s4:provision - Added initial implementation of FDSBackend and OpenLDAPBackend.

source4/scripting/python/samba/provision.py

@@ -52,7 +52,7 @@ import urllib
 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
 from ms_display_specifiers import read_ms_ldif
 from schema import Schema
-from provisionbackend import ProvisionBackend
+from provisionbackend import ProvisionBackend, FDSBackend, OpenLDAPBackend
 from signal import SIGTERM
 from dcerpc.misc import SEC_CHAN_BDC, SEC_CHAN_WKSTA
 
@@ -623,7 +623,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
             backend_modules = ["nsuniqueid", "paged_searches"]
             # We can handle linked attributes here, as we don't have directory-side subtree operations
             tdb_modules_list = ["extended_dn_out_fds"]
-        elif ldap_backend.ldap_backend_type == "openldap":
+        elif provision_backend.ldap_backend_type == "openldap":
             backend_modules = ["entryuuid", "paged_searches"]
             # OpenLDAP handles subtree renames, so we don't want to do any of these things
             tdb_modules_list = ["extended_dn_out_openldap"]
@@ -1233,6 +1233,35 @@ def provision(setup_dir, message, session_info,
     
     schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn)
     
+    if backend_type == "fedora-ds":
+        provision_backend = FDSBackend(backend_type,
+                                         paths=paths, setup_path=setup_path,
+                                         lp=lp, credentials=credentials, 
+                                         names=names,
+                                         message=message, hostname=hostname,
+                                         root=root, schema=schema,
+                                         ldapadminpass=ldapadminpass,
+                                         ldap_backend_extra_port=ldap_backend_extra_port,
+                                         ol_mmr_urls=ol_mmr_urls, 
+                                         slapd_path=slapd_path,
+                                         setup_ds_path=setup_ds_path,
+                                         ldap_dryrun_mode=ldap_dryrun_mode,
+                                         domainsid=domainsid)
+    elif backend_type == "openldap":
+        provision_backend = OpenLDAPBackend(backend_type,
+                                         paths=paths, setup_path=setup_path,
+                                         lp=lp, credentials=credentials, 
+                                         names=names,
+                                         message=message, hostname=hostname,
+                                         root=root, schema=schema,
+                                         ldapadminpass=ldapadminpass,
+                                         ldap_backend_extra_port=ldap_backend_extra_port,
+                                         ol_mmr_urls=ol_mmr_urls, 
+                                         slapd_path=slapd_path,
+                                         setup_ds_path=setup_ds_path,
+                                         ldap_dryrun_mode=ldap_dryrun_mode,
+                                         domainsid=domainsid)
+    else:
         provision_backend = ProvisionBackend(backend_type,
                                          paths=paths, setup_path=setup_path,
                                          lp=lp, credentials=credentials, 
@@ -1365,10 +1394,7 @@ def provision(setup_dir, message, session_info,
                              realm=names.realm)
             message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf)
 
-    if provision_backend.post_setup is not None:
     provision_backend.post_setup()
-
-    if provision_backend.shutdown is not None:
     provision_backend.shutdown()
     
     create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, 

source4/scripting/python/samba/provisionbackend.py

@@ -26,6 +26,7 @@
 """Functions for setting up a Samba configuration (LDB and LDAP backends)."""
 
 from base64 import b64encode
+import ldb
 import os
 import sys
 import uuid
@@ -70,15 +71,13 @@ class ProvisionBackend(object):
         self.paths = paths
         self.slapd_command = None
         self.slapd_command_escaped = None
+        self.names = names
 
         self.type = backend_type
         
         # Set a default - the code for "existing" below replaces this
         self.ldap_backend_type = backend_type
 
-        self.post_setup = None
-        self.shutdown = None
-
         if self.type is "ldb":
             self.credentials = None
             self.secrets_credentials = None
@@ -155,22 +154,6 @@ class ProvisionBackend(object):
         self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
 
 
-        def ldap_backend_shutdown(self):
-            # if an LDAP backend is in use, terminate slapd after final provision and check its proper termination
-            if self.slapd.poll() is None:
-                #Kill the slapd
-                if hasattr(self.slapd, "terminate"):
-                    self.slapd.terminate()
-                else:
-                    # Older python versions don't have .terminate()
-                    import signal
-                    os.kill(self.slapd.pid, signal.SIGTERM)
-            
-                #and now wait for it to die
-                self.slapd.communicate()
-
-        self.shutdown = ldap_backend_shutdown
-
         if self.type == "fedora-ds":
             provision_fds_backend(self, setup_path=setup_path,
                                   names=names, message=message, 
@@ -225,6 +208,31 @@ class ProvisionBackend(object):
         
         raise ProvisioningError("slapd died before we could make a connection to it")
 
+    def shutdown(self):
+        pass
+
+    def post_setup(self):
+        pass
+
+
+class LDAPBackend(ProvisionBackend):
+    def shutdown(self):
+        # if an LDAP backend is in use, terminate slapd after final provision and check its proper termination
+        if self.slapd.poll() is None:
+            #Kill the slapd
+            if hasattr(self.slapd, "terminate"):
+                self.slapd.terminate()
+            else:
+                # Older python versions don't have .terminate()
+                import signal
+                os.kill(self.slapd.pid, signal.SIGTERM)
+    
+            #and now wait for it to die
+            self.slapd.communicate()
+
+
+class OpenLDAPBackend(LDAPBackend):
+    pass
 
 def provision_openldap_backend(result, setup_path=None, names=None,
                                message=None, 
@@ -588,8 +596,9 @@ def provision_fds_backend(result, setup_path=None, names=None,
     if retcode != 0:
         raise("ldib2db failed")
 
-    # Leave a hook to do the 'post initilisation' setup
-    def fds_post_setup(self):
+
+class FDSBackend(LDAPBackend):
+    def post_setup(self):
         ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
 
         # delete default SASL mappings
@@ -600,20 +609,16 @@ def provision_fds_backend(result, setup_path=None, names=None,
             dn = str(res[i]["dn"])
             ldapi_db.delete(dn)
             
-            aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % names.sambadn
+            aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.names.sambadn
         
             m = ldb.Message()
             m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
 
-            m.dn = ldb.Dn(1, names.domaindn)
+            m.dn = ldb.Dn(1, self.names.domaindn)
             ldapi_db.modify(m)
             
-            m.dn = ldb.Dn(1, names.configdn)
+            m.dn = ldb.Dn(1, self.names.configdn)
             ldapi_db.modify(m)
             
-            m.dn = ldb.Dn(1, names.schemadn)
+            m.dn = ldb.Dn(1, self.names.schemadn)
             ldapi_db.modify(m)
-            
-    result.post_setup = fds_post_setup
-    
-