Age | Commit message (Collapse) | Author | Files | Lines |
|
This should make setting up LDAP servers more predictable.
When not specified, it is random
Andrew Bartlett
|
|
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
|
|
|
|
python module.
|
|
|
|
|
|
fixes test.
|
|
|
|
|
|
|
|
|
|
by Python2.3.
|
|
default domain name.
|
|
are given).
|
|
This reworks our LDAP backend code to move from anonymous access to a
shared-secret SASL-protected connection. (SASL selects NTLM or
DIGEST-MD5 on my system).
To get this working, we must pre-populate the LDAP backend with a DN
to store ths SASL secret on, and we use back-ldif for this.
This gives us a reasonable basis to deploy a replicated OpenLDAP
backend solution.
Andrew Bartlett
(This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
|
|
(This used to be commit 9b39e99f48266a54ed0b8890c2efde218b4b118a)
|
|
(This used to be commit b507109bb676715f7d9616e13b0e19305e9c2559)
|
|
(This used to be commit d3df51cd01e53383dcc05923d248db03bc6f62e9)
|
|
parametic options:
smb2:max read size = NNN
smb2:max write size = NNN
The defaults are 65536, which is what Vista sets, and what we
previously set
(This used to be commit 9e60164cae42b5dd95720e48301a2ac57e95482a)
|
|
(This used to be commit 696b58f5dd8370b7ee0670c7a3e5db10234b41ff)
|
|
Merge branch 'v4-0-ipv6' of git://git.id10ts.net/samba into 4-0-abartlet
Andrew Bartlett
(This used to be commit d3336684f084f984500dd0893dd01bcfc5be0ab1)
|
|
(This used to be commit 8585a3c77d5dfe97bca3f08716fc06ac2819f578)
|
|
module prohibits it anyway.
Andrew Bartlett
(This used to be commit c5b287c056855892f30fbbf32efe7d65da31ce91)
|
|
In particular, this should draw attention to accidential 'standalone'
server provisions and therefore cause less frustration.
Andrew Bartlett
(This used to be commit e906ae041a2b589ffceff97b74f7c4b01386382a)
|
|
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
(This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
|
|
Andrew Bartlett
(This used to be commit b4da374a998caac18c288a0a6e3fcd2c50cbffa7)
|
|
This fixes up some issues with testdir (was not honoured) and
increases test coverage.
We now check all the major provision modes. In doing so, to make it
possible to call from the multiple layers of 'sh', I have allowed 'dc'
to alias 'domain controller' and 'member' to alias 'member server'.
Fighting shell quoting in the test system was just too hard...
Also fix upgrade.py
Andrew Bartlett
(This used to be commit 0923de12282b0e063dd73bc3e056dd5c3663c190)
|
|
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
|
|
is the default.
(This used to be commit a0a05c5a3d614d0f2936ecfcab5273a2ef7d61a8)
|
|
Make the EJS provision and the selftest scripts both use the new
syntax for speicifying the ldap backend type.
Andrew Bartlett
(This used to be commit b1d2584277304be3f2a640465cbf6b2a3ec571cc)
|
|
Andrew Bartlett
(This used to be commit fa1098959ad0016770ce1c327665df08ce3f69d2)
|
|
Andrew Bartlett
(This used to be commit 2f98ec1e6417c70a48370a62e7a54dfc4f6291c1)
|
|
Andrew Bartlett
(This used to be commit ae2ea1bd0cd2b326b09b372428969f2cf52ce519)
|
|
Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.
We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.
Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.
Andrew Bartlett
(This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f)
|
|
fixes the case of the attribute in teh DN.
Fix option spelling for example re-provision
Andrew Bartlett
(This used to be commit e3a76be04760a81a9c1b7ad9b139f088decc9ee6)
|
|
the provision options used.
Andrew Bartlett
(This used to be commit 51cd93344dfeb3556fada523e38bbcd7e51fbbe1)
|
|
by seperating the modules list into parts. That way, we can remove
the modules that the backend will provide.
Andrew Bartlett
(This used to be commit d67e5c7896f6d3064298897ae4d3204498824b06)
|
|
simple ldap mapping (a complex mapping will follow).
Fix the module to handle 'name' better, rather than using the 'name'
attribute built into OpenLDAP, rename to samba4RDN. We need to see if
this can be handled in the backend.
Also rename the functions and inernal module name to entryuuid for
consistancy.
Andrew Bartlett
(This used to be commit a7be80766f4270d63433bbd6a976ebf302ed3433)
|
|
avoid %s in the substituted strings from becoming a problem.
Andrew Bartlett
(This used to be commit 3c4f107239eb6b2f4022a4eac06c5dd3ace71174)
|
|
help users produce predictable setups.
Andrew Bartlett
(This used to be commit 9789bd3c0a3f75f19fa523b251736cf6cdc157ce)
|
|
--server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.
The default for the provision now changes to 'standalone'.
This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.
We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.
Andrew Bartlett
(This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
|
|
The keytab in dns.keytab should (I hope) do the job.
Andrew Bartlett
(This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
|
|
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.
This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).
Andrew Bartlett
(This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)
|
|
to set up the LDAP backend.
Andrew Bartlett
(This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d)
|
|
on metze's schema work.
Andrew Bartlett
(This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
easily try this out.
I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.
Andrew Bartlett
(This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21)
|
|
--partitions-only (suggestions for a better name welcome) will setup
the partitions records, but no any data in those partitions. This can
then point at the already configured remote LDAP server.
Andrew Bartlett
(This used to be commit ee7b06fc832ca7c572205c7c268c3c7c552effa0)
|
|
metze
(This used to be commit 7c381b2d4f92622ac7efdcc6b8e405d418e2d4bb)
|
|
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
|