summaryrefslogtreecommitdiff
path: root/source4/scripting/libjs/provision.js
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17704: Add comments suggesting how to get the LDAP backend working.Andrew Bartlett1-3/+23
Shutdown and reload the LDB, so the entryUUID module knows to read the schema (will be changed once we have a central schema store and notifications). Andrew Bartlett (This used to be commit d5814b689eedfc4c4701beb18a516db716a466f1)
2007-10-10r17534: Try another group for 'wheel' on True64.Andrew Bartlett1-1/+1
(This used to be commit 177b713288be9c5d559a27d65e16521cbeefc958)
2007-10-10r17499: Open the main database only the minimum times during a provision.Andrew Bartlett1-84/+62
This causes things to operate as just one transaction (locally), and to make a minimum of TCP connections when connecting to a remote LDAP server. Taking advantage of this, create another file to handle loading the Samba4 specific schema extensions. Also comment out 'middleName' and reassign the OID to one in the Samba4 range, as it is 'stolen' from a netscape range that is used in OpenLDAP and interenet standards for 'ref'. Andrew Bartlett (This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35)
2007-10-10r17330: Enable the partitions module.Andrew Bartlett1-1/+4
This module redirects various samdb requests into different modules, depending on the prefix. It also makes moving to an LDAP backend easier, as it is just a different partition backend. This adds yet another stage to the provision process, as we must setup the partitions before we setup the magic attributes. Andrew Bartlett (This used to be commit 31225b9cb6ef6fcb7bd831043999b1b44ef1b128)
2007-10-10r17206: Add a modular API for share configuration.Simo Sorce1-0/+7
Commit the classic backwards compatible module which is the default one (This used to be commit a89cc346b9296cb49929898d257a064a6c2bae86)
2007-10-10r16265: Fix 'newuser' command.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 82f5f6c03d005741613c5b00705613c4078c844e)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-19/+150
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16063: Make is clearer when we can't write to the smb.confAndrew Bartlett1-5/+8
Find more possible posix group names for the 'domain users' group, as the existing options don't exist in OSX. Andrew Bartlett (This used to be commit 4e8d7b7fb310a668ae8653bc06036c94249b2b2a)
2007-10-10r15077: map SID_BUILTIN_USERSStefan Metzmacher1-0/+1
metze (This used to be commit e896c32614fd4fd80a124ccfe49332e319f717f9)
2007-10-10r14200: Now we have real USN support, don't force the values in the provisionAndrew Bartlett1-16/+0
scripts. This tests the real module, and avoids duplication. Andrew Bartlett (This used to be commit 0859ba59ae00029177cd63366fc59efe8b19c973)
2007-10-10r13369: let's have a way to show the samba4 version through ejsSimo Sorce1-1/+1
and use it in provisioning to fullfill rfc 3045 requirements (This used to be commit 3fb9571a76481560304a826fc945983d52123299)
2007-10-10r13102: fixed the vampire code to correctly setup foreign sids and defaultAndrew Tridgell1-21/+35
unix name mappings (This used to be commit dc74d8ccf15b9324cd8b90ef9d41cf293b9de8e3)
2007-10-10r13098: make check for workgroup and realm case insensitiveAndrew Tridgell1-2/+2
(This used to be commit 0cacd69dd57254cb1b51ad7969993bc24bae86c7)
2007-10-10r13097: move the creation of the default sam name -> unix name mappings intoAndrew Tridgell1-6/+75
the main provision logic, so it can also be used as part of the vampire process (This used to be commit 95e90169f4e5887ee88116179d96f28f9e06796e)
2007-10-10r13084: fix 'make test'!Stefan Metzmacher1-5/+0
I would sugguest to run 'make test && make valgrind' before each commit at this stage... metze (This used to be commit b7a0a778cc77f294aac589416b05dc676696d11e)
2007-10-10r13076: catch a easy to make error during vampire installAndrew Tridgell1-0/+5
(This used to be commit 1c49ce8df0fd2150c68d0bf4162f1ef69ff3392a)
2007-10-10r12947: added some error checking that I stumbled across while testing ↵Andrew Tridgell1-1/+16
domain migration (This used to be commit c7951d17b1c4f53dd710d6a0fcf87ce678be3ff1)
2007-10-10r12929: Fix more implict global and shadowing variables.Andrew Bartlett1-5/+5
Andrew Bartlett (This used to be commit def31956181833db4c8e5079b745ca60fdf35136)
2007-10-10r12928: This patch improves the interaction between the vampire and provsion ↵Andrew Bartlett1-16/+48
code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
2007-10-10r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.Andrew Bartlett1-0/+26
Doing this required reworking ejsnet, particularly so it could take a set of credentials, not just a username and password argument. This required fixing the ejsnet.js test script, which now adds and deletes a user, and is run from 'make test'. This should prevent it being broken again. Deleting a user from ejsnet required that the matching backend be added to libnet, hooking fortunetly onto already existing code for the actual deletion. The js credentials interface now handles the 'set machine account' flag. New functions have been added to provision.js to wrap the basic operations (so we can write a command line version, as well as the web based version). Andrew Bartlett (This used to be commit a5e7c17c348c45e61699cc1626a0d5eae2df4636)
2007-10-10r12823: Fix up the provison and newuser code in SWAT. This also cleans up theAndrew Bartlett1-21/+30
main provision script a bit, as the argument list was getting out of control. (It has been replaced in part with an object). This also returns the session_info from the auth code into ejs. We still need access control allowing only root to re-provision. Andrew Bartlett (This used to be commit 002cdcf3cab6563909d31edc5d825e857dc0a732)
2007-10-10r12749: Fix the newuser script.Andrew Bartlett1-6/+4
Andrew Bartlett (This used to be commit 42cdad5e3f06c307baf80396fd8449b803ef84c3)
2007-10-10r12739: Add support for using credentials in the provision process.Andrew Bartlett1-16/+21
This should allow us to provision to a 'normal' LDAP server. Also add in 'session info' hooks (unused). Both of these need to be hooked in on the webserver. Andrew Bartlett (This used to be commit b349d2fbfefd0e0d4620b9e8e0c4136f900be1ae)
2007-10-10r12695: A dot is allowed in NetBIOS names.Jelmer Vernooij1-2/+2
(This used to be commit f4ac7d6359b5a6de04a6ea518dec99f4c9b49b3d)
2007-10-10r12533: Get the ldb.errstring() out to the user on failure. It helps a lotAndrew Bartlett1-2/+9
with debugging! Andrew Bartlett (This used to be commit fe36cb6767ce99432e2778037aad334170dca173)
2007-10-10r12252: With this change (hack) we can now do an provision onto Samba4's LDAPAndrew Bartlett1-1/+4
server. Now to try another one... Andrew Bartlett (This used to be commit 175f616d74ac3567a35713343be0c63c96c5aede)
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-9/+9
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
2007-10-10r11995: A big kerberos-related update.Andrew Bartlett1-0/+3
This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10r11956: removed the old rootdse.ldif, and the provision.js code that uses itAndrew Tridgell1-3/+0
(This used to be commit 4b56c129c6f1654f9dbe37bc950a836f15c48b3d)
2007-10-10r11501: change provision code to use the new display specifiersAndrew Tridgell1-0/+2
(This used to be commit 696fa87a212e65d6337c39a84f682b64b52593a5)
2007-10-10r11496: add a minimal ads-compatible schema into our sam.ldb setup. This isAndrew Tridgell1-2/+2
needed for mmc management of Samba4. (This used to be commit cbbce4fe403efc0b9e63052c2aa1fbb5972f2abe)
2007-10-10r11475: removed a extraneous ldb_delete() call (i had it there for debugging)Andrew Tridgell1-1/+0
(This used to be commit daa9dcd8f4b1dde801091ec64faa8158481d171c)
2007-10-10r11474: - enable ldb transactions from ejsAndrew Tridgell1-4/+19
- speed up provisioning a bit using a ldb transaction (also means you can't end up with a ldb being half done) (This used to be commit 91dfe304cf688bb81b69ff3192ac84b78b34b311)
2007-10-10r11363: fixed a problem with provisioning when hklm already exists (theAndrew Tridgell1-2/+1
problem is really caused by hklm not having objectclass attributes on its records, but this is a workaround) (This used to be commit 62d5253a033f47335ceefade9ad7d98ddfc19584)
2007-10-10r11222: Small provision fixes: canonicalName is now generated, and the DC=Andrew Bartlett1-1/+1
list should be from the dnsdomain (ie lowercae). Andrew Bartlett (This used to be commit 10d692a1c216134b301b5851ce1e71ed93cc6164)
2007-10-10r11217: Ensure the realm is substituted in UPPER case.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 0c29f0e30d64be09baad792eb2850aa0b8fa9981)
2007-10-10r11203: Use different variable names to make it easier to tell which assert ↵Andrew Bartlett1-4/+4
fired. Andrew Bartlett (This used to be commit df6a40c2d261804f1cd4feb24572135a4c62a802)
2007-10-10r10193: r11632@blu: tridge | 2005-08-30 23:08:27 +1000Andrew Tridgell1-0/+22
if we fail to erase a ldb during provision by traversing and deleting records (an in-place erase) then just unlink it and start it again. This makes provisioning much more robust to changes in ldb that make it not backward compatible with old DBs. (This used to be commit 173655aec25c462b8b90b850df65ae6f95f44efb)
2007-10-10r10190: Do some very basic input checking when provisioning.Jelmer Vernooij1-0/+26
(This used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)
2007-10-10r9816: Work on testsuite for upgradeJelmer Vernooij1-13/+31
Add 'paths' object to provision code. (This used to be commit 488d737fb0ebbc2535d0ec17c14f0dc1eaf2a578)
2007-10-10r9770: Couple other bugfixesJelmer Vernooij1-2/+1
Update TODO-list (This used to be commit d9541535e3f9e1c058410eeb0a54d60181572f2b)
2007-10-10r9756: One-way upgrade from Samba3->Samba4 basically works nowJelmer Vernooij1-2/+3
Still need to polish some rough edges (This used to be commit a8f309aa812533f57a90410722dfb342c8cf3b48)
2007-10-10r9746: Add "staff" as possible alternative to wheelJelmer Vernooij1-1/+1
(should fix standard provisioning on AIX) (This used to be commit b1d9ef899821376d7883fa126a14c06ed1b16601)
2007-10-10r9707: r11080@blu: tridge | 2005-08-28 12:41:12 +1000Andrew Tridgell1-1/+26
make sure we leave the account enabled after creating a new user (This used to be commit a22d0d02eed8b960f5fde4211b0d2967c500f4a4)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-12/+7
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8677: The first part of the domain name may not be equal to the netbios ↵Andrew Bartlett1-0/+3
domain name. Remove the use of flatname from the main domain object, we no longer reference it. Andrew Bartlett (This used to be commit 2303e24be74570187b23c3d31d0433263c83ba7e)
2007-10-10r8660: Use templates for the initial provision of user and computer accounts.Andrew Bartlett1-0/+2
This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)
2007-10-10r8650: Use the timestamps and a new objectguid module rather than placingAndrew Bartlett1-5/+14
boilerplate attributes in every entry in provision.ldif. The next step will be to use templates. Andrew Bartlett (This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2)
2007-10-10r8648: automatically redirect to provisioning if not yet provisioned when theAndrew Tridgell1-0/+21
home page in swat is accessed (This used to be commit 78fb559c08d55c01f5ede81d43cdd857cce8d338)
2007-10-10r8643: - make lp_configfile() work againAndrew Tridgell1-2/+19
- get rid of redundeny dyn_CONFIGFILE argument to lp_load() - fixed provisioning to work with completely pristine install, creating an initial smb.conf is none is present - added lp.set() and lp.reload() to loadparm ejs object interface (This used to be commit c2691ef7126ddcee5f95970b78759b40a049d0a7)