| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This script walks the schema, configuration and domain partitions of the locally
installed Ldb and a remote hosts and compares the descriptors disregarding the
difference in domain SID. The goal is to make sure a freshly provisioned Samba
has the correct descriptors so ACLs work correctly. It outputs the descriptors
in short SDDL, where the correct SIDs are to be replaced during provisioning.
Optionally it can be output as an LDIF file with the current local domain and
domain SIDs.
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
than linking against the python module.
|
|
|
|
Pair programmed with Jelmer
|
|
policy_handle.__repr__
pair-programmed with Jelmer
|
|
GUID.__cmp__.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
This avoids one more point of difference between this an the output
from minschema and fullschema
Andrew Bartlett
|
|
|
|
These attributes will be generated by Samba on import, and do not need
to be in the schema file.
Andrew Bartlett
|
|
|
|
The conversion from EJS to python I did with Jelmer this morning was
not quite complete, due mostly to the difference between print in EJS
and python (python implies a newline).
Andrew Bartlett
|
|
This is needed for things such as to load modules, like the
paged_searches module.
Andrew Bartlett
|
|
|
|
|
|
Pair programmed over the phone with Andrew :-)
|
|
This avoids problems with embedded control characters in password
changes
|
|
This one added 3 spaces to the end of any new passwords
|
|
This fixes the problem with the setpassword command failing like this:
Error: First line of ldif must be a dn not ' dn'
|
|
This was missed in the earlier work to use this in provision-backend
Andrew Bartlett
|
|
Loading data in a transaction is faster than without.
Andrew Bartlett
|
|
I've patched the new ms_schema.py (which was intended to be used as a
library) to function as minschema_wspp if invoked standalone. Although
this is less robust than minschema_wspp on incorrect data, having two
programs doing the same thing might not be good idea.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This removes a level of indirection via external binaries in the
provision-backend code, and also makes better use of our internal code
for loading schema from an LDIF file.
Remaining to do: Sort the output again, as the load from LDIF is
unsorted (also needed because the normal LDB load from sorted input is too slow
anyway, and is only needed here).
Andrew Bartlett
|
|
|
|
For example, if we don't create the admin user (perhaps expecting
users to be in LDAP already, or we are due an incoming replication) we
should not confuse the administrator by printing a unused password.
Andrew Bartlett
|
|
|
|
Conflicts:
source4/scripting/python/samba/provision.py
|
|
Also remove the copy of the licence text from licence.txt, to ensure
we don't get variations between the copies.
Andrew Bartlett
|
|
|
|
We need to trim trailing spaces in the Microsoft-supplied schema.
Andrew Bartlett
|
|
Here's a first attempt at moving the minschema_wspp code into a
library as Andrew requested. Since this script no longer has to
generate CN=aggregate, I've simplified it quite a bit to a level where
it almost does a line-by-line translation. This is faster and simpler,
but it may not catch as many errors in the ad-schema files as the
previous versions did.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
- removed workaround for olcSyncprovConfig - creation (works perfect now
with 2.4.15, release was today)
- added 1 message-helpline, which is displayed when running
provision-backend with olc and/or mmr setup
- corrected 1 wrong slapcommand-helpline
- slapd.conf is removed now in case of olc-setup
- added 1 copyright-line to provision.py and provision-backend
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These extensions add mmr (multi-master-replication) and olc
(openldap-online-configuration) capabilities to the
provisioning-scripts (provision-backend and provision.py), for use
with the openldap-backend (only versions >=2.4.15!).
Changes / additions made to the provision-backend -script:
added new command-line-options:
--ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr
(can be combined with --ol-olc=yes),
--ol-olc=[yes/no] (activate automatic conversion from static slapd.conf
to olc),
--ol-slaptest=<path to slaptest binary> (needed in conjunction with
--ol-olc=yes)
Changes / additions made to the provision.py -script: added
extensions, that will automatically generate the chosen mmr and/or olc
setup for the openldap backend, according to the to chosen parameters
set in the provision-backend script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
We need to figure out why the deletes on the database fail, but for
now doing an unlink of templates_tdb isn't too bad.
Andrew Bartlett
|
|
|
|
|
