summaryrefslogtreecommitdiff
path: root/source4/scripting/python/samba/provision.py
AgeCommit message (Collapse)AuthorFilesLines
2009-01-16Find default smb.conf path correctly, when it was not specified on theJelmer Vernooij1-0/+8
command-line.
2009-01-09Only do special DN tracking for normal DNs in OpenLDAP backend.Andrew Bartlett1-2/+2
This means trying (again, harder), not to do this for DN+Binary and DN+String attributes. Andrew Bartlett
2009-01-06Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-01-05More work to have OpenLDAP accept the full AD schemaAndrew Bartlett1-2/+2
We need to avoid handling DN+Binary and DN+String with the refint module for now, as this is a currently unsupported syntax. Also rename entryTTL to avoid a conflict with the operational attribute of the same name. Andrew Bartlett
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij1-3/+3
2008-12-21Simplify customization of pidl-generated Python modules.Jelmer Vernooij1-1/+1
2008-12-21Move tests for ParamFile.Jelmer Vernooij1-2/+2
2008-12-21Fix more introduced regressions in new bindings.Jelmer Vernooij1-1/+1
2008-12-21py: Fix initialisation of subtypes, fix segfaults.Jelmer Vernooij1-6/+6
2008-12-20Support subtypes of ldb.Ldb.Jelmer Vernooij1-1/+1
2008-12-19Move aggregate schema stub to it's own fileAndrew Bartlett1-0/+2
This should make it easier to import just the schema entries from the WSPP docs. Andrew Bartlett
2008-12-18Use plain Python C API for registry module, rather than SWIG.Jelmer Vernooij1-1/+1
2008-12-18Handle different failure modes when we wipe the db in provisionAndrew Bartlett1-7/+8
We didn't handle the mode where we can't load the main sam.ldb due to the modules being 'wrong', and when we did remove the file, we didn't wipe the partitions.
2008-12-17s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference ↵Andrew Bartlett1-4/+5
depending on the backend This just changes the existing stratagy of loading different modules for the OpenLDAP backend to also include extended_dn_out_* When we provision the OpenLDAP backend, we make sure to include the 'deref' overlay (which must be made available by the OpenLDAP build) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and ↵Andrew Bartlett1-1/+2
extended_dn_store. By splitting the module, the extended_dn_in and extended_dn_store moudles can use extended_dn_out to actually get the extended DN. This avoids code duplication. The extended_dn_out module also contains a client implementation of the OpenLDAP dereference control (draft-masarati-ldap-deref-00). This also introduces a new control 'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module to return whatever the 'storage format' is. This allows us to work with both OpenLDAP (which performs a dereference at run time) and LDB (which stores the GUID and SID on disk). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-10-20Fix blackbox tests on IPv6-only hosts.Jelmer Vernooij1-4/+15
2008-10-16Move the password_hash module up the module stack.Andrew Bartlett1-1/+2
This makes it operate in all partitions (minor), but more importantly places it above some other modules that implement some extra schema checks. (The linked_attributes module objects to unknown attributes, which inclues clearTextPassword, which we need internally but is not in the schema). Andrew Bartlett
2008-09-27s4:provision: don't do the full provision in the become_dcStefan Metzmacher1-0/+2
metze
2008-09-08Make it clear that the MMR password can differ from the admin passswordAndrew Bartlett1-6/+8
In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
2008-09-08Use DIGEST-MD5 authentication for OpenLDAP replicationOliver Liebel1-0/+12
This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
2008-08-21The index handling is now configured from the schema load, not by aAndrew Bartlett1-9/+0
template. Andrew Bartlett (This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)
2008-08-20Update OpenLDAP MMR configuration per comments by Oliver LiebelAndrew Bartlett1-19/+18
<oliver@itc.li> This changes the RIDs to be <serverID><DBID>, to ease later debugging. The need to specify the port on the MMR URLs is now included in the help. Andrew Bartlett (This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
2008-08-19Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett1-1/+11
(This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)
2008-08-19Fix up new OpenLDAP MMR code.Andrew Bartlett1-41/+26
This changes the MMR password from hard-coded value of 'linux', adds tests and fixes the Fedora DS backend. Currently the MMR password matches the admin password, but we can change this to be another random value if required. Also require the port to be specified on the command line, so we don't hard-code a port of 9000. Andrew Bartlett (This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)
2008-08-19Generate Multi-Master Replication configuration for OpenLDAPOliver Liebel1-7/+79
This patches provision-backend and the related scripts to generate the correct configuration blobs for N-way multi-master replication using OpenLDAP. Signed-off-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
2008-08-19Fix templates.ldb reprovision handling.Andrew Bartlett1-1/+11
This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)
2008-08-01Use new style python classes.Jelmer Vernooij1-3/+5
(This used to be commit 2a39aae0cef310a79427feb1b85f6794ea36849a)
2008-08-01Actually fix missing substitution variables.Jelmer Vernooij1-4/+10
(This used to be commit 783412ecb27d646b171993da0ac2f11a821901d3)
2008-08-01Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpageJelmer Vernooij1-27/+9
(This used to be commit c87a8ba1fef1ba508ad6527d0bae4bcdd5b3cb69)
2008-08-01Fix some forgotten substitute variables in provision, add check to prevent ↵Jelmer Vernooij1-0/+2
this sort of regression in the future. (This used to be commit a461118f3b668779f907c4d77cebe1e76fa4e39f)
2008-07-28We don't use EXTENSIBLEOBJECT any more.Andrew Bartlett1-3/+0
(This used to be commit 4b137085c8b89773d4639372bbffd516a41dfc8f)
2008-07-28Make it even clearer what to do next in the LDAP backend setupAndrew Bartlett1-1/+5
(This used to be commit bace931ad674b5071d53bf9c99c383f1d8957e1b)
2008-07-28Always print the slapd startup commandAndrew Bartlett1-1/+2
(This used to be commit b1d05e7d14c65133e8ab0ff9d41a26fa7e3d41d3)
2008-07-28Remove unused function and make sensitive directories private.Andrew Bartlett1-22/+2
(This used to be commit e23333d16397606d38e90684d2d916b5b967cde4)
2008-07-25Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett1-3/+28
(This used to be commit b12dd8ee5443ebfc204d1684f541d68ffb351197)
2008-07-25Complain if we are told to use an ldap backend, without the typeAndrew Bartlett1-0/+2
(This used to be commit e9c3c9ad8289ee48efa998ab6b486250dcd40b52)
2008-07-22Install'named.txt' to private/ as documentation.Andrew Bartlett1-2/+26
This document is much more use when subbed with all the right things. Andrew Bartlett (This used to be commit 136a85599815670c807f212d7d4003ec53a13729)
2008-07-22Improve DNS and Group poicy configurations.Matthias Dieter Wallnöfer1-2/+3
- fixes bug #4813 (simplify DNS setup) - This reworks the named.conf to be a fully fledged include - This also moves the documentation into named.txt - improves bug #4900 (Group policy support in Samba) - by creating an empty GPT.INI - fixes bug #5582 (DNS: Enhanced zone file) - This is now closer to the zone file AD creates committed by Andrew Bartlett (This used to be commit 74d684f6b329d7dd573cdc55e16bb8e629474b02)
2008-07-18Make a seperate template for the refint configuration tooAndrew Bartlett1-3/+4
(This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619)
2008-07-18Put the memberof template into a seperate setup/ file.Andrew Bartlett1-33/+27
Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm having with OpenLDAP Andrew Bartlett (This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3)
2008-07-16Reorder whitespace in generated slapd.confAndrew Bartlett1-4/+4
This helps us see the real groupings in the generated memberOf handling. Andrew Bartlett (This used to be commit ec70ebb8310e563324233662f8e779c55fb87514)
2008-07-15Fix asking for credentials for non-LDAP provisions.Andrew Bartlett1-1/+1
(This used to be commit 78416f4840df4f8d1f9cc5e46a48b19c86888050)
2008-07-15Rework provision to handle both simple and SASL binds.Andrew Bartlett1-4/+6
Fedora DS is still setup for simple binds only, at this point. (it also fails on other issues). Andrew Bartlett (This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
2008-07-15Connect to the LDAP backend with SASL credentials.Andrew Bartlett1-9/+38
This reworks our LDAP backend code to move from anonymous access to a shared-secret SASL-protected connection. (SASL selects NTLM or DIGEST-MD5 on my system). To get this working, we must pre-populate the LDAP backend with a DN to store ths SASL secret on, and we use back-ldif for this. This gives us a reasonable basis to deploy a replicated OpenLDAP backend solution. Andrew Bartlett (This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
2008-06-19Add a blackbox test for the provision-backend script.Andrew Bartlett1-27/+30
This test (as most tests do :-) found a few bugs, also fixed in this commit. Andrew Bartlett (This used to be commit d96a6482dad54d1d27a87107865e833a9c32cf53)
2008-06-16Try to get a bit further with provisioningSimo Sorce1-1/+4
(This used to be commit 649f6c0c1084828dda7d50bd2904208192de77da)
2008-05-30Fix samdb python test.Jelmer Vernooij1-3/+3
(This used to be commit 0e3d488cc108174ca0f875aab16b9771c2933f19)
2008-05-30Fix up provision and samdb tests.Andrew Bartlett1-2/+3
This fixes up the provision to operate with a target directory - it must override the smb.conf in this case. Andrew Bartlett (This used to be commit 89fc39f7edb214065aff461bc225f41443eae3c7)
2008-05-29Print prefixMap in a human-readable format.Andrew Bartlett1-2/+10
This should allow the prefixMap to be edited, until we find the right way to autogenerate it. Andrew Bartlett (This used to be commit 24ae9a55ec326807afd8d5bfa0a422a6668bd7c3)
2008-05-28provision: Add missing string parameter token when assigning ldap_backend.Andrew Kroeger1-1/+1
(This used to be commit 7d26145a7fba22b2e1c7c57053aab3180a22089d)
generated by cgit (git 2.34.1) at 2025-07-07 06:01:45 +0000