s4:provision - Moved default FDS SASL mappings deletion from post_setup() to init().

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py
index 75e00979dfe7a6c38bf6813b94d10182f7c18ab0..1919c5d81c67e929c6eb2499b4b742d4355f8382 100644 (file)
--- a/source4/scripting/python/samba/provisionbackend.py
+++ b/source4/scripting/python/samba/provisionbackend.py
@@ -721,14 +721,7 @@ class FDSBackend(LDAPBackend):
     def post_setup(self):
         ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
 
-        # delete default SASL mappings
-        res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"])
-    
         # configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket)
-        for i in range (0, len(res)):
-            dn = str(res[i]["dn"])
-            ldapi_db.delete(dn)
-            
         aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
         
         m = ldb.Message()

diff --git a/source4/setup/fedorads-sasl.ldif b/source4/setup/fedorads-sasl.ldif
index 99bb6a72cdb7372723b1541d6efeaf29e7c468da..d0f954f35c8e1c8bad16bd9b616443bc549204b5 100644 (file)
--- a/source4/setup/fedorads-sasl.ldif
+++ b/source4/setup/fedorads-sasl.ldif
@@ -7,3 +7,14 @@ nsSaslMapRegexString: ^samba-admin$
 nsSaslMapBaseDNTemplate: CN=samba-admin,${SAMBADN}
 nsSaslMapFilterTemplate: (objectclass=*)
 
+dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config
+changetype: delete
+
+dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config
+changetype: delete
+
+dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config
+changetype: delete
+
+dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config
+changetype: delete