smbconf = ctx.lp.configfile
- presult = provision(ctx.logger, system_session(), None, smbconf=smbconf,
+ presult = provision(ctx.logger, system_session(), smbconf=smbconf,
targetdir=ctx.targetdir, samdb_fill=FILL_DRS, realm=ctx.realm,
rootdn=ctx.root_dn, domaindn=ctx.base_dn,
schemadn=ctx.schema_dn, configdn=ctx.config_dn,
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
- "credopts": options.CredentialsOptions,
}
takes_options = [
takes_args = []
- def run(self, sambaopts=None, credopts=None, versionopts=None,
+ def run(self, sambaopts=None, versionopts=None,
interactive=None,
domain=None,
domain_guid=None,
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
- creds = credopts.get_credentials(lp)
-
- creds.set_kerberos_state(DONT_USE_KERBEROS)
-
if dns_forwarder is not None:
suggested_forwarder = dns_forwarder
else:
session = system_session()
try:
result = provision(self.logger,
- session, creds, smbconf=smbconf, targetdir=targetdir,
+ session, smbconf=smbconf, targetdir=targetdir,
samdb_fill=samdb_fill, realm=realm, domain=domain,
domainguid=domain_guid, domainsid=domain_sid,
hostname=host_name,
samdb.transaction_commit()
-def provision(logger, session_info, credentials, smbconf=None,
+def provision(logger, session_info, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domaindn=None, schemadn=None, configdn=None, serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
if backend_type == "ldb":
provision_backend = LDBBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger)
elif backend_type == "existing":
# If support for this is ever added back, then the URI will need to be
# specified again
provision_backend = ExistingBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger,
ldap_backend_forced_uri=ldap_backend_forced_uri)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
slapd_path=slapd_path,
root=root)
elif backend_type == "openldap":
provision_backend = OpenLDAPBackend(backend_type, paths=paths,
- lp=lp, credentials=credentials,
+ lp=lp,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls,
logger.info("Setting up secrets.ldb")
secrets_ldb = setup_secretsdb(paths,
session_info=session_info,
- backend_credentials=provision_backend.secrets_credentials, lp=lp)
+ backend_credentials=provision_backend.credentials, lp=lp)
try:
logger.info("Setting up the registry")
logger = logging.getLogger("provision")
samba.set_debug_level(debuglevel)
- res = provision(logger, system_session(), None,
+ res = provision(logger, system_session(),
smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
configdn=configdn, serverdn=serverdn, domain=domain,
class LDAPBackendResult(BackendResult):
- def __init__(self, credentials, slapd_command_escaped, ldapdir):
- self.credentials = credentials
+ def __init__(self, slapd_command_escaped, ldapdir):
self.slapd_command_escaped = slapd_command_escaped
self.ldapdir = ldapdir
def report_logger(self, logger):
- if self.credentials.get_bind_dn() is not None:
- logger.info("LDAP Backend Admin DN: %s" %
- self.credentials.get_bind_dn())
- else:
- logger.info("LDAP Admin User: %s" %
- self.credentials.get_username())
-
if self.slapd_command_escaped is not None:
# now display slapd_command_file.txt to show how slapd must be
# started next time
class ProvisionBackend(object):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None):
+ names=None, logger=None):
"""Provision a backend for samba4"""
self.paths = paths
self.lp = lp
- self.credentials = credentials
+ self.credentials = None
self.names = names
self.logger = logger
def init(self):
self.credentials = None
- self.secrets_credentials = None
# Wipe the old sam.ldb databases away
shutil.rmtree(self.paths.samdb + ".d", True)
class ExistingBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, ldapi_uri=None):
+ names=None, logger=None, ldapi_uri=None):
super(ExistingBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
ldap_backend_forced_uri=ldapi_uri)
def init(self):
ldapi_db.search(base="", scope=SCOPE_BASE,
expression="(objectClass=OpenLDAProotDSE)")
- # If we have got here, then we must have a valid connection to the LDAP
- # server, with valid credentials supplied This caused them to be set
- # into the long-term database later in the script.
- self.secrets_credentials = self.credentials
-
-
- # For now, assume existing backends at least emulate OpenLDAP
+ # For now, assume existing backends at least emulate OpenLDAP
self.ldap_backend_type = "openldap"
class LDAPBackend(ProvisionBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
+ names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None,
slapd_path=None, ldap_backend_extra_port=None,
ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
super(LDAPBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger)
+ names=names, logger=logger)
self.domainsid = domainsid
self.schema = schema
self.credentials = Credentials()
self.credentials.guess(self.lp)
- # Kerberos to an ldapi:// backend makes no sense
+ # Kerberos to an ldapi:// backend makes no sense (we also force EXTERNAL)
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
+ self.credentials.set_username("samba-admin")
self.credentials.set_password(self.ldapadminpass)
self.credentials.set_forced_sasl_mech("EXTERNAL")
- self.secrets_credentials = Credentials()
- self.secrets_credentials.guess(self.lp)
- # Kerberos to an ldapi:// backend makes no sense
- self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS)
- self.secrets_credentials.set_username("samba-admin")
- self.secrets_credentials.set_password(self.ldapadminpass)
- self.secrets_credentials.set_forced_sasl_mech("EXTERNAL")
-
self.provision()
def provision(self):
from samba.provision import setup_path
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
self.slapd_command.append(uris)
- # Set the username - done here because Fedora DS still uses the admin
- # DN and simple bind
- self.credentials.set_username("samba-admin")
-
# Wipe the old sam.ldb databases away
shutil.rmtree(self.olcdir, True)
os.makedirs(self.olcdir, 0770)
class FDSBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
- credentials=None, names=None, logger=None, domainsid=None,
+ names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
ldap_backend_extra_port=None, ldap_dryrun_mode=False, root=None,
setup_ds_path=None):
super(FDSBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
- credentials=credentials, names=names, logger=logger,
+ names=names, logger=logger,
domainsid=domainsid, schema=schema, hostname=hostname,
ldapadminpass=ldapadminpass, slapd_path=slapd_path,
ldap_backend_extra_port=ldap_backend_extra_port,
adminpass = None
# Do full provision
- result = provision(logger, session_info, None,
+ result = provision(logger, session_info,
targetdir=targetdir, realm=realm, domain=domainname,
domainsid=str(domainsid), next_rid=next_rid,
dc_rid=machinerid, adminpass = adminpass,
names.policyid_dc = None
-def newprovision(names, creds, session, smbconf, provdir, logger):
+def newprovision(names, session, smbconf, provdir, logger):
"""Create a new provision.
This provision will be the reference for knowing what has changed in the
shutil.rmtree(provdir)
os.mkdir(provdir)
logger.info("Provision stored in %s", provdir)
- return provision(logger, session, creds, smbconf=smbconf,
+ return provision(logger, session, smbconf=smbconf,
targetdir=provdir, samdb_fill=FILL_FULL, realm=names.realm,
domain=names.domain, domainguid=names.domainguid,
domainsid=str(names.domainsid), ntdsguid=names.ntdsguid,
message(SIMPLE, "Creating a reference provision")
provisiondir = tempfile.mkdtemp(dir=paths.private_dir,
prefix="referenceprovision")
- result = newprovision(names, creds, session, smbconf, provisiondir,
+ result = newprovision(names, session, smbconf, provisiondir,
provision_logger)
result.report_logger(provision_logger)
. `dirname $0`/../../../testprogs/blackbox/subunit.sh
testit "openldap-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
-testit "openldap-mmr-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
+testit "openldap-mmr-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --adminpass=linux --ldapadminpass=linux --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
testit "fedora-ds-backend" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null --use-ntvfs --ldap-dryrun-mode
reprovision() {
git.samba.org / obnox / samba / samba-obnox.git / commitdiff