomain: DNS Domain name |