1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

r17499: Open the main database only the minimum times during a provision.

This causes things to operate as just one transaction (locally), and
to make a minimum of TCP connections when connecting to a remote LDAP
server.

Taking advantage of this, create another file to handle loading the
Samba4 specific schema extensions.  Also comment out 'middleName' and
reassign the OID to one in the Samba4 range, as it is 'stolen' from a
netscape range that is used in OpenLDAP and interenet standards for
'ref'.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2006-08-11 22:11:29 +00:00 committed by Gerald (Jerry) Carter
parent 0b552dadaa
commit 009d090594
3 changed files with 228 additions and 101 deletions

View File

@ -189,24 +189,12 @@ function ldb_erase(ldb)
/*
erase an ldb, removing all records
*/
function ldb_erase_partitions(info, dbname)
function ldb_erase_partitions(info, ldb)
{
var rootDSE_attrs = new Array("namingContexts");
var ldb = ldb_init();
var lp = loadparm_init();
var j;
ldb.session_info = info.session_info;
ldb.credentials = info.credentials;
ldb.filename = dbname;
var connect_ok = ldb.connect(dbname);
assert(connect_ok);
ldb.transaction_start();
var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
assert(typeof(res) != "undefined");
assert(res.length == 1);
@ -237,45 +225,13 @@ function ldb_erase_partitions(info, dbname)
}
}
}
var commit_ok = ldb.transaction_commit();
if (!commit_ok) {
info.message("ldb commit failed: " + ldb.errstring() + "\n");
assert(add_ok);
}
}
/*
setup a ldb in the private dir
*/
function setup_ldb(ldif, info, dbname)
function open_ldb(info, dbname, erase)
{
var erase = true;
var extra = "";
var failok = false;
var ldb = ldb_init();
var lp = loadparm_init();
ldb.session_info = info.session_info;
ldb.credentials = info.credentials;
if (arguments.length >= 4) {
extra = arguments[3];
}
if (arguments.length >= 5) {
erase = arguments[4];
}
if (arguments.length == 6) {
failok = arguments[5];
}
var src = lp.get("setup directory") + "/" + ldif;
var data = sys.file_load(src);
data = data + extra;
data = substitute_var(data, info.subobj);
ldb.filename = dbname;
var connect_ok = ldb.connect(dbname);
@ -290,6 +246,20 @@ function setup_ldb(ldif, info, dbname)
if (erase) {
ldb_erase(ldb);
}
return ldb;
}
/*
setup a ldb in the private dir
*/
function setup_add_ldif(ldif, info, ldb, failok)
{
var lp = loadparm_init();
var src = lp.get("setup directory") + "/" + ldif;
var data = sys.file_load(src);
data = substitute_var(data, info.subobj);
var add_ok = ldb.add(data);
if (!add_ok) {
@ -298,7 +268,22 @@ function setup_ldb(ldif, info, dbname)
assert(add_ok);
}
}
if (add_ok) {
return add_ok;
}
function setup_ldb(ldif, info, dbname)
{
var erase = true;
var failok = false;
if (arguments.length >= 4) {
erase = arguments[3];
}
if (arguments.length == 5) {
failok = arguments[4];
}
var ldb = open_ldb(info, dbname, erase);
if (setup_add_ldif(ldif, info, ldb, erase, failok)) {
var commit_ok = ldb.transaction_commit();
if (!commit_ok) {
info.message("ldb commit failed: " + ldb.errstring() + "\n");
@ -310,35 +295,20 @@ function setup_ldb(ldif, info, dbname)
/*
setup a ldb in the private dir
*/
function setup_ldb_modify(ldif, info, dbname)
function setup_ldb_modify(ldif, info, ldb)
{
var ldb = ldb_init();
var lp = loadparm_init();
ldb.session_info = info.session_info;
ldb.credentials = info.credentials;
var src = lp.get("setup directory") + "/" + ldif;
var data = sys.file_load(src);
data = substitute_var(data, info.subobj);
ldb.filename = dbname;
var connect_ok = ldb.connect(dbname);
assert(connect_ok);
ldb.transaction_start();
var mod_ok = ldb.modify(data);
if (!mod_ok) {
info.message("ldb load failed: " + ldb.errstring() + "\n");
assert(mod_ok);
}
var commit_ok = ldb.transaction_commit();
if (!commit_ok) {
info.message("ldb commit failed: " + ldb.errstring() + "\n");
assert(commit_ok);
}
}
/*
@ -386,16 +356,9 @@ function provision_default_paths(subobj)
/*
setup reasonable name mappings for sam names to unix names
*/
function setup_name_mappings(info, subobj, session_info, credentials)
function setup_name_mappings(info, subobj, ldb)
{
var lp = loadparm_init();
var ldb = ldb_init();
ldb.session_info = session_info;
ldb.credentials = credentials;
var ok = ldb.connect(lp.get("sam database"));
if (!ok) {
return false;
}
var attrs = new Array("objectSid");
res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
assert(res.length == 1 && res[0].objectSid != undefined);
@ -436,7 +399,6 @@ function setup_name_mappings(info, subobj, session_info, credentials)
*/
function provision(subobj, message, blank, paths, session_info, credentials)
{
var data = "";
var lp = loadparm_init();
var sys = sys_init();
var info = new Object();
@ -480,38 +442,54 @@ function provision(subobj, message, blank, paths, session_info, credentials)
setup_ldb("hklm.ldif", info, paths.hklm);
message("Setting up sam.ldb partitions\n");
/* Also wipes the database */
setup_ldb("provision_partitions.ldif", info, paths.samdb);
message("Setting up sam.ldb attributes\n");
setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false);
message("Erasing data from partitions\n");
ldb_erase_partitions(info, paths.samdb);
message("Adding baseDN: " + subobj.BASEDN + "\n");
setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true);
message("Modifying baseDN: " + subobj.BASEDN + "\n");
setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb)
var samdb = open_ldb(info, paths.samdb, false);
message("Setting up sam.ldb schema\n");
setup_ldb("schema.ldif", info, paths.samdb, NULL, false);
message("Setting up sam.ldb attributes\n");
setup_add_ldif("provision_init.ldif", info, samdb, false);
message("Erasing data from partitions\n");
ldb_erase_partitions(info, samdb);
message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
setup_add_ldif("provision_basedn.ldif", info, samdb, true);
message("Modifying baseDN: " + subobj.BASEDN + "\n");
setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
message("Setting up sam.ldb Samba4 schema\n");
setup_add_ldif("schema_samba4.ldif", info, samdb, false);
message("Setting up sam.ldb AD schema\n");
setup_add_ldif("schema.ldif", info, samdb, false);
message("Setting up display specifiers\n");
setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false);
setup_add_ldif("display_specifiers.ldif", info, samdb, false);
message("Setting up sam.ldb templates\n");
setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
setup_add_ldif("provision_templates.ldif", info, samdb, false);
message("Setting up sam.ldb data\n");
setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
setup_add_ldif("provision.ldif", info, samdb, false);
if (blank != false) {
var commit_ok = samdb.transaction_commit();
if (!commit_ok) {
info.message("ldb commit failed: " + samdb.errstring() + "\n");
assert(commit_ok);
}
return true;
}
message("Setting up sam.ldb users and groups\n");
setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
setup_add_ldif("provision_users.ldif", info, samdb, false);
if (setup_name_mappings(info, subobj, session_info, credentials) == false) {
if (setup_name_mappings(info, subobj, samdb) == false) {
return false;
}
var commit_ok = samdb.transaction_commit();
if (!commit_ok) {
info.message("samdb commit failed: " + samdb.errstring() + "\n");
assert(commit_ok);
}
return true;
}

View File

@ -548,19 +548,19 @@ adminDisplayName: houseIdentifier
attributeID: 2.5.4.51
attributeSyntax: 2.5.5.12
dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
cn: middleName
name: middleName
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: middleName
isSingleValued: TRUE
systemFlags: 16
systemOnly: FALSE
schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
adminDisplayName: Other-Name
attributeID: 2.16.840.1.113730.3.1.34
attributeSyntax: 2.5.5.12
#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
#cn: middleName
#name: middleName
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: middleName
#isSingleValued: TRUE
#systemFlags: 16
#systemOnly: FALSE
#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
#adminDisplayName: Other-Name
#attributeID: 2.16.840.1.113730.3.1.34
#attributeSyntax: 2.5.5.12
dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN}
cn: replTopologyStayOfExecution

View File

@ -0,0 +1,149 @@
#
# Schema elements which do not exist in AD, but which we use in Samba4
#
## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
#
#
dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN}
cn: ntpwdHash
name: NTPWDHash
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: ntpwdhash
isSingleValued: TRUE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
adminDisplayName: NT-PWD-Hash
attributeID: 1.3.6.1.4.1.7165.4.1.1
attributeSyntax: 2.5.5.10
dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN}
cn: lmpwdHash
name: lmpwdHash
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: lmpwdhash
isSingleValued: TRUE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
adminDisplayName: LM-PWD-Hash
attributeID: 1.3.6.1.4.1.7165.4.1.2
attributeSyntax: 2.5.5.10
dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN}
cn: sambaNtPwdHistory
name: sambaNtPwdHistory
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: sambaNtPwdHistory
isSingleValued: TRUE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
adminDisplayName: SAMBA-NT-PWD-History
attributeID: 1.3.6.1.4.1.7165.4.1.3
attributeSyntax: 2.5.5.10
dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN}
cn: sambaLmPwdHistory
name: sambaLmPwdHistory
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: sambaLmPwdHistory
isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
adminDisplayName: SAMBA-LM-PWDHistory
attributeID: 1.3.6.1.4.1.7165.4.1.4
attributeSyntax: 2.5.5.10
dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN}
cn: sambaPassword
name: sambaPassword
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: sambaPassword
isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
adminDisplayName: SAMBA-Password
attributeID: 1.3.6.1.4.1.7165.4.1.5
attributeSyntax: 2.5.5.5
dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN}
cn: dnsDomain
name: dnsDomain
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: dnsDomain
isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
adminDisplayName: SAMBA-Password
attributeID: 1.3.6.1.4.1.7165.4.1.6
attributeSyntax: 2.5.5.4
dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN}
cn: privilege
name: privilege
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: privilege
isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
adminDisplayName: Privilege
attributeID: 1.3.6.1.4.1.7165.4.1.7
attributeSyntax: 2.5.5.4
dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
cn: middleName
name: middleName
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: middleName
sSingleValued: TRUE
systemFlags: 16
systemOnly: FALSE
schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
adminDisplayName: Other-Name
attributeID: 1.3.6.1.4.1.7165.4.1.8
attributeSyntax: 2.5.5.12
dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN}
cn: unixName
name: unixName
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: unixName
sSingleValued: TRUE
systemFlags: 16
systemOnly: FALSE
schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
adminDisplayName: Unix-Name
attributeID: 1.3.6.1.4.1.7165.4.1.9
attributeSyntax: 2.5.5.4
dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN}
cn: krb5Key
name: krb5Key
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: krb5Key
isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
adminDisplayName: krb5-Key
attributeID: 1.3.6.1.4.1.5322.10.1.10
attributeSyntax: 2.5.5.10