summaryrefslogtreecommitdiff
path: root/source4/scripting
diff options
context:
space:
mode:
Diffstat (limited to 'source4/scripting')
-rw-r--r--source4/scripting/python/samba/provision.py42
-rw-r--r--source4/scripting/python/samba/provisionbackend.py63
2 files changed, 68 insertions, 37 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 98f9298cf4..012481bc78 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -52,7 +52,7 @@ import urllib
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
from ms_display_specifiers import read_ms_ldif
from schema import Schema
-from provisionbackend import ProvisionBackend
+from provisionbackend import ProvisionBackend, FDSBackend, OpenLDAPBackend
from signal import SIGTERM
from dcerpc.misc import SEC_CHAN_BDC, SEC_CHAN_WKSTA
@@ -623,7 +623,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
backend_modules = ["nsuniqueid", "paged_searches"]
# We can handle linked attributes here, as we don't have directory-side subtree operations
tdb_modules_list = ["extended_dn_out_fds"]
- elif ldap_backend.ldap_backend_type == "openldap":
+ elif provision_backend.ldap_backend_type == "openldap":
backend_modules = ["entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
tdb_modules_list = ["extended_dn_out_openldap"]
@@ -1233,7 +1233,36 @@ def provision(setup_dir, message, session_info,
schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn)
- provision_backend = ProvisionBackend(backend_type,
+ if backend_type == "fedora-ds":
+ provision_backend = FDSBackend(backend_type,
+ paths=paths, setup_path=setup_path,
+ lp=lp, credentials=credentials,
+ names=names,
+ message=message, hostname=hostname,
+ root=root, schema=schema,
+ ldapadminpass=ldapadminpass,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ol_mmr_urls=ol_mmr_urls,
+ slapd_path=slapd_path,
+ setup_ds_path=setup_ds_path,
+ ldap_dryrun_mode=ldap_dryrun_mode,
+ domainsid=domainsid)
+ elif backend_type == "openldap":
+ provision_backend = OpenLDAPBackend(backend_type,
+ paths=paths, setup_path=setup_path,
+ lp=lp, credentials=credentials,
+ names=names,
+ message=message, hostname=hostname,
+ root=root, schema=schema,
+ ldapadminpass=ldapadminpass,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ ol_mmr_urls=ol_mmr_urls,
+ slapd_path=slapd_path,
+ setup_ds_path=setup_ds_path,
+ ldap_dryrun_mode=ldap_dryrun_mode,
+ domainsid=domainsid)
+ else:
+ provision_backend = ProvisionBackend(backend_type,
paths=paths, setup_path=setup_path,
lp=lp, credentials=credentials,
names=names,
@@ -1365,11 +1394,8 @@ def provision(setup_dir, message, session_info,
realm=names.realm)
message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf)
- if provision_backend.post_setup is not None:
- provision_backend.post_setup()
-
- if provision_backend.shutdown is not None:
- provision_backend.shutdown()
+ provision_backend.post_setup()
+ provision_backend.shutdown()
create_phpldapadmin_config(paths.phpldapadminconfig, setup_path,
ldapi_url)
diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py
index f809202568..438ab2e59c 100644
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -26,6 +26,7 @@
"""Functions for setting up a Samba configuration (LDB and LDAP backends)."""
from base64 import b64encode
+import ldb
import os
import sys
import uuid
@@ -70,15 +71,13 @@ class ProvisionBackend(object):
self.paths = paths
self.slapd_command = None
self.slapd_command_escaped = None
+ self.names = names
self.type = backend_type
# Set a default - the code for "existing" below replaces this
self.ldap_backend_type = backend_type
- self.post_setup = None
- self.shutdown = None
-
if self.type is "ldb":
self.credentials = None
self.secrets_credentials = None
@@ -155,22 +154,6 @@ class ProvisionBackend(object):
self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
- def ldap_backend_shutdown(self):
- # if an LDAP backend is in use, terminate slapd after final provision and check its proper termination
- if self.slapd.poll() is None:
- #Kill the slapd
- if hasattr(self.slapd, "terminate"):
- self.slapd.terminate()
- else:
- # Older python versions don't have .terminate()
- import signal
- os.kill(self.slapd.pid, signal.SIGTERM)
-
- #and now wait for it to die
- self.slapd.communicate()
-
- self.shutdown = ldap_backend_shutdown
-
if self.type == "fedora-ds":
provision_fds_backend(self, setup_path=setup_path,
names=names, message=message,
@@ -225,6 +208,31 @@ class ProvisionBackend(object):
raise ProvisioningError("slapd died before we could make a connection to it")
+ def shutdown(self):
+ pass
+
+ def post_setup(self):
+ pass
+
+
+class LDAPBackend(ProvisionBackend):
+ def shutdown(self):
+ # if an LDAP backend is in use, terminate slapd after final provision and check its proper termination
+ if self.slapd.poll() is None:
+ #Kill the slapd
+ if hasattr(self.slapd, "terminate"):
+ self.slapd.terminate()
+ else:
+ # Older python versions don't have .terminate()
+ import signal
+ os.kill(self.slapd.pid, signal.SIGTERM)
+
+ #and now wait for it to die
+ self.slapd.communicate()
+
+
+class OpenLDAPBackend(LDAPBackend):
+ pass
def provision_openldap_backend(result, setup_path=None, names=None,
message=None,
@@ -588,8 +596,9 @@ def provision_fds_backend(result, setup_path=None, names=None,
if retcode != 0:
raise("ldib2db failed")
- # Leave a hook to do the 'post initilisation' setup
- def fds_post_setup(self):
+
+class FDSBackend(LDAPBackend):
+ def post_setup(self):
ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
# delete default SASL mappings
@@ -600,20 +609,16 @@ def provision_fds_backend(result, setup_path=None, names=None,
dn = str(res[i]["dn"])
ldapi_db.delete(dn)
- aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % names.sambadn
+ aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.names.sambadn
m = ldb.Message()
m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
- m.dn = ldb.Dn(1, names.domaindn)
+ m.dn = ldb.Dn(1, self.names.domaindn)
ldapi_db.modify(m)
- m.dn = ldb.Dn(1, names.configdn)
+ m.dn = ldb.Dn(1, self.names.configdn)
ldapi_db.modify(m)
- m.dn = ldb.Dn(1, names.schemadn)
+ m.dn = ldb.Dn(1, self.names.schemadn)
ldapi_db.modify(m)
-
- result.post_setup = fds_post_setup
-
-