summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2009-02-25Updates to the recent cn=config support for the OpenLDAP backendOliver Liebel2-13/+3
- removed workaround for olcSyncprovConfig - creation (works perfect now with 2.4.15, release was today) - added 1 message-helpline, which is displayed when running provision-backend with olc and/or mmr setup - corrected 1 wrong slapcommand-helpline - slapd.conf is removed now in case of olc-setup - added 1 copyright-line to provision.py and provision-backend Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-02-24Added mmr and olc to the OpenLDAP backend provisioning-scriptsOliver Liebel12-22/+78
These extensions add mmr (multi-master-replication) and olc (openldap-online-configuration) capabilities to the provisioning-scripts (provision-backend and provision.py), for use with the openldap-backend (only versions >=2.4.15!). Changes / additions made to the provision-backend -script: added new command-line-options: --ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr (can be combined with --ol-olc=yes), --ol-olc=[yes/no] (activate automatic conversion from static slapd.conf to olc), --ol-slaptest=<path to slaptest binary> (needed in conjunction with --ol-olc=yes) Changes / additions made to the provision.py -script: added extensions, that will automatically generate the chosen mmr and/or olc setup for the openldap backend, according to the to chosen parameters set in the provision-backend script Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-02-11Use convenience function for finding setup_dir based on location ofJelmer Vernooij3-5/+6
python module.
2009-02-11--interactive doesn't take any argument.Jelmer Vernooij1-1/+1
2009-01-21Use script path to find the setup directory.Jelmer Vernooij3-3/+3
2009-01-19Make sure server_role gets initialized in backend provisioning code -Jelmer Vernooij2-2/+2
fixes test.
2009-01-19Don't give fatal python errors when guessing the realmAndrew Bartlett1-2/+12
2009-01-16Add copyright headers.Jelmer Vernooij3-14/+53
2009-01-05Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij2-1/+6
2009-01-05More work to have OpenLDAP accept the full AD schemaAndrew Bartlett2-1/+6
We need to avoid handling DN+Binary and DN+String with the refint module for now, as this is a currently unsupported syntax. Also rename entryTTL to avoid a conflict with the operational attribute of the same name. Andrew Bartlett
2009-01-05Use fqdn rather than gethostname when guessing realm.Jelmer Vernooij1-1/+1
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij2-2/+2
2008-12-21Move tests for ParamFile.Jelmer Vernooij1-1/+1
2008-12-21Fix various Python-related bugs.Jelmer Vernooij1-1/+2
2008-12-20Corrections to Microsoft's schema and the OpenLDAP mapping fileAndrew Bartlett2-0/+63
2008-12-19Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij8-45/+24
2008-12-19Avoid use of parentheses in Python import statements, as it's not supported ↵Jelmer Vernooij2-4/+2
by Python2.3.
2008-12-19Fix errors in MS-AD_Schema_Attributes_v20080618.txtSreepathi Pai2-36/+9
- Remove spurious line breaks - Add missing attributeId from docs - Remove incorrect multiple values of systemFlags - Fix duplicate attributeId - Fix schemaIdGuid syntax Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-12-19Here's the prefixMap from w2k8.Stefan (metze) Metzmacher1-2/+9
We need to move 1.3.6.1.4.1.7165.4.1 and 1.3.6.1.4.1.7165.4.2 to the end...(if we still need them, which we should avoid) metze Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-12-19Move aggregate schema stub to it's own fileAndrew Bartlett2-3/+3
This should make it easier to import just the schema entries from the WSPP docs. Andrew Bartlett
2008-12-17s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference ↵Andrew Bartlett1-0/+2
depending on the backend This just changes the existing stratagy of loading different modules for the OpenLDAP backend to also include extended_dn_out_* When we provision the OpenLDAP backend, we make sure to include the 'deref' overlay (which must be made available by the OpenLDAP build) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-DomainAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}Andrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16s4/provision: Upper case default realm, use only first part of realm as ↵Jelmer Vernooij1-2/+2
default domain name.
2008-12-11Add interactive flag to setup/provision (also the default when no arguments ↵Jelmer Vernooij1-2/+27
are given).
2008-12-10Add AD schema from Microsoft's WSPP documentation.Andrew Bartlett3-0/+19124
This schema is *NOT* licenced under a standard Free Software licence, but does provide us the freedoms we need to use the schema, and the requirement to distribute as 'part of an implemenation' is similar to common Free font licences that are accepted by major linux distributions. Andrew Bartlett
2008-12-02Don't treat the DN+binary syntax as a DN.Andrew Bartlett2-4/+4
This should fix the OpenLDAP backend
2008-10-30Don't create LanMan Directory Replication Service key (bug 4934).Jelmer Vernooij1-4/+0
2008-10-20Mark clearTextPassword as a privilaged attributeAndrew Bartlett1-0/+1
2008-10-20Fix blackbox tests on IPv6-only hosts.Jelmer Vernooij1-2/+2
2008-10-16Transform the sequence_number operation into a normal extended operation as ↵Simo Sorce1-0/+2
it should always have been. Make it also async so that it is not a special case.
2008-10-02s4:setup: add wellknownObjects to the domain objectStefan Metzmacher1-0/+8
metze
2008-09-30Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell1-1/+1
2008-09-29Use the new 'samba4' name for our internal hdb plugin.Andrew Bartlett1-1/+1
2008-09-29added some more well known SIDs - thanks to the WSPP LSAT test suiteAndrew Tridgell1-0/+60
2008-09-29s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updatesStefan Metzmacher1-0/+2
We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze
2008-09-08Make it clear that the MMR password can differ from the admin passswordAndrew Bartlett1-1/+1
In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
2008-09-08Use DIGEST-MD5 authentication for OpenLDAP replicationOliver Liebel3-6/+19
This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
2008-09-08Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into ↵Andrew Bartlett2-1/+57
trusted-domains (This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
2008-09-06Remove <tab> in OpenLDAP MMR configOliver Liebel1-1/+0
Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
2008-08-30Add a setexpiry operation in samdb.pyAndrew Tridgell1-1/+13
This makes it easy to set the expiry (or no expiry) for a samdb user (This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
2008-08-30added a simple script for setting password expiryAndrew Tridgell1-0/+44
(This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
2008-08-22now that ldap integers are 32 bit, we need to put the right 32 bitAndrew Tridgell1-19/+19
value in for group type to avoid sign extension, otherwise we don't find the builtin groups (This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)
2008-08-21The index handling is now configured from the schema load, not by aAndrew Bartlett1-19/+0
template. Andrew Bartlett (This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)
2008-08-20Apply attributes (and their syntax) from the schema into ldbAndrew Bartlett1-0/+7
This changes the @ATTRIBUTES record to be for bootstrapping only, before we find the schema. Andrew Bartlett (This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)
2008-08-20Update OpenLDAP MMR configuration per comments by Oliver LiebelAndrew Bartlett1-1/+1
<oliver@itc.li> This changes the RIDs to be <serverID><DBID>, to ease later debugging. The need to specify the port on the MMR URLs is now included in the help. Andrew Bartlett (This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
2008-08-19Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett3-10/+13
(This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)
2008-08-19Fix up new OpenLDAP MMR code.Andrew Bartlett4-6/+10
This changes the MMR password from hard-coded value of 'linux', adds tests and fixes the Fedora DS backend. Currently the MMR password matches the admin password, but we can change this to be another random value if required. Also require the port to be specified on the command line, so we don't hard-code a port of 9000. Andrew Bartlett (This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)
2008-08-19Generate Multi-Master Replication configuration for OpenLDAPOliver Liebel4-5/+49
This patches provision-backend and the related scripts to generate the correct configuration blobs for N-way multi-master replication using OpenLDAP. Signed-off-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
2008-08-19Fix templates.ldb reprovision handling.Andrew Bartlett2-10/+10
This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)