summaryrefslogtreecommitdiff
path: root/source4/setup/provision
AgeCommit message (Collapse)AuthorFilesLines
2007-12-21r26137: Rename the entryUUID module to better match it's purpose: being aAndrew Bartlett1-1/+1
simple ldap mapping (a complex mapping will follow). Fix the module to handle 'name' better, rather than using the 'name' attribute built into OpenLDAP, rename to samba4RDN. We need to see if this can be handled in the backend. Also rename the functions and inernal module name to entryuuid for consistancy. Andrew Bartlett (This used to be commit a7be80766f4270d63433bbd6a976ebf302ed3433)
2007-10-10r25451: Rework the display of provision options to use printf syntax, andAndrew Bartlett1-10/+22
avoid %s in the substituted strings from becoming a problem. Andrew Bartlett (This used to be commit 3c4f107239eb6b2f4022a4eac06c5dd3ace71174)
2007-10-10r25303: Print out the options the provision script generated. This shouldAndrew Bartlett1-1/+12
help users produce predictable setups. Andrew Bartlett (This used to be commit 9789bd3c0a3f75f19fa523b251736cf6cdc157ce)
2007-10-10r25299: Modify the provision script to take an additional argument: ↵Andrew Bartlett1-0/+3
--server-role This must be set to either 'domain controller', 'domain member' or 'standalone'. The default for the provision now changes to 'standalone'. This is not because Samba4 is particularlly useful in that mode, but because we still want a positive sign from the administrator that we should advertise as a DC. We now do more to ensure the 'standalone' and 'member server' provision output is reasonable, and try not to set odd things into the database that only belong for the DC. Andrew Bartlett (This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
2007-10-10r24729: First try and publishing a DNS service account, for folks to play with.Andrew Bartlett1-0/+1
The keytab in dns.keytab should (I hope) do the job. Andrew Bartlett (This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
2007-10-10r23859: Work to have Group Policy work 'out of the box' in Samba4.Andrew Bartlett1-0/+3
This involves creating the SYSVOL and NETLOGON shares at provision time, and creating the right subdirectories. This also changes the behaviour of lp.get("foo") in ejs - we now return undefined, rather than syntax error, if the parameter doesn't exist (perhaps because the share isn't defined). Andrew Bartlett (This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
2007-10-10r23715: Make the provision-backend script print out the exact commands to run,Andrew Bartlett1-2/+7
to set up the LDAP backend. Andrew Bartlett (This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
2007-10-10r23703: Start to get Samba4 to again work with LDAP backends, after I turnedAndrew Bartlett1-7/+8
on metze's schema work. Andrew Bartlett (This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett1-3/+3
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
2007-10-10r23189: Work towards a totally scripted setup of LDAP backends, so others canAndrew Bartlett1-0/+1
easily try this out. I also intend to use this for the selftest, but I'm chasing issues with the OpenlDAP (but not Fedora DS) backend. Andrew Bartlett (This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
2007-10-10r22756: Make it easier to setup an LDAP replica. Provision withAndrew Bartlett1-1/+5
--partitions-only (suggestions for a better name welcome) will setup the partitions records, but no any data in those partitions. This can then point at the already configured remote LDAP server. Andrew Bartlett (This used to be commit ee7b06fc832ca7c572205c7c268c3c7c552effa0)
2007-10-10r22530: use message() to make --quiet workStefan Metzmacher1-2/+2
metze (This used to be commit 7c381b2d4f92622ac7efdcc6b8e405d418e2d4bb)
2007-10-10r22478: Update the LDAP backend code to handle initialisation of multipleAndrew Bartlett1-0/+6
partitions onto the target LDAP server. Make the LDAP provision run before smbd starts, then stop the LDAP server. This ensures this occurs synchronously, We then restart it for the 'real run' (with slapd's stdin being the FIFO). This required fixing a few things in the provision scripts, with more containers being created via a add/modify pair. Andrew Bartlett (This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
2007-10-10r20859: fix typoStefan Metzmacher1-1/+1
metze (This used to be commit ba6ee1a098381683223d7efaafb04582a47ea871)
2007-10-10r20560: make it possible to configure the backend and modulesStefan Metzmacher1-6/+12
for all partitions and make it not use LDAP in the variable names because it isn't specific to the ldap backend case. metze (This used to be commit 3e337ec2764038e4ff05c3e926220abaa5583702)
2007-10-10r20495: Further notes on joining with fedora DS.Andrew Bartlett1-2/+6
Add in a hook for adding an ACI, needed to allow anonymous access until we hook across a SYSTEM token to the LDAP server. Andrew Bartlett (This used to be commit f45504e2714680978f101b4a98516686a17531df)
2007-10-10r20492: Add in instructions/sample LDIF to setup Fedora DS as a backend.Andrew Bartlett1-2/+4
Add a new module entrypoint to handle the new, interesting and different mappings required for Fedora DS. Andrew Bartlett (This used to be commit 600c7f1a68c175b835ce45d13794a6f66bcc8493)
2007-10-10r20468: Patch from Martin Kuehl <kuehl@univention.de> to make it easier to loadAndrew Bartlett1-4/+5
into an exsting LDAP server. (Allow some parts to pre-exist, and try to blow away less data). Andrew Bartlett (This used to be commit 99faff0ad8fa12d596c599064a0125a6b3365134)
2007-10-10r19216: Merge from SAMBA_4_0_RELEASE:Andrew Bartlett1-2/+0
Move default for subobj.LDAPMODULES into scripting/libjs/provision.js so that SWAT can provision again. Andrew Bartlett (This used to be commit a4aafe307d6d1396fa79b0c48b0a36cbf682f0ce)
2007-10-10r17705: Use the paged_searches module by default against the LDAP backend, ifAndrew Bartlett1-1/+1
selected. Andrew Bartlett (This used to be commit 3bb0a0d91eeb64db1ad2eeb13eab50f338caeb46)
2007-10-10r17526: Move timestamp generation into the objectGUID module. It probablyAndrew Bartlett1-0/+6
needs to be renamed (operation_add?). This allows me to match the behaviour and substitute with the entryUUID module for remote LDAP connections. Andrew Bartlett (This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-3/+12
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r13239: Silly little patch: make the order of declaration match the order ↵Andrew Bartlett1-1/+1
of use. (This used to be commit 2b605cf22c7567e1171bf73cbbd37a5f0c1a4274)
2007-10-10r12944: Update scripts in setup to match changes in the provision.jsAndrew Bartlett1-2/+3
DNS is now done as a seperate step, to assist in migrations. Andrew Bartlett (This used to be commit 916607d1d08b6a41c375766a69fd609989e35bed)
2007-10-10r12746: An initial version of the kludge_acls module.Andrew Bartlett1-2/+2
This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
2007-10-10r12739: Add support for using credentials in the provision process.Andrew Bartlett1-1/+4
This should allow us to provision to a 'normal' LDAP server. Also add in 'session info' hooks (unused). Both of these need to be hooked in on the webserver. Andrew Bartlett (This used to be commit b349d2fbfefd0e0d4620b9e8e0c4136f900be1ae)
2007-10-10r10190: Do some very basic input checking when provisioning.Jelmer Vernooij1-0/+5
(This used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)
2007-10-10r9816: Work on testsuite for upgradeJelmer Vernooij1-1/+1
Add 'paths' object to provision code. (This used to be commit 488d737fb0ebbc2535d0ec17c14f0dc1eaf2a578)
2007-10-10r9646: fixed error messageAndrew Tridgell1-1/+1
(This used to be commit 804f2485d059d60c4a41b6094c4cf568e6989397)
2007-10-10r9477: Convert popt options to an ejs object. Doesn't seem to break anythingRafal Szczesniak1-4/+4
except of popt help (-h) option (unexpected ?). rafal (This used to be commit 1990793b23d6198a85ce1bdf6ad43e12015db203)
2007-10-10r8902: Revert the small change as Andrew Bartlett asked. Now, let's goRafal Szczesniak1-1/+1
and fix howto.txt. rafal (This used to be commit 5bf5559e0f71455ddf62eef11956de12d104459b)
2007-10-10r8898: Fix provision script to actually work, since location of smbscriptRafal Szczesniak1-1/+1
has changed. rafal (This used to be commit a59594d2d84417bc0c87be953daf9152b968c61a)
2007-10-10r8857: please don't get fancy with embedded boolean statements in jsAndrew Tridgell1-1/+3
code. Especially as this is a new language for most Samba developers, it is far better to err strongly on the side of readability rather than trying to save a line of code by using fancy tricks (This used to be commit 3228644cf898cc9b3386675f40f2f7e52f69e5c0)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-2/+4
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8643: - make lp_configfile() work againAndrew Tridgell1-0/+6
- get rid of redundeny dyn_CONFIGFILE argument to lp_load() - fixed provisioning to work with completely pristine install, creating an initial smb.conf is none is present - added lp.set() and lp.reload() to loadparm ejs object interface (This used to be commit c2691ef7126ddcee5f95970b78759b40a049d0a7)
2007-10-10r8459: move to the more portable script execution methodAndrew Tridgell1-1/+2
(This used to be commit d7e4dcaaaa37c4992f763e37ca2d655e4d267283)
2007-10-10r8410: converted the newuser script to jsAndrew Tridgell1-1/+1
(This used to be commit b90aa3c5a7cd7e91a8fc804c3cd9f2155761cf28)
2007-10-10r8372: - split out provisioning logic into a separate ejs libraryAndrew Tridgell1-197/+8
- added a provisioning web page (This used to be commit 7476cb94132cf2849ec19360468904ca6fe8de2c)
2007-10-10r8355: - added a vsprintf() functionAndrew Tridgell1-2/+0
- removed the --outputdir option from provision, as its not used any more (as ejs knows the real paths) (This used to be commit abbf9c703c17c2edc2d978dade3619a96c38d0d9)
2007-10-10r8350: fixed the --root option to provisionAndrew Tridgell1-2/+1
(This used to be commit 506e07d6e064375aaee20133d722b6b44d63b083)
2007-10-10r8347: replace the perl provision script with a ejs scriptAndrew Tridgell1-13/+66
I don't mind depending on perl at compile time, but I want to avoid depending on it at runtime. This also will make it easy to add web install wizard (This used to be commit f27a68176984c6856fad2e3a028458eb96943f80)
2007-10-10r8338: - added a substitute_var() js library function for doing hash drivenAndrew Tridgell1-102/+61
substitution of variables in strings - the js provision script now correctly processes provision.ldif (This used to be commit c2946003e06c4898ba0444cd0b69d3203753be94)
2007-10-10r8332: not done yet, but a lot closerAndrew Tridgell1-41/+175
(This used to be commit 1d9632877c088837b5c2a7497473e09913775488)
2007-10-10r8319: the start of a provision script in ejs. This is why I've been addingAndrew Tridgell1-0/+150
so many functions lately. so far it just parses options, works out the host IP, and user and group names (This used to be commit 333b32025fc2a33d2a145bbce9cdfefa252ec77a)