mirror of
https://github.com/samba-team/samba.git
synced 2025-10-22 07:33:16 +03:00
Update the provision scripts and selftest for LDAP
This should allow us to provision onto an OpenLDAP backend again. Also ensure we always have a sysvol and netlogon share in the selftest environment. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
@@ -1192,16 +1192,18 @@ def provision_backend(setup_dir=None, message=None,
|
|||||||
for i in range (0, len(res)):
|
for i in range (0, len(res)):
|
||||||
linkid = res[i]["linkID"][0]
|
linkid = res[i]["linkID"][0]
|
||||||
linkid = str(int(linkid) + 1)
|
linkid = str(int(linkid) + 1)
|
||||||
|
expression = "(&(objectclass=attributeSchema)(linkID=" + (linkid) + "))"
|
||||||
target = schemadb.searchone(basedn=names.schemadn,
|
target = schemadb.searchone(basedn=names.schemadn,
|
||||||
expression="(&(objectclass=attributeSchema)(linkID=" + (linkid) + "))",
|
expression=expression,
|
||||||
attribute="lDAPDisplayName");
|
attribute="lDAPDisplayName",
|
||||||
|
scope=SCOPE_SUBTREE);
|
||||||
if target is not None:
|
if target is not None:
|
||||||
refint_attributes = refint_attributes + " " + target + " " + res[i]["lDAPDisplayName"];
|
refint_attributes = refint_attributes + " " + target + " " + res[i]["lDAPDisplayName"][0];
|
||||||
memberof_config = memberof_config + """overlay memberof
|
memberof_config = memberof_config + """overlay memberof
|
||||||
memberof-dangling error
|
memberof-dangling error
|
||||||
memberof-refint TRUE
|
memberof-refint TRUE
|
||||||
memberof-group-oc top
|
memberof-group-oc top
|
||||||
memberof-member-ad """ + res[i]["lDAPDisplayName"] + """
|
memberof-member-ad """ + res[i]["lDAPDisplayName"][0] + """
|
||||||
memberof-memberof-ad """ + target + """
|
memberof-memberof-ad """ + target + """
|
||||||
memberof-dangling-error 32
|
memberof-dangling-error 32
|
||||||
|
|
||||||
@@ -1214,7 +1216,7 @@ refint_attributes""" + refint_attributes + "\n";
|
|||||||
if os.path.exists(paths.memberofconf):
|
if os.path.exists(paths.memberofconf):
|
||||||
os.unlink(paths.memberof.conf)
|
os.unlink(paths.memberof.conf)
|
||||||
|
|
||||||
open(paths.memberofconf, 'w').write(memberof_config)
|
open(paths.memberofconf, 'w').write(memberof_config)
|
||||||
|
|
||||||
ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
|
ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
|
||||||
message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri)
|
message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri)
|
||||||
|
|||||||
@@ -617,6 +617,14 @@ sub provision($$$$$$)
|
|||||||
read only = no
|
read only = no
|
||||||
ntvfs handler = simple
|
ntvfs handler = simple
|
||||||
|
|
||||||
|
[sysvol]
|
||||||
|
path = $lockdir/sysvol
|
||||||
|
read only = yes
|
||||||
|
|
||||||
|
[netlogon]
|
||||||
|
path = $lockdir/sysvol/$dnsname/scripts
|
||||||
|
read only = no
|
||||||
|
|
||||||
[cifsposix]
|
[cifsposix]
|
||||||
copy = simple
|
copy = simple
|
||||||
ntvfs handler = cifsposix
|
ntvfs handler = cifsposix
|
||||||
@@ -746,7 +754,7 @@ nogroup:x:65534:nobody
|
|||||||
if (defined($self->{ldap})) {
|
if (defined($self->{ldap})) {
|
||||||
|
|
||||||
push (@provision_options, "--ldap-backend=$ldap_uri");
|
push (@provision_options, "--ldap-backend=$ldap_uri");
|
||||||
system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$unix_name --realm=$realm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
|
system("$self->{bindir}/smbpython $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$unix_name --realm=$realm --domain=$domain --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
|
||||||
|
|
||||||
if ($self->{ldap} eq "openldap") {
|
if ($self->{ldap} eq "openldap") {
|
||||||
($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");
|
($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");
|
||||||
|
|||||||
@@ -46,8 +46,8 @@ parser.add_option("--domain", type="string", metavar="DOMAIN",
|
|||||||
help="set domain")
|
help="set domain")
|
||||||
parser.add_option("--host-name", type="string", metavar="HOSTNAME",
|
parser.add_option("--host-name", type="string", metavar="HOSTNAME",
|
||||||
help="set hostname")
|
help="set hostname")
|
||||||
parser.add_option("--adminpass", type="string", metavar="PASSWORD",
|
parser.add_option("--ldap-manager-pass", type="string", metavar="PASSWORD",
|
||||||
help="choose admin password (otherwise random)")
|
help="choose LDAP manager password (otherwise random)")
|
||||||
parser.add_option("--root", type="string", metavar="USERNAME",
|
parser.add_option("--root", type="string", metavar="USERNAME",
|
||||||
help="choose 'root' unix username")
|
help="choose 'root' unix username")
|
||||||
parser.add_option("--quiet", help="Be quiet", action="store_true")
|
parser.add_option("--quiet", help="Be quiet", action="store_true")
|
||||||
@@ -91,7 +91,7 @@ if setup_dir is None:
|
|||||||
provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir,
|
provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir,
|
||||||
realm=opts.realm, domain=opts.domain,
|
realm=opts.realm, domain=opts.domain,
|
||||||
hostname=opts.host_name,
|
hostname=opts.host_name,
|
||||||
adminpass=opts.adminpass,
|
adminpass=opts.ldap_manager_pass,
|
||||||
root=opts.root, serverrole=server_role,
|
root=opts.root, serverrole=server_role,
|
||||||
ldap_backend_type=opts.ldap_backend_type)
|
ldap_backend_type=opts.ldap_backend_type)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user