From 696a70c9faac27bcd473b6c2f1444abd267ae6e6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 4 Nov 2011 09:07:17 +1100 Subject: [PATCH] s4-provision Remove options for LDAP backend to reduce user confusion We do not support the LDAP backend any more, but keep the code in case someone comes up with an interesting use case that could leverage this in a very particular situation. In order to keep the code, we must test it, so we keep just this much of the support around. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Tue Nov 8 04:33:49 CET 2011 on sn-devel-104 --- .../python/samba/provision/__init__.py | 22 ++++++---------- .../python/samba/provision/backend.py | 6 ++--- .../scripting/python/samba/upgradehelpers.py | 6 ++--- source4/setup/provision | 25 ++----------------- .../setup/tests/blackbox_provision-backend.sh | 10 ++++---- 5 files changed, 21 insertions(+), 48 deletions(-) diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index a8a5a572a6e..be0e903cd95 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1641,10 +1641,10 @@ def provision(logger, session_info, credentials, smbconf=None, dns_backend=None, dnspass=None, invocationid=None, machinepass=None, ntdsguid=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, - serverrole=None, dom_for_fun_level=None, ldap_backend_extra_port=None, - ldap_backend_forced_uri=None, backend_type=None, sitename=None, - ol_mmr_urls=None, ol_olc=None, setup_ds_path=None, slapd_path=None, - nosync=False, ldap_dryrun_mode=False, useeadb=False, am_rodc=False, + serverrole=None, dom_for_fun_level=None, + backend_type=None, sitename=None, + ol_mmr_urls=None, ol_olc=None, slapd_path=None, + useeadb=False, am_rodc=False, lp=None): """Provision samba4 @@ -1759,30 +1759,24 @@ def provision(logger, session_info, credentials, smbconf=None, lp=lp, credentials=credentials, names=names, logger=logger) elif backend_type == "existing": + # If support for this is ever added back, then the URI will need to be specified again provision_backend = ExistingBackend(backend_type, paths=paths, lp=lp, credentials=credentials, names=names, logger=logger, - ldap_backend_forced_uri=ldap_backend_forced_uri) + ldap_backend_forced_uri=None) elif backend_type == "fedora-ds": provision_backend = FDSBackend(backend_type, paths=paths, lp=lp, credentials=credentials, names=names, logger=logger, domainsid=domainsid, schema=schema, hostname=hostname, ldapadminpass=ldapadminpass, slapd_path=slapd_path, - ldap_backend_extra_port=ldap_backend_extra_port, - ldap_dryrun_mode=ldap_dryrun_mode, root=root, - setup_ds_path=setup_ds_path, - ldap_backend_forced_uri=ldap_backend_forced_uri) + root=root) elif backend_type == "openldap": provision_backend = OpenLDAPBackend(backend_type, paths=paths, lp=lp, credentials=credentials, names=names, logger=logger, domainsid=domainsid, schema=schema, hostname=hostname, ldapadminpass=ldapadminpass, - slapd_path=slapd_path, - ldap_backend_extra_port=ldap_backend_extra_port, - ldap_dryrun_mode=ldap_dryrun_mode, ol_mmr_urls=ol_mmr_urls, - nosync=nosync, - ldap_backend_forced_uri=ldap_backend_forced_uri) + slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls) else: raise ValueError("Unknown LDAP backend type selected") diff --git a/source4/scripting/python/samba/provision/backend.py b/source4/scripting/python/samba/provision/backend.py index f9dbba85f6f..4ab827b545d 100644 --- a/source4/scripting/python/samba/provision/backend.py +++ b/source4/scripting/python/samba/provision/backend.py @@ -133,7 +133,7 @@ class LDAPBackend(ProvisionBackend): credentials=None, names=None, logger=None, domainsid=None, schema=None, hostname=None, ldapadminpass=None, slapd_path=None, ldap_backend_extra_port=None, - ldap_backend_forced_uri=None, ldap_dryrun_mode=False): + ldap_backend_forced_uri=None, ldap_dryrun_mode=True): super(LDAPBackend, self).__init__(backend_type=backend_type, paths=paths, lp=lp, @@ -286,7 +286,7 @@ class OpenLDAPBackend(LDAPBackend): def __init__(self, backend_type, paths=None, lp=None, credentials=None, names=None, logger=None, domainsid=None, schema=None, hostname=None, ldapadminpass=None, slapd_path=None, - ldap_backend_extra_port=None, ldap_dryrun_mode=False, + ldap_backend_extra_port=None, ldap_dryrun_mode=True, ol_mmr_urls=None, nosync=False, ldap_backend_forced_uri=None): from samba.provision import setup_path super(OpenLDAPBackend, self).__init__( backend_type=backend_type, @@ -568,7 +568,7 @@ class FDSBackend(LDAPBackend): def __init__(self, backend_type, paths=None, lp=None, credentials=None, names=None, logger=None, domainsid=None, schema=None, hostname=None, ldapadminpass=None, slapd_path=None, - ldap_backend_extra_port=None, ldap_dryrun_mode=False, root=None, + ldap_backend_extra_port=None, ldap_dryrun_mode=True, root=None, setup_ds_path=None): from samba.provision import setup_path diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py index 043f629ce53..3d1aa7a23a7 100755 --- a/source4/scripting/python/samba/upgradehelpers.py +++ b/source4/scripting/python/samba/upgradehelpers.py @@ -266,11 +266,11 @@ def newprovision(names, creds, session, smbconf, provdir, logger): invocationid=names.invocation, adminpass=names.adminpass, krbtgtpass=None, machinepass=None, dnspass=None, root=None, nobody=None, wheel=None, users=None, - serverrole="domain controller", ldap_backend_extra_port=None, + serverrole="domain controller", backend_type=None, ldapadminpass=None, ol_mmr_urls=None, - slapd_path=None, setup_ds_path=None, nosync=None, + slapd_path=None, dom_for_fun_level=names.domainlevel, dns_backend=dns_backend, - ldap_dryrun_mode=None, useeadb=True) + useeadb=True) def dn_sort(x, y): diff --git a/source4/setup/provision b/source4/setup/provision index bae86ee658d..1d847decef9 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -102,14 +102,9 @@ parser.add_option("--users", type="string", metavar="GROUPNAME", parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") -parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT", - help="Additional TCP port for LDAP backend server (to use for replication)") -parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI", - help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic") parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", - help="LDAP backend type (fedora-ds or openldap)", + help="Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USE", choices=["fedora-ds", "openldap"]) -parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true") parser.add_option("--server-role", type="choice", metavar="ROLE", choices=["domain controller", "dc", "member server", "member", "standalone"], help="The server role (domain controller | dc | member server | member | standalone). Default is dc.") @@ -126,10 +121,7 @@ parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", help="List of LDAP-URLS [ ldap://:/ (where has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"") parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH", help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.") -parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH", - help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.") parser.add_option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto") -parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true") opts = parser.parse_args()[0] @@ -248,16 +240,6 @@ elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"): "If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.") file.close() - -if opts.ldap_backend_type == "existing": - if opts.ldap_backend_forced_uri is not None: - logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri) - else: - logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location") -else: - if opts.ldap_backend_forced_uri is not None: - logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri) - session = system_session() try: provision(logger, @@ -273,12 +255,9 @@ try: dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, wheel=opts.wheel, users=opts.users, serverrole=server_role, dom_for_fun_level=dom_for_fun_level, - ldap_backend_extra_port=opts.ldap_backend_extra_port, - ldap_backend_forced_uri=opts.ldap_backend_forced_uri, backend_type=opts.ldap_backend_type, ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls, - slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path, - nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode, + slapd_path=opts.slapd_path, useeadb=eadb, next_rid=opts.next_rid, lp=lp) except ProvisioningError, e: print str(e) diff --git a/source4/setup/tests/blackbox_provision-backend.sh b/source4/setup/tests/blackbox_provision-backend.sh index 58fde634697..96ff753ace4 100755 --- a/source4/setup/tests/blackbox_provision-backend.sh +++ b/source4/setup/tests/blackbox_provision-backend.sh @@ -12,13 +12,13 @@ shift 1 . `dirname $0`/../../../testprogs/blackbox/subunit.sh -testit "openldap-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null -testit "openldap-mmr-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --ldap-dryrun-mode --slapd-path=/dev/null --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux -testit "fedora-ds-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null +testit "openldap-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null +testit "openldap-mmr-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --slapd-path=/dev/null --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux +testit "fedora-ds-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null reprovision() { - $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null - $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null + $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --slapd-path=/dev/null + $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --slapd-path=/dev/null } testit "reprovision-backend" reprovision -- 2.34.1