s4:provision - replaced linked_attributes with FDS plugins

[ira/wip.git] / source4 / scripting / python / samba / provision.py

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 934986b492e24c1fe55bb7e3badb0f5dc8ad58cf..a7a50caba659281d4c78435968e1511b39c07e9d 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -144,6 +144,11 @@ class ProvisionPaths(object):
         self.fedoradsinf = None
         self.fedoradspartitions = None
         self.fedoradssasl = None
+        self.fedoradspam = None
+        self.fedoradsrefint = None
+        self.fedoradslinkedattributes = None
+        self.fedoradsindex = None
+        self.fedoradssamba = None
         self.olmmron = None
         self.olmmrserveridsconf = None
         self.olmmrsyncreplconf = None
@@ -334,7 +339,7 @@ def setup_ldb(ldb, ldif_path, subst_vars):
     ldb.transaction_commit()
 
 
-def setup_file(template, fname, subst_vars):
+def setup_file(template, fname, subst_vars=None):
     """Setup a file in the private dir.
 
     :param template: Path of the template file.
@@ -388,8 +393,16 @@ def provision_paths_from_lp(lp, dnsdomain):
                                             "fedorads-partitions.ldif")
     paths.fedoradssasl = os.path.join(paths.ldapdir, 
                                       "fedorads-sasl.ldif")
+    paths.fedoradspam = os.path.join(paths.ldapdir,
+                                      "fedorads-pam.ldif")
+    paths.fedoradsrefint = os.path.join(paths.ldapdir,
+                                        "fedorads-refint.ldif")
+    paths.fedoradslinkedattributes = os.path.join(paths.ldapdir,
+                                                  "fedorads-linked-attributes.ldif")
+    paths.fedoradsindex = os.path.join(paths.ldapdir,
+                                       "fedorads-index.ldif")
     paths.fedoradssamba = os.path.join(paths.ldapdir, 
-                                        "fedorads-samba.ldif")
+                                       "fedorads-samba.ldif")
     paths.olmmrserveridsconf = os.path.join(paths.ldapdir, 
                                             "mmr_serverids.conf")
     paths.olmmrsyncreplconf = os.path.join(paths.ldapdir, 
@@ -429,7 +442,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
     hostname = hostname.lower()
 
     if dnsdomain is None:
-        dnsdomain = lp.get("realm")
+        dnsdomain = lp.get("realm").lower()
 
     if serverrole is None:
         serverrole = lp.get("server role")
@@ -441,8 +454,6 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
         raise Exception("realm '%s' in %s must match chosen realm '%s'" %
                         (lp.get("realm"), lp.configfile, realm))
     
-    dnsdomain = dnsdomain.lower()
-
     if serverrole == "domain controller":
         if domain is None:
             domain = lp.get("workgroup")
@@ -454,20 +465,21 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
     else:
         domain = netbiosname
         if domaindn is None:
-            domaindn = "CN=" + netbiosname
+            domaindn = "DC=" + netbiosname
         
     assert domain is not None
     domain = domain.upper()
+
     if not valid_netbios_name(domain):
         raise InvalidNetbiosName(domain)
         
-    if netbiosname.upper() == realm.upper():
+    if netbiosname.upper() == realm:
         raise Exception("realm %s must not be equal to netbios domain name %s", realm, netbiosname)
         
-    if hostname.upper() == realm.upper():
+    if hostname.upper() == realm:
         raise Exception("realm %s must not be equal to hostname %s", realm, hostname)
         
-    if domain.upper() == realm.upper():
+    if domain.upper() == realm:
         raise Exception("realm %s must not be equal to domain name %s", realm, domain)
 
     if rootdn is None:
@@ -652,7 +664,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
         if ldap_backend.ldap_backend_type == "fedora-ds":
             backend_modules = ["nsuniqueid", "paged_searches"]
             # We can handle linked attributes here, as we don't have directory-side subtree operations
-            tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"]
+            tdb_modules_list = ["extended_dn_out_dereference"]
         elif ldap_backend.ldap_backend_type == "openldap":
             backend_modules = ["entryuuid", "paged_searches"]
             # OpenLDAP handles subtree renames, so we don't want to do any of these things
@@ -883,9 +895,9 @@ def setup_self_join(samdb, names,
     """Join a host to its own domain."""
     assert isinstance(invocationid, str)
     if ntdsguid is not None:
-        ntdsguid_mod = "objectGUID: %s\n"%ntdsguid
+        ntdsguid_line = "objectGUID: %s\n"%ntdsguid
     else:
-        ntdsguid_mod = ""
+        ntdsguid_line = ""
     setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { 
               "CONFIGDN": names.configdn, 
               "SCHEMADN": names.schemadn,
@@ -901,7 +913,7 @@ def setup_self_join(samdb, names,
               "DOMAIN": names.domain,
               "DNSDOMAIN": names.dnsdomain,
               "SAMBA_VERSION_STRING": version,
-              "NTDSGUID": ntdsguid_mod,
+              "NTDSGUID": ntdsguid_line,
               "DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)})
 
     setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { 
@@ -1010,22 +1022,17 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
             samdb.set_invocation_id(invocationid)
 
         message("Adding DomainDN: %s" % names.domaindn)
-        if serverrole == "domain controller":
-            domain_oc = "domainDNS"
-        else:
-            domain_oc = "samba4LocalDomain"
 
 #impersonate domain admin
         admin_session_info = admin_session(lp, str(domainsid))
         samdb.set_session_info(admin_session_info)
         if domainguid is not None:
-            domainguid_mod = "objectGUID: %s\n-" % domainguid
+            domainguid_line = "objectGUID: %s\n-" % domainguid
         else:
-            domainguid_mod = ""
+            domainguid_line = ""
         setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
                 "DOMAINDN": names.domaindn,
-                "DOMAIN_OC": domain_oc,
-                "DOMAINGUID": domainguid_mod
+                "DOMAINGUID": domainguid_line
                 })
 
 
@@ -1374,9 +1381,9 @@ def provision(setup_dir, message, session_info,
             assert isinstance(domainguid, str)
 
             create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain,
-                             domaindn=names.domaindn, hostip=hostip,
+                             hostip=hostip,
                              hostip6=hostip6, hostname=names.hostname,
-                             dnspass=dnspass, realm=names.realm,
+                             realm=names.realm,
                              domainguid=domainguid, ntdsguid=names.ntdsguid)
 
             create_named_conf(paths.namedconf, setup_path, realm=names.realm,
@@ -1919,6 +1926,44 @@ def provision_fds_backend(result, paths=None, setup_path=None, names=None,
                {"SAMBADN": names.sambadn,
                 })
 
+    setup_file(setup_path("fedorads-pam.ldif"), paths.fedoradspam)
+
+    lnkattr = get_linked_attributes(names.schemadn,schema.ldb)
+
+    refint_config = data = open(setup_path("fedorads-refint-delete.ldif"), 'r').read()
+    memberof_config = ""
+    index_config = ""
+    argnum = 3
+
+    for attr in lnkattr.keys():
+        if lnkattr[attr] is not None:
+            refint_config += read_and_sub_file(setup_path("fedorads-refint-add.ldif"),
+                                                 { "ARG_NUMBER" : str(argnum) ,
+                                                   "LINK_ATTR" : attr })
+            memberof_config += read_and_sub_file(setup_path("fedorads-linked-attributes.ldif"),
+                                                 { "MEMBER_ATTR" : attr ,
+                                                   "MEMBEROF_ATTR" : lnkattr[attr] })
+            index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+                                                 { "ATTR" : attr })
+            argnum += 1
+
+    open(paths.fedoradsrefint, 'w').write(refint_config)
+    open(paths.fedoradslinkedattributes, 'w').write(memberof_config)
+
+    attrs = ["lDAPDisplayName"]
+    res = schema.ldb.search(expression="(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))", base=names.schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
+
+    for i in range (0, len(res)):
+        attr = res[i]["lDAPDisplayName"][0]
+
+        if attr == "objectGUID":
+            attr = "nsUniqueId"
+
+        index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+                                             { "ATTR" : attr })
+
+    open(paths.fedoradsindex, 'w').write(index_config)
+
     setup_file(setup_path("fedorads-samba.ldif"), paths.fedoradssamba,
                 {"SAMBADN": names.sambadn, 
                  "LDAPADMINPASS": ldapadminpass
@@ -1979,8 +2024,8 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri):
             {"S4_LDAPI_URI": ldapi_uri})
 
 
-def create_zone_file(path, setup_path, dnsdomain, domaindn, 
-                     hostip, hostip6, hostname, dnspass, realm, domainguid,
+def create_zone_file(path, setup_path, dnsdomain, 
+                     hostip, hostip6, hostname, realm, domainguid,
                      ntdsguid):
     """Write out a DNS zone file, from the info in the current database.
 
@@ -1991,7 +2036,6 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
     :param hostip: Local IPv4 IP
     :param hostip6: Local IPv6 IP
     :param hostname: Local hostname
-    :param dnspass: Password for DNS
     :param realm: Realm name
     :param domainguid: GUID of the domain.
     :param ntdsguid: GUID of the hosts nTDSDSA record.
@@ -2013,7 +2057,6 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
         hostip_host_line = ""
 
     setup_file(setup_path("provision.zone"), path, {
-            "DNSPASS_B64": b64encode(dnspass),
             "HOSTNAME": hostname,
             "DNSDOMAIN": dnsdomain,
             "REALM": realm,