From 6e4940cf791c1a8009216a92b398e49250e71a53 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Aug 2006 22:11:29 +0000 Subject: [PATCH] r17499: Open the main database only the minimum times during a provision. This causes things to operate as just one transaction (locally), and to make a minimum of TCP connections when connecting to a remote LDAP server. Taking advantage of this, create another file to handle loading the Samba4 specific schema extensions. Also comment out 'middleName' and reassign the OID to one in the Samba4 range, as it is 'stolen' from a netscape range that is used in OpenLDAP and interenet standards for 'ref'. Andrew Bartlett (This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35) --- source4/scripting/libjs/provision.js | 154 ++++++++++++--------------- source4/setup/schema.ldif | 26 ++--- source4/setup/schema_samba4.ldif | 149 ++++++++++++++++++++++++++ 3 files changed, 228 insertions(+), 101 deletions(-) create mode 100644 source4/setup/schema_samba4.ldif diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 232d15d66f6..8830c273f56 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -189,24 +189,12 @@ function ldb_erase(ldb) /* erase an ldb, removing all records */ -function ldb_erase_partitions(info, dbname) +function ldb_erase_partitions(info, ldb) { var rootDSE_attrs = new Array("namingContexts"); - var ldb = ldb_init(); var lp = loadparm_init(); var j; - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; - - - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs); assert(typeof(res) != "undefined"); assert(res.length == 1); @@ -237,45 +225,13 @@ function ldb_erase_partitions(info, dbname) } } } - - var commit_ok = ldb.transaction_commit(); - if (!commit_ok) { - info.message("ldb commit failed: " + ldb.errstring() + "\n"); - assert(add_ok); - } } -/* - setup a ldb in the private dir - */ -function setup_ldb(ldif, info, dbname) +function open_ldb(info, dbname, erase) { - var erase = true; - var extra = ""; - var failok = false; var ldb = ldb_init(); - var lp = loadparm_init(); ldb.session_info = info.session_info; ldb.credentials = info.credentials; - - if (arguments.length >= 4) { - extra = arguments[3]; - } - - if (arguments.length >= 5) { - erase = arguments[4]; - } - - if (arguments.length == 6) { - failok = arguments[5]; - } - - var src = lp.get("setup directory") + "/" + ldif; - - var data = sys.file_load(src); - data = data + extra; - data = substitute_var(data, info.subobj); - ldb.filename = dbname; var connect_ok = ldb.connect(dbname); @@ -290,6 +246,20 @@ function setup_ldb(ldif, info, dbname) if (erase) { ldb_erase(ldb); } + return ldb; +} + + +/* + setup a ldb in the private dir + */ +function setup_add_ldif(ldif, info, ldb, failok) +{ + var lp = loadparm_init(); + var src = lp.get("setup directory") + "/" + ldif; + + var data = sys.file_load(src); + data = substitute_var(data, info.subobj); var add_ok = ldb.add(data); if (!add_ok) { @@ -298,7 +268,22 @@ function setup_ldb(ldif, info, dbname) assert(add_ok); } } - if (add_ok) { + return add_ok; +} + +function setup_ldb(ldif, info, dbname) +{ + var erase = true; + var failok = false; + + if (arguments.length >= 4) { + erase = arguments[3]; + } + if (arguments.length == 5) { + failok = arguments[4]; + } + var ldb = open_ldb(info, dbname, erase); + if (setup_add_ldif(ldif, info, ldb, erase, failok)) { var commit_ok = ldb.transaction_commit(); if (!commit_ok) { info.message("ldb commit failed: " + ldb.errstring() + "\n"); @@ -310,35 +295,20 @@ function setup_ldb(ldif, info, dbname) /* setup a ldb in the private dir */ -function setup_ldb_modify(ldif, info, dbname) +function setup_ldb_modify(ldif, info, ldb) { - var ldb = ldb_init(); var lp = loadparm_init(); - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; var src = lp.get("setup directory") + "/" + ldif; var data = sys.file_load(src); data = substitute_var(data, info.subobj); - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var mod_ok = ldb.modify(data); if (!mod_ok) { info.message("ldb load failed: " + ldb.errstring() + "\n"); assert(mod_ok); } - var commit_ok = ldb.transaction_commit(); - if (!commit_ok) { - info.message("ldb commit failed: " + ldb.errstring() + "\n"); - assert(commit_ok); - } } /* @@ -386,16 +356,9 @@ function provision_default_paths(subobj) /* setup reasonable name mappings for sam names to unix names */ -function setup_name_mappings(info, subobj, session_info, credentials) +function setup_name_mappings(info, subobj, ldb) { var lp = loadparm_init(); - var ldb = ldb_init(); - ldb.session_info = session_info; - ldb.credentials = credentials; - var ok = ldb.connect(lp.get("sam database")); - if (!ok) { - return false; - } var attrs = new Array("objectSid"); res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs); assert(res.length == 1 && res[0].objectSid != undefined); @@ -436,7 +399,6 @@ function setup_name_mappings(info, subobj, session_info, credentials) */ function provision(subobj, message, blank, paths, session_info, credentials) { - var data = ""; var lp = loadparm_init(); var sys = sys_init(); var info = new Object(); @@ -480,38 +442,54 @@ function provision(subobj, message, blank, paths, session_info, credentials) setup_ldb("hklm.ldif", info, paths.hklm); message("Setting up sam.ldb partitions\n"); + /* Also wipes the database */ setup_ldb("provision_partitions.ldif", info, paths.samdb); - message("Setting up sam.ldb attributes\n"); - setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false); - message("Erasing data from partitions\n"); - ldb_erase_partitions(info, paths.samdb); - - message("Adding baseDN: " + subobj.BASEDN + "\n"); - setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true); - message("Modifying baseDN: " + subobj.BASEDN + "\n"); - setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb) + var samdb = open_ldb(info, paths.samdb, false); - message("Setting up sam.ldb schema\n"); - setup_ldb("schema.ldif", info, paths.samdb, NULL, false); + message("Setting up sam.ldb attributes\n"); + setup_add_ldif("provision_init.ldif", info, samdb, false); + message("Erasing data from partitions\n"); + ldb_erase_partitions(info, samdb); + + message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n"); + setup_add_ldif("provision_basedn.ldif", info, samdb, true); + message("Modifying baseDN: " + subobj.BASEDN + "\n"); + setup_ldb_modify("provision_basedn_modify.ldif", info, samdb); + + message("Setting up sam.ldb Samba4 schema\n"); + setup_add_ldif("schema_samba4.ldif", info, samdb, false); + message("Setting up sam.ldb AD schema\n"); + setup_add_ldif("schema.ldif", info, samdb, false); message("Setting up display specifiers\n"); - setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("display_specifiers.ldif", info, samdb, false); message("Setting up sam.ldb templates\n"); - setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("provision_templates.ldif", info, samdb, false); message("Setting up sam.ldb data\n"); - setup_ldb("provision.ldif", info, paths.samdb, NULL, false); + setup_add_ldif("provision.ldif", info, samdb, false); if (blank != false) { + var commit_ok = samdb.transaction_commit(); + if (!commit_ok) { + info.message("ldb commit failed: " + samdb.errstring() + "\n"); + assert(commit_ok); + } return true; } message("Setting up sam.ldb users and groups\n"); - setup_ldb("provision_users.ldif", info, paths.samdb, data, false); + setup_add_ldif("provision_users.ldif", info, samdb, false); - if (setup_name_mappings(info, subobj, session_info, credentials) == false) { + if (setup_name_mappings(info, subobj, samdb) == false) { return false; } + var commit_ok = samdb.transaction_commit(); + if (!commit_ok) { + info.message("samdb commit failed: " + samdb.errstring() + "\n"); + assert(commit_ok); + } + return true; } diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index e7d7fcec2dc..ca21ee923df 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -548,19 +548,19 @@ adminDisplayName: houseIdentifier attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 -dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} -cn: middleName -name: middleName -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: middleName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Other-Name -attributeID: 2.16.840.1.113730.3.1.34 -attributeSyntax: 2.5.5.12 +#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +#cn: middleName +#name: middleName +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: middleName +#isSingleValued: TRUE +#systemFlags: 16 +#systemOnly: FALSE +#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +#adminDisplayName: Other-Name +#attributeID: 2.16.840.1.113730.3.1.34 +#attributeSyntax: 2.5.5.12 dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN} cn: replTopologyStayOfExecution diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif new file mode 100644 index 00000000000..94b79bd31ff --- /dev/null +++ b/source4/setup/schema_samba4.ldif @@ -0,0 +1,149 @@ +# +# Schema elements which do not exist in AD, but which we use in Samba4 +# +## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema +## 1.3.6.1.4.1.7165.4.1.x - attributetypes +## 1.3.6.1.4.1.7165.4.2.x - objectclasses +# +# + + +dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: ntpwdHash +name: NTPWDHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ntpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592 +adminDisplayName: NT-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.1 +attributeSyntax: 2.5.5.10 + +dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: lmpwdHash +name: lmpwdHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lmpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253 +adminDisplayName: LM-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.2 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaNtPwdHistory +name: sambaNtPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaNtPwdHistory +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B +adminDisplayName: SAMBA-NT-PWD-History +attributeID: 1.3.6.1.4.1.7165.4.1.3 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaLmPwdHistory +name: sambaLmPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaLmPwdHistory +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: SAMBA-LM-PWDHistory +attributeID: 1.3.6.1.4.1.7165.4.1.4 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaPassword +name: sambaPassword +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaPassword +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.5 +attributeSyntax: 2.5.5.5 + +dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: dnsDomain +name: dnsDomain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dnsDomain +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.6 +attributeSyntax: 2.5.5.4 + +dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN} +cn: privilege +name: privilege +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: privilege +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 +adminDisplayName: Privilege +attributeID: 1.3.6.1.4.1.7165.4.1.7 +attributeSyntax: 2.5.5.4 + +dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +cn: middleName +name: middleName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: middleName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Other-Name +attributeID: 1.3.6.1.4.1.7165.4.1.8 +attributeSyntax: 2.5.5.12 + +dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} +cn: unixName +name: unixName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: unixName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Unix-Name +attributeID: 1.3.6.1.4.1.7165.4.1.9 +attributeSyntax: 2.5.5.4 + +dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN} +cn: krb5Key +name: krb5Key +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: krb5Key +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: krb5-Key +attributeID: 1.3.6.1.4.1.5322.10.1.10 +attributeSyntax: 2.5.5.10