lp=lp)
+def read_and_sub_file(file, subst_vars):
+ """Read a file and sub in variables found in it
+
+ :param file: File to be read (typically from setup directory)
+ param subst_vars: Optional variables to subsitute in the file.
+ """
+ data = open(file, 'r').read()
+ if subst_vars is not None:
+ data = substitute_var(data, subst_vars)
+ check_all_substituted(data)
+ return data
+
+
def setup_add_ldif(ldb, ldif_path, subst_vars=None):
"""Setup a ldb in the private dir.
"""
assert isinstance(ldif_path, str)
- data = open(ldif_path, 'r').read()
- if subst_vars is not None:
- data = substitute_var(data, subst_vars)
-
- check_all_substituted(data)
-
+ data = read_and_sub_file(ldif_path, subst_vars)
ldb.add_ldif(data)
-def setup_modify_ldif(ldb, ldif_path, substvars=None):
+def setup_modify_ldif(ldb, ldif_path, subst_vars=None):
"""Modify a ldb in the private dir.
:param ldb: LDB object.
:param ldif_path: LDIF file path.
- :param substvars: Optional dictionary with substitution variables.
+ :param subst_vars: Optional dictionary with substitution variables.
"""
- data = open(ldif_path, 'r').read()
- if substvars is not None:
- data = substitute_var(data, substvars)
-
- check_all_substituted(data)
+ data = read_and_sub_file(ldif_path, subst_vars)
ldb.modify_ldif(data)
ldb.transaction_commit()
-def setup_file(template, fname, substvars):
+def setup_file(template, fname, subst_vars):
"""Setup a file in the private dir.
:param template: Path of the template file.
:param fname: Path of the file to create.
- :param substvars: Substitution variables.
+ :param subst_vars: Substitution variables.
"""
f = fname
if os.path.exists(f):
os.unlink(f)
- data = open(template, 'r').read()
- if substvars:
- data = substitute_var(data, substvars)
- check_all_substituted(data)
-
+ data = read_and_sub_file(template, subst_vars)
open(f, 'w').write(data)
paths.templates = os.path.join(paths.private_dir, "templates.ldb")
paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
paths.namedconf = os.path.join(paths.private_dir, "named.conf")
+ paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
backend_modules = ["normalise", "entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
tdb_modules_list = None
+ elif ldap_backend is not None:
+ raise "LDAP Backend specified, but LDAP Backend Type not specified"
elif serverrole == "domain controller":
backend_modules = ["repl_meta_data"]
else:
lp=lp)
secrets_ldb.load_ldif_file_add(setup_path("secrets.ldif"))
- if credentials.authentication_requested:
+ if credentials is not None and credentials.authentication_requested():
if credentials.get_bind_dn() is not None:
setup_add_ldif(secrets_ldb, setup_path("secrets_simple_ldap.ldif"), {
"LDAPMANAGERDN": credentials.get_bind_dn(),
policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
"{" + policyguid + "}")
os.makedirs(policy_path, 0755)
+ open(os.path.join(policy_path, "GPT.INI"), 'w').write("")
os.makedirs(os.path.join(policy_path, "Machine"), 0755)
os.makedirs(os.path.join(policy_path, "User"), 0755)
if not os.path.isdir(paths.netlogon):
hostip6=hostip6, hostname=names.hostname,
dnspass=dnspass, realm=names.realm,
domainguid=domainguid, hostguid=hostguid)
- message("Please install the zone located in %s into your DNS server" % paths.dns)
create_named_conf(paths.namedconf, setup_path, realm=names.realm,
+ dnsdomain=names.dnsdomain, private_dir=paths.private_dir)
+
+ create_named_txt(paths.namedtxt, setup_path, realm=names.realm,
dnsdomain=names.dnsdomain, private_dir=paths.private_dir,
keytab_name=paths.dns_keytab)
- message("See %s for example configuration statements for secure GSS-TSIG updates" % paths.namedconf)
+ message("See %s for an example configuration include file for BIND" % paths.namedconf)
+ message("and %s for further documentation required for secure DNS updates" % paths.namedtxt)
create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain,
hostname=names.hostname, realm=names.realm)
scope=SCOPE_SUBTREE)
if target is not None:
refint_attributes = refint_attributes + " " + target + " " + res[i]["lDAPDisplayName"][0]
- memberof_config += """overlay memberof
-memberof-dangling error
-memberof-refint TRUE
-memberof-group-oc top
-memberof-member-ad """ + res[i]["lDAPDisplayName"][0] + """
-memberof-memberof-ad """ + target + """
-memberof-dangling-error 32
-
-"""
-
- memberof_config += """
-overlay refint
-refint_attributes""" + refint_attributes + "\n"
+
+ memberof_config += read_and_sub_file(setup_path("memberof.conf"),
+ { "MEMBER_ATTR" : str(res[i]["lDAPDisplayName"][0]),
+ "MEMBEROF_ATTR" : str(target) })
+
+ refint_config = read_and_sub_file(setup_path("refint.conf"),
+ { "LINK_ATTRS" : refint_attributes})
setup_file(setup_path("slapd.conf"), paths.slapdconf,
{"DNSDOMAIN": names.dnsdomain,
"DOMAINDN": names.domaindn,
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
- "MEMBEROF_CONFIG": memberof_config})
+ "MEMBEROF_CONFIG": memberof_config,
+ "REFINT_CONFIG": refint_config})
setup_file(setup_path("modules.conf"), paths.modulesconf,
{"REALM": names.realm})
"UUID": str(uuid.uuid4()),
"LDAPTIME": timestring(int(time.time()))} )
-#"LDAPMANAGERDN": names.ldapmanagerdn,
-
-
mapping = "schema-map-openldap-2.3"
backend_schema = "backend-schema.schema"
message("Hostname: %s" % names.hostname)
message("DNS Domain: %s" % names.dnsdomain)
message("Base DN: %s" % names.domaindn)
- message("LDAP admin DN: %s" % names.ldapmanagerdn)
+
+ if ldap_backend_type == "openldap":
+ message("LDAP admin user: samba-admin")
+ else:
+ message("LDAP admin DN: %s" % names.ldapmanagerdn)
+
message("LDAP admin password: %s" % adminpass)
message(slapdcommand)
def create_named_conf(path, setup_path, realm, dnsdomain,
- private_dir, keytab_name):
+ private_dir):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
"DNSDOMAIN": dnsdomain,
"REALM": realm,
"REALM_WC": "*." + ".".join(realm.split(".")[1:]),
+ "PRIVATE_DIR": private_dir
+ })
+
+def create_named_txt(path, setup_path, realm, dnsdomain,
+ private_dir, keytab_name):
+ """Write out a file containing zone statements suitable for inclusion in a
+ named.conf file (including GSS-TSIG configuration).
+
+ :param path: Path of the new named.conf file.
+ :param setup_path: Setup path function.
+ :param realm: Realm name
+ :param dnsdomain: DNS Domain name
+ :param private_dir: Path to private directory
+ :param keytab_name: File name of DNS keytab file
+ """
+
+ setup_file(setup_path("named.txt"), path, {
+ "DNSDOMAIN": dnsdomain,
+ "REALM": realm,
"DNS_KEYTAB": keytab_name,
"DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
+ "PRIVATE_DIR": private_dir
})
def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm):
schema_data = open(setup_path("schema.ldif"), 'r').read()
schema_data += open(setup_path("schema_samba4.ldif"), 'r').read()
schema_data = substitute_var(schema_data, {"SCHEMADN": schemadn})
+ check_all_substituted(schema_data)
prefixmap = open(setup_path("prefixMap.txt"), 'r').read()
prefixmap = b64encode(prefixmap)
"DEFAULTSITE":sitename,
"PREFIXMAP_B64":prefixmap
})
+ check_all_substituted(head_data)
samdb.attach_schema_from_ldif(head_data, schema_data)