summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup')
-rwxr-xr-xsource4/setup/provision8
-rwxr-xr-xsource4/setup/provision.py94
-rw-r--r--source4/setup/provision_basedn.ldif1
-rw-r--r--source4/setup/provision_basedn_modify.ldif3
-rw-r--r--source4/setup/provision_partitions.ldif6
-rw-r--r--source4/setup/secrets_dc.ldif6
-rwxr-xr-xsource4/setup/upgrade.py9
-rwxr-xr-xsource4/setup/vampire.py7
8 files changed, 61 insertions, 73 deletions
diff --git a/source4/setup/provision b/source4/setup/provision
index 8b24c51040..9e135cddbb 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -143,12 +143,10 @@ if (ldapbackend) {
subobj.LDAPMODULE = "normalise,entryuuid";
subobj.TDB_MODULES_LIST = "";
}
+ subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches";
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
- subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
- subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
- subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
}
@@ -175,7 +173,9 @@ if (partitions_only) {
message("--host-guid='%s' \\\n", subobj.HOSTGUID);
}
message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
- message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
+ if (subobj.INVOCATIONID != undefined) {
+ message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
+ }
message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
diff --git a/source4/setup/provision.py b/source4/setup/provision.py
index 88015ce0a3..c8087f7bd7 100755
--- a/source4/setup/provision.py
+++ b/source4/setup/provision.py
@@ -2,7 +2,8 @@
#
# Unix SMB/CIFS implementation.
# provision a Samba4 server
-# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
#
# Based on the original in EJS:
# Copyright (C) Andrew Tridgell 2005
@@ -33,11 +34,14 @@ import samba
from auth import system_session
import samba.getopt as options
import param
-from samba.provision import (provision,
- provision_paths_from_lp)
+from samba.provision import (provision,
+ provision_paths_from_lp,
+ FILL_FULL, FILL_NT4SYNC,
+ FILL_DRS)
parser = optparse.OptionParser("provision [options]")
-parser.add_option_group(options.SambaOptions(parser))
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
@@ -83,8 +87,9 @@ parser.add_option("--blank", action="store_true",
help="do not add users or groups, just the structure")
parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER",
help="LDAP server to use for this provision")
-parser.add_option("--ldap-module=", type="string", metavar="MODULE",
- help="LDB mapping module to use for the LDAP backend")
+parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
+ help="LDB mapping module to use for the LDAP backend",
+ choices=["fedora-ds", "openldap"])
parser.add_option("--aci", type="string", metavar="ACI",
help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain")
parser.add_option("--server-role", type="choice", metavar="ROLE",
@@ -111,63 +116,58 @@ if opts.realm is None or opts.domain is None:
sys.exit(1)
# cope with an initially blank smb.conf
-lp = param.LoadParm()
-if opts.configfile:
- lp.load(opts.configfile)
+private_dir = None
+lp = sambaopts.get_loadparm()
if opts.targetdir is not None:
if not os.path.exists(opts.targetdir):
os.mkdir(opts.targetdir)
- lp.set("private dir", os.path.abspath(opts.targetdir))
+ private_dir = os.path.join(opts.targetdir, "private")
+ if not os.path.exists(private_dir):
+ os.mkdir(private_dir)
+ lp.set("private dir", os.path.abspath(private_dir))
lp.set("lock dir", os.path.abspath(opts.targetdir))
lp.set("realm", opts.realm)
lp.set("workgroup", opts.domain)
lp.set("server role", opts.server_role or "domain controller")
+
if opts.aci is not None:
print "set ACI: %s" % opts.aci
-paths = provision_paths_from_lp(lp, opts.realm.lower())
-paths.smbconf = opts.configfile
-
-if opts.ldap_backend:
- if opts.ldap_backend == "ldapi":
- subobj.ldap_backend = subobj.ldapi_uri
-
- if not opts.ldap_module:
- subobj.ldapmodule = "entryuuid"
-
- subobj.domaindn_ldb = subobj.ldap_backend
- subobj.domaindn_mod2 = ",%s,paged_searches" % subobj.ldapmodule
- subobj.configdn_ldb = subobj.ldap_backend
- subobj.configdn_mod2 = ",%s,paged_searches" % subobj.ldapmodule
- subobj.schemadn_ldb = subobj.ldap_backend
- subobj.schemadn_mod2 = ",%s,paged_searches" % subobj.ldapmodule
- message("LDAP module: %s on backend: %s" % (subobj.ldapmodule, subobj.ldap_backend))
+paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir)
+paths.smbconf = sambaopts.get_loadparm_path()
creds = credopts.get_credentials()
setup_dir = opts.setupdir
if setup_dir is None:
setup_dir = "setup"
-if opts.partitions_only:
- provision_become_dc(setup_dir, message, False,
- paths, lp, system_session(), creds)
-else:
- provision(lp, setup_dir, message, opts.blank, paths,
- system_session(), creds, opts.ldap_backend, realm=opts.realm,
- domainguid=opts.domain_guid, domainsid=opts.domain_sid,
- policyguid=opts.policy_guid, hostname=opts.host_name,
- hostip=opts.host_ip, hostguid=opts.host_guid,
- invocationid=opts.invocationid, adminpass=opts.adminpass,
- krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
- dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
- nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users,
- aci=opts.aci, serverrole=opts.server_role)
- message("To reproduce this provision, run with:")
- def shell_escape(arg):
- if " " in arg:
- return '"%s"' % arg
- return arg
- message(" ".join([shell_escape(arg) for arg in sys.argv]))
+
+samdb_fill = FILL_FULL
+if opts.blank:
+ samdb_fill = FILL_NT4SYNC
+elif opts.partitions_only:
+ samdb_fill = FILL_DRS
+
+provision(lp, setup_dir, message, paths,
+ system_session(), creds, opts.ldap_backend,
+ samdb_fill=samdb_fill, realm=opts.realm,
+ domainguid=opts.domain_guid, domainsid=opts.domain_sid,
+ policyguid=opts.policy_guid, hostname=opts.host_name,
+ hostip=opts.host_ip, hostguid=opts.host_guid,
+ invocationid=opts.invocationid, adminpass=opts.adminpass,
+ krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
+ dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
+ nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users,
+ aci=opts.aci, serverrole=opts.server_role,
+ ldap_backend=opts.ldap_backend,
+ ldap_backend_type=opts.ldap_backend_type)
+
+message("To reproduce this provision, run with:")
+def shell_escape(arg):
+ if " " in arg:
+ return '"%s"' % arg
+ return arg
+message(" ".join([shell_escape(arg) for arg in sys.argv]))
message("All OK")
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index 3c7537f013..11eb0593e8 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -6,5 +6,4 @@ objectClass: top
objectClass: domain
objectClass: domainDNS
${ACI}
-dc: ${RDN_DC}
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index fa990599d9..dadfda720e 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -4,9 +4,6 @@
dn: ${DOMAINDN}
changetype: modify
-
-replace: dc
-dc: ${RDN_DC}
--
replace: forceLogoff
forceLogoff: 9223372036854775808
-
diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif
index fb8bc7f595..93fea6bc2d 100644
--- a/source4/setup/provision_partitions.ldif
+++ b/source4/setup/provision_partitions.ldif
@@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB}
replicateEntries: @ATTRIBUTES
replicateEntries: @INDEXLIST
replicateEntries: @OPTIONS
-modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2}
-modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2}
-modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2}
+modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD}
+modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD}
+modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD}
dn: @MODULES
@LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2}
diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
index 64469352bb..71c7fc2f5b 100644
--- a/source4/setup/secrets_dc.ldif
+++ b/source4/setup/secrets_dc.ldif
@@ -7,8 +7,6 @@ realm: ${REALM}
secret:: ${MACHINEPASS_B64}
secureChannelType: 6
sAMAccountName: ${NETBIOSNAME}$
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
msDS-KeyVersionNumber: 1
objectSid: ${DOMAINSID}
privateKeytab: ${SECRETS_KEYTAB}
@@ -22,8 +20,6 @@ objectClass: kerberosSecret
flatname: ${DOMAIN}
realm: ${REALM}
sAMAccountName: krbtgt
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
krb5Keytab: HDB:ldb:${SAM_LDB}:
@@ -36,8 +32,6 @@ objectClass: top
objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
servicePrincipalName: DNS/${DNSDOMAIN}
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}
diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py
index ea6f83d7de..4cf9641ef2 100755
--- a/source4/setup/upgrade.py
+++ b/source4/setup/upgrade.py
@@ -14,7 +14,8 @@ import samba.getopt as options
from auth import system_session
parser = optparse.OptionParser("upgrade [options] <libdir> <smbconf>")
-parser.add_option_group(options.SambaOptions(parser))
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
@@ -59,15 +60,13 @@ if setup_dir is None:
setup_dir = "setup"
creds = credopts.get_credentials()
-lp = param.LoadParm()
-if opts.configfile:
- lp.load(opts.configfile)
+lp = sambaopts.get_loadparm()
if opts.targetdir is not None:
if not os.path.exists(opts.targetdir):
os.mkdir(opts.targetdir)
lp.set("private dir", os.path.abspath(opts.targetdir))
lp.set("lock dir", os.path.abspath(opts.targetdir))
paths = provision_paths_from_lp(lp, "")
-paths.smbconf = opts.configfile
+paths.smbconf = sambaopts.get_loadparm_path()
upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(),
lp=lp, paths=paths)
diff --git a/source4/setup/vampire.py b/source4/setup/vampire.py
index 392cd2d4fb..728c53146a 100755
--- a/source4/setup/vampire.py
+++ b/source4/setup/vampire.py
@@ -26,7 +26,8 @@ from auth import system_session
import sys
parser = optparse.OptionParser("vampire [options] <domain>")
-parser.add_option_group(options.SambaOptions(parser))
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
@@ -47,8 +48,6 @@ def vampire(domain, session_info, credentials, lp):
ctx.samsync_ldb(vampire_ctx, machine_creds=machine_creds,
session_info=session_info)
-lp = param.LoadParm()
-if opts.configfile:
- lp.load(opts.configfile)
+lp = sambaopts.get_loadparm()
vampire(args[0], session_info=system_session(),
credentials=credopts.get_credentials(), lp=lp)
generated by cgit (git 2.34.1) at 2024-12-15 10:36:08 +0000