mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
samba-tool domain demote: Remove dns-SERVER object as well
This object is not in standard AD, but Marc Muehlfeld correctly notes that Samba creates it for BIND9_DLZ Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
parent
145bb6fd7b
commit
642de9193f
@ -193,7 +193,8 @@ def offline_remove_server(samdb, server_dn,
|
||||
remove_computer_obj=False,
|
||||
remove_server_obj=False,
|
||||
remove_sysvol_obj=False,
|
||||
remove_dns_names=False):
|
||||
remove_dns_names=False,
|
||||
remove_dns_account=False):
|
||||
res = samdb.search("",
|
||||
scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
|
||||
assert len(res) == 1
|
||||
@ -226,7 +227,8 @@ def offline_remove_server(samdb, server_dn,
|
||||
computer_msgs = samdb.search(base=computer_dn,
|
||||
expression="objectclass=computer",
|
||||
attrs=["msDS-KrbTgtLink",
|
||||
"rIDSetReferences"],
|
||||
"rIDSetReferences",
|
||||
"cn"],
|
||||
scope=ldb.SCOPE_BASE)
|
||||
if "rIDSetReferences" in computer_msgs[0]:
|
||||
samdb.delete(computer_msgs[0]["rIDSetReferences"][0])
|
||||
@ -240,6 +242,14 @@ def offline_remove_server(samdb, server_dn,
|
||||
if "dnsHostName" in msgs[0]:
|
||||
dnsHostName = msgs[0]["dnsHostName"][0]
|
||||
|
||||
if remove_dns_account:
|
||||
res = samdb.search(expression="(&(objectclass=user)(cn=dns-%s)(servicePrincipalName=DNS/%s))" %
|
||||
(ldb.binary_encode(dc_name), dnsHostName),
|
||||
attrs=[], scope=ldb.SCOPE_SUBTREE,
|
||||
base=samdb.get_default_basedn())
|
||||
if len(res) == 1:
|
||||
samdb.delete(res[0].dn)
|
||||
|
||||
if dnsHostName is not None and remove_dns_names:
|
||||
remove_dns_references(samdb, dnsHostName)
|
||||
|
||||
@ -252,7 +262,8 @@ def offline_remove_ntds_dc(samdb, ntds_dn,
|
||||
remove_connection_obj=False,
|
||||
seize_stale_fsmo=False,
|
||||
remove_sysvol_obj=False,
|
||||
remove_dns_names=False):
|
||||
remove_dns_names=False,
|
||||
remove_dns_account=False):
|
||||
res = samdb.search("",
|
||||
scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
|
||||
assert len(res) == 1
|
||||
@ -318,7 +329,8 @@ def offline_remove_ntds_dc(samdb, ntds_dn,
|
||||
remove_computer_obj=remove_computer_obj,
|
||||
remove_server_obj=remove_server_obj,
|
||||
remove_sysvol_obj=remove_sysvol_obj,
|
||||
remove_dns_names=remove_dns_names)
|
||||
remove_dns_names=remove_dns_names,
|
||||
remove_dns_account=remove_dns_account)
|
||||
|
||||
|
||||
def remove_dc(samdb, dc_name):
|
||||
@ -350,7 +362,8 @@ def remove_dc(samdb, dc_name):
|
||||
remove_computer_obj=True,
|
||||
remove_server_obj=True,
|
||||
remove_sysvol_obj=True,
|
||||
remove_dns_names=True)
|
||||
remove_dns_names=True,
|
||||
remove_dns_account=True)
|
||||
|
||||
samdb.transaction_commit()
|
||||
return
|
||||
@ -363,7 +376,8 @@ def remove_dc(samdb, dc_name):
|
||||
remove_connection_obj=True,
|
||||
seize_stale_fsmo=True,
|
||||
remove_sysvol_obj=True,
|
||||
remove_dns_names=True)
|
||||
remove_dns_names=True,
|
||||
remove_dns_account=True)
|
||||
|
||||
samdb.transaction_commit()
|
||||
|
||||
|
@ -168,6 +168,14 @@ class SambaToolDrsTests(samba.tests.BlackboxTestCase):
|
||||
server_dn = samdb.searchone("serverReferenceBL", "cn=%s,ou=domain controllers,%s" % (self.dc2, server_nc_name))
|
||||
ntds_guid = samdb.searchone("objectGUID", "cn=ntds settings,%s" % server_dn)
|
||||
|
||||
res = samdb.search(base=str(server_nc_name),
|
||||
expression="(&(objectclass=user)(cn=dns-%s))" % (self.dc2),
|
||||
attrs=[], scope=ldb.SCOPE_SUBTREE)
|
||||
if len(res) == 1:
|
||||
dns_obj = res[0]
|
||||
else:
|
||||
dns_obj = None
|
||||
|
||||
def demote_self():
|
||||
# While we have this cloned, try demoting the other server on the clone
|
||||
out = self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H %s/private/sam.ldb"
|
||||
@ -193,6 +201,13 @@ class SambaToolDrsTests(samba.tests.BlackboxTestCase):
|
||||
samdb.searchone("CN", "<GUID=%s>" % ntds_guid)
|
||||
self.assertRaises(ldb.LdbError, check_ntds_guid)
|
||||
|
||||
if dns_obj is not None:
|
||||
# Check some of the objects that should have been removed
|
||||
def check_dns_account_obj():
|
||||
samdb.search(base=dns_obj.dn, scope=ldb.SCOPE_BASE,
|
||||
attrs=[])
|
||||
self.assertRaises(ldb.LdbError, check_dns_account_obj)
|
||||
|
||||
shutil.rmtree(os.path.join(self.tempdir, "private"))
|
||||
shutil.rmtree(os.path.join(self.tempdir, "etc"))
|
||||
shutil.rmtree(os.path.join(self.tempdir, "msg.lock"))
|
||||
|
Loading…
Reference in New Issue
Block a user