self.ldap_backend_type = backend_type
def init(self):
- pass
+ """Initialize the backend."""
+ raise NotImplementedError(self.init)
def start(self):
- pass
+ """Start the backend."""
+ raise NotImplementedError(self.start)
def shutdown(self):
- pass
+ """Shutdown the backend."""
+ raise NotImplementedError(self.shutdown)
def post_setup(self):
- pass
+ """Post setup."""
+ raise NotImplementedError(self.post_setup)
class LDBBackend(ProvisionBackend):
# into the long-term database later in the script.
self.secrets_credentials = self.credentials
- self.ldap_backend_type = "openldap" # For now, assume existing backends at least emulate OpenLDAP
+ # For now, assume existing backends at least emulate OpenLDAP
+ self.ldap_backend_type = "openldap"
class LDAPBackend(ProvisionBackend):
self.ldap_backend_extra_port = ldap_backend_extra_port
self.ldap_dryrun_mode = ldap_dryrun_mode
- self.ldapi_uri = "ldapi://" + urllib.quote(os.path.join(self.ldapdir, "ldapi"), safe="")
+ self.ldapi_uri = "ldapi://%s" % urllib.quote(os.path.join(self.ldapdir, "ldapi"), safe="")
if not os.path.exists(self.ldapdir):
os.mkdir(self.ldapdir)
# XXX: We should never be catching all Ldb errors
pass
- # Try to print helpful messages when the user has not specified the path to slapd
+ # Try to print helpful messages when the user has not specified the
+ # path to slapd
if self.slapd_path is None:
raise ProvisioningError("Warning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path=\"/usr/local/libexec/slapd\"!")
if not os.path.exists(self.slapd_path):
self.credentials = Credentials()
self.credentials.guess(self.lp)
- #Kerberos to an ldapi:// backend makes no sense
+ # Kerberos to an ldapi:// backend makes no sense
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
self.credentials.set_password(self.ldapadminpass)
self.secrets_credentials = Credentials()
self.secrets_credentials.guess(self.lp)
- #Kerberos to an ldapi:// backend makes no sense
+ # Kerberos to an ldapi:// backend makes no sense
self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
self.secrets_credentials.set_username("samba-admin")
self.secrets_credentials.set_password(self.ldapadminpass)
def start(self):
from samba.provision import ProvisioningError
self.slapd_command_escaped = "\'" + "\' \'".join(self.slapd_command) + "\'"
- open(os.path.join(self.ldapdir, "ldap_backend_startup.sh"), 'w').write("#!/bin/sh\n" + self.slapd_command_escaped + "\n")
+ f = open(os.path.join(self.ldapdir, "ldap_backend_startup.sh"), 'w')
+ try:
+ f.write("#!/bin/sh\n" + self.slapd_command_escaped + "\n")
+ finally:
+ f.close()
# Now start the slapd, so we can provision onto it. We keep the
# subprocess context around, to kill this off at the successful
self.message("Could not connect to slapd started with: %s" % "\'" + "\' \'".join(self.slapd_provision_command) + "\'")
raise ProvisioningError("slapd never accepted a connection within 15 seconds of starting")
- self.message("Could not start slapd with: %s" % "\'" + "\' \'".join(self.slapd_provision_command) + "\'")
+ self.message("Could not start slapd with: %s" % "\'" + "\' \'".join(self.slapd_provision_command) + "\'")
raise ProvisioningError("slapd died before we could make a connection to it")
def shutdown(self):
# if an LDAP backend is in use, terminate slapd after final provision and check its proper termination
if self.slapd.poll() is None:
- #Kill the slapd
+ # Kill the slapd
if hasattr(self.slapd, "terminate"):
self.slapd.terminate()
else:
import signal
os.kill(self.slapd.pid, signal.SIGTERM)
- #and now wait for it to die
+ # and now wait for it to die
self.slapd.communicate()
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
ldap_backend_extra_port=None, ldap_dryrun_mode=False,
ol_mmr_urls=None, nosync=False):
-
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
paths=paths, setup_path=setup_path, lp=lp,
credentials=credentials, names=names, message=message,
"LDAPSERVER" : url })
rid=serverid*10
rid=rid+1
- mmr_syncrepl_schema_config += read_and_sub_file(self.setup_path("mmr_syncrepl.conf"),
- { "RID" : str(rid),
- "MMRDN": self.names.schemadn,
- "LDAPSERVER" : url,
- "MMR_PASSWORD": mmr_pass})
-
- rid=rid+1
- mmr_syncrepl_config_config += read_and_sub_file(self.setup_path("mmr_syncrepl.conf"),
- { "RID" : str(rid),
- "MMRDN": self.names.configdn,
- "LDAPSERVER" : url,
- "MMR_PASSWORD": mmr_pass})
+ mmr_syncrepl_schema_config += read_and_sub_file(
+ self.setup_path("mmr_syncrepl.conf"),
+ { "RID" : str(rid),
+ "MMRDN": self.names.schemadn,
+ "LDAPSERVER" : url,
+ "MMR_PASSWORD": mmr_pass})
+
+ rid = rid+1
+ mmr_syncrepl_config_config += read_and_sub_file(
+ self.setup_path("mmr_syncrepl.conf"), {
+ "RID" : str(rid),
+ "MMRDN": self.names.configdn,
+ "LDAPSERVER" : url,
+ "MMR_PASSWORD": mmr_pass})
- rid=rid+1
- mmr_syncrepl_user_config += read_and_sub_file(self.setup_path("mmr_syncrepl.conf"),
- { "RID" : str(rid),
- "MMRDN": self.names.domaindn,
- "LDAPSERVER" : url,
- "MMR_PASSWORD": mmr_pass })
+ rid = rid+1
+ mmr_syncrepl_user_config += read_and_sub_file(
+ self.setup_path("mmr_syncrepl.conf"), {
+ "RID" : str(rid),
+ "MMRDN": self.names.domaindn,
+ "LDAPSERVER" : url,
+ "MMR_PASSWORD": mmr_pass })
# OpenLDAP cn=config initialisation
olc_syncrepl_config = ""
olc_mmr_config = ""
serverid=0
olc_serverids_config = ""
olc_syncrepl_seed_config = ""
- olc_mmr_config += read_and_sub_file(self.setup_path("olc_mmr.conf"),{})
- rid=500
+ olc_mmr_config += read_and_sub_file(
+ self.setup_path("olc_mmr.conf"), {})
+ rid = 500
for url in url_list:
- serverid=serverid+1
- olc_serverids_config += read_and_sub_file(self.setup_path("olc_serverid.conf"),
- { "SERVERID" : str(serverid),
- "LDAPSERVER" : url })
+ serverid = serverid + 1
+ olc_serverids_config += read_and_sub_file(
+ self.setup_path("olc_serverid.conf"), {
+ "SERVERID" : str(serverid), "LDAPSERVER" : url })
- rid=rid+1
- olc_syncrepl_config += read_and_sub_file(self.setup_path("olc_syncrepl.conf"),
- { "RID" : str(rid),
- "LDAPSERVER" : url,
- "MMR_PASSWORD": mmr_pass})
+ rid = rid + 1
+ olc_syncrepl_config += read_and_sub_file(
+ self.setup_path("olc_syncrepl.conf"), {
+ "RID" : str(rid), "LDAPSERVER" : url,
+ "MMR_PASSWORD": mmr_pass})
- olc_syncrepl_seed_config += read_and_sub_file(self.setup_path("olc_syncrepl_seed.conf"),
- { "RID" : str(rid),
- "LDAPSERVER" : url})
+ olc_syncrepl_seed_config += read_and_sub_file(
+ self.setup_path("olc_syncrepl_seed.conf"), {
+ "RID" : str(rid), "LDAPSERVER" : url})
setup_file(self.setup_path("olc_seed.ldif"), self.olcseedldif,
{"OLC_SERVER_ID_CONF": olc_serverids_config,
self.setup_db_config(os.path.join(self.ldapdir, "db", "user"))
self.setup_db_config(os.path.join(self.ldapdir, "db", "config"))
self.setup_db_config(os.path.join(self.ldapdir, "db", "schema"))
-
- if not os.path.exists(os.path.join(self.ldapdir, "db", "samba", "cn=samba")):
- os.makedirs(os.path.join(self.ldapdir, "db", "samba", "cn=samba"), 0700)
+
+ if not os.path.exists(os.path.join(self.ldapdir, "db", "samba", "cn=samba")):
+ os.makedirs(os.path.join(self.ldapdir, "db", "samba", "cn=samba"), 0700)
setup_file(self.setup_path("cn=samba.ldif"),
- os.path.join(self.ldapdir, "db", "samba", "cn=samba.ldif"),
+ os.path.join(self.ldapdir, "db", "samba", "cn=samba.ldif"),
{ "UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
setup_file(self.setup_path("cn=samba-admin.ldif"),
- os.path.join(self.ldapdir, "db", "samba", "cn=samba", "cn=samba-admin.ldif"),
+ os.path.join(self.ldapdir, "db", "samba", "cn=samba", "cn=samba-admin.ldif"),
{"LDAPADMINPASS_B64": b64encode(self.ldapadminpass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
if self.ol_mmr_urls is not None:
setup_file(self.setup_path("cn=replicator.ldif"),
- os.path.join(self.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"),
+ os.path.join(self.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"),
{"MMR_PASSWORD_B64": b64encode(mmr_pass),
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
mapping = "schema-map-openldap-2.3"
backend_schema = "backend-schema.schema"
- backend_schema_data = self.schema.ldb.convert_schema_to_openldap("openldap", open(self.setup_path(mapping), 'r').read())
+ f = open(self.setup_path(mapping), 'r')
+ backend_schema_data = self.schema.ldb.convert_schema_to_openldap(
+ "openldap", f.read())
assert backend_schema_data is not None
- open(os.path.join(self.ldapdir, backend_schema), 'w').write(backend_schema_data)
+ f = open(os.path.join(self.ldapdir, backend_schema), 'w')
+ try:
+ f.write(backend_schema_data)
+ finally:
+ f.close()
# now we generate the needed strings to start slapd automatically,
# first ldapi_uri...
else:
server_port_string = ""
- # Prepare the 'result' information - the commands to return in particular
- self.slapd_provision_command = [self.slapd_path]
-
- self.slapd_provision_command.append("-F" + self.olcdir)
-
- self.slapd_provision_command.append("-h")
+ # Prepare the 'result' information - the commands to return in
+ # particular
+ self.slapd_provision_command = [self.slapd_path, "-F" + self.olcdir,
+ "-h"]
- # copy this command so we have two version, one with -d0 and only ldapi, and one with all the listen commands
+ # copy this command so we have two version, one with -d0 and only
+ # ldapi, and one with all the listen commands
self.slapd_command = list(self.slapd_provision_command)
- self.slapd_provision_command.append(self.ldapi_uri)
- self.slapd_provision_command.append("-d0")
+ self.slapd_provision_command.extend([self.ldapi_uri, "-d0"])
uris = self.ldapi_uri
if server_port_string is not "":
self.slapd_command.append(uris)
- # Set the username - done here because Fedora DS still uses the admin DN and simple bind
+ # Set the username - done here because Fedora DS still uses the admin
+ # DN and simple bind
self.credentials.set_username("samba-admin")
# If we were just looking for crashes up to this point, it's a
if not os.path.isdir(self.olcdir):
os.makedirs(self.olcdir, 0770)
- retcode = subprocess.call([self.slapd_path, "-Ttest", "-n", "0", "-f", self.slapdconf, "-F", self.olcdir], close_fds=True, shell=False)
+ retcode = subprocess.call([self.slapd_path, "-Ttest", "-n", "0",
+ "-f", self.slapdconf, "-F", self.olcdir], close_fds=True,
+ shell=False)
if retcode != 0:
raise ProvisioningError("conversion from slapd.conf to cn=config failed")
for attr in lnkattr.keys():
if lnkattr[attr] is not None:
refint_config += read_and_sub_file(self.setup_path("fedorads-refint-add.ldif"),
- { "ARG_NUMBER" : str(argnum) ,
- "LINK_ATTR" : attr })
+ { "ARG_NUMBER" : str(argnum),
+ "LINK_ATTR" : attr })
memberof_config += read_and_sub_file(self.setup_path("fedorads-linked-attributes.ldif"),
- { "MEMBER_ATTR" : attr ,
- "MEMBEROF_ATTR" : lnkattr[attr] })
- index_config += read_and_sub_file(self.setup_path("fedorads-index.ldif"),
- { "ATTR" : attr })
+ { "MEMBER_ATTR" : attr,
+ "MEMBEROF_ATTR" : lnkattr[attr] })
+ index_config += read_and_sub_file(
+ self.setup_path("fedorads-index.ldif"), { "ATTR" : attr })
argnum += 1
open(self.refint_ldif, 'w').write(refint_config)
if attr == "objectGUID":
attr = "nsUniqueId"
- index_config += read_and_sub_file(self.setup_path("fedorads-index.ldif"),
- { "ATTR" : attr })
+ index_config += read_and_sub_file(
+ self.setup_path("fedorads-index.ldif"), { "ATTR" : attr })
open(self.index_ldif, 'w').write(index_config)
# Build a schema file in Fedora DS format
backend_schema_data = self.schema.ldb.convert_schema_to_openldap("fedora-ds", open(self.setup_path(mapping), 'r').read())
assert backend_schema_data is not None
- open(os.path.join(self.ldapdir, backend_schema), 'w').write(backend_schema_data)
+ f = open(os.path.join(self.ldapdir, backend_schema), 'w')
+ try:
+ f.write(backend_schema_data)
+ finally:
+ f.close()
self.credentials.set_bind_dn(self.names.ldapmanagerdn)
# Destory the target directory, or else setup-ds.pl will complain
- fedora_ds_dir = os.path.join(self.ldapdir, "slapd-" + self.ldap_instance)
+ fedora_ds_dir = os.path.join(self.ldapdir,
+ "slapd-" + self.ldap_instance)
shutil.rmtree(fedora_ds_dir, True)
- self.slapd_provision_command = [self.slapd_path, "-D", fedora_ds_dir, "-i", self.slapd_pid]
- #In the 'provision' command line, stay in the foreground so we can easily kill it
+ self.slapd_provision_command = [self.slapd_path, "-D", fedora_ds_dir,
+ "-i", self.slapd_pid]
+ # In the 'provision' command line, stay in the foreground so we can
+ # easily kill it
self.slapd_provision_command.append("-d0")
#the command for the final run is the normal script
- self.slapd_command = [os.path.join(self.ldapdir, "slapd-" + self.ldap_instance, "start-slapd")]
+ self.slapd_command = [os.path.join(self.ldapdir,
+ "slapd-" + self.ldap_instance, "start-slapd")]
# If we were just looking for crashes up to this point, it's a
# good time to exit before we realise we don't have Fedora DS on
def post_setup(self):
ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
- # configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket)
+ # configure in-directory access control on Fedora DS via the aci
+ # attribute (over a direct ldapi:// socket)
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
m = ldb.Message()
m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
- m.dn = ldb.Dn(ldapi_db, self.names.domaindn)
- ldapi_db.modify(m)
-
- m.dn = ldb.Dn(ldapi_db, self.names.configdn)
- ldapi_db.modify(m)
-
- m.dn = ldb.Dn(ldapi_db, self.names.schemadn)
- ldapi_db.modify(m)
+ for dnstring in (self.names.domaindn, self.names.configdn,
+ self.names.schemadn):
+ m.dn = ldb.Dn(ldapi_db, dnstring)
+ ldapi_db.modify(m)
import re
import shutil
-from samba import Ldb
-from samba.dsdb import DS_DOMAIN_FUNCTION_2000
from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
import ldb
+
+from samba import Ldb
+from samba.dcerpc import misc, security
+from samba.dsdb import DS_DOMAIN_FUNCTION_2000
from samba.provision import (ProvisionNames, provision_paths_from_lp,
FILL_FULL, provision, ProvisioningError)
-from samba.dcerpc import misc, security
from samba.ndr import ndr_unpack
configdn = str(names.configdn)
names.schemadn = current[0]["schemaNamingContext"]
if not (ldb.Dn(samdb, basedn) == (ldb.Dn(samdb, current[0]["defaultNamingContext"][0]))):
- raise ProvisioningError(("basedn in %s (%s) and from %s (%s) is not the same ..." % (paths.samdb, str(current[0]["defaultNamingContext"][0]), paths.smbconf, basedn)))
+ raise ProvisioningError("basedn in %s (%s) and from %s (%s) is not the same ..." % (paths.samdb, str(current[0]["defaultNamingContext"][0]), paths.smbconf, basedn))
names.domaindn=current[0]["defaultNamingContext"]
names.rootdn=current[0]["rootDomainNamingContext"]
base="OU=Domain Controllers,"+basedn, scope=SCOPE_ONELEVEL, attrs=["dNSHostName"])
names.hostname = str(res4[0]["dNSHostName"]).replace("."+names.dnsdomain,"")
- server_res = samdb.search(expression="serverReference=%s"%res4[0].dn, attrs=[], base=configdn)
+ server_res = samdb.search(expression="serverReference=%s" % res4[0].dn,
+ attrs=[], base=configdn)
names.serverdn = server_res[0].dn
# invocation id/objectguid
"objectSid","msDS-Behavior-Version" ])
names.domainguid = str(ndr_unpack( misc.GUID,res6[0]["objectGUID"][0]))
names.domainsid = ndr_unpack( security.dom_sid,res6[0]["objectSid"][0])
- if res6[0].get("msDS-Behavior-Version") == None or int(res6[0]["msDS-Behavior-Version"][0]) < DS_DOMAIN_FUNCTION_2000:
+ if (res6[0].get("msDS-Behavior-Version") is None or
+ int(res6[0]["msDS-Behavior-Version"][0]) < DS_DOMAIN_FUNCTION_2000):
names.domainlevel = DS_DOMAIN_FUNCTION_2000
else:
names.domainlevel = int(res6[0]["msDS-Behavior-Version"][0])
# policy guid
- res7 = samdb.search(expression="(displayName=Default Domain Policy)",base="CN=Policies,CN=System,"+basedn, \
- scope=SCOPE_ONELEVEL, attrs=["cn","displayName"])
+ res7 = samdb.search(expression="(displayName=Default Domain Policy)",
+ base="CN=Policies,CN=System,"+basedn, scope=SCOPE_ONELEVEL,
+ attrs=["cn","displayName"])
names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
# dc policy guid
- res8 = samdb.search(expression="(displayName=Default Domain Controllers Policy)",base="CN=Policies,CN=System,"+basedn, \
- scope=SCOPE_ONELEVEL, attrs=["cn","displayName"])
+ res8 = samdb.search(expression="(displayName=Default Domain Controllers Policy)",
+ base="CN=Policies,CN=System,"+basedn, scope=SCOPE_ONELEVEL,
+ attrs=["cn","displayName"])
if len(res8) == 1:
names.policyid_dc = str(res8[0]["cn"]).replace("{","").replace("}","")
else: