Make it clear that the MMR password can differ from the admin passsword

[kai/samba.git] / source4 / scripting / python / samba / provision.py
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py

index 9c2a208460eb2f59e0e2b27d7bb19dc12e926d10..68f61532ad8d44358ae597f49bc3a8733e674e84 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1266,18 +1266,23 @@ def provision_backend(setup_dir=None, message=None,
  
  # generate serverids, ldap-urls and syncrepl-blocks for mmr hosts
         mmr_on_config = ""
+       mmr_replicator_acl = ""
         mmr_serverids_config = ""
          mmr_syncrepl_schema_config = "" 
         mmr_syncrepl_config_config = "" 
         mmr_syncrepl_user_config = "" 
         
         if ol_mmr_urls is not None:
-               url_list=filter(None,ol_mmr_urls.split(' ')) 
+                # For now, make these equal
+                mmr_pass = adminpass
+
+               url_list=filter(None,ol_mmr_urls.split(' ')) 
                  if (len(url_list) == 1):
                      url_list=filter(None,ol_mmr_urls.split(',')) 
                       
  
                 mmr_on_config = "MirrorMode On"
+               mmr_replicator_acl = "  by dn=cn=replicator,cn=samba read"
                 serverid=0
                 for url in url_list:
                         serverid=serverid+1
@@ -1290,21 +1295,21 @@ def provision_backend(setup_dir=None, message=None,
                                                                      {  "RID" : str(rid),
                                                                         "MMRDN": names.schemadn,
                                                                         "LDAPSERVER" : url,
-                                                                        "MMR_PASSWORD": adminpass})
+                                                                        "MMR_PASSWORD": mmr_pass})
  
                         rid=rid+1
                         mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
                                                                      {  "RID" : str(rid),
                                                                         "MMRDN": names.configdn,
                                                                         "LDAPSERVER" : url,
-                                                                        "MMR_PASSWORD": adminpass})
+                                                                        "MMR_PASSWORD": mmr_pass})
  
                         rid=rid+1
                         mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
                                                                      {  "RID" : str(rid),
                                                                         "MMRDN": names.domaindn,
                                                                         "LDAPSERVER" : url,
-                                                                        "MMR_PASSWORD": adminpass })
+                                                                        "MMR_PASSWORD": mmr_pass })
  
  
          setup_file(setup_path("slapd.conf"), paths.slapdconf,
@@ -1315,11 +1320,11 @@ def provision_backend(setup_dir=None, message=None,
                      "SCHEMADN": names.schemadn,
                      "MEMBEROF_CONFIG": memberof_config,
                      "MIRRORMODE": mmr_on_config,
+                    "REPLICATOR_ACL": mmr_replicator_acl,
                      "MMR_SERVERIDS_CONFIG": mmr_serverids_config,
                      "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config,
                      "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config,
                      "MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config,
-                    "MMR_PASSWORD": adminpass,
                      "REFINT_CONFIG": refint_config})
         setup_file(setup_path("modules.conf"), paths.modulesconf,
                     {"REALM": names.realm})
@@ -1340,6 +1345,15 @@ def provision_backend(setup_dir=None, message=None,
                                {"LDAPADMINPASS_B64": b64encode(adminpass),
                                 "UUID": str(uuid.uuid4()), 
                                 "LDAPTIME": timestring(int(time.time()))} )
+       
+       if ol_mmr_urls is not None:
+          setup_file(setup_path("cn=replicator.ldif"),
+                              os.path.join(paths.ldapdir, "db", "samba",  "cn=samba", "cn=replicator.ldif"),
+                              {"MMR_PASSWORD_B64": b64encode(mmr_pass),
+                               "UUID": str(uuid.uuid4()),
+                               "LDAPTIME": timestring(int(time.time()))} )
+
+
  
          mapping = "schema-map-openldap-2.3"
          backend_schema = "backend-schema.schema"