Age | Commit message (Collapse) | Author | Files | Lines |
|
The rework corrects some duplication and errors in the original
script, found when preparing an automated test of the script.
The code to reset the machine account password avoids issues with AES
keys and salting, which may not otherwise be solved by the upgrade.
Andrew Bartlett
|
|
|
|
* Define a simple upgrade process mode (module storage change, file name change, copy of new file)
* Move the schema, configuration and current object upgrade into full upgrade mode
* Added the --full switch to select the full upgrade mode, and made simple upgrade mode the default
* Make updateprovision works without any switch (update the provision in the default location)
* Cleanup the messages
* Create the reference provision in a subdirectory of the updated provision
|
|
|
|
- define which modules we want to use when loading the ldb
- move partition in sam.ldb.d dir
Changes have been suggested by Andrew Bartlett.
(commit message clarified by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
- remove some useless comments
- remove hardcoded paths
(commit message clarified by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This allows provisionbackend and provision to both raise ProvisionException
|
|
|
|
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
|
|
This makes the member server much more like the DC, the objectGUID
module replaces the repl_meta_data module.
We also generally rework the construction of the list, building a full
list in python, and then transforming it into a string, rather than
playing string concatonation games
Andrew Bartlett
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
The schema needs to be loaded above the extended_dn_out modules as
otherwise we don't get an extended DN in the search results.
The reference split is to ensure we create references after the
objects they reference exist.
Andrew Bartlett
|
|
This is needed to then create extended DNs with GUID attributes in
them, when importing from the LDIF
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
provision() method.
|
|
|
|
|
|
This will allow us to do local tests against that schema
|
|
|
|
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
|
|
|
|
Add call for setting the create permissions.
|
|
in "ldb_wrap_connect"
|
|
Necessary for correct descriptor inheritance. Based on the default state
of a single DC. Will be modified later when we support multiple DCs.
|
|
|
|
Rather than try and remove the records in the LDB files, make the
provision remove the whole file. This also removes the need to try
and carry forward the old ldb filenames.
Andrew Bartlett
|
|
This splits the code, while keeping the original behaviour. The
provision.py file had become just too long.
Andrew Bartlett
|
|
|
|
|
|
|
|
of the Schema
|
|
Rather than treat the LDAP backend as a special case, treat all
backends the same, with different callbacks.
Andrew Bartlett
|
|
|
|
|
|
since the initial provision
|
|
We want our scripts to die immediately when a user hits
control-C. Otherwise we not only annoy the hell out of the user, we
also risk db corruption as the control-C could get delivered as an
exception which gets mis-interpreted (eg. as a missing db object). We
use transactions for all our databases, so the right thing to do in
all our command line tools is to die immediately.
|
|
If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes.
|
|
By splitting the module this way, we can load the schema at startup, after
the partitions module is operational, but we leave the 'mess with details of
entries in the partitions' module to operate only on the partitions module.
Loading the schema later allows us to set the @ATTRIBUTES correctly on all
the databases.
Andrew Bartlett
|
|
"guess_names"
abartlet pointed out that those are essential for a safe and consistent provision.
|
|
- Cleans it up from unnecessary "lower()/upper()" and parameters which can be
derived through "lp" calls.
- Substitute the "HOSTNAME" caption in the "smb.conf" templates with
"NETBIOS_NAME" which fits better.
- Now the "realm" and "domain" parameter of the provision are totally case
insensitive and the script itself up/downcases them appropriately depending
on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname).
|
|
|
|
This helps us upgrade from sam.ldb files before the dynamic partitions
work, and ensures we use the right casefolding functions.
Andrew Bartlett
|
|
The issue here is that if we don't put the partitions metadata in the
database before we wipe it, we won't wipe the partitions contents, and
so the provision will later fail (entry already exists)
Andrew Bartlett
|
|
The new partitions code knows to copy these items in when creating a
new parition, so we can set it from the start.
Andrew Bartlett
|
|
This is done by passing an extended operation to the partitions module
to extend the @PARTITION record and to extend the in-memory list of
partitions.
This also splits things up into module parts that belong above and below
repl_meta_data
Also slit the partitions module into two files due to the complexity
of the code
Andrew Barltett
|
|
privileges are now stored in a separate database
|