summaryrefslogtreecommitdiffstats
path: root/source4/setup
Commit message (Collapse)AuthorAgeFilesLines
* Updates to the recent cn=config support for the OpenLDAP backendOliver Liebel2009-02-252-13/+3
| | | | | | | | | | | | - removed workaround for olcSyncprovConfig - creation (works perfect now with 2.4.15, release was today) - added 1 message-helpline, which is displayed when running provision-backend with olc and/or mmr setup - corrected 1 wrong slapcommand-helpline - slapd.conf is removed now in case of olc-setup - added 1 copyright-line to provision.py and provision-backend Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Added mmr and olc to the OpenLDAP backend provisioning-scriptsOliver Liebel2009-02-2412-22/+78
| | | | | | | | | | | | | | | | | | | | | | | These extensions add mmr (multi-master-replication) and olc (openldap-online-configuration) capabilities to the provisioning-scripts (provision-backend and provision.py), for use with the openldap-backend (only versions >=2.4.15!). Changes / additions made to the provision-backend -script: added new command-line-options: --ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr (can be combined with --ol-olc=yes), --ol-olc=[yes/no] (activate automatic conversion from static slapd.conf to olc), --ol-slaptest=<path to slaptest binary> (needed in conjunction with --ol-olc=yes) Changes / additions made to the provision.py -script: added extensions, that will automatically generate the chosen mmr and/or olc setup for the openldap backend, according to the to chosen parameters set in the provision-backend script Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Use convenience function for finding setup_dir based on location ofJelmer Vernooij2009-02-113-5/+6
| | | | python module.
* --interactive doesn't take any argument.Jelmer Vernooij2009-02-111-1/+1
|
* Use script path to find the setup directory.Jelmer Vernooij2009-01-213-3/+3
|
* Make sure server_role gets initialized in backend provisioning code -Jelmer Vernooij2009-01-192-2/+2
| | | | fixes test.
* Don't give fatal python errors when guessing the realmAndrew Bartlett2009-01-191-2/+12
|
* Add copyright headers.Jelmer Vernooij2009-01-163-14/+53
|
* Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij2009-01-052-1/+6
|\
| * More work to have OpenLDAP accept the full AD schemaAndrew Bartlett2009-01-052-1/+6
| | | | | | | | | | | | | | | | | | | | We need to avoid handling DN+Binary and DN+String with the refint module for now, as this is a currently unsupported syntax. Also rename entryTTL to avoid a conflict with the operational attribute of the same name. Andrew Bartlett
* | Use fqdn rather than gethostname when guessing realm.Jelmer Vernooij2009-01-051-1/+1
|/
* Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij2008-12-212-2/+2
|
* Move tests for ParamFile.Jelmer Vernooij2008-12-211-1/+1
|
* Fix various Python-related bugs.Jelmer Vernooij2008-12-211-1/+2
|
* Corrections to Microsoft's schema and the OpenLDAP mapping fileAndrew Bartlett2008-12-202-0/+63
|
* Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij2008-12-198-45/+24
|\
| * Fix errors in MS-AD_Schema_Attributes_v20080618.txtSreepathi Pai2008-12-192-36/+9
| | | | | | | | | | | | | | | | | | | | - Remove spurious line breaks - Add missing attributeId from docs - Remove incorrect multiple values of systemFlags - Fix duplicate attributeId - Fix schemaIdGuid syntax Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * Here's the prefixMap from w2k8.Stefan (metze) Metzmacher2008-12-191-2/+9
| | | | | | | | | | | | | | | | | | We need to move 1.3.6.1.4.1.7165.4.1 and 1.3.6.1.4.1.7165.4.2 to the end...(if we still need them, which we should avoid) metze Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * Move aggregate schema stub to it's own fileAndrew Bartlett2008-12-192-3/+3
| | | | | | | | | | | | | | This should make it easier to import just the schema entries from the WSPP docs. Andrew Bartlett
| * s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference ↵Andrew Bartlett2008-12-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | depending on the backend This just changes the existing stratagy of loading different modules for the OpenLDAP backend to also include extended_dn_out_* When we provision the OpenLDAP backend, we make sure to include the 'deref' overlay (which must be made available by the OpenLDAP build) Signed-off-by: Stefan Metzmacher <metze@samba.org>
| * s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-DomainAndrew Bartlett2008-12-171-1/+1
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
| * s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}Andrew Bartlett2008-12-171-3/+0
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* | Avoid use of parentheses in Python import statements, as it's not supported ↵Jelmer Vernooij2008-12-192-4/+2
|/ | | | by Python2.3.
* s4/provision: Upper case default realm, use only first part of realm as ↵Jelmer Vernooij2008-12-161-2/+2
| | | | default domain name.
* Add interactive flag to setup/provision (also the default when no arguments ↵Jelmer Vernooij2008-12-111-2/+27
| | | | are given).
* Add AD schema from Microsoft's WSPP documentation.Andrew Bartlett2008-12-103-0/+19124
| | | | | | | | | This schema is *NOT* licenced under a standard Free Software licence, but does provide us the freedoms we need to use the schema, and the requirement to distribute as 'part of an implemenation' is similar to common Free font licences that are accepted by major linux distributions. Andrew Bartlett
* Don't treat the DN+binary syntax as a DN.Andrew Bartlett2008-12-022-4/+4
| | | | This should fix the OpenLDAP backend
* Don't create LanMan Directory Replication Service key (bug 4934).Jelmer Vernooij2008-10-301-4/+0
|
* Mark clearTextPassword as a privilaged attributeAndrew Bartlett2008-10-201-0/+1
|
* Fix blackbox tests on IPv6-only hosts.Jelmer Vernooij2008-10-201-2/+2
|
* Transform the sequence_number operation into a normal extended operation as ↵Simo Sorce2008-10-161-0/+2
| | | | it should always have been. Make it also async so that it is not a special case.
* s4:setup: add wellknownObjects to the domain objectStefan Metzmacher2008-10-021-0/+8
| | | | metze
* Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell2008-09-301-1/+1
|\
| * Use the new 'samba4' name for our internal hdb plugin.Andrew Bartlett2008-09-291-1/+1
| |
* | added some more well known SIDs - thanks to the WSPP LSAT test suiteAndrew Tridgell2008-09-291-0/+60
|/
* s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updatesStefan Metzmacher2008-09-291-0/+2
| | | | | | | We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze
* Make it clear that the MMR password can differ from the admin passswordAndrew Bartlett2008-09-081-1/+1
| | | | | | | | | In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
* Use DIGEST-MD5 authentication for OpenLDAP replicationOliver Liebel2008-09-083-6/+19
| | | | | | | | This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
* Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into ↵Andrew Bartlett2008-09-082-1/+57
|\ | | | | | | | | | | trusted-domains (This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
| * Add a setexpiry operation in samdb.pyAndrew Tridgell2008-08-301-1/+13
| | | | | | | | | | This makes it easy to set the expiry (or no expiry) for a samdb user (This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
| * added a simple script for setting password expiryAndrew Tridgell2008-08-301-0/+44
| | | | | | | | (This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
* | Remove <tab> in OpenLDAP MMR configOliver Liebel2008-09-061-1/+0
|/ | | | | Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
* now that ldap integers are 32 bit, we need to put the right 32 bitAndrew Tridgell2008-08-221-19/+19
| | | | | | value in for group type to avoid sign extension, otherwise we don't find the builtin groups (This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)
* The index handling is now configured from the schema load, not by aAndrew Bartlett2008-08-211-19/+0
| | | | | | | template. Andrew Bartlett (This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)
* Apply attributes (and their syntax) from the schema into ldbAndrew Bartlett2008-08-201-0/+7
| | | | | | | | This changes the @ATTRIBUTES record to be for bootstrapping only, before we find the schema. Andrew Bartlett (This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)
* Update OpenLDAP MMR configuration per comments by Oliver LiebelAndrew Bartlett2008-08-201-1/+1
| | | | | | | | | | | | <oliver@itc.li> This changes the RIDs to be <serverID><DBID>, to ease later debugging. The need to specify the port on the MMR URLs is now included in the help. Andrew Bartlett (This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
* Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett2008-08-193-10/+13
|\ | | | | | | (This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)
| * Fix templates.ldb reprovision handling.Andrew Bartlett2008-08-192-10/+10
| | | | | | | | | | | | | | | | This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)
| * Merge the two attribute syntax tables.Andrew Bartlett2008-08-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | This merges the table once found in the oLschema2ldif tool (and moved many times) with the table used for DRSUAPI. The OpenLDAP schema map has been updated, to ensure that despite a number of attributes being declared as OIDs, they are actually used as strings (as they are actually LDAP class/attribute names). Andrew Bartlett (This used to be commit 61f2958c84beeedcf369ccdc02afed0c8055b108)
* | Fix up new OpenLDAP MMR code.Andrew Bartlett2008-08-194-6/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the MMR password from hard-coded value of 'linux', adds tests and fixes the Fedora DS backend. Currently the MMR password matches the admin password, but we can change this to be another random value if required. Also require the port to be specified on the command line, so we don't hard-code a port of 9000. Andrew Bartlett (This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)
generated by cgit (git 2.34.1) at 2025-08-28 20:41:47 +0000