r23560: - Activate metze's schema modules (from metze's schema-loading-13 patch).

[ira/wip.git] / source4 / setup / provision

#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
        provision a Samba4 server
        Copyright Andrew Tridgell 2005
        Released under the GNU GPL v2 or later
*/

options = GetOptions(ARGV,
                "POPT_AUTOHELP",
                "POPT_COMMON_SAMBA",
                "POPT_COMMON_VERSION",
                "POPT_COMMON_CREDENTIALS",
                'realm=s',
                'domain=s',
                'domain-guid=s',
                'domain-sid=s',
                'host-name=s',
                'host-ip=s',
                'host-guid=s',
                'invocationid=s',
                'adminpass=s',
                'krbtgtpass=s',
                'machinepass=s',
                'root=s',
                'nobody=s',
                'nogroup=s',
                'wheel=s',
                'users=s',
                'quiet',
                'blank',
                'partitions-only',
                'ldap-base',
                'ldap-backend=s',
                'ldap-module=s',
                'aci=s');

if (options == undefined) {
   println("Failed to parse options");
   return -1;
}

libinclude("base.js");
libinclude("provision.js");

/*
  print a message if quiet is not set
*/
function message()
{
        if (options["quiet"] == undefined) {
                print(vsprintf(arguments));
        }
}

/*
 show some help
*/
function ShowHelp()
{
        print("
Samba4 provisioning

provision [options]
 --realm        REALM           set realm
 --domain       DOMAIN          set domain
 --domain-guid  GUID            set domainguid (otherwise random)
 --domain-sid   SID             set domainsid (otherwise random)
 --host-name    HOSTNAME        set hostname
 --host-ip      IPADDRESS       set ipaddress
 --host-guid    GUID            set hostguid (otherwise random)
 --invocationid GUID            set invocationid (otherwise random)
 --adminpass    PASSWORD        choose admin password (otherwise random)
 --krbtgtpass   PASSWORD        choose krbtgt password (otherwise random)
 --machinepass  PASSWORD        choose machine password (otherwise random)
 --root         USERNAME        choose 'root' unix username
 --nobody       USERNAME        choose 'nobody' user
 --nogroup      GROUPNAME       choose 'nogroup' group
 --wheel        GROUPNAME       choose 'wheel' privileged group
 --users        GROUPNAME       choose 'users' group
 --quiet                        Be quiet
 --blank                        do not add users or groups, just the structure
 --partitions-only              Configure Samba's partitions, but do not modify them (ie, join a BDC)
 --ldap-base                    output only an LDIF file, suitable for creating an LDAP baseDN
 --ldap-backend LDAPSERVER      LDAP server to use for this provision
 --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
 --aci=         ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain

");
        exit(1);
}

if (options['host-name'] == undefined) {
        options['host-name'] = hostname();
}

/*
   main program
*/
if (options["realm"] == undefined ||
    options["domain"] == undefined ||
    options["host-name"] == undefined) {
        ShowHelp();
}

/* cope with an initially blank smb.conf */
var lp = loadparm_init();
lp.set("realm", options.realm);
lp.set("workgroup", options.domain);
lp.reload();

var subobj = provision_guess();
for (r in options) {
        var key = strupper(join("", split("-", r)));
        subobj[key] = options[r];
}

var blank = (options["blank"] != undefined);
var ldapbase = (options["ldap-base"] != undefined);
var ldapbackend = (options["ldap-backend"] != undefined);
var ldapmodule = (options["ldap-module"] != undefined);
var partitions_only = (options["partitions-only"] != undefined);
if (options["aci"] != undefined) {
        message("set ACI: %s\n", subobj["ACI"]);
}

message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);

if (ldapbackend) {
        if (!ldapmodule) {
                subobj["LDAPMODULE"] = "entryUUID";
        }
        subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"];
        subobj["DOMAINDN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches";
        subobj["CONFIGDN_LDB"] = subobj["LDAPBACKEND"];
        subobj["CONFIGDN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches";
        subobj["SCHEMADN_LDB"] = subobj["LDAPBACKEND"];
        subobj["SCHEMADN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches";
}

if (!provision_validate(subobj, message)) {
        return -1;
}

var system_session = system_session();
var creds = options.get_credentials();
var paths = provision_default_paths(subobj);
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
        provision_ldapbase(subobj, message, paths);
        message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
} else if (partitions_only) {
        provision_become_dc(subobj, message, false, paths, system_session);
} else {
        provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
        provision_dns(subobj, message, paths, system_session, creds);
}
message("All OK\n");
return 0;