mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:provision - Removed dependency on full Samba 3 schema from FDS
This commit is contained in:
parent
55d2cec640
commit
8e5f5e3f05
@ -611,15 +611,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
.local_name = "unixHomeDirectory",
|
||||
.type = LDB_MAP_RENAME,
|
||||
.u = {
|
||||
.rename = {
|
||||
.remote_name = "homeDirectory"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
.local_name = "pwdLastSet",
|
||||
.type = LDB_MAP_RENAME,
|
||||
@ -740,38 +731,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
|
||||
/* This objectClass conflicts with builtin classes on FDS */
|
||||
const struct ldb_map_objectclass nsuniqueid_objectclasses[] =
|
||||
{
|
||||
{
|
||||
.local_name = "domain",
|
||||
.remote_name = "samba4Domain"
|
||||
},
|
||||
{
|
||||
.local_name = "rFC822LocalPart",
|
||||
.remote_name = "samba4RFC822LocalPart"
|
||||
},
|
||||
{
|
||||
.local_name = "mailRecipient",
|
||||
.remote_name = "samba4MailRecipient"
|
||||
},
|
||||
{
|
||||
.local_name = "nisMap",
|
||||
.remote_name = "samba4NisMap"
|
||||
},
|
||||
{
|
||||
.local_name = "person",
|
||||
.remote_name = "samba4Person"
|
||||
},
|
||||
{
|
||||
.local_name = "organizationalPerson",
|
||||
.remote_name = "samba4OrganizationalPerson"
|
||||
},
|
||||
{
|
||||
.local_name = "residentialPerson",
|
||||
.remote_name = "samba4ResidentialPerson"
|
||||
},
|
||||
{
|
||||
.local_name = "inetOrgPerson",
|
||||
.remote_name = "samba4InetOrgPerson"
|
||||
},
|
||||
{
|
||||
.local_name = NULL
|
||||
}
|
||||
|
@ -855,6 +855,7 @@ static const struct {
|
||||
{ "objectGUID", LDB_SYNTAX_SAMBA_GUID },
|
||||
{ "invocationId", LDB_SYNTAX_SAMBA_GUID },
|
||||
{ "schemaIDGUID", LDB_SYNTAX_SAMBA_GUID },
|
||||
{ "oMSyntax", LDB_SYNTAX_SAMBA_INT32 },
|
||||
{ "attributeSecurityGUID", LDB_SYNTAX_SAMBA_GUID },
|
||||
{ "parentGUID", LDB_SYNTAX_SAMBA_GUID },
|
||||
{ "siteGUID", LDB_SYNTAX_SAMBA_GUID },
|
||||
|
@ -183,15 +183,6 @@ class ProvisionPaths(object):
|
||||
self.slapdconf = None
|
||||
self.modulesconf = None
|
||||
self.memberofconf = None
|
||||
self.fedoradsinf = None
|
||||
self.fedoradspartitions = None
|
||||
self.fedoradssasl = None
|
||||
self.fedoradsdna = None
|
||||
self.fedoradspam = None
|
||||
self.fedoradsrefint = None
|
||||
self.fedoradslinkedattributes = None
|
||||
self.fedoradsindex = None
|
||||
self.fedoradssamba = None
|
||||
self.olmmron = None
|
||||
self.olmmrserveridsconf = None
|
||||
self.olmmrsyncreplconf = None
|
||||
@ -334,24 +325,6 @@ def provision_paths_from_lp(lp, dnsdomain):
|
||||
"modules.conf")
|
||||
paths.memberofconf = os.path.join(paths.ldapdir,
|
||||
"memberof.conf")
|
||||
paths.fedoradsinf = os.path.join(paths.ldapdir,
|
||||
"fedorads.inf")
|
||||
paths.fedoradspartitions = os.path.join(paths.ldapdir,
|
||||
"fedorads-partitions.ldif")
|
||||
paths.fedoradssasl = os.path.join(paths.ldapdir,
|
||||
"fedorads-sasl.ldif")
|
||||
paths.fedoradsdna = os.path.join(paths.ldapdir,
|
||||
"fedorads-dna.ldif")
|
||||
paths.fedoradspam = os.path.join(paths.ldapdir,
|
||||
"fedorads-pam.ldif")
|
||||
paths.fedoradsrefint = os.path.join(paths.ldapdir,
|
||||
"fedorads-refint.ldif")
|
||||
paths.fedoradslinkedattributes = os.path.join(paths.ldapdir,
|
||||
"fedorads-linked-attributes.ldif")
|
||||
paths.fedoradsindex = os.path.join(paths.ldapdir,
|
||||
"fedorads-index.ldif")
|
||||
paths.fedoradssamba = os.path.join(paths.ldapdir,
|
||||
"fedorads-samba.ldif")
|
||||
paths.olmmrserveridsconf = os.path.join(paths.ldapdir,
|
||||
"mmr_serverids.conf")
|
||||
paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
|
||||
@ -1250,22 +1223,25 @@ def provision(setup_dir, message, session_info,
|
||||
paths=paths, setup_path=setup_path,
|
||||
lp=lp, credentials=credentials,
|
||||
names=names,
|
||||
message=message, hostname=hostname,
|
||||
message=message,
|
||||
domainsid=domainsid,
|
||||
schema=schema,
|
||||
hostname=hostname,
|
||||
ldapadminpass=ldapadminpass,
|
||||
slapd_path=slapd_path,
|
||||
ldap_backend_extra_port=ldap_backend_extra_port,
|
||||
ldap_dryrun_mode=ldap_dryrun_mode,
|
||||
root=root,
|
||||
setup_ds_path=setup_ds_path,
|
||||
domainsid=domainsid)
|
||||
setup_ds_path=setup_ds_path)
|
||||
elif backend_type == "openldap":
|
||||
provision_backend = OpenLDAPBackend(backend_type,
|
||||
paths=paths, setup_path=setup_path,
|
||||
lp=lp, credentials=credentials,
|
||||
names=names,
|
||||
message=message, hostname=hostname,
|
||||
message=message,
|
||||
domainsid=domainsid,
|
||||
schema=schema,
|
||||
hostname=hostname,
|
||||
ldapadminpass=ldapadminpass,
|
||||
slapd_path=slapd_path,
|
||||
ldap_backend_extra_port=ldap_backend_extra_port,
|
||||
@ -1275,7 +1251,7 @@ def provision(setup_dir, message, session_info,
|
||||
else:
|
||||
raise ProvisioningError("Unknown LDAP backend type selected")
|
||||
|
||||
provision_backend.setup()
|
||||
provision_backend.init()
|
||||
provision_backend.start()
|
||||
|
||||
# only install a new shares config db if there is none
|
||||
|
@ -40,6 +40,7 @@ import urllib
|
||||
from ldb import SCOPE_BASE, SCOPE_ONELEVEL, LdbError, timestring
|
||||
from credentials import Credentials, DONT_USE_KERBEROS
|
||||
from samba import setup_file
|
||||
from schema import Schema
|
||||
|
||||
def setup_db_config(setup_path, dbdir):
|
||||
"""Setup a Berkeley database.
|
||||
@ -70,7 +71,7 @@ class ProvisionBackend(object):
|
||||
# Set a default - the code for "existing" below replaces this
|
||||
self.ldap_backend_type = backend_type
|
||||
|
||||
def setup(self):
|
||||
def init(self):
|
||||
pass
|
||||
|
||||
def start(self):
|
||||
@ -94,7 +95,7 @@ class LDBBackend(ProvisionBackend):
|
||||
names=names,
|
||||
message=message)
|
||||
|
||||
def setup(self):
|
||||
def init(self):
|
||||
self.credentials = None
|
||||
self.secrets_credentials = None
|
||||
|
||||
@ -115,7 +116,7 @@ class ExistingBackend(ProvisionBackend):
|
||||
|
||||
self.ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.ldapdir, "ldapi"), safe="")
|
||||
|
||||
def setup(self):
|
||||
def init(self):
|
||||
#Check to see that this 'existing' LDAP backend in fact exists
|
||||
ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
|
||||
search_ol_rootdse = ldapi_db.search(base="", scope=SCOPE_BASE,
|
||||
@ -131,8 +132,9 @@ class ExistingBackend(ProvisionBackend):
|
||||
class LDAPBackend(ProvisionBackend):
|
||||
def __init__(self, backend_type, paths=None, setup_path=None, lp=None, credentials=None,
|
||||
names=None, message=None,
|
||||
hostname=None,
|
||||
domainsid=None,
|
||||
schema=None,
|
||||
hostname=None,
|
||||
ldapadminpass=None,
|
||||
slapd_path=None,
|
||||
ldap_backend_extra_port=None,
|
||||
@ -145,9 +147,9 @@ class LDAPBackend(ProvisionBackend):
|
||||
names=names,
|
||||
message=message)
|
||||
|
||||
self.hostname = hostname
|
||||
self.domainsid = domainsid
|
||||
self.schema = schema
|
||||
|
||||
self.hostname = hostname
|
||||
self.ldapadminpass = ldapadminpass
|
||||
|
||||
self.slapd_path = slapd_path
|
||||
@ -159,7 +161,10 @@ class LDAPBackend(ProvisionBackend):
|
||||
|
||||
self.ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.ldapdir, "ldapi"), safe="")
|
||||
|
||||
def setup(self):
|
||||
if not os.path.exists(self.paths.ldapdir):
|
||||
os.mkdir(self.paths.ldapdir)
|
||||
|
||||
def init(self):
|
||||
# we will shortly start slapd with ldapi for final provisioning. first check with ldapsearch -> rootDSE via self.ldapi_uri
|
||||
# if another instance of slapd is already running
|
||||
try:
|
||||
@ -261,8 +266,9 @@ class LDAPBackend(ProvisionBackend):
|
||||
class OpenLDAPBackend(LDAPBackend):
|
||||
def __init__(self, backend_type, paths=None, setup_path=None, lp=None, credentials=None,
|
||||
names=None, message=None,
|
||||
hostname=None,
|
||||
domainsid=None,
|
||||
schema=None,
|
||||
hostname=None,
|
||||
ldapadminpass=None,
|
||||
slapd_path=None,
|
||||
ldap_backend_extra_port=None,
|
||||
@ -276,8 +282,9 @@ class OpenLDAPBackend(LDAPBackend):
|
||||
lp=lp, credentials=credentials,
|
||||
names=names,
|
||||
message=message,
|
||||
hostname=hostname,
|
||||
domainsid=domainsid,
|
||||
schema=schema,
|
||||
hostname=hostname,
|
||||
ldapadminpass=ldapadminpass,
|
||||
slapd_path=slapd_path,
|
||||
ldap_backend_extra_port=ldap_backend_extra_port,
|
||||
@ -286,6 +293,13 @@ class OpenLDAPBackend(LDAPBackend):
|
||||
self.ol_mmr_urls = ol_mmr_urls
|
||||
self.nosync = nosync
|
||||
|
||||
self.schema = Schema(
|
||||
self.setup_path,
|
||||
self.domainsid,
|
||||
schemadn=self.names.schemadn,
|
||||
serverdn=self.names.serverdn,
|
||||
files=[setup_path("schema_samba4.ldif")]);
|
||||
|
||||
def provision(self):
|
||||
# Wipe the directories so we can start
|
||||
shutil.rmtree(os.path.join(self.paths.ldapdir, "db"), True)
|
||||
@ -513,15 +527,15 @@ class OpenLDAPBackend(LDAPBackend):
|
||||
class FDSBackend(LDAPBackend):
|
||||
def __init__(self, backend_type, paths=None, setup_path=None, lp=None, credentials=None,
|
||||
names=None, message=None,
|
||||
hostname=None,
|
||||
domainsid=None,
|
||||
schema=None,
|
||||
hostname=None,
|
||||
ldapadminpass=None,
|
||||
slapd_path=None,
|
||||
ldap_backend_extra_port=None,
|
||||
ldap_dryrun_mode=False,
|
||||
root=None,
|
||||
setup_ds_path=None,
|
||||
domainsid=None):
|
||||
setup_ds_path=None):
|
||||
|
||||
super(FDSBackend, self).__init__(
|
||||
backend_type=backend_type,
|
||||
@ -529,8 +543,9 @@ class FDSBackend(LDAPBackend):
|
||||
lp=lp, credentials=credentials,
|
||||
names=names,
|
||||
message=message,
|
||||
hostname=hostname,
|
||||
domainsid=domainsid,
|
||||
schema=schema,
|
||||
hostname=hostname,
|
||||
ldapadminpass=ldapadminpass,
|
||||
slapd_path=slapd_path,
|
||||
ldap_backend_extra_port=ldap_backend_extra_port,
|
||||
@ -538,7 +553,38 @@ class FDSBackend(LDAPBackend):
|
||||
|
||||
self.root = root
|
||||
self.setup_ds_path = setup_ds_path
|
||||
self.domainsid = domainsid
|
||||
|
||||
self.sambadn = "CN=Samba"
|
||||
|
||||
self.fedoradsinf = os.path.join(paths.ldapdir, "fedorads.inf")
|
||||
self.partitions_ldif = os.path.join(paths.ldapdir, "fedorads-partitions.ldif")
|
||||
self.sasl_ldif = os.path.join(paths.ldapdir, "fedorads-sasl.ldif")
|
||||
self.dna_ldif = os.path.join(paths.ldapdir, "fedorads-dna.ldif")
|
||||
self.pam_ldif = os.path.join(paths.ldapdir, "fedorads-pam.ldif")
|
||||
self.refint_ldif = os.path.join(paths.ldapdir, "fedorads-refint.ldif")
|
||||
self.linked_attrs_ldif = os.path.join(paths.ldapdir, "fedorads-linked-attributes.ldif")
|
||||
self.index_ldif = os.path.join(paths.ldapdir, "fedorads-index.ldif")
|
||||
self.samba_ldif = os.path.join(paths.ldapdir, "fedorads-samba.ldif")
|
||||
|
||||
self.samba3_schema = self.setup_path("../../examples/LDAP/samba.schema")
|
||||
self.samba3_ldif = os.path.join(self.paths.ldapdir, "samba3.ldif")
|
||||
|
||||
self.retcode = subprocess.call(["bin/oLschema2ldif", "-H", "NONE",
|
||||
"-I", self.samba3_schema,
|
||||
"-O", self.samba3_ldif,
|
||||
"-b", self.names.domaindn],
|
||||
close_fds=True, shell=False)
|
||||
|
||||
if self.retcode != 0:
|
||||
raise Exception("Unable to convert Samba 3 schema.")
|
||||
|
||||
self.schema = Schema(
|
||||
self.setup_path,
|
||||
self.domainsid,
|
||||
schemadn=self.names.schemadn,
|
||||
serverdn=self.names.serverdn,
|
||||
files=[setup_path("schema_samba4.ldif"), self.samba3_ldif],
|
||||
prefixmap=["1000:1.3.6.1.4.1.7165.2.1", "1001:1.3.6.1.4.1.7165.2.2"])
|
||||
|
||||
def provision(self):
|
||||
if self.ldap_backend_extra_port is not None:
|
||||
@ -546,7 +592,7 @@ class FDSBackend(LDAPBackend):
|
||||
else:
|
||||
serverport = ""
|
||||
|
||||
setup_file(self.setup_path("fedorads.inf"), self.paths.fedoradsinf,
|
||||
setup_file(self.setup_path("fedorads.inf"), self.fedoradsinf,
|
||||
{"ROOT": self.root,
|
||||
"HOSTNAME": self.hostname,
|
||||
"DNSDOMAIN": self.names.dnsdomain,
|
||||
@ -556,23 +602,23 @@ class FDSBackend(LDAPBackend):
|
||||
"LDAPMANAGERPASS": self.ldapadminpass,
|
||||
"SERVERPORT": serverport})
|
||||
|
||||
setup_file(self.setup_path("fedorads-partitions.ldif"), self.paths.fedoradspartitions,
|
||||
setup_file(self.setup_path("fedorads-partitions.ldif"), self.partitions_ldif,
|
||||
{"CONFIGDN": self.names.configdn,
|
||||
"SCHEMADN": self.names.schemadn,
|
||||
"SAMBADN": self.names.sambadn,
|
||||
"SAMBADN": self.sambadn,
|
||||
})
|
||||
|
||||
setup_file(self.setup_path("fedorads-sasl.ldif"), self.paths.fedoradssasl,
|
||||
{"SAMBADN": self.names.sambadn,
|
||||
setup_file(self.setup_path("fedorads-sasl.ldif"), self.sasl_ldif,
|
||||
{"SAMBADN": self.sambadn,
|
||||
})
|
||||
|
||||
setup_file(self.setup_path("fedorads-dna.ldif"), self.paths.fedoradsdna,
|
||||
setup_file(self.setup_path("fedorads-dna.ldif"), self.dna_ldif,
|
||||
{"DOMAINDN": self.names.domaindn,
|
||||
"SAMBADN": self.names.sambadn,
|
||||
"SAMBADN": self.sambadn,
|
||||
"DOMAINSID": str(self.domainsid),
|
||||
})
|
||||
|
||||
setup_file(self.setup_path("fedorads-pam.ldif"), self.paths.fedoradspam)
|
||||
setup_file(self.setup_path("fedorads-pam.ldif"), self.pam_ldif)
|
||||
|
||||
lnkattr = self.schema.linked_attributes()
|
||||
|
||||
@ -593,8 +639,8 @@ class FDSBackend(LDAPBackend):
|
||||
{ "ATTR" : attr })
|
||||
argnum += 1
|
||||
|
||||
open(self.paths.fedoradsrefint, 'w').write(refint_config)
|
||||
open(self.paths.fedoradslinkedattributes, 'w').write(memberof_config)
|
||||
open(self.refint_ldif, 'w').write(refint_config)
|
||||
open(self.linked_attrs_ldif, 'w').write(memberof_config)
|
||||
|
||||
attrs = ["lDAPDisplayName"]
|
||||
res = self.schema.ldb.search(expression="(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))", base=self.names.schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
|
||||
@ -608,10 +654,10 @@ class FDSBackend(LDAPBackend):
|
||||
index_config += read_and_sub_file(self.setup_path("fedorads-index.ldif"),
|
||||
{ "ATTR" : attr })
|
||||
|
||||
open(self.paths.fedoradsindex, 'w').write(index_config)
|
||||
open(self.index_ldif, 'w').write(index_config)
|
||||
|
||||
setup_file(self.setup_path("fedorads-samba.ldif"), self.paths.fedoradssamba,
|
||||
{"SAMBADN": self.names.sambadn,
|
||||
setup_file(self.setup_path("fedorads-samba.ldif"), self.samba_ldif,
|
||||
{"SAMBADN": self.sambadn,
|
||||
"LDAPADMINPASS": self.ldapadminpass
|
||||
})
|
||||
|
||||
@ -649,16 +695,16 @@ class FDSBackend(LDAPBackend):
|
||||
raise ProvisioningError("Warning: Given Path to slapd does not exist!")
|
||||
|
||||
# Run the Fedora DS setup utility
|
||||
retcode = subprocess.call([self.setup_ds_path, "--silent", "--file", self.paths.fedoradsinf], close_fds=True, shell=False)
|
||||
retcode = subprocess.call([self.setup_ds_path, "--silent", "--file", self.fedoradsinf], close_fds=True, shell=False)
|
||||
if retcode != 0:
|
||||
raise ProvisioningError("setup-ds failed")
|
||||
|
||||
# Load samba-admin
|
||||
retcode = subprocess.call([
|
||||
os.path.join(self.paths.ldapdir, "slapd-samba4", "ldif2db"), "-s", self.names.sambadn, "-i", self.paths.fedoradssamba],
|
||||
os.path.join(self.paths.ldapdir, "slapd-samba4", "ldif2db"), "-s", self.sambadn, "-i", self.samba_ldif],
|
||||
close_fds=True, shell=False)
|
||||
if retcode != 0:
|
||||
raise("ldib2db failed")
|
||||
raise("ldif2db failed")
|
||||
|
||||
def post_setup(self):
|
||||
ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
|
||||
@ -671,7 +717,7 @@ class FDSBackend(LDAPBackend):
|
||||
dn = str(res[i]["dn"])
|
||||
ldapi_db.delete(dn)
|
||||
|
||||
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.names.sambadn
|
||||
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
|
||||
|
||||
m = ldb.Message()
|
||||
m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
|
||||
|
@ -51,7 +51,7 @@ def get_schema_descriptor(domain_sid):
|
||||
|
||||
class Schema(object):
|
||||
def __init__(self, setup_path, domain_sid, schemadn=None,
|
||||
serverdn=None):
|
||||
serverdn=None, files=None, prefixmap=None):
|
||||
"""Load schema for the SamDB from the AD schema files and samba4_schema.ldif
|
||||
|
||||
:param samdb: Load a schema into a SamDB.
|
||||
@ -66,7 +66,11 @@ class Schema(object):
|
||||
self.ldb = Ldb()
|
||||
self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'),
|
||||
setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt'))
|
||||
self.schema_data += open(setup_path("schema_samba4.ldif"), 'r').read()
|
||||
|
||||
if files is not None:
|
||||
for file in files:
|
||||
self.schema_data += open(file, 'r').read()
|
||||
|
||||
self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn})
|
||||
check_all_substituted(self.schema_data)
|
||||
|
||||
@ -81,13 +85,18 @@ class Schema(object):
|
||||
"DESCRIPTOR": descr
|
||||
})
|
||||
|
||||
prefixmap = open(setup_path("prefixMap.txt"), 'r').read()
|
||||
prefixmap = b64encode(prefixmap)
|
||||
self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
|
||||
|
||||
if prefixmap is not None:
|
||||
for map in prefixmap:
|
||||
self.prefixmap_data += "%s\n" % map
|
||||
|
||||
self.prefixmap_data = b64encode(self.prefixmap_data)
|
||||
|
||||
|
||||
|
||||
# We don't actually add this ldif, just parse it
|
||||
prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % prefixmap
|
||||
prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % self.prefixmap_data
|
||||
self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data)
|
||||
|
||||
def write_to_tmp_ldb(self, schemadb_path):
|
||||
|
@ -3,7 +3,6 @@ objectClass: top
|
||||
objectClass: extensibleObject
|
||||
cn: Samba SIDs
|
||||
dnaType: sambaSID
|
||||
dnaMaxValue: 10000
|
||||
dnaMagicRegen: 0
|
||||
dnaFilter: (|(objectClass=user)(objectClass=group))
|
||||
dnaScope: ${DOMAINDN}
|
||||
|
@ -26,11 +26,6 @@ cert_dir= ${LDAPDIR}/slapd-samba4
|
||||
start_server= 0
|
||||
install_full_schema= 0
|
||||
SchemaFile=${LDAPDIR}/99_ad.ldif
|
||||
SchemaFile=/etc/dirsrv/schema/10rfc2307.ldif
|
||||
SchemaFile=/etc/dirsrv/schema/05rfc4523.ldif
|
||||
SchemaFile=/etc/dirsrv/schema/05rfc4524.ldif
|
||||
SchemaFile=/etc/dirsrv/schema/06inetorgperson.ldif
|
||||
SchemaFile=/usr/share/dirsrv/data/60samba3.ldif
|
||||
ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif
|
||||
ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif
|
||||
ConfigFile = ${LDAPDIR}/fedorads-dna.ldif
|
||||
|
@ -12,17 +12,23 @@ description
|
||||
cn
|
||||
dITContentRules
|
||||
top
|
||||
homePostalAddress
|
||||
info
|
||||
displayName
|
||||
employeeNumber
|
||||
employeeType
|
||||
personalTitle
|
||||
co
|
||||
userSMIMECertificate
|
||||
|
||||
#This should be provided by the LDAP server, only in our schema to permit provision
|
||||
aci
|
||||
|
||||
#Skip ObjectClasses
|
||||
sambaSamAccount
|
||||
sambaGroupMapping
|
||||
sambaTrustPassword
|
||||
sambaTrustedDomainPassword
|
||||
sambaDomain
|
||||
sambaUnixIdPool
|
||||
sambaIdmapEntry
|
||||
sambaSidEntry
|
||||
sambaConfig
|
||||
sambaShare
|
||||
sambaConfigOption
|
||||
|
||||
#MiddleName has a conflicting OID
|
||||
2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1
|
||||
#defaultGroup has a conflicting OID
|
||||
@ -47,8 +53,6 @@ aci
|
||||
1.3.6.1.4.1.1466.115.121.1.43:1.3.6.1.4.1.1466.115.121.1.15
|
||||
|
||||
#Remap into existing schema
|
||||
unixHomeDirectory
|
||||
unixHomeDirectory:homeDirectory
|
||||
pwdLastSet
|
||||
pwdLastSet:sambaPwdLastSet
|
||||
lastLogon
|
||||
@ -77,26 +81,3 @@ privilegeDisplayName
|
||||
privilegeDisplayName:sambaPrivName
|
||||
objectSid
|
||||
objectSid:sambaSID
|
||||
|
||||
#Resolve conflicting attributes
|
||||
1.2.840.113556.1.4.484:fRSDirectoryFilter-oid
|
||||
1.2.840.113556.1.4.483:fRSFileFilter-oid
|
||||
1.2.840.113556.1.4.485:fRSUpdateTimeout-oid
|
||||
2.16.840.1.113730.3.1.36:thumbnailLogo-oid
|
||||
2.16.840.1.113730.3.1.35:thumbnailPhoto-oid
|
||||
1.2.840.113556.1.4.481:schemaUpdate-oid
|
||||
|
||||
#Resolve conflicting object classes
|
||||
domain:samba4Domain
|
||||
rFC822LocalPart:samba4RFC822LocalPart
|
||||
mailRecipient:samba4MailRecipient
|
||||
nisMap:samba4NisMap
|
||||
0.9.2342.19200300.100.4.14:samba4RFC822LocalPart-oid
|
||||
person:samba4Person
|
||||
2.5.6.6:samba4Person-oid
|
||||
organizationalPerson:samba4OrganizationalPerson
|
||||
2.5.6.7:samba4OrganizationalPerson-oid
|
||||
residentialPerson:samba4ResidentialPerson
|
||||
2.5.6.10:samba4ResidentialPerson-oid
|
||||
inetOrgPerson:samba4InetOrgPerson
|
||||
2.16.840.1.113730.3.2.2:samba4InetOrgPerson-oid
|
||||
|
@ -35,6 +35,8 @@
|
||||
#include "ldb.h"
|
||||
#include "tools/cmdline.h"
|
||||
#include "dsdb/samdb/samdb.h"
|
||||
#include "../lib/crypto/sha256.h"
|
||||
#include "../librpc/gen_ndr/ndr_misc.h"
|
||||
|
||||
#define SCHEMA_UNKNOWN 0
|
||||
#define SCHEMA_NAME 1
|
||||
@ -336,6 +338,16 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
|
||||
char *c, *s;
|
||||
int n;
|
||||
|
||||
SHA256_CTX sha256_context;
|
||||
uint8_t digest[SHA256_DIGEST_LENGTH];
|
||||
|
||||
struct GUID guid;
|
||||
struct ldb_val schemaIdGuid;
|
||||
enum ndr_err_code ndr_err;
|
||||
|
||||
bool isAttribute = false;
|
||||
bool single_valued = false;
|
||||
|
||||
ctx = talloc_new(mem_ctx);
|
||||
msg = ldb_msg_new(ctx);
|
||||
|
||||
@ -351,6 +363,7 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
|
||||
if (strncmp(c, "attributetype", 13) == 0) {
|
||||
c += 13;
|
||||
MSG_ADD_STRING("objectClass", "attributeSchema");
|
||||
isAttribute = true;
|
||||
break;
|
||||
}
|
||||
goto failed;
|
||||
@ -374,7 +387,29 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
|
||||
/* get attributeID */
|
||||
n = strcspn(c, " \t");
|
||||
s = talloc_strndup(msg, c, n);
|
||||
if (isAttribute) {
|
||||
MSG_ADD_STRING("attributeID", s);
|
||||
} else {
|
||||
MSG_ADD_STRING("governsID", s);
|
||||
}
|
||||
|
||||
SHA256_Init(&sha256_context);
|
||||
SHA256_Update(&sha256_context, (uint8_t*)s, strlen(s));
|
||||
SHA256_Final(digest, &sha256_context);
|
||||
|
||||
memcpy(&guid, digest, sizeof(struct GUID));
|
||||
|
||||
ndr_err = ndr_push_struct_blob(&schemaIdGuid, ctx, NULL, &guid,
|
||||
(ndr_push_flags_fn_t)ndr_push_GUID);
|
||||
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (ldb_msg_add_value(msg, "schemaIdGuid", &schemaIdGuid, NULL) != 0) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
c += n;
|
||||
c = skip_spaces(c);
|
||||
|
||||
@ -416,7 +451,7 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
|
||||
break;
|
||||
|
||||
case SCHEMA_SINGLE_VALUE:
|
||||
MSG_ADD_STRING("isSingleValued", "TRUE");
|
||||
single_valued = true;
|
||||
break;
|
||||
|
||||
case SCHEMA_EQUALITY:
|
||||
@ -433,12 +468,23 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
|
||||
|
||||
case SCHEMA_SYNTAX:
|
||||
{
|
||||
const struct dsdb_syntax *map =
|
||||
find_syntax_map_by_standard_oid(token->value);
|
||||
char *syntax_oid;
|
||||
const struct dsdb_syntax *map;
|
||||
char *oMSyntax;
|
||||
|
||||
n = strcspn(token->value, "{");
|
||||
syntax_oid = talloc_strndup(ctx, token->value, n);
|
||||
|
||||
map = find_syntax_map_by_standard_oid(syntax_oid);
|
||||
if (!map) {
|
||||
break;
|
||||
}
|
||||
|
||||
MSG_ADD_STRING("attributeSyntax", map->attributeSyntax_oid);
|
||||
|
||||
oMSyntax = talloc_asprintf(msg, "%d", map->oMSyntax);
|
||||
MSG_ADD_STRING("oMSyntax", oMSyntax);
|
||||
|
||||
break;
|
||||
}
|
||||
case SCHEMA_DESC:
|
||||
@ -450,6 +496,12 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
|
||||
}
|
||||
}
|
||||
|
||||
if (isAttribute) {
|
||||
MSG_ADD_STRING("isSingleValued", single_valued ? "TRUE" : "FALSE");
|
||||
} else {
|
||||
MSG_ADD_STRING("defaultObjectCategory", ldb_dn_get_linearized(msg->dn));
|
||||
}
|
||||
|
||||
talloc_steal(mem_ctx, msg);
|
||||
talloc_free(ctx);
|
||||
return msg;
|
||||
|
Loading…
Reference in New Issue
Block a user