s4-s3upgrade: Force ldapsam:trusted = yes

While this setting is not the default in Samba3, any domain that is
in a suitable condition to upgrade to Samba4 should already be in the
layout that ldapsam:trusted uses.  It can be turned off by setting
ldapsam:trusted=false in the smb.conf.

Many upgrades to Samba4 happen on a different host to the old Samba3 domain
and this avoids the need to configure nss_ldap only for the duration of
the upgrade.

Andrew Bartlett

diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index ce9683e1274bb07abf22d3ec794bb8075cfa0cdf..7d6930681fc3aa9f716f8f65f2c6aa8150c42e1e 100644 (file)
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -469,6 +469,9 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None, useeadb=Fa
     realm = samba3.lp.get("realm")
     netbiosname = samba3.lp.get("netbios name")
 
+    if samba3.lp.get("ldapsam:trusted") is None:
+        samba3.lp.set("ldapsam:trusted", "yes")
+
     # secrets db
     try:
         secrets_db = samba3.get_secrets_db()