mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
90b49dc520
--ldap-manager-pass= option to work.
Andrew Bartlett
(This used to be commit fbcb1ec141
)
152 lines
4.6 KiB
Plaintext
Executable File
152 lines
4.6 KiB
Plaintext
Executable File
#!/bin/sh
|
|
exec smbscript "$0" ${1+"$@"}
|
|
/*
|
|
provision a Samba4 server
|
|
Copyright Andrew Tridgell 2005
|
|
Released under the GNU GPL v2 or later
|
|
*/
|
|
|
|
options = GetOptions(ARGV,
|
|
"POPT_AUTOHELP",
|
|
"POPT_COMMON_SAMBA",
|
|
"POPT_COMMON_VERSION",
|
|
"POPT_COMMON_CREDENTIALS",
|
|
'realm=s',
|
|
'host-name=s',
|
|
'ldap-manager-pass=s',
|
|
'root=s',
|
|
'quiet',
|
|
'ldap-backend-type=s',
|
|
'ldap-backend-port=i');
|
|
|
|
if (options == undefined) {
|
|
println("Failed to parse options");
|
|
return -1;
|
|
}
|
|
|
|
sys = sys_init();
|
|
|
|
libinclude("base.js");
|
|
libinclude("provision.js");
|
|
|
|
/*
|
|
print a message if quiet is not set
|
|
*/
|
|
function message()
|
|
{
|
|
if (options["quiet"] == undefined) {
|
|
print(vsprintf(arguments));
|
|
}
|
|
}
|
|
|
|
/*
|
|
show some help
|
|
*/
|
|
function ShowHelp()
|
|
{
|
|
print("
|
|
Samba4 provisioning
|
|
|
|
provision [options]
|
|
--realm REALM set realm
|
|
--host-name HOSTNAME set hostname
|
|
--ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random)
|
|
--root USERNAME choose 'root' unix username
|
|
--quiet Be quiet
|
|
--ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure
|
|
--ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only)
|
|
You must provide at least a realm and ldap-backend-type
|
|
|
|
");
|
|
exit(1);
|
|
}
|
|
|
|
if (options['host-name'] == undefined) {
|
|
options['host-name'] = hostname();
|
|
}
|
|
|
|
/*
|
|
main program
|
|
*/
|
|
if (options["realm"] == undefined ||
|
|
options["ldap-backend-type"] == undefined ||
|
|
options["host-name"] == undefined) {
|
|
ShowHelp();
|
|
}
|
|
|
|
/* cope with an initially blank smb.conf */
|
|
var lp = loadparm_init();
|
|
lp.set("realm", options.realm);
|
|
lp.reload();
|
|
|
|
var subobj = provision_guess();
|
|
for (r in options) {
|
|
var key = strupper(join("", split("-", r)));
|
|
subobj[key] = options[r];
|
|
}
|
|
|
|
|
|
|
|
var paths = provision_default_paths(subobj);
|
|
provision_fix_subobj(subobj, paths);
|
|
message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR);
|
|
message("Using %s password: %s\n", subobj.LDAPMANAGERDN, subobj.LDAPMANAGERPASS);
|
|
var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb";
|
|
sys.mkdir(subobj.LDAPDIR, 0700);
|
|
|
|
provision_schema(subobj, message, tmp_schema_ldb, paths);
|
|
|
|
var mapping;
|
|
var ext;
|
|
var slapd_command;
|
|
if (options["ldap-backend-type"] == "fedora-ds") {
|
|
mapping = "schema-map-fedora-ds-1.0";
|
|
ext = "ldif";
|
|
if (options["ldap-backend-port"] != undefined) {
|
|
message("Will listen on TCP port " + options["ldap-backend-port"] + "\n");
|
|
subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"];
|
|
} else {
|
|
message("Will listen on LDAPI only\n");
|
|
subobj.SERVERPORT="";
|
|
}
|
|
setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj);
|
|
setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj);
|
|
|
|
slapd_command = "(see documentation)";
|
|
} else if (options["ldap-backend-type"] == "openldap") {
|
|
provision_ldapbase(subobj, message, paths);
|
|
mapping = "schema-map-openldap-2.3";
|
|
ext = "schema";
|
|
setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
|
|
setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj);
|
|
sys.mkdir(subobj.LDAPDIR + "/db", 0700);
|
|
subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user";
|
|
sys.mkdir(subobj.LDAPDBDIR, 0700);
|
|
sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
|
|
sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
|
|
setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
|
|
subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config";
|
|
sys.mkdir(subobj.LDAPDBDIR, 0700);
|
|
sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
|
|
sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
|
|
setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
|
|
subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema";
|
|
sys.mkdir(subobj.LDAPDBDIR, 0700);
|
|
sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700);
|
|
sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700);
|
|
setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj);
|
|
if (options["ldap-backend-port"] != undefined) {
|
|
message("\nStart slapd with: \n");
|
|
slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h \"ldap://0.0.0.0:" + options["ldap-backend-port"] + " " + subobj.LDAPI_URI "\"";
|
|
} else {
|
|
slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI;
|
|
}
|
|
}
|
|
var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext;
|
|
|
|
message("\nCreate a suitable schema file with:\n%s\n", schema_command);
|
|
message("\nStart slapd with: \n%s\n", slapd_command);
|
|
|
|
message("All OK\n");
|
|
return 0;
|