From 5eb3b919c59b62065db32e0575fcd1d84a64e3db Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 5 Jan 2010 17:08:56 +1100 Subject: s4-provision: the DC object itself needs a fixed objectSID We can't allocate a objectSID until we have rIDSetReferences, but that is in the DC object, so we have to force the objectSID of the DC Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/provision.py | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index d7d0a790ca..62ca9282d1 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -796,6 +796,7 @@ def setup_self_join(samdb, names, "DNSPASS_B64": b64encode(dnspass), "REALM": names.realm, "DOMAIN": names.domain, + "DOMAINSID": str(domainsid), "DNSDOMAIN": names.dnsdomain, "SAMBA_VERSION_STRING": version, "NTDSGUID": ntdsguid_line, -- cgit From fcfb5d7b63293a13fa4984c0a4502a682a5a02a9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:15:35 +1100 Subject: s4-provision: allow provision modifies to add records we need to recognise a changetype of 'add' --- source4/scripting/python/samba/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 5d61c1bd8c..d7df6b979b 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -255,7 +255,10 @@ class Ldb(ldb.Ldb): :param ldif: LDIF text. """ for changetype, msg in self.parse_ldif(ldif): - self.modify(msg, controls) + if (changetype == ldb.CHANGETYPE_ADD): + self.add(msg, controls) + else: + self.modify(msg, controls) def set_domain_sid(self, sid): """Change the domain SID used by this LDB. -- cgit From 53d10d139e569f9132193e8f8c268638eab30a0b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 6 Jan 2010 09:26:17 +1100 Subject: s4-provision: don't hard wire the creation of the RID Set object We now create it automatically in the samldb module when the first user is created. The creation of the dns user also had to move to the _modify.ldif as it now relies on the fSMO role being setup for the RID Manager Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/provision.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 62ca9282d1..bb47d2bd5c 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -793,7 +793,6 @@ def setup_self_join(samdb, names, "DEFAULTSITE": names.sitename, "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), "MACHINEPASS_B64": b64encode(machinepass), - "DNSPASS_B64": b64encode(dnspass), "REALM": names.realm, "DOMAIN": names.domain, "DOMAINSID": str(domainsid), @@ -825,7 +824,8 @@ def setup_self_join(samdb, names, "DEFAULTSITE": names.sitename, "SERVERDN": names.serverdn, "NETBIOSNAME": names.netbiosname, - "NTDSGUID": names.ntdsguid + "NTDSGUID": names.ntdsguid, + "DNSPASS_B64": b64encode(dnspass), }) -- cgit From 1f25d0a5add1812723dfb93da28bbb80dc5d6757 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:12:24 +1100 Subject: s4-provision: re-open sam.ldb after creating the schema This enables the full schema during the rest of the provision, which means indexing is enabled (along with index error checking, such as duplicate SIDs) --- source4/scripting/python/samba/provision.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index bb47d2bd5c..0d50789b77 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -946,6 +946,15 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), {"SCHEMADN": names.schemadn}) + message("Reopening sam.ldb with new schema"); + samdb.transaction_commit() + samdb = Ldb(session_info=session_info, + credentials=provision_backend.credentials, lp=lp) + samdb.connect(path) + samdb.transaction_start() + if serverrole == "domain controller": + samdb.set_invocation_id(invocationid) + message("Setting up sam.ldb configuration data") setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), { "CONFIGDN": names.configdn, -- cgit From 9672a3d1cc17dd800403a9987602403b8c6e757f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 10:18:30 +1100 Subject: s4-devel: a useful script to setup bin/ and st/ as tmpfs filesystems this makes building and testing s4 as a developer much faster, if you have enough memory! --- source4/scripting/devel/tmpfs.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100755 source4/scripting/devel/tmpfs.sh (limited to 'source4/scripting') diff --git a/source4/scripting/devel/tmpfs.sh b/source4/scripting/devel/tmpfs.sh new file mode 100755 index 0000000000..5604f68dd7 --- /dev/null +++ b/source4/scripting/devel/tmpfs.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# This sets up bin/ and st/ as tmpfs filesystems, which saves a lot of +# time waiting on the disk! + +rm -rf bin st +mkdir -p bin st || exit 1 +sudo mount -t tmpfs /dev/null bin || exit 1 +sudo chown $USER bin || exit 1 +echo "tmpfs setup for bin/" +sudo mount -t tmpfs /dev/null st || exit 1 +sudo chown $USER st || exit 1 +echo "tmpfs setup for st/" -- cgit From a7fffe8da0464b25d587e5148207e1a67b930505 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 17:31:23 +1100 Subject: s4-provision: do a self join for all server types We need a machine account so the RID allocation code can work. It seems better to use the same code paths for a domain controller and standalone server to avoid testing headaches with little used code. --- source4/scripting/python/samba/provision.py | 39 +++++++++++++---------------- 1 file changed, 17 insertions(+), 22 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 0d50789b77..a71b561a86 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -893,10 +893,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, samdb.set_opaque_integer("domainControllerFunctionality", domainControllerFunctionality) samdb.set_domain_sid(str(domainsid)) - if serverrole == "domain controller": - samdb.set_invocation_id(invocationid) - # NOTE: the invocationid for standalone and member server - # cases is setup in the sambd_dsdb module init function + samdb.set_invocation_id(invocationid) message("Adding DomainDN: %s" % names.domaindn) @@ -952,8 +949,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, credentials=provision_backend.credentials, lp=lp) samdb.connect(path) samdb.transaction_start() - if serverrole == "domain controller": - samdb.set_invocation_id(invocationid) + samdb.set_invocation_id(invocationid) message("Setting up sam.ldb configuration data") setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), { @@ -1013,21 +1009,20 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, "KRBTGTPASS_B64": b64encode(krbtgtpass), }) - if serverrole == "domain controller": - message("Setting up self join") - setup_self_join(samdb, names=names, invocationid=invocationid, - dnspass=dnspass, - machinepass=machinepass, - domainsid=domainsid, policyguid=policyguid, - policyguid_dc=policyguid_dc, - setup_path=setup_path, - domainControllerFunctionality=domainControllerFunctionality, - ntdsguid=ntdsguid) - - ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) - names.ntdsguid = samdb.searchone(basedn=ntds_dn, - attribute="objectGUID", expression="", scope=SCOPE_BASE) - assert isinstance(names.ntdsguid, str) + message("Setting up self join") + setup_self_join(samdb, names=names, invocationid=invocationid, + dnspass=dnspass, + machinepass=machinepass, + domainsid=domainsid, policyguid=policyguid, + policyguid_dc=policyguid_dc, + setup_path=setup_path, + domainControllerFunctionality=domainControllerFunctionality, + ntdsguid=ntdsguid) + + ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) + names.ntdsguid = samdb.searchone(basedn=ntds_dn, + attribute="objectGUID", expression="", scope=SCOPE_BASE) + assert isinstance(names.ntdsguid, str) except: samdb.transaction_cancel() @@ -1146,7 +1141,7 @@ def provision(setup_dir, message, session_info, serverrole = lp.get("server role") assert serverrole in ("domain controller", "member server", "standalone") - if invocationid is None and serverrole == "domain controller": + if invocationid is None: invocationid = str(uuid.uuid4()) if not os.path.exists(paths.private_dir): -- cgit From 59f314d321bb276ebdf2da3017b6a5d3b79d13e2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Jan 2010 21:28:03 +1100 Subject: s4-scripting: we need to use a base search for the NTDS GUID now we have nTDSConnections structures we can get more than 1 reply --- source4/scripting/bin/setup_dns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting') diff --git a/source4/scripting/bin/setup_dns.sh b/source4/scripting/bin/setup_dns.sh index f20ad145c1..de4485fc07 100755 --- a/source4/scripting/bin/setup_dns.sh +++ b/source4/scripting/bin/setup_dns.sh @@ -16,7 +16,7 @@ RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g) PRIVATEDIR=$(bin/testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2> /dev/null) } -OBJECTGUID=$(bin/ldbsearch -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2) +OBJECTGUID=$(bin/ldbsearch -s base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2) echo "Found objectGUID $OBJECTGUID" -- cgit From d371b0eabe360f7c184a10282f63a64b0cfc550f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 16:59:27 +1100 Subject: s4-schema: added adminDisplayName and adminDescription These are missing from the WSPP schemas Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/ms_schema.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/ms_schema.py b/source4/scripting/python/samba/ms_schema.py index a4eed581c6..9f5ebcf8cc 100644 --- a/source4/scripting/python/samba/ms_schema.py +++ b/source4/scripting/python/samba/ms_schema.py @@ -229,6 +229,8 @@ def __transform_entry(entry, objectClass): entry.insert(1, ["objectClass", ["top", objectClass]]) entry.insert(2, ["cn", cn]) entry.insert(2, ["objectGUID", str(uuid.uuid4())]) + entry.insert(2, ["adminDescription", cn]) + entry.insert(2, ["adminDisplayName", cn]) for l in entry: key = l[0].lower() -- cgit From 38909a4ae5a2dc3b18a797933586d35cc679d667 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Jan 2010 17:00:28 +1100 Subject: s4-schema: switch to W2K8-R2 schema Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/schema.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py index 8913e53b00..67c48e8e58 100644 --- a/source4/scripting/python/samba/schema.py +++ b/source4/scripting/python/samba/schema.py @@ -64,8 +64,8 @@ class Schema(object): self.schemadn = schemadn self.ldb = Ldb() - self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'), - setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt')) + self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'), + setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt')) if files is not None: for file in files: -- cgit From 8a09dc12660dcc62926c3a41cacd4970f46f9210 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Jan 2010 20:54:16 +1100 Subject: s4-schema: fixed the SDDL for the schema root security descriptor This was preventing a DCPROMO client from allowing outgoing replication --- source4/scripting/python/samba/schema.py | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py index 67c48e8e58..f702e9829f 100644 --- a/source4/scripting/python/samba/schema.py +++ b/source4/scripting/python/samba/schema.py @@ -35,16 +35,20 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE import os def get_schema_descriptor(domain_sid): - sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \ - "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \ - "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \ - "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \ - "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \ - "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)" + sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \ + ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \ + "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \ + "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \ + "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \ + "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \ + "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \ + "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \ + ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \ + "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \ + "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \ + "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \ + "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \ + ";;WD)(AU;CISA;WP;;;WD)" sec = security.descriptor.from_sddl(sddl, domain_sid) return ndr_pack(sec) -- cgit From e0d6b0977eb5c5a2c95ee2de10c7b18550371b50 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 10 Jan 2010 20:08:50 +0100 Subject: s4:upgradeprovision - Reformat comments Make them break at line 80 (better readability). --- source4/scripting/bin/upgradeprovision | 72 +++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 28 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index da827ace42..e95977a258 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -66,8 +66,10 @@ GUESS = 0x04 PROVISION = 0x08 CHANGEALL = 0xff -# Attributes that not copied from the reference provision even if they do not exists in the destination object -# This is most probably because they are populated automatcally when object is created +# Attributes that are never copied from the reference provision (even if they +# do not exist in the destination object). +# This is most probably because they are populated automatcally when object is +# created hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1,"replPropertyMetaData": 1,"uSNChanged": 1,\ "uSNCreated": 1,"parentGUID": 1,"objectCategory": 1,"distinguishedName": 1,\ "showInAdvancedViewOnly": 1,"instanceType": 1, "cn": 1, "msDS-Behavior-Version":1, "nextRid":1,\ @@ -75,8 +77,9 @@ hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1 "dBCSPwd":1,"supplementalCredentials":1,"gPCUserExtensionNames":1, "gPCMachineExtensionNames":1,\ "maxPwdAge":1, "mail":1, "secret":1,"possibleInferiors":1, "sAMAccountType":1} -# Usually for an object that already exists we do not overwrite attributes as they might have been changed for good -# reasons. Anyway for a few of thems it's mandatory to replace them otherwise the provision will be broken somehow. +# Usually for an object that already exists we do not overwrite attributes as +# they might have been changed for good reasons. Anyway for a few of them it's +# mandatory to replace them otherwise the provision will be broken somehow. hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,"systemOnly":replace, "searchFlags":replace,\ "mayContain":replace, "systemFlags":replace,"description":replace, "oEMInformation":replace, "operatingSystemVersion":replace, "adminPropertyPages":replace, @@ -167,11 +170,13 @@ def get_paths(targetdir=None,smbconf=None): lp = param.LoadParm() lp.load(smbconf) -# Normaly we need the domain name for this function but for our needs it's pointless +# Normally we need the domain name for this function but for our needs it's +# pointless paths = provision_paths_from_lp(lp,"foo") return paths -# This function guess(fetch) informations needed to make a fresh provision from the current provision +# This function guesses (fetches) informations needed to make a fresh provision +# from the current provision # It includes: realm, workgroup, partitions, netbiosname, domain guid, ... def guess_names_from_current_provision(credentials,session_info,paths): lp = param.LoadParm() @@ -191,11 +196,13 @@ def guess_names_from_current_provision(credentials,session_info,paths): names.netbiosname = str(res[0]["sAMAccountName"]).replace("$","") names.smbconf = smbconf - #It's important here to let ldb load with the old module or it's quite certain that the LDB won't load ... + # It's important here to let ldb load with the old module or it's quite + # certain that the LDB won't load ... samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials, lp=lp, options=["modules:samba_dsdb"]) - # That's a bit simplistic but it's ok as long as we have only 3 partitions + # That's a bit simplistic but it's ok as long as we have only 3 + # partitions attrs2 = ["defaultNamingContext", "schemaNamingContext","configurationNamingContext","rootDomainNamingContext"] current = samdb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2) @@ -311,9 +318,10 @@ def newprovision(names,setup_dir,creds,session,smbconf): ldap_dryrun_mode=None) return provdir -# This function sorts two dn in the lexicographical order and put higher level DN before -# So given the dns cn=bar,cn=foo and cn=foo the later will be return as smaller (-1) as it has less -# level +# This function sorts two DNs in the lexicographical order and put higher level +# DN before. +# So given the dns cn=bar,cn=foo and cn=foo the later will be return as smaller +# (-1) as it has less level def dn_sort(x,y): p = re.compile(r'(? Date: Sun, 10 Jan 2010 21:34:05 +0100 Subject: s4:upgradeprovision - fix up the script regarding linked attributes We have to try to add new objects until between two iterations we didn't make any progress. Either we are then done (no objects remaining) or we are incapable to do this fully automatically. The latter can happen if important system objects (builtin groups, users...) moved (e.g. consider one of my recent comments). Then the new object can't be added if it contains the same "sAMAccountName" attribute as the old one. We have to let the user delete the old one (also to give him a chance to backup personal changes - if needed) and only then the script is capable to add the new one onto the right place. Make this clear with an exhaustive error output. I personally don't see a good way how to do this better for now so I would leave this as a manual step. --- source4/scripting/bin/upgradeprovision | 58 +++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 12 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index e95977a258..23980cd3da 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -560,18 +560,52 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema): sam_ldb.transaction_start() - empty = ldb.Message() - message(SIMPLE,"There are %d missing objects"%(len(listMissing))) - for dn in listMissing: - reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"]) - delta = sam_ldb.msg_diff(empty,reference[0]) - for att in hashAttrNotCopied.keys(): - delta.remove(att) - for att in backlinked: - delta.remove(att) - delta.dn = dn - - sam_ldb.add(delta,["relax:0"]) + err_num = 0 + err_msg = "" + while len(listMissing) > 0: + listMissing2 = [] + + empty = ldb.Message() + message(SIMPLE,"There are still %d objects missing"%(len(listMissing))) + + for dn in listMissing: + reference = newsam_ldb.search(expression="dn=%s" % (str(dn)), + base=basedn, scope=SCOPE_SUBTREE, + controls=["search_options:1:2"]) + delta = sam_ldb.msg_diff(empty,reference[0]) + for att in hashAttrNotCopied.keys(): + delta.remove(att) + for att in backlinked: + delta.remove(att) + delta.dn = dn + + try: + sam_ldb.add(delta,["relax:0"]) + # This is needed here since otherwise the + # "replmd_meta_data" module doesn't see the + # updated data + sam_ldb.transaction_commit() + sam_ldb.transaction_start() + except LdbError, (num, msg): + # An exception can happen if a linked object + # doesn't exist which can happen if it is also + # to be added + err_num = num + err_msg = msg + listMissing2.append(dn) + + if len(listMissing2) == len(listMissing): + # We couldn't add any object in this iteration -> + # we have to resign and hope that the user manually + # fixes the damage + + message(ERROR, "The script isn't capable to do the upgrade fully automatically!") + message(ERROR, "Often this happens when important system objects moved their location. Please look for them (for example doable using the displayed 'sAMAccountName' attribute), backup if personally changed and remove them.") + message(ERROR, "Reinvoke this script and reapply eventual modifications done before. It is possible to get this error more than once (for each problematic object).") + + raise LdbError(err_num, err_msg) + + listMissing = listMissing2 changed = 0 for dn in listPresent: -- cgit