summaryrefslogtreecommitdiff
path: root/source4/scripting/libjs/provision.js
AgeCommit message (Collapse)AuthorFilesLines
2008-02-21idmap: Handle uid->SID mappingKai Blin1-0/+4
(This used to be commit 6ac6de8476ba036eb041e054bc37e4503dc2fde8)
2008-02-11provision: Fix new user creation.Kai Blin1-2/+2
Spotted by nobody88 in IRC. (This used to be commit 38d4e2407afb942de21379dc886f9e4c5532a2b9)
2008-01-24Ensure we set subobj.BACKEND_MOD for the 'partitions only' case.Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit be5eb2da241452ccc0526f4f115aa44c0793c351)
2008-01-24Make the repl_meta_data module the default for domain controllers.Andrew Bartlett1-5/+24
Andrew Bartlett (This used to be commit ae2ea1bd0cd2b326b09b372428969f2cf52ce519)
2008-01-24Use the repl_meta_data module by default.Andrew Bartlett1-3/+5
This means that, except when we back onto LDAP, when it will be replaced with the mapping backend, we will keep this codepath tested. Andrew Bartlett (This used to be commit e8fb5da5a18c1c3bd788b1ab3f814ffb847b00fd)
2008-01-24Kill another sub that the modules will handle for us.Andrew Bartlett1-3/+0
(This used to be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8)
2008-01-24Remove useless subs from the ejs provisionAndrew Bartlett1-3/+0
The less things we manually place into the templates, the easier the conversion to python will be. Andrew Bartlett (This used to be commit f65e5c164476b80468aa19452b108db17c642f8b)
2008-01-18Add in a new module to handle instanceTypeAndrew Bartlett1-3/+3
This code raided from the repl_meta_data module, which probably needs to be downsized to just handling the replication data. Andrew Bartlett (This used to be commit 2a418f33705a792d9d16cf1d4aa3dcda467e6e04)
2008-01-17provision: simplfy by removing old code to manually create baseDNs.Andrew Bartlett1-32/+6
Previously, we would create the first record in the DB as an LDIF file, with the expectation that the administrator would use slapadd to create the database. We now do everything over LDAP, which is far simpler, and allows the LDB module chain to do its work, without special cases. Also fix naming of the output schema when suggesting the comamnd line to run ad2oLschema in provision-backend. Andrew Bartlett (This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f)
2008-01-11Use 'dn' less, as this is not a valid attribute in AD, and I want toAndrew Bartlett1-4/+4
remove it from ldb. It is not longer mapped against OpenLDAP. Andrew Bartlett (This used to be commit f917ccec85f854423f423bbffc41459d92960a1b)
2007-12-21r26419: Add a module to implement 'ambigious name resolution' by munging theAndrew Bartlett1-0/+1
incoming LDAP filter. Warning: Any anr search will perform a full index search. Untill ldb gets substring indexes, this is unavoidable. Also implement a testsutie to show we match AD behaviour for this important extension (used in the Active Directory Users and Computers MMC plugin, as a genereral 'find'). This will also be useful to OpenChange, as their server needs to implement this. Andrew Bartlett (This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d)
2007-12-21r26352: Don't make lp_load create a new context.Jelmer Vernooij1-1/+1
(This used to be commit d0d5c1a823a6601292c061dba2b6f4bde2b9e3dd)
2007-12-21r26317: Fix typos.Jelmer Vernooij1-2/+2
(This used to be commit 4c7e3843a0e1a914b259526dcd3e50bd238816af)
2007-12-21r26304: More work to remove silly error printouts.Andrew Bartlett1-3/+4
Andrew Bartlett (This used to be commit ba23dac0319f7c5ad89e5d79174520892027afdd)
2007-12-21r26303: Fix up error reporting during the delete of previous entries in theAndrew Bartlett1-2/+5
provision, and ignore 'no such entry' as an error (it is normal, and just means the partition is compleatly empty). Andrew Bartlett (This used to be commit 1fb8c31a3da6fc07f55027f05dba5e03dcf8a4f7)
2007-12-21r26302: Print the error string for failed rootdse searches.Andrew Bartlett1-1/+4
Andrew Bartlett (This used to be commit a7595d009a89fecd7723a1e356d5a58d687bdbb0)
2007-12-21r26298: Use metze's schema loading code to pre-initialise the schema into theAndrew Bartlett1-10/+45
samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
2007-12-21r26246: Make it easier to debug assert()s in the provision, if messages areAndrew Bartlett1-27/+23
suppressed with --quiet. Hopefully this will be easier with python. Andrew Bartlett (This used to be commit f6e0e15fa5e2b0b7368ff945cc988579aaba0a6c)
2007-12-21r26245: Make it easier to handle the LDAP backend, with it's differing needs,Andrew Bartlett1-16/+18
by seperating the modules list into parts. That way, we can remove the modules that the backend will provide. Andrew Bartlett (This used to be commit d67e5c7896f6d3064298897ae4d3204498824b06)
2007-12-21r26244: Add a module (sans tests for the moment) that implements rangedAndrew Bartlett1-0/+1
results, as used particularly by MMC's Active Directory Users and Computers to list group members. This may be used on any attribute, but is useful to obtain attributes that may be lengthy in 'pages'. The implementation presumes that attributes will always be returned by the DB in the same order. Andrew Bartlett (This used to be commit c789a91e00b47b2f02513e97101b9606d00c6aaa)
2007-12-21r26139: Based on a report by Theodor Chirana, don't assert() on invalidAndrew Bartlett1-2/+0
netbios names at this point, the calling order has changed, and we have a more informative place to do it. Andrew Bartlett (This used to be commit 3136dccd542a72ecda0c73a91674383736571bb5)
2007-12-21r25950: Enable seperate module to prevent subtree deletes.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit a71414ec3efd3e52a898b58bd2ea7d986518f531)
2007-12-21r25940: Rework the samldb and templates handling.Andrew Bartlett1-5/+7
Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
2007-12-21r25936: provision/newuser: don't try to set the 'memberOf' attributeStefan Metzmacher1-1/+0
metze (This used to be commit c6d959e52cf4b86a52e46402392f32450d3c3635)
2007-12-21r25921: Now also listen on ldapi by default in the LDAP serverAndrew Bartlett1-0/+11
Create a phpLDAPadmin configuration file example to use ldapi to talk to Samba4 Andrew Bartlett (This used to be commit 54f4c8ba6127757fd272bd97e301188eb69977ed)
2007-12-21r25750: Update the objectclass module to improve consistency in Samba4.Andrew Bartlett1-5/+16
The aim here is to ensure that if we have CN=Users,DC=samba,DC=example,DC=com that we cannot have a DN of the form cn=admin ,cn=useRS,DC=samba,DC=example,DC=com This module pulls apart the DN, fixes up the relative DN part, and searches for the parent to copy the base from. I've used the objectclass module, as I intend to also validate the placement of child objects, by reading the allowedChildClasses virtual attribute. In the future, I'll also force the attribute names to be consistant (using the case from the schema). Andrew Bartlett (This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
2007-12-21r25747: Implement linked attributes, for add operations.Andrew Bartlett1-0/+1
Much more work is still required here, particularly to handle this better during the provision, and to handle modifies and deletes, but this is a start. Andrew Bartlett (This used to be commit 2ba99d58e9fe1f8e4b15a58a2fdfce6e876f99b4)
2007-12-21r25694: Move subtree_rename above the partitions module. The next step is toAndrew Bartlett1-3/+4
built a linked_attributes module under this. Andrew Bartlett (This used to be commit 4f47e687e579feeb10bb866d62f0c757e5389709)
2007-12-21r25693: Implement the rest of subtree renames, now that tridge waved his magicAndrew Bartlett1-2/+2
over the ldb_tdb part of the problem. Andrew Bartlett (This used to be commit daca0cfd2fc2ec3344415d2d31f399ee3bf16151)
2007-12-21r25691: make "server role" case insensitiveAndrew Tridgell1-7/+7
(This used to be commit f61a9b706894de4fa8916b55a24f330eed9f5b0c)
2007-10-10r25383: Patch from Amin Azez <azez@ufomechanic.net> to give better messageAndrew Bartlett1-0/+5
when a template file is missing. Andrew Bartlett (This used to be commit 5093ea1cef910fe01a249b2d7ef602e2374e2b35)
2007-10-10r25304: Thankyou to Amin Azez <azez@ufomechanic.net> for pointing out that IAndrew Bartlett1-3/+3
used subobj.ROLE and not subobj.SERVERROLE as the rest of the code does. Andrew Bartlett (This used to be commit dd1cb33591819c3d4263e594c7a80de899def223)
2007-10-10r25299: Modify the provision script to take an additional argument: ↵Andrew Bartlett1-8/+39
--server-role This must be set to either 'domain controller', 'domain member' or 'standalone'. The default for the provision now changes to 'standalone'. This is not because Samba4 is particularlly useful in that mode, but because we still want a positive sign from the administrator that we should advertise as a DC. We now do more to ensure the 'standalone' and 'member server' provision output is reasonable, and try not to set odd things into the database that only belong for the DC. Andrew Bartlett (This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
2007-10-10r25051: Move SWAT back to the old-style form-submit modal.Andrew Bartlett1-1/+0
The Web 2.0, async client tools were really interesting, but without developer backing they remain impossible to support into a release. The most interesting app was the LDB browser, and I intend to replace this with phpLdapAdmin, preconfigured for Apache during provision. This also removes the need to 'compile' SWAT on SVN checkouts. Andrew Bartlett (This used to be commit cda965e908055d45b1c05bc29cc791f7238d2fae)
2007-10-10r24911: Make better use of substituted variables in example named.confAndrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 9f18a9711771a88be7c38bc26ae6e59fb98f93dd)
2007-10-10r24793: The subtree_rename module is a work of fiction. An resemblance to aAndrew Bartlett1-1/+0
working module, live or dead, is purely co-incidental. Andrew Bartlett (This used to be commit 64cc31642fd2ded149631d07bc022213f19595b8)
2007-10-10r24761: Permit subtree renames in Samba4.Andrew Bartlett1-0/+1
The module is scary: On a rename, it does a search for all entries under that entry (including itself), and fires off a seperate rename call for each result. This will fail miserably on an LDAP backend, but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS can implement subtree renames at some point. Andrew Bartlett (This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
2007-10-10r24760: Ensure we base64 encode any password being put into LDIF, to avoidAndrew Bartlett1-0/+7
provision failures when some of the random password values are illigal LDIF. Andrew Bartlett (This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898)
2007-10-10r24729: First try and publishing a DNS service account, for folks to play with.Andrew Bartlett1-0/+3
The keytab in dns.keytab should (I hope) do the job. Andrew Bartlett (This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
2007-10-10r24703: Use standard registry diff files when provisioning rather thanJelmer Vernooij1-8/+3
LDIF files for the registry files. (This used to be commit 67ad556b7388e5d82756e0a3cfc596e44136329c)
2007-10-10r24640: Add a suggested BIND configuration snippit, to help with DNS ↵Andrew Bartlett1-1/+6
configuration. When we sort out GSS-TSIG on the server, we can expand this to have the 'right stuff'. Andrew Bartlett (This used to be commit 8f02ade1b2cc164f64f4ea8a371c107ccf6a81b3)
2007-10-10r23907: Fix bug 4790 reported by mwallnoefer@yahoo.de:Andrew Bartlett1-5/+7
Before the provisioning enters to the function provision_default_paths (in scripting/libjs/provision.js), the variable subobj.DNSDOMAIN isn't properly set (for example for the filename of the DNS zonefile). Andrew Bartlett (This used to be commit 07a9db1438df93442c5b50b1b97ca69662749608)
2007-10-10r23875: As pointed out by mwallnoefer@yahoo.de:Andrew Bartlett1-6/+6
On default Active Directory installations, the NETLOGON share isn't an indipendent directory. In fact it's mapped to the subdirectory "scripts" from the share SYSVOL under <Domain name>. Andrew Bartlett (This used to be commit 923d67ea9d78da46235221375b49b6f1d0d6a862)
2007-10-10r23859: Work to have Group Policy work 'out of the box' in Samba4.Andrew Bartlett1-0/+26
This involves creating the SYSVOL and NETLOGON shares at provision time, and creating the right subdirectories. This also changes the behaviour of lp.get("foo") in ejs - we now return undefined, rather than syntax error, if the parameter doesn't exist (perhaps because the share isn't defined). Andrew Bartlett (This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
2007-10-10r23720: Allow the member server to work against an LDAP Backend. Another caseAndrew Bartlett1-0/+10
where LDB isn't as strict as OpenLDAP, the self join record contains duplicate servicePrincipalNames once the DNS name and domain name are made equal. (Easier to just skip the useless self-join). Andrew Bartlett (This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f)
2007-10-10r23717: We need to remove the _ in LDAP_MANAGERPASS for theAndrew Bartlett1-2/+2
--ldap-manager-pass= option to work. Andrew Bartlett (This used to be commit fbcb1ec14125a4ca57922ec75b01af9a99dcd954)
2007-10-10r23716: Clarify LDAP Manager DN and fix slapd startup syntax.Andrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit 17dad5d8c345c2c3a7643bff7a43473339a22d40)
2007-10-10r23715: Make the provision-backend script print out the exact commands to run,Andrew Bartlett1-4/+6
to set up the LDAP backend. Andrew Bartlett (This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
2007-10-10r23703: Start to get Samba4 to again work with LDAP backends, after I turnedAndrew Bartlett1-3/+3
on metze's schema work. Andrew Bartlett (This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett1-6/+8
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)