mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
r17499: Open the main database only the minimum times during a provision.
This causes things to operate as just one transaction (locally), and
to make a minimum of TCP connections when connecting to a remote LDAP
server.
Taking advantage of this, create another file to handle loading the
Samba4 specific schema extensions. Also comment out 'middleName' and
reassign the OID to one in the Samba4 range, as it is 'stolen' from a
netscape range that is used in OpenLDAP and interenet standards for
'ref'.
Andrew Bartlett
(This used to be commit 009d090594
)
This commit is contained in:
parent
d120eb8128
commit
6e4940cf79
@ -189,24 +189,12 @@ function ldb_erase(ldb)
|
||||
/*
|
||||
erase an ldb, removing all records
|
||||
*/
|
||||
function ldb_erase_partitions(info, dbname)
|
||||
function ldb_erase_partitions(info, ldb)
|
||||
{
|
||||
var rootDSE_attrs = new Array("namingContexts");
|
||||
var ldb = ldb_init();
|
||||
var lp = loadparm_init();
|
||||
var j;
|
||||
|
||||
ldb.session_info = info.session_info;
|
||||
ldb.credentials = info.credentials;
|
||||
|
||||
|
||||
ldb.filename = dbname;
|
||||
|
||||
var connect_ok = ldb.connect(dbname);
|
||||
assert(connect_ok);
|
||||
|
||||
ldb.transaction_start();
|
||||
|
||||
var res = ldb.search("(objectClass=*)", "", ldb.SCOPE_BASE, rootDSE_attrs);
|
||||
assert(typeof(res) != "undefined");
|
||||
assert(res.length == 1);
|
||||
@ -237,45 +225,13 @@ function ldb_erase_partitions(info, dbname)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var commit_ok = ldb.transaction_commit();
|
||||
if (!commit_ok) {
|
||||
info.message("ldb commit failed: " + ldb.errstring() + "\n");
|
||||
assert(add_ok);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
setup a ldb in the private dir
|
||||
*/
|
||||
function setup_ldb(ldif, info, dbname)
|
||||
function open_ldb(info, dbname, erase)
|
||||
{
|
||||
var erase = true;
|
||||
var extra = "";
|
||||
var failok = false;
|
||||
var ldb = ldb_init();
|
||||
var lp = loadparm_init();
|
||||
ldb.session_info = info.session_info;
|
||||
ldb.credentials = info.credentials;
|
||||
|
||||
if (arguments.length >= 4) {
|
||||
extra = arguments[3];
|
||||
}
|
||||
|
||||
if (arguments.length >= 5) {
|
||||
erase = arguments[4];
|
||||
}
|
||||
|
||||
if (arguments.length == 6) {
|
||||
failok = arguments[5];
|
||||
}
|
||||
|
||||
var src = lp.get("setup directory") + "/" + ldif;
|
||||
|
||||
var data = sys.file_load(src);
|
||||
data = data + extra;
|
||||
data = substitute_var(data, info.subobj);
|
||||
|
||||
ldb.filename = dbname;
|
||||
|
||||
var connect_ok = ldb.connect(dbname);
|
||||
@ -290,6 +246,20 @@ function setup_ldb(ldif, info, dbname)
|
||||
if (erase) {
|
||||
ldb_erase(ldb);
|
||||
}
|
||||
return ldb;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
setup a ldb in the private dir
|
||||
*/
|
||||
function setup_add_ldif(ldif, info, ldb, failok)
|
||||
{
|
||||
var lp = loadparm_init();
|
||||
var src = lp.get("setup directory") + "/" + ldif;
|
||||
|
||||
var data = sys.file_load(src);
|
||||
data = substitute_var(data, info.subobj);
|
||||
|
||||
var add_ok = ldb.add(data);
|
||||
if (!add_ok) {
|
||||
@ -298,7 +268,22 @@ function setup_ldb(ldif, info, dbname)
|
||||
assert(add_ok);
|
||||
}
|
||||
}
|
||||
if (add_ok) {
|
||||
return add_ok;
|
||||
}
|
||||
|
||||
function setup_ldb(ldif, info, dbname)
|
||||
{
|
||||
var erase = true;
|
||||
var failok = false;
|
||||
|
||||
if (arguments.length >= 4) {
|
||||
erase = arguments[3];
|
||||
}
|
||||
if (arguments.length == 5) {
|
||||
failok = arguments[4];
|
||||
}
|
||||
var ldb = open_ldb(info, dbname, erase);
|
||||
if (setup_add_ldif(ldif, info, ldb, erase, failok)) {
|
||||
var commit_ok = ldb.transaction_commit();
|
||||
if (!commit_ok) {
|
||||
info.message("ldb commit failed: " + ldb.errstring() + "\n");
|
||||
@ -310,35 +295,20 @@ function setup_ldb(ldif, info, dbname)
|
||||
/*
|
||||
setup a ldb in the private dir
|
||||
*/
|
||||
function setup_ldb_modify(ldif, info, dbname)
|
||||
function setup_ldb_modify(ldif, info, ldb)
|
||||
{
|
||||
var ldb = ldb_init();
|
||||
var lp = loadparm_init();
|
||||
ldb.session_info = info.session_info;
|
||||
ldb.credentials = info.credentials;
|
||||
|
||||
var src = lp.get("setup directory") + "/" + ldif;
|
||||
|
||||
var data = sys.file_load(src);
|
||||
data = substitute_var(data, info.subobj);
|
||||
|
||||
ldb.filename = dbname;
|
||||
|
||||
var connect_ok = ldb.connect(dbname);
|
||||
assert(connect_ok);
|
||||
|
||||
ldb.transaction_start();
|
||||
|
||||
var mod_ok = ldb.modify(data);
|
||||
if (!mod_ok) {
|
||||
info.message("ldb load failed: " + ldb.errstring() + "\n");
|
||||
assert(mod_ok);
|
||||
}
|
||||
var commit_ok = ldb.transaction_commit();
|
||||
if (!commit_ok) {
|
||||
info.message("ldb commit failed: " + ldb.errstring() + "\n");
|
||||
assert(commit_ok);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@ -386,16 +356,9 @@ function provision_default_paths(subobj)
|
||||
/*
|
||||
setup reasonable name mappings for sam names to unix names
|
||||
*/
|
||||
function setup_name_mappings(info, subobj, session_info, credentials)
|
||||
function setup_name_mappings(info, subobj, ldb)
|
||||
{
|
||||
var lp = loadparm_init();
|
||||
var ldb = ldb_init();
|
||||
ldb.session_info = session_info;
|
||||
ldb.credentials = credentials;
|
||||
var ok = ldb.connect(lp.get("sam database"));
|
||||
if (!ok) {
|
||||
return false;
|
||||
}
|
||||
var attrs = new Array("objectSid");
|
||||
res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
|
||||
assert(res.length == 1 && res[0].objectSid != undefined);
|
||||
@ -436,7 +399,6 @@ function setup_name_mappings(info, subobj, session_info, credentials)
|
||||
*/
|
||||
function provision(subobj, message, blank, paths, session_info, credentials)
|
||||
{
|
||||
var data = "";
|
||||
var lp = loadparm_init();
|
||||
var sys = sys_init();
|
||||
var info = new Object();
|
||||
@ -480,38 +442,54 @@ function provision(subobj, message, blank, paths, session_info, credentials)
|
||||
setup_ldb("hklm.ldif", info, paths.hklm);
|
||||
|
||||
message("Setting up sam.ldb partitions\n");
|
||||
/* Also wipes the database */
|
||||
setup_ldb("provision_partitions.ldif", info, paths.samdb);
|
||||
|
||||
var samdb = open_ldb(info, paths.samdb, false);
|
||||
|
||||
message("Setting up sam.ldb attributes\n");
|
||||
setup_ldb("provision_init.ldif", info, paths.samdb, NULL, false);
|
||||
setup_add_ldif("provision_init.ldif", info, samdb, false);
|
||||
message("Erasing data from partitions\n");
|
||||
ldb_erase_partitions(info, paths.samdb);
|
||||
ldb_erase_partitions(info, samdb);
|
||||
|
||||
message("Adding baseDN: " + subobj.BASEDN + "\n");
|
||||
setup_ldb("provision_basedn.ldif", info, paths.samdb, NULL, false, true);
|
||||
message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
|
||||
setup_add_ldif("provision_basedn.ldif", info, samdb, true);
|
||||
message("Modifying baseDN: " + subobj.BASEDN + "\n");
|
||||
setup_ldb_modify("provision_basedn_modify.ldif", info, paths.samdb)
|
||||
setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
|
||||
|
||||
message("Setting up sam.ldb schema\n");
|
||||
setup_ldb("schema.ldif", info, paths.samdb, NULL, false);
|
||||
message("Setting up sam.ldb Samba4 schema\n");
|
||||
setup_add_ldif("schema_samba4.ldif", info, samdb, false);
|
||||
message("Setting up sam.ldb AD schema\n");
|
||||
setup_add_ldif("schema.ldif", info, samdb, false);
|
||||
message("Setting up display specifiers\n");
|
||||
setup_ldb("display_specifiers.ldif", info, paths.samdb, NULL, false);
|
||||
setup_add_ldif("display_specifiers.ldif", info, samdb, false);
|
||||
message("Setting up sam.ldb templates\n");
|
||||
setup_ldb("provision_templates.ldif", info, paths.samdb, NULL, false);
|
||||
setup_add_ldif("provision_templates.ldif", info, samdb, false);
|
||||
message("Setting up sam.ldb data\n");
|
||||
setup_ldb("provision.ldif", info, paths.samdb, NULL, false);
|
||||
setup_add_ldif("provision.ldif", info, samdb, false);
|
||||
|
||||
if (blank != false) {
|
||||
var commit_ok = samdb.transaction_commit();
|
||||
if (!commit_ok) {
|
||||
info.message("ldb commit failed: " + samdb.errstring() + "\n");
|
||||
assert(commit_ok);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
message("Setting up sam.ldb users and groups\n");
|
||||
setup_ldb("provision_users.ldif", info, paths.samdb, data, false);
|
||||
setup_add_ldif("provision_users.ldif", info, samdb, false);
|
||||
|
||||
if (setup_name_mappings(info, subobj, session_info, credentials) == false) {
|
||||
if (setup_name_mappings(info, subobj, samdb) == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
var commit_ok = samdb.transaction_commit();
|
||||
if (!commit_ok) {
|
||||
info.message("samdb commit failed: " + samdb.errstring() + "\n");
|
||||
assert(commit_ok);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -548,19 +548,19 @@ adminDisplayName: houseIdentifier
|
||||
attributeID: 2.5.4.51
|
||||
attributeSyntax: 2.5.5.12
|
||||
|
||||
dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: middleName
|
||||
name: middleName
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: middleName
|
||||
isSingleValued: TRUE
|
||||
systemFlags: 16
|
||||
systemOnly: FALSE
|
||||
schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
|
||||
adminDisplayName: Other-Name
|
||||
attributeID: 2.16.840.1.113730.3.1.34
|
||||
attributeSyntax: 2.5.5.12
|
||||
#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
|
||||
#cn: middleName
|
||||
#name: middleName
|
||||
#objectClass: top
|
||||
#objectClass: attributeSchema
|
||||
#lDAPDisplayName: middleName
|
||||
#isSingleValued: TRUE
|
||||
#systemFlags: 16
|
||||
#systemOnly: FALSE
|
||||
#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
|
||||
#adminDisplayName: Other-Name
|
||||
#attributeID: 2.16.840.1.113730.3.1.34
|
||||
#attributeSyntax: 2.5.5.12
|
||||
|
||||
dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: replTopologyStayOfExecution
|
||||
|
149
source4/setup/schema_samba4.ldif
Normal file
149
source4/setup/schema_samba4.ldif
Normal file
@ -0,0 +1,149 @@
|
||||
#
|
||||
# Schema elements which do not exist in AD, but which we use in Samba4
|
||||
#
|
||||
## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
|
||||
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
|
||||
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
|
||||
#
|
||||
#
|
||||
|
||||
|
||||
dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: ntpwdHash
|
||||
name: NTPWDHash
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: ntpwdhash
|
||||
isSingleValued: TRUE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
|
||||
adminDisplayName: NT-PWD-Hash
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.1
|
||||
attributeSyntax: 2.5.5.10
|
||||
|
||||
dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: lmpwdHash
|
||||
name: lmpwdHash
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: lmpwdhash
|
||||
isSingleValued: TRUE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
|
||||
adminDisplayName: LM-PWD-Hash
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.2
|
||||
attributeSyntax: 2.5.5.10
|
||||
|
||||
dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: sambaNtPwdHistory
|
||||
name: sambaNtPwdHistory
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: sambaNtPwdHistory
|
||||
isSingleValued: TRUE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
|
||||
adminDisplayName: SAMBA-NT-PWD-History
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.3
|
||||
attributeSyntax: 2.5.5.10
|
||||
|
||||
dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: sambaLmPwdHistory
|
||||
name: sambaLmPwdHistory
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: sambaLmPwdHistory
|
||||
isSingleValued: FALSE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
|
||||
adminDisplayName: SAMBA-LM-PWDHistory
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.4
|
||||
attributeSyntax: 2.5.5.10
|
||||
|
||||
dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: sambaPassword
|
||||
name: sambaPassword
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: sambaPassword
|
||||
isSingleValued: FALSE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
|
||||
adminDisplayName: SAMBA-Password
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.5
|
||||
attributeSyntax: 2.5.5.5
|
||||
|
||||
dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: dnsDomain
|
||||
name: dnsDomain
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: dnsDomain
|
||||
isSingleValued: FALSE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
|
||||
adminDisplayName: SAMBA-Password
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.6
|
||||
attributeSyntax: 2.5.5.4
|
||||
|
||||
dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: privilege
|
||||
name: privilege
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: privilege
|
||||
isSingleValued: FALSE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
|
||||
adminDisplayName: Privilege
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.7
|
||||
attributeSyntax: 2.5.5.4
|
||||
|
||||
dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: middleName
|
||||
name: middleName
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: middleName
|
||||
sSingleValued: TRUE
|
||||
systemFlags: 16
|
||||
systemOnly: FALSE
|
||||
schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
|
||||
adminDisplayName: Other-Name
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.8
|
||||
attributeSyntax: 2.5.5.12
|
||||
|
||||
dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: unixName
|
||||
name: unixName
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: unixName
|
||||
sSingleValued: TRUE
|
||||
systemFlags: 16
|
||||
systemOnly: FALSE
|
||||
schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
|
||||
adminDisplayName: Unix-Name
|
||||
attributeID: 1.3.6.1.4.1.7165.4.1.9
|
||||
attributeSyntax: 2.5.5.4
|
||||
|
||||
dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN}
|
||||
cn: krb5Key
|
||||
name: krb5Key
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
lDAPDisplayName: krb5Key
|
||||
isSingleValued: FALSE
|
||||
systemFlags: 17
|
||||
systemOnly: TRUE
|
||||
schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
|
||||
adminDisplayName: krb5-Key
|
||||
attributeID: 1.3.6.1.4.1.5322.10.1.10
|
||||
attributeSyntax: 2.5.5.10
|
Loading…
Reference in New Issue
Block a user