findnss_gid = lambda names: findnss(grp.getgrnam, names)[2]
-def open_ldb(session_info, credentials, lp, dbname):
- """Open a LDB, thrashing it if it is corrupt.
-
- :param session_info: auth session information
- :param credentials: credentials
- :param lp: Loadparm context
- :param dbname: Path of the database to open.
- :return: a Ldb object
- """
- assert session_info is not None
- try:
- return Ldb(dbname, session_info=session_info, credentials=credentials,
- lp=lp)
- except LdbError, e:
- print e
- os.unlink(dbname)
- return Ldb(dbname, session_info=session_info, credentials=credentials,
- lp=lp)
-
-
def read_and_sub_file(file, subst_vars):
"""Read a file and sub in variables found in it
paths.templates = os.path.join(paths.private_dir, "templates.ldb")
paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
paths.namedconf = os.path.join(paths.private_dir, "named.conf")
+ paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
backend_modules = ["normalise", "entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
tdb_modules_list = None
+ elif ldap_backend is not None:
+ raise "LDAP Backend specified, but LDAP Backend Type not specified"
elif serverrole == "domain controller":
backend_modules = ["repl_meta_data"]
else:
setup_add_ldif(samdb, setup_path("provision_configuration_basedn.ldif"), {
"CONFIGDN": names.configdn,
"ACI": aci,
- "EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb",
})
message("Modifying configuration container")
setup_modify_ldif(samdb, setup_path("provision_configuration_basedn_modify.ldif"), {
setup_add_ldif(samdb, setup_path("provision_schema_basedn.ldif"), {
"SCHEMADN": names.schemadn,
"ACI": aci,
- "EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb"
})
message("Modifying schema container")
domainguid=domainguid, hostguid=hostguid)
create_named_conf(paths.namedconf, setup_path, realm=names.realm,
+ dnsdomain=names.dnsdomain, private_dir=paths.private_dir)
+
+ create_named_txt(paths.namedtxt, setup_path, realm=names.realm,
dnsdomain=names.dnsdomain, private_dir=paths.private_dir,
keytab_name=paths.dns_keytab)
message("See %s for an example configuration include file for BIND" % paths.namedconf)
+ message("and %s for further documentation required for secure DNS updates" % paths.namedtxt)
create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain,
hostname=names.hostname, realm=names.realm)
paths = provision_paths_from_lp(lp, names.dnsdomain)
if not os.path.isdir(paths.ldapdir):
- os.makedirs(paths.ldapdir)
+ os.makedirs(paths.ldapdir, 0700)
schemadb_path = os.path.join(paths.ldapdir, "schema-tmp.ldb")
try:
os.unlink(schemadb_path)
setup_add_ldif(schemadb, setup_path("provision_schema_basedn.ldif"),
{"SCHEMADN": names.schemadn,
"ACI": "#",
- "EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb"
})
setup_modify_ldif(schemadb,
setup_path("provision_schema_basedn_modify.ldif"), \
slapdcommand="Initailise Fedora DS with: setup-ds.pl --file=%s" % paths.fedoradsinf
+ ldapuser = "--simple-bind-dn=" + names.ldapmanagerdn
+
elif ldap_backend_type == "openldap":
attrs = ["linkID", "lDAPDisplayName"]
res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs)
setup_db_config(setup_path, os.path.join(paths.ldapdir, "db", "schema"))
if not os.path.exists(os.path.join(paths.ldapdir, "db", "samba", "cn=samba")):
- os.makedirs(os.path.join(paths.ldapdir, "db", "samba", "cn=samba"))
+ os.makedirs(os.path.join(paths.ldapdir, "db", "samba", "cn=samba"), 0700)
setup_file(setup_path("cn=samba.ldif"),
os.path.join(paths.ldapdir, "db", "samba", "cn=samba.ldif"),
server_port_string = " -h ldap://0.0.0.0:%d" % ldap_backend_port
else:
server_port_string = ""
- slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string
+
+ slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string
+
+ ldapuser = "--username=samba-admin"
schema_command = "bin/ad2oLschema --option=convert:target=" + ldap_backend_type + " -I " + setup_path(mapping) + " -H tdb://" + schemadb_path + " -O " + os.path.join(paths.ldapdir, backend_schema)
message("LDAP admin password: %s" % adminpass)
message(slapdcommand)
-
+ message("Run provision with: --ldap-backend=ldapi --ldap-backend-type=" + ldap_backend_type + " --password=" + adminpass + " " + ldapuser)
def create_phpldapadmin_config(path, setup_path, ldapi_uri):
"""Create a PHP LDAP admin configuration file.
def create_named_conf(path, setup_path, realm, dnsdomain,
- private_dir, keytab_name):
+ private_dir):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
"DNSDOMAIN": dnsdomain,
"REALM": realm,
"REALM_WC": "*." + ".".join(realm.split(".")[1:]),
+ "PRIVATE_DIR": private_dir
+ })
+
+def create_named_txt(path, setup_path, realm, dnsdomain,
+ private_dir, keytab_name):
+ """Write out a file containing zone statements suitable for inclusion in a
+ named.conf file (including GSS-TSIG configuration).
+
+ :param path: Path of the new named.conf file.
+ :param setup_path: Setup path function.
+ :param realm: Realm name
+ :param dnsdomain: DNS Domain name
+ :param private_dir: Path to private directory
+ :param keytab_name: File name of DNS keytab file
+ """
+
+ setup_file(setup_path("named.txt"), path, {
+ "DNSDOMAIN": dnsdomain,
+ "REALM": realm,
"DNS_KEYTAB": keytab_name,
"DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
- "PRIVATE_DIR": private_dir,
+ "PRIVATE_DIR": private_dir
})
def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm):
schema_data = open(setup_path("schema.ldif"), 'r').read()
schema_data += open(setup_path("schema_samba4.ldif"), 'r').read()
schema_data = substitute_var(schema_data, {"SCHEMADN": schemadn})
+ check_all_substituted(schema_data)
prefixmap = open(setup_path("prefixMap.txt"), 'r').read()
prefixmap = b64encode(prefixmap)
"DEFAULTSITE":sitename,
"PREFIXMAP_B64":prefixmap
})
+ check_all_substituted(head_data)
samdb.attach_schema_from_ldif(head_data, schema_data)