1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

54 Commits

Author SHA1 Message Date
Andrew Bartlett
7e0ef3fd0e Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
To make Samba4, using the python provision system, pass this test
required some major rework.  Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.

Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).

In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.

Andrew Bartlett
(This used to be commit 1169e8d7be)
2008-03-06 21:55:26 +11:00
Jelmer Vernooij
ee6f838d3a Make setup/provision the name of the python provision script now that that is the default.
(This used to be commit a0a05c5a3d)
2008-02-21 01:22:20 +01:00
Andrew Bartlett
0b1a24681e Be consistant about --ldap-backend-type
Make the EJS provision and the selftest scripts both use the new
syntax for speicifying the ldap backend type.

Andrew Bartlett
(This used to be commit b1d2584277)
2008-02-21 10:43:13 +11:00
Andrew Bartlett
9e547f4303 Revert to ejs for 'provision'
Andrew Bartlett
(This used to be commit fa1098959a)
2008-02-08 12:54:09 +11:00
Andrew Bartlett
0fc670308e Remove unused argument to provision().
Andrew Bartlett
(This used to be commit 2f98ec1e64)
2008-02-08 12:52:54 +11:00
Andrew Bartlett
48e79659d1 Make the repl_meta_data module the default for domain controllers.
Andrew Bartlett
(This used to be commit ae2ea1bd0c)
2008-01-24 16:17:45 +11:00
Andrew Bartlett
f1e177a7b8 provision: simplfy by removing old code to manually create baseDNs.
Previously, we would create the first record in the DB as an LDIF
file, with the expectation that the administrator would use slapadd to
create the database.

We now do everything over LDAP, which is far simpler, and allows the
LDB module chain to do its work, without special cases.

Also fix naming of the output schema when suggesting the comamnd line
to run ad2oLschema in provision-backend.

Andrew Bartlett
(This used to be commit e77375758d)
2008-01-17 12:00:27 +11:00
Andrew Bartlett
3f7ec9bf19 Add in new module to normalise DNs being returned from OpenLDAP. This
fixes the case of the attribute in teh DN.

Fix option spelling for example re-provision

Andrew Bartlett
(This used to be commit e3a76be047)
2008-01-11 10:44:49 +11:00
Andrew Bartlett
d59ac4d6e9 r26686: Fix bug 5143 by Jason Tarbet. This prevented an easy cut-and-paste of
the provision options used.

Andrew Bartlett
(This used to be commit 51cd93344d)
2008-01-06 23:57:02 -06:00
Andrew Bartlett
a2a4aba5fd r26245: Make it easier to handle the LDAP backend, with it's differing needs,
by seperating the modules list into parts.  That way, we can remove
the modules that the backend will provide.

Andrew Bartlett
(This used to be commit d67e5c7896)
2007-12-21 05:47:24 +01:00
Andrew Bartlett
adef944c43 r26137: Rename the entryUUID module to better match it's purpose: being a
simple ldap mapping (a complex mapping will follow).

Fix the module to handle 'name' better, rather than using the 'name'
attribute built into OpenLDAP, rename to samba4RDN.  We need to see if
this can be handled in the backend.

Also rename the functions and inernal module name to entryuuid for
consistancy.

Andrew Bartlett
(This used to be commit a7be80766f)
2007-12-21 05:46:19 +01:00
Andrew Bartlett
43890c4c58 r25451: Rework the display of provision options to use printf syntax, and
avoid %s in the substituted strings from becoming a problem.

Andrew Bartlett
(This used to be commit 3c4f107239)
2007-10-10 15:07:37 -05:00
Andrew Bartlett
e12730322c r25303: Print out the options the provision script generated. This should
help users produce predictable setups.

Andrew Bartlett
(This used to be commit 9789bd3c0a)
2007-10-10 15:07:10 -05:00
Andrew Bartlett
ee257e902a r25299: Modify the provision script to take an additional argument: --server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.

The default for the provision now changes to 'standalone'.

This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.

We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.

Andrew Bartlett
(This used to be commit 4cc4ed7719)
2007-10-10 15:07:09 -05:00
Andrew Bartlett
73388ce54c r24729: First try and publishing a DNS service account, for folks to play with.
The keytab in dns.keytab should (I hope) do the job.

Andrew Bartlett
(This used to be commit af4d331eef)
2007-10-10 15:02:58 -05:00
Andrew Bartlett
10f6e16573 r23859: Work to have Group Policy work 'out of the box' in Samba4.
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.

This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).

Andrew Bartlett
(This used to be commit 45cadf3bc0)
2007-10-10 15:01:05 -05:00
Andrew Bartlett
c37cfae81e r23715: Make the provision-backend script print out the exact commands to run,
to set up the LDAP backend.

Andrew Bartlett
(This used to be commit cc7900210a)
2007-10-10 14:59:06 -05:00
Andrew Bartlett
3a78f7323a r23703: Start to get Samba4 to again work with LDAP backends, after I turned
on metze's schema work.

Andrew Bartlett
(This used to be commit 3111bbdf64)
2007-10-10 14:59:06 -05:00
Andrew Bartlett
e9d19477e4 r23560: - Activate metze's schema modules (from metze's schema-loading-13 patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
  as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
  reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
  schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
  based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
  and privilages

Andrew Bartlett
(This used to be commit dcff83ebe4)
2007-10-10 14:53:27 -05:00
Andrew Bartlett
86a4886e39 r23189: Work towards a totally scripted setup of LDAP backends, so others can
easily try this out.

I also intend to use this for the selftest, but I'm chasing issues
with the OpenlDAP (but not Fedora DS) backend.

Andrew Bartlett
(This used to be commit 0f457b1d2e)
2007-10-10 14:53:02 -05:00
Andrew Bartlett
112728c651 r22756: Make it easier to setup an LDAP replica. Provision with
--partitions-only (suggestions for a better name welcome) will setup
the partitions records, but no any data in those partitions.  This can
then point at the already configured remote LDAP server.

Andrew Bartlett
(This used to be commit ee7b06fc83)
2007-10-10 14:52:15 -05:00
Stefan Metzmacher
e5ea03737f r22530: use message() to make --quiet work
metze
(This used to be commit 7c381b2d4f)
2007-10-10 14:51:38 -05:00
Andrew Bartlett
3d4c4c5fa3 r22478: Update the LDAP backend code to handle initialisation of multiple
partitions onto the target LDAP server.

Make the LDAP provision run before smbd starts, then stop the LDAP
server.  This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).

This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.

Andrew Bartlett
(This used to be commit 860dfa4ea1)
2007-10-10 14:51:31 -05:00
Stefan Metzmacher
5e2f0275e8 r20859: fix typo
metze
(This used to be commit ba6ee1a098)
2007-10-10 14:43:40 -05:00
Stefan Metzmacher
8a2636af4a r20560: make it possible to configure the backend and modules
for all partitions and make it not use LDAP in the variable names
because it isn't specific to the ldap backend case.

metze
(This used to be commit 3e337ec276)
2007-10-10 14:36:57 -05:00
Andrew Bartlett
e8dfa06d45 r20495: Further notes on joining with fedora DS.
Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.

Andrew Bartlett
(This used to be commit f45504e271)
2007-10-10 14:36:00 -05:00
Andrew Bartlett
bf4c652af7 r20492: Add in instructions/sample LDIF to setup Fedora DS as a backend.
Add a new module entrypoint to handle the new, interesting and
different mappings required for Fedora DS.

Andrew Bartlett
(This used to be commit 600c7f1a68)
2007-10-10 14:35:59 -05:00
Andrew Bartlett
9fc3e164df r20468: Patch from Martin Kuehl <kuehl@univention.de> to make it easier to load
into an exsting LDAP server.  (Allow some parts to pre-exist, and try
to blow away less data).

Andrew Bartlett
(This used to be commit 99faff0ad8)
2007-10-10 14:35:54 -05:00
Andrew Bartlett
7135bb9e63 r19216: Merge from SAMBA_4_0_RELEASE:
Move default for subobj.LDAPMODULES into scripting/libjs/provision.js
so that SWAT can provision again.

Andrew Bartlett
(This used to be commit a4aafe307d)
2007-10-10 14:20:54 -05:00
Andrew Bartlett
7783080810 r17705: Use the paged_searches module by default against the LDAP backend, if
selected.

Andrew Bartlett
(This used to be commit 3bb0a0d91e)
2007-10-10 14:16:28 -05:00
Andrew Bartlett
8f42f1292c r17526: Move timestamp generation into the objectGUID module. It probably
needs to be renamed (operation_add?).

This allows me to match the behaviour and substitute with the
entryUUID module for remote LDAP connections.

Andrew Bartlett
(This used to be commit af02b4d7c6)
2007-10-10 14:15:33 -05:00
Andrew Bartlett
f77c410084 r16264: Add, but do not yet enable, the partitions module.
This required changes to the rootDSE module, to allow registration of
partitions.  In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.

Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server.  Then we perform a modify to add the
remaining attributes.

To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.

In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.

To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.

Andrew Bartlett
(This used to be commit b49a4fbb57)
2007-10-10 14:09:09 -05:00
Andrew Bartlett
c06911376c r13239: Silly little patch: make the order of declaration match the order of use.
(This used to be commit 2b605cf22c)
2007-10-10 13:51:36 -05:00
Andrew Bartlett
d59667fd21 r12944: Update scripts in setup to match changes in the provision.js
DNS is now done as a seperate step, to assist in migrations.

Andrew Bartlett
(This used to be commit 916607d1d0)
2007-10-10 13:51:11 -05:00
Andrew Bartlett
a8eec31354 r12746: An initial version of the kludge_acls module.
This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:

- SYSTEM and Administrators can read all.

- Users and anonymous cannot read passwords, can read everything else

- list of 'password' attributes is hard-coded

Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)

Andrew Bartlett
(This used to be commit be9d0cae89)
2007-10-10 13:49:48 -05:00
Andrew Bartlett
8f4dc51345 r12739: Add support for using credentials in the provision process.
This should allow us to provision to a 'normal' LDAP server.

Also add in 'session info' hooks (unused).  Both of these need to be
hooked in on the webserver.

Andrew Bartlett
(This used to be commit b349d2fbfe)
2007-10-10 13:49:48 -05:00
Jelmer Vernooij
342d229b40 r10190: Do some very basic input checking when provisioning.
(This used to be commit 87f25fe49c)
2007-10-10 13:38:06 -05:00
Jelmer Vernooij
f58a74aaba r9816: Work on testsuite for upgrade
Add 'paths' object to provision code.
(This used to be commit 488d737fb0)
2007-10-10 13:35:04 -05:00
Andrew Tridgell
4b275f4716 r9646: fixed error message
(This used to be commit 804f2485d0)
2007-10-10 13:34:37 -05:00
Rafal Szczesniak
55e746ad56 r9477: Convert popt options to an ejs object. Doesn't seem to break anything
except of popt help (-h) option (unexpected ?).

rafal
(This used to be commit 1990793b23)
2007-10-10 13:34:20 -05:00
Rafal Szczesniak
4475dd517b r8902: Revert the small change as Andrew Bartlett asked. Now, let's go
and fix howto.txt.

rafal
(This used to be commit 5bf5559e0f)
2007-10-10 13:30:16 -05:00
Rafal Szczesniak
901d7594b3 r8898: Fix provision script to actually work, since location of smbscript
has changed.

rafal
(This used to be commit a59594d2d8)
2007-10-10 13:30:16 -05:00
Andrew Tridgell
0928f1f605 r8857: please don't get fancy with embedded boolean statements in js
code. Especially as this is a new language for most Samba developers,
it is far better to err strongly on the side of readability rather
than trying to save a line of code by using fancy tricks
(This used to be commit 3228644cf8)
2007-10-10 13:30:12 -05:00
Andrew Bartlett
66b2a04346 r8790: Finish the migration of aliases and privilages with SamSync, by adding
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)

The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.

Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.

Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong.  Many of these should perhaps be hooked
into an error string.

Andrew Bartlett
(This used to be commit 1f071b0609)
2007-10-10 13:30:05 -05:00
Andrew Tridgell
2f5f01567b r8643: - make lp_configfile() work again
- get rid of redundeny dyn_CONFIGFILE argument to lp_load()

- fixed provisioning to work with completely pristine install,
  creating an initial smb.conf is none is present

- added lp.set() and lp.reload() to loadparm ejs object interface
(This used to be commit c2691ef712)
2007-10-10 13:29:48 -05:00
Andrew Tridgell
8858542b26 r8459: move to the more portable script execution method
(This used to be commit d7e4dcaaaa)
2007-10-10 13:23:05 -05:00
Andrew Tridgell
afb160e20c r8410: converted the newuser script to js
(This used to be commit b90aa3c5a7)
2007-10-10 13:22:59 -05:00
Andrew Tridgell
adb7fd18e5 r8372: - split out provisioning logic into a separate ejs library
- added a provisioning web page
(This used to be commit 7476cb9413)
2007-10-10 13:20:13 -05:00
Andrew Tridgell
26a55c330a r8355: - added a vsprintf() function
- removed the --outputdir option from provision, as its not used any
  more (as ejs knows the real paths)
(This used to be commit abbf9c703c)
2007-10-10 13:20:10 -05:00
Andrew Tridgell
dd750b98af r8350: fixed the --root option to provision
(This used to be commit 506e07d6e0)
2007-10-10 13:20:10 -05:00