self.fedoradsinf = None
self.fedoradspartitions = None
self.fedoradssasl = None
+ self.fedoradspam = None
+ self.fedoradsrefint = None
+ self.fedoradslinkedattributes = None
+ self.fedoradsindex = None
+ self.fedoradssamba = None
self.olmmron = None
self.olmmrserveridsconf = None
self.olmmrsyncreplconf = None
ldb.transaction_commit()
-def setup_file(template, fname, subst_vars):
+def setup_file(template, fname, subst_vars=None):
"""Setup a file in the private dir.
:param template: Path of the template file.
"fedorads-partitions.ldif")
paths.fedoradssasl = os.path.join(paths.ldapdir,
"fedorads-sasl.ldif")
+ paths.fedoradspam = os.path.join(paths.ldapdir,
+ "fedorads-pam.ldif")
+ paths.fedoradsrefint = os.path.join(paths.ldapdir,
+ "fedorads-refint.ldif")
+ paths.fedoradslinkedattributes = os.path.join(paths.ldapdir,
+ "fedorads-linked-attributes.ldif")
+ paths.fedoradsindex = os.path.join(paths.ldapdir,
+ "fedorads-index.ldif")
paths.fedoradssamba = os.path.join(paths.ldapdir,
- "fedorads-samba.ldif")
+ "fedorads-samba.ldif")
paths.olmmrserveridsconf = os.path.join(paths.ldapdir,
"mmr_serverids.conf")
paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
hostname = hostname.lower()
if dnsdomain is None:
- dnsdomain = lp.get("realm")
+ dnsdomain = lp.get("realm").lower()
if serverrole is None:
serverrole = lp.get("server role")
raise Exception("realm '%s' in %s must match chosen realm '%s'" %
(lp.get("realm"), lp.configfile, realm))
- dnsdomain = dnsdomain.lower()
-
if serverrole == "domain controller":
if domain is None:
domain = lp.get("workgroup")
else:
domain = netbiosname
if domaindn is None:
- domaindn = "CN=" + netbiosname
+ domaindn = "DC=" + netbiosname
assert domain is not None
domain = domain.upper()
+
if not valid_netbios_name(domain):
raise InvalidNetbiosName(domain)
- if netbiosname.upper() == realm.upper():
+ if netbiosname.upper() == realm:
raise Exception("realm %s must not be equal to netbios domain name %s", realm, netbiosname)
- if hostname.upper() == realm.upper():
+ if hostname.upper() == realm:
raise Exception("realm %s must not be equal to hostname %s", realm, hostname)
- if domain.upper() == realm.upper():
+ if domain.upper() == realm:
raise Exception("realm %s must not be equal to domain name %s", realm, domain)
if rootdn is None:
if ldap_backend.ldap_backend_type == "fedora-ds":
backend_modules = ["nsuniqueid", "paged_searches"]
# We can handle linked attributes here, as we don't have directory-side subtree operations
- tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"]
+ tdb_modules_list = ["extended_dn_out_dereference"]
elif ldap_backend.ldap_backend_type == "openldap":
backend_modules = ["entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
if ntdsguid is not None:
- ntdsguid_mod = "objectGUID: %s\n"%ntdsguid
+ ntdsguid_line = "objectGUID: %s\n"%ntdsguid
else:
- ntdsguid_mod = ""
+ ntdsguid_line = ""
setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DOMAIN": names.domain,
"DNSDOMAIN": names.dnsdomain,
"SAMBA_VERSION_STRING": version,
- "NTDSGUID": ntdsguid_mod,
+ "NTDSGUID": ntdsguid_line,
"DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)})
setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
samdb.set_invocation_id(invocationid)
message("Adding DomainDN: %s" % names.domaindn)
- if serverrole == "domain controller":
- domain_oc = "domainDNS"
- else:
- domain_oc = "samba4LocalDomain"
#impersonate domain admin
admin_session_info = admin_session(lp, str(domainsid))
samdb.set_session_info(admin_session_info)
if domainguid is not None:
- domainguid_mod = "objectGUID: %s\n-" % domainguid
+ domainguid_line = "objectGUID: %s\n-" % domainguid
else:
- domainguid_mod = ""
+ domainguid_line = ""
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
- "DOMAIN_OC": domain_oc,
- "DOMAINGUID": domainguid_mod
+ "DOMAINGUID": domainguid_line
})
assert isinstance(domainguid, str)
create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain,
- domaindn=names.domaindn, hostip=hostip,
+ hostip=hostip,
hostip6=hostip6, hostname=names.hostname,
- dnspass=dnspass, realm=names.realm,
+ realm=names.realm,
domainguid=domainguid, ntdsguid=names.ntdsguid)
create_named_conf(paths.namedconf, setup_path, realm=names.realm,
{"SAMBADN": names.sambadn,
})
+ setup_file(setup_path("fedorads-pam.ldif"), paths.fedoradspam)
+
+ lnkattr = get_linked_attributes(names.schemadn,schema.ldb)
+
+ refint_config = data = open(setup_path("fedorads-refint-delete.ldif"), 'r').read()
+ memberof_config = ""
+ index_config = ""
+ argnum = 3
+
+ for attr in lnkattr.keys():
+ if lnkattr[attr] is not None:
+ refint_config += read_and_sub_file(setup_path("fedorads-refint-add.ldif"),
+ { "ARG_NUMBER" : str(argnum) ,
+ "LINK_ATTR" : attr })
+ memberof_config += read_and_sub_file(setup_path("fedorads-linked-attributes.ldif"),
+ { "MEMBER_ATTR" : attr ,
+ "MEMBEROF_ATTR" : lnkattr[attr] })
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+ argnum += 1
+
+ open(paths.fedoradsrefint, 'w').write(refint_config)
+ open(paths.fedoradslinkedattributes, 'w').write(memberof_config)
+
+ attrs = ["lDAPDisplayName"]
+ res = schema.ldb.search(expression="(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))", base=names.schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
+
+ for i in range (0, len(res)):
+ attr = res[i]["lDAPDisplayName"][0]
+
+ if attr == "objectGUID":
+ attr = "nsUniqueId"
+
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+
+ open(paths.fedoradsindex, 'w').write(index_config)
+
setup_file(setup_path("fedorads-samba.ldif"), paths.fedoradssamba,
{"SAMBADN": names.sambadn,
"LDAPADMINPASS": ldapadminpass
{"S4_LDAPI_URI": ldapi_uri})
-def create_zone_file(path, setup_path, dnsdomain, domaindn,
- hostip, hostip6, hostname, dnspass, realm, domainguid,
+def create_zone_file(path, setup_path, dnsdomain,
+ hostip, hostip6, hostname, realm, domainguid,
ntdsguid):
"""Write out a DNS zone file, from the info in the current database.
:param hostip: Local IPv4 IP
:param hostip6: Local IPv6 IP
:param hostname: Local hostname
- :param dnspass: Password for DNS
:param realm: Realm name
:param domainguid: GUID of the domain.
:param ntdsguid: GUID of the hosts nTDSDSA record.
hostip_host_line = ""
setup_file(setup_path("provision.zone"), path, {
- "DNSPASS_B64": b64encode(dnspass),
"HOSTNAME": hostname,
"DNSDOMAIN": dnsdomain,
"REALM": realm,