From fc486d861c4c616407725b7adfa7cec712526c9a Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nivanova@symas.com>
Date: Tue, 24 Sep 2013 10:26:05 -0700
Subject: s4-openldap: Restored openldap-related options to the provision
 script

At the moment they are only available if TEST_LDAP=yes to avoid accidental use
as the openldap backend is still failing some tests

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
---
 python/samba/netcmd/domain.py      | 38 +++++++++++++++++++++++++++++++++++---
 python/samba/provision/__init__.py | 12 ++++++++----
 python/samba/provision/backend.py  | 10 +++++-----
 3 files changed, 48 insertions(+), 12 deletions(-)

(limited to 'python')

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index e7269c6523..0698928de0 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -214,6 +214,21 @@ class cmd_domain_provision(Command):
          Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
          Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
         ]
+
+    openldap_options = [
+        Option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early.  Used only for the test environment.  DO NOT USE",
+               action="store_true"),
+        Option("--slapd-path", type="string", metavar="SLAPD-PATH",
+               help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used."),
+        Option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT", help="Additional TCP port for LDAP backend server (to use for replication)"),
+        Option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
+               help="Force the LDAP backend connection to be to a particular URI.  Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDA"),
+        Option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true"),
+        ]
+
+    if os.getenv('TEST_LDAP', "no") == "yes":
+        takes_options.extend(openldap_options)
+
     takes_args = []
 
     def run(self, sambaopts=None, credopts=None, versionopts=None,
@@ -246,8 +261,13 @@ class cmd_domain_provision(Command):
             targetdir=None,
             ol_mmr_urls=None,
             use_xattrs=None,
+            slapd_path=None,
             use_ntvfs=None,
-            use_rfc2307=None):
+            use_rfc2307=None,
+            ldap_backend_nosync=None,
+            ldap_backend_extra_port=None,
+            ldap_backend_forced_uri=None,
+            ldap_dryrun_mode=None):
 
         self.logger = self.get_logger("provision")
         if quiet:
@@ -376,6 +396,14 @@ class cmd_domain_provision(Command):
 
         if eadb:
             self.logger.info("not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
+        if ldap_backend_type == "existing":
+            if dap_backend_forced_uri is not None:
+                logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % ldap_backend_forced_uri)
+            else:
+                logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
+        else:
+            if ldap_backend_forced_uri is not None:
+                logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend.  This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less")
 
         session = system_session()
         try:
@@ -393,9 +421,13 @@ class cmd_domain_provision(Command):
                   users=users,
                   serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
                   backend_type=ldap_backend_type,
-                  ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls,
+                  ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, slapd_path=slapd_path,
                   useeadb=eadb, next_rid=next_rid, lp=lp, use_ntvfs=use_ntvfs,
-                  use_rfc2307=use_rfc2307, skip_sysvolacl=False)
+                  use_rfc2307=use_rfc2307, skip_sysvolacl=False,
+                  ldap_backend_extra_port=ldap_backend_extra_port,
+                  ldap_backend_forced_uri=ldap_backend_forced_uri,
+                  nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
+
         except ProvisioningError, e:
             raise CommandError("Provision failed", e)
 
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 89f029a2af..631fff6abf 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1898,9 +1898,10 @@ def provision(logger, session_info, credentials, smbconf=None,
         invocationid=None, machinepass=None, ntdsguid=None,
         root=None, nobody=None, users=None, backup=None, aci=None,
         serverrole=None, dom_for_fun_level=None, backend_type=None,
-        sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false",
+        sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path=None,
         useeadb=False, am_rodc=False, lp=None, use_ntvfs=False,
-        use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True):
+        use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True,
+        ldap_backend_forced_uri=None, nosync=False, ldap_dryrun_mode=False, ldap_backend_extra_port=None):
     """Provision samba4
 
     :note: caution, this wipes all existing data!
@@ -2072,7 +2073,7 @@ def provision(logger, session_info, credentials, smbconf=None,
         provision_backend = ExistingBackend(backend_type, paths=paths,
             lp=lp, credentials=credentials,
             names=names, logger=logger,
-            ldap_backend_forced_uri=None)
+            ldap_backend_forced_uri=ldap_backend_forced_uri)
     elif backend_type == "fedora-ds":
         provision_backend = FDSBackend(backend_type, paths=paths,
             lp=lp, credentials=credentials,
@@ -2085,7 +2086,10 @@ def provision(logger, session_info, credentials, smbconf=None,
             lp=lp, credentials=credentials,
             names=names, logger=logger, domainsid=domainsid,
             schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
-            slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls)
+            slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls,
+            ldap_backend_extra_port=ldap_backend_extra_port,
+            ldap_dryrun_mode=ldap_dryrun_mode, nosync=nosync,
+            ldap_backend_forced_uri=ldap_backend_forced_uri)
     else:
         raise ValueError("Unknown LDAP backend type selected")
 
diff --git a/python/samba/provision/backend.py b/python/samba/provision/backend.py
index af7f07f752..93c38f78bb 100644
--- a/python/samba/provision/backend.py
+++ b/python/samba/provision/backend.py
@@ -154,7 +154,7 @@ class ExistingBackend(ProvisionBackend):
 
     def init(self):
         # Check to see that this 'existing' LDAP backend in fact exists
-        ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
+        ldapi_db = Ldb(self.ldapi_uri)
         ldapi_db.search(base="", scope=SCOPE_BASE,
             expression="(objectClass=OpenLDAProotDSE)")
 
@@ -163,6 +163,7 @@ class ExistingBackend(ProvisionBackend):
         # into the long-term database later in the script.
         self.secrets_credentials = self.credentials
 
+
          # For now, assume existing backends at least emulate OpenLDAP
         self.ldap_backend_type = "openldap"
 
@@ -173,7 +174,7 @@ class LDAPBackend(ProvisionBackend):
                  credentials=None, names=None, logger=None, domainsid=None,
                  schema=None, hostname=None, ldapadminpass=None,
                  slapd_path=None, ldap_backend_extra_port=None,
-                 ldap_backend_forced_uri=None, ldap_dryrun_mode=True):
+                 ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
 
         super(LDAPBackend, self).__init__(backend_type=backend_type,
                 paths=paths, lp=lp,
@@ -334,7 +335,7 @@ class OpenLDAPBackend(LDAPBackend):
     def __init__(self, backend_type, paths=None, lp=None,
             credentials=None, names=None, logger=None, domainsid=None,
             schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
-            ldap_backend_extra_port=None, ldap_dryrun_mode=True,
+            ldap_backend_extra_port=None, ldap_dryrun_mode=False,
             ol_mmr_urls=None, nosync=False, ldap_backend_forced_uri=None):
         from samba.provision import setup_path
         super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
@@ -588,7 +589,6 @@ class OpenLDAPBackend(LDAPBackend):
         self.slapd_command = list(self.slapd_provision_command)
 
         self.slapd_provision_command.extend([self.ldap_uri, "-d0"])
-
         uris = self.ldap_uri
         if server_port_string is not "":
             uris = uris + " " + server_port_string
@@ -634,7 +634,7 @@ class FDSBackend(LDAPBackend):
     def __init__(self, backend_type, paths=None, lp=None,
             credentials=None, names=None, logger=None, domainsid=None,
             schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
-            ldap_backend_extra_port=None, ldap_dryrun_mode=True, root=None,
+            ldap_backend_extra_port=None, ldap_dryrun_mode=False, root=None,
             setup_ds_path=None):
 
         from samba.provision import setup_path
-- 
cgit