From fbc5696e38754b6014875c231edd5f56479e134b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Thu, 5 Nov 2009 11:15:55 -0600 Subject: s4:provision - Added initial implementation of FDSBackend and OpenLDAPBackend. --- source4/scripting/python/samba/provision.py | 42 ++++++++++++--- source4/scripting/python/samba/provisionbackend.py | 63 ++++++++++++---------- 2 files changed, 68 insertions(+), 37 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 98f9298cf4a..012481bc780 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -52,7 +52,7 @@ import urllib from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError from ms_display_specifiers import read_ms_ldif from schema import Schema -from provisionbackend import ProvisionBackend +from provisionbackend import ProvisionBackend, FDSBackend, OpenLDAPBackend from signal import SIGTERM from dcerpc.misc import SEC_CHAN_BDC, SEC_CHAN_WKSTA @@ -623,7 +623,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, backend_modules = ["nsuniqueid", "paged_searches"] # We can handle linked attributes here, as we don't have directory-side subtree operations tdb_modules_list = ["extended_dn_out_fds"] - elif ldap_backend.ldap_backend_type == "openldap": + elif provision_backend.ldap_backend_type == "openldap": backend_modules = ["entryuuid", "paged_searches"] # OpenLDAP handles subtree renames, so we don't want to do any of these things tdb_modules_list = ["extended_dn_out_openldap"] @@ -1233,7 +1233,36 @@ def provision(setup_dir, message, session_info, schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn) - provision_backend = ProvisionBackend(backend_type, + if backend_type == "fedora-ds": + provision_backend = FDSBackend(backend_type, + paths=paths, setup_path=setup_path, + lp=lp, credentials=credentials, + names=names, + message=message, hostname=hostname, + root=root, schema=schema, + ldapadminpass=ldapadminpass, + ldap_backend_extra_port=ldap_backend_extra_port, + ol_mmr_urls=ol_mmr_urls, + slapd_path=slapd_path, + setup_ds_path=setup_ds_path, + ldap_dryrun_mode=ldap_dryrun_mode, + domainsid=domainsid) + elif backend_type == "openldap": + provision_backend = OpenLDAPBackend(backend_type, + paths=paths, setup_path=setup_path, + lp=lp, credentials=credentials, + names=names, + message=message, hostname=hostname, + root=root, schema=schema, + ldapadminpass=ldapadminpass, + ldap_backend_extra_port=ldap_backend_extra_port, + ol_mmr_urls=ol_mmr_urls, + slapd_path=slapd_path, + setup_ds_path=setup_ds_path, + ldap_dryrun_mode=ldap_dryrun_mode, + domainsid=domainsid) + else: + provision_backend = ProvisionBackend(backend_type, paths=paths, setup_path=setup_path, lp=lp, credentials=credentials, names=names, @@ -1365,11 +1394,8 @@ def provision(setup_dir, message, session_info, realm=names.realm) message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf) - if provision_backend.post_setup is not None: - provision_backend.post_setup() - - if provision_backend.shutdown is not None: - provision_backend.shutdown() + provision_backend.post_setup() + provision_backend.shutdown() create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, ldapi_url) diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py index f809202568b..438ab2e59cf 100644 --- a/source4/scripting/python/samba/provisionbackend.py +++ b/source4/scripting/python/samba/provisionbackend.py @@ -26,6 +26,7 @@ """Functions for setting up a Samba configuration (LDB and LDAP backends).""" from base64 import b64encode +import ldb import os import sys import uuid @@ -70,15 +71,13 @@ class ProvisionBackend(object): self.paths = paths self.slapd_command = None self.slapd_command_escaped = None + self.names = names self.type = backend_type # Set a default - the code for "existing" below replaces this self.ldap_backend_type = backend_type - self.post_setup = None - self.shutdown = None - if self.type is "ldb": self.credentials = None self.secrets_credentials = None @@ -155,22 +154,6 @@ class ProvisionBackend(object): self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS) - def ldap_backend_shutdown(self): - # if an LDAP backend is in use, terminate slapd after final provision and check its proper termination - if self.slapd.poll() is None: - #Kill the slapd - if hasattr(self.slapd, "terminate"): - self.slapd.terminate() - else: - # Older python versions don't have .terminate() - import signal - os.kill(self.slapd.pid, signal.SIGTERM) - - #and now wait for it to die - self.slapd.communicate() - - self.shutdown = ldap_backend_shutdown - if self.type == "fedora-ds": provision_fds_backend(self, setup_path=setup_path, names=names, message=message, @@ -225,6 +208,31 @@ class ProvisionBackend(object): raise ProvisioningError("slapd died before we could make a connection to it") + def shutdown(self): + pass + + def post_setup(self): + pass + + +class LDAPBackend(ProvisionBackend): + def shutdown(self): + # if an LDAP backend is in use, terminate slapd after final provision and check its proper termination + if self.slapd.poll() is None: + #Kill the slapd + if hasattr(self.slapd, "terminate"): + self.slapd.terminate() + else: + # Older python versions don't have .terminate() + import signal + os.kill(self.slapd.pid, signal.SIGTERM) + + #and now wait for it to die + self.slapd.communicate() + + +class OpenLDAPBackend(LDAPBackend): + pass def provision_openldap_backend(result, setup_path=None, names=None, message=None, @@ -588,8 +596,9 @@ def provision_fds_backend(result, setup_path=None, names=None, if retcode != 0: raise("ldib2db failed") - # Leave a hook to do the 'post initilisation' setup - def fds_post_setup(self): + +class FDSBackend(LDAPBackend): + def post_setup(self): ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials) # delete default SASL mappings @@ -600,20 +609,16 @@ def provision_fds_backend(result, setup_path=None, names=None, dn = str(res[i]["dn"]) ldapi_db.delete(dn) - aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % names.sambadn + aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.names.sambadn m = ldb.Message() m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci") - m.dn = ldb.Dn(1, names.domaindn) + m.dn = ldb.Dn(1, self.names.domaindn) ldapi_db.modify(m) - m.dn = ldb.Dn(1, names.configdn) + m.dn = ldb.Dn(1, self.names.configdn) ldapi_db.modify(m) - m.dn = ldb.Dn(1, names.schemadn) + m.dn = ldb.Dn(1, self.names.schemadn) ldapi_db.modify(m) - - result.post_setup = fds_post_setup - - -- cgit