summaryrefslogtreecommitdiff
path: root/source4/scripting
AgeCommit message (Collapse)AuthorFilesLines
2009-08-28s4: Create helpers functions related to provisionMatthieu Patou1-17/+34
One for getting attributes with DN syntax, one for getting forward linked attributes and one for getting the list of partition
2009-08-27s4:python Add helper to get at the domain SIDAndrew Bartlett2-0/+33
2009-08-26s4:provision Ensure that @OPTIONS is mirrored into each partitionAndrew Bartlett1-0/+4
The previous patches to the provision system cut down on the number of reconnects, and disabled the partition handling for part of the process. This means we lost the setting of @OPTIONS as a replicated attribute into the partitions. Andrew Bartlett
2009-08-26s4:provison Add prefixes to ldb using same code a later modify will useAndrew Bartlett3-5/+38
This allows us to test out the code that will do the modify of the prefixMap, and to provide the bindings that may assist a future upgrade script. Andrew Bartlett
2009-08-26s4:provision Only create references to our server DN after the self joinAndrew Bartlett1-0/+10
This will ensure that the GUID can be filled in correctly, and assist us to validate DN targets in the future. Andrew Bartlett
2009-08-25s4:python Fix the reprovision test by deleting 'deleted' objects too.Andrew Bartlett1-6/+9
We were failing because CN=Deleted Objects, which is marked as 'deleted' itself, could not be re-added in a reprovision. Andrew Bartlett
2009-08-17fixed the buildAndrew Tridgell1-3/+5
the changes from Matthias didn't take account of url and lp being None in some ldb python instances in 'make test'
2009-08-17s4: Major rework of the LDB/SAMDB/IDMAP python bindingsMatthias Dieter Wallnöfer4-55/+57
- Centralise the lookups for the default domain (root) in the call "domain_dn" - Reduce the LDB connections attempts ("connect" calls) from three to one - tools should load faster - Make the LDB connection init more like the "ldb_wrap_connection" call - Load the right UTF8 casefolder which fixes up problems with special characters (discovered by me: e.g. small "Umlaute" (ä, ö, ü, ...) in the DN weren't upcased - so records "seemed" lost in TDB)
2009-08-17s4:pyglue Add a wrapper for loading the correct UTF8 casefolderMatthias Dieter Wallnöfer1-0/+20
Needed for special characters (e.g. in German "Umlaute")
2009-08-17Revert "s4:samdb python bindings - we don't need the attributes here"Matthias Dieter Wallnöfer1-1/+2
This reverts commit 53ef426e6f68728763436bd0cd3dd91180c00579. As abartlet pointed out this causes to load all attributes and therefore gives us more here than we need (only the check for the DN)!
2009-08-17sigh - still not rightAndrew Tridgell1-5/+5
2009-08-17fixed up add_foreign againAndrew Tridgell2-23/+23
my last patch was not even close ... I'll leave abartlet to work out how to fix the test case
2009-08-17more fixups from provision changesAndrew Tridgell2-24/+24
Andrew, can you please check this? The idmap.setup_name_mapping tests look totally out of place here. I'm also not sure I captured your intention with the other changes
2009-08-17fixed up some provision errors from the recent changesAndrew Tridgell1-3/+2
2009-08-17s4:provision Add comments to the provision scriptAndrew Bartlett1-1/+10
Hopefully this will explain a bit more whey things are done the way that they are done. Andrew Bartlett
2009-08-17s4:provision Avoid one more call to ltdb_reindexAndrew Bartlett2-6/+19
The Samba4 schema code (called via samdb.set_schema_from_ldb(schema.ldb)) manages the @ATTRIBUTES and @INDEXLIST records, so don't wipe them early. The chances are that we will not change them anyway. Andrew Bartlett
2009-08-17s4:provision Fix existing ldapi:// backend detection exceptionAndrew Bartlett1-1/+1
Found by Oliver Liebel <oliver@itc.li> Andrew Bartlett
2009-08-17s4:provision Make sure that we don't use Kerberos to our LDAP backendAndrew Bartlett1-1/+3
This makes no sense, and just causes trouble - we are aiming for DIGEST-MD5 or NTLM. Andrew Bartlett
2009-08-17s4:provison Print the LDAP backend admin username/passwordAndrew Bartlett1-6/+14
2009-08-17s4: Re-add --ldapadminpass as an option to provisionAndrew Bartlett1-5/+9
This should make setting up LDAP servers more predictable. When not specified, it is random Andrew Bartlett
2009-08-17s4:python Allow 'no such object' on the delete of the DNAndrew Bartlett1-1/+5
This fixes the recursive delete in erase_partitions() For reasons I cannot understand, it is possible to get 'no such object' trying to delete a DN I just search for without error. Oh well... Andrew Bartlett
2009-08-17s4:provision Keep a single transaction for the erase and rebuildAndrew Bartlett1-15/+6
Using a single transaction to both erase the bulk of the data and the rebuild of that data means that the in-memory index list is maintained, and not written out to disk until it is all compleated. All the writes then occour at the end. Andrew Bartlett
2009-08-17s4:provision Rework provision-backend into provisionAndrew Bartlett1-618/+558
This removes a *lot* of duplicated code and the cause of much administrator frustration. We now handle starting and stopping the slapd (at least for the provision), and ensure that there is only one 'right' way to configure the OpenLDAP and Fedora DS backend We now run OpenLDAP in 'cn=config' mode for online configuration. To test what was the provision-backend code, a new --ldap-dryrun-mode option has been added to provision. It quits the provision just before it would start the LDAP binaries Andrew Bartlett
2009-08-17s4:provision Move helper functions back to provisionAndrew Bartlett1-21/+0
(These will be added back in a future commit)
2009-08-17s4:python Push some helper functions from SamDB into samba.LdbAndrew Bartlett2-64/+57
This makes it possible to do a bit more of the provision with Samba helpers, but without some of the otherwise useful things (such as loading in the global schema) that SamDB does. Rewrite provision_erase to use a recursive search, rather than a looping subtree search. This is much more efficient, particularly now we have one-level indexes enabled. Delete the @INDEX and similar records *after* deleting all other visible records, this hopefully also assists performance. Andrew Bartlett
2009-08-17s4:schema Allow a schema load on an unconnected databaseAndrew Bartlett1-1/+1
This helps ensure we don't load the schema too often in the provision (allowing a reference in of the schema before the modules load). Andrew Bartlett
2009-08-17s4:schema Provide a way to reference a loaded schema between ldbsAndrew Bartlett2-5/+37
This allows us to load the schema against one ldb context, but apply it to another. This will be useful in the provision script, as we need the schema before we start the LDAP server backend. Adnrew Bartlett
2009-08-14s4:samdb python bindings - we don't need the attributes hereMatthias Dieter Wallnöfer1-2/+1
2009-08-14s4: Better way to call "dom_sid_to_rid" from ldap.pyMatthias Dieter Wallnöfer1-0/+10
2009-08-11s4:test for "primaryGroupToken"Matthias Dieter Wallnöfer1-0/+23
Tests for the right behaviour of this introduced constructed attribute. Since we don't support the read-only-ness of those attributes yet, I commented some lines out. Also I had to add a function for python which converts domain SIDs in RIDs. And a small fix for the "groupType" test.
2009-08-12s4:provision Allow provision-backend to not run slapd for 'make test'Andrew Bartlett1-22/+23
As the version of OpenLDAP required for Samba4 is fairly new, we don't want to make it a requirement before this python code is run in 'make test'. As such, skip over the actual starting of slapd, but check the rest runs alright (which still validates syntax and other modules). Andrew Bartlett
2009-08-12s4:provision Make the --ol-slapd paramter take the full path to slapdAndrew Bartlett1-2/+1
2009-08-12s4:provision Rework and further automate setup of OpenLDAP backendOliver Liebel1-35/+191
heres the summary of all changes/extensions: - Andrew Bartlett's patch to generate indext - Howard Chu's idea to use nosync on the DB included, but made optional - slaptest-path is not needed any more (slapd -Ttest is used instead) and is therefore removed. slapd-path is now recommended when openldap-backend is chosen. its also used for olc-conversion - slapd-detection is now always done by ldapsearch (ldb module), looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri. - if ldapsearch was not successfull, (no slapd listening on our socket) slapd is started via special generated slapdcommand_prov (ldapi_uri only) - slapd-"provision-process" startup is done via pythons subprocess. - the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid. - after provision-backend is finished: --- slapd.pid is compared with our stored slapd_provision_pid. if the are unique, slapd.pid will be read out, and the slapd "provison"-process will be shut down. --- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri -> rootDSE. --- if the pids are different or one of the pid-files is missing, slapd will not be shut down, instead an error message is displayed to locate slapd manually --- extended help-messages (relevant to slapd) are always displayed, e.g. the commandline with which slapd has to be started when everythings finished (slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt)) - upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
2009-08-06s4: Simplify two lines in the "samdb.py" file (cosmetic)Matthias Dieter Wallnöfer1-2/+1
2009-07-30python: Cope with the dom_sid2 alias in pidl's python generating code.Jelmer Vernooij1-2/+2
This fixes some problems in the samr Python bindings that pidl was (correctly) warning about.
2009-07-30DCE/RPC(Python): Rename py_talloc_import to py_talloc_steal.Jelmer Vernooij1-1/+1
Use py_talloc_reference in DCE/RPC code, fixes access to SAMR pipe.
2009-07-29s4:provision We no longer add krbtgt or kpasswd account into secrets.ldbAndrew Bartlett1-1/+1
2009-07-22s4:provision Fix provision on FreeBSDAndrew Bartlett1-0/+1
We were missing the 'cn' attribute, which we then prepare a sorted list based on. On Linux, strcmp(NULL, NULL) does not segfault, where it does on FreeBSD. Reported by Timur I. Bakeyev <timur@com.bat.ru> Andrew Bartlett
2009-07-20Re-add accidently removed shares test.Jelmer Vernooij1-0/+74
2009-07-19Remove unnecessary imports.Jelmer Vernooij6-14/+9
2009-07-18python: Set right ldb modules directory when using system ldb.Jelmer Vernooij1-0/+2
2009-07-18Remove pyldb_util and simply duplicate the 5-line function it contains,Jelmer Vernooij1-0/+9
rather than creating a separate shared library for it.
2009-07-16s4:dsdb Handle dc/domain/forest functional levels properlyAndrew Bartlett3-5/+30
Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett
2009-07-16Add a way to set an opaque integer onto a samdbAndrew Bartlett2-0/+67
This will allow us to set some more flags into ldb during the provision.
2009-07-03s4: Remove stub endpoint mapper script.Jelmer Vernooij1-24/+0
2009-07-02show attribute values in sorted order to make comparison easierAndrew Tridgell1-0/+5
2009-07-02Changed ldb.ERR_NO_SUCH_OBJECT to LDB_ERR_NO_SUCH_OBJECT.Andrew Tridgell1-5/+5
The LDB_ERR_NO_SUCH_OBJECT varient is not a defined variable. This should improve error handling in our python code on some systems. Unfortunately it still doesn't work on mine. I need to trap Jelmer somewhere where he can't escape some day and force him to divulge the deep druid secrets of python exception handling ....
2009-06-18s4: Add tests and 'must change password' flags in setpassword and newuserAndrew Bartlett1-10/+21
In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18s4:setup Add an option to 'setpassword' to force password change at next loginAndrew Bartlett1-2/+12
2009-06-18Remove outdated Python status file.Jelmer Vernooij1-14/+0