diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-07-15 15:46:32 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-07-15 15:46:32 +1000 |
| commit | 0f1eea267257eff0d75a702ee0793a86834fb76a (patch) | |
| tree | c0c90a90d4718c32676671adabf76648fefbf229 | |
| parent | a6b842f9634cbeb4075c2bbaf7e49c19104602be (diff) | |
| download | samba-0f1eea267257eff0d75a702ee0793a86834fb76a.tar.gz samba-0f1eea267257eff0d75a702ee0793a86834fb76a.tar.xz samba-0f1eea267257eff0d75a702ee0793a86834fb76a.zip | |
Rework provision to handle both simple and SASL binds.
Fedora DS is still setup for simple binds only, at this point.
(it also fails on other issues).
Andrew Bartlett
(This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
| -rw-r--r-- | source4/scripting/python/samba/provision.py | 10 | ||||
| -rw-r--r-- | source4/selftest/target/Samba4.pm | 11 | ||||
| -rwxr-xr-x | source4/setup/provision-backend | 6 |
3 files changed, 15 insertions, 12 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index d0f612c7a82..f27cc17290f 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1300,9 +1300,6 @@ refint_attributes""" + refint_attributes + "\n" "UUID": str(uuid.uuid4()), "LDAPTIME": timestring(int(time.time()))} ) -#"LDAPMANAGERDN": names.ldapmanagerdn, - - mapping = "schema-map-openldap-2.3" backend_schema = "backend-schema.schema" @@ -1323,7 +1320,12 @@ refint_attributes""" + refint_attributes + "\n" message("Hostname: %s" % names.hostname) message("DNS Domain: %s" % names.dnsdomain) message("Base DN: %s" % names.domaindn) - message("LDAP admin DN: %s" % names.ldapmanagerdn) + + if ldap_backend_type == "openldap": + message("LDAP admin user: samba-admin") + else: + message("LDAP admin DN: %s" % names.ldapmanagerdn) + message("LDAP admin password: %s" % adminpass) message(slapdcommand) diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm index 0be1acf3714..896b0131055 100644 --- a/source4/selftest/target/Samba4.pm +++ b/source4/selftest/target/Samba4.pm @@ -571,7 +571,6 @@ sub provision($$$$$$) server max protocol = SMB2 notify:inotify = false ldb:nosync = true - system:anonymous = true #We don't want to pass our self-tests if the PAC code is wrong gensec:require_pac = true log level = $smbd_loglevel @@ -719,8 +718,7 @@ nogroup:x:65534:nobody push (@provision_options, "--krbtgtpass=krbtgt$password"); push (@provision_options, "--machinepass=machine$password"); push (@provision_options, "--root=$unix_name"); - push (@provision_options, "--username=samba-admin"); - push (@provision_options, "--password=$password"); + push (@provision_options, "--server-role=\"$server_role\""); my $ldap_uri= "$ldapdir/ldapi"; @@ -753,15 +751,18 @@ nogroup:x:65534:nobody if (defined($self->{ldap})) { push (@provision_options, "--ldap-backend=$ldap_uri"); - system("$self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$unix_name --realm=$realm --domain=$domain --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); + system("$self->{setupdir}/provision-backend $configuration --ldap-admin-pass=$password --root=$unix_name --realm=$realm --domain=$domain --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); + + push (@provision_options, "--password=$password"); if ($self->{ldap} eq "openldap") { + push (@provision_options, "--username=samba-admin"); ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories"); push (@provision_options, "--ldap-backend-type=openldap"); } elsif ($self->{ldap} eq "fedora-ds") { + push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn"); ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ldapdir, $configuration) or die("Unable to create fedora ds directories"); push (@provision_options, "--ldap-backend-type=fedora-ds"); - push (@provision_options, "'--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK'"); } $self->slapd_start($ret) or diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 54dc5839bfa..845dc8679a2 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -49,8 +49,8 @@ parser.add_option("--domain", type="string", metavar="DOMAIN", help="set domain") parser.add_option("--host-name", type="string", metavar="HOSTNAME", help="set hostname") -parser.add_option("--ldap-manager-pass", type="string", metavar="PASSWORD", - help="choose LDAP manager password (otherwise random)") +parser.add_option("--ldap-admin-pass", type="string", metavar="PASSWORD", + help="choose LDAP admin password (otherwise random)") parser.add_option("--root", type="string", metavar="USERNAME", help="choose 'root' unix username") parser.add_option("--quiet", help="Be quiet", action="store_true") @@ -96,7 +96,7 @@ if setup_dir is None: provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir, realm=opts.realm, domain=opts.domain, hostname=opts.host_name, - adminpass=opts.ldap_manager_pass, + adminpass=opts.ldap_admin_pass, root=opts.root, serverrole=server_role, ldap_backend_type=opts.ldap_backend_type, ldap_backend_port=opts.ldap_backend_port) |