The branch, v4-0-test has been updated via f6dbdf34e8a790f460b705100e45ee3928b6b1b3 (commit) via ffb12aad8a80bb90d66dc66baba81b856622a6bb (commit) via 35148fd51f22d81fe9f590b7d6f13285c35656a7 (commit) via d822dfa017b84895222ace8c44935fb872930548 (commit) from d427cf4fa67e84ccdece9a3fb31d8e89379a86e7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit f6dbdf34e8a790f460b705100e45ee3928b6b1b3 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Jan 18 13:30:20 2008 +1100 Don't manually specify instanceID in the template files. The instanceid module creates this automaticlly, so we don't need this any more. Andrew Bartlett commit ffb12aad8a80bb90d66dc66baba81b856622a6bb Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Jan 18 13:28:52 2008 +1100 Use syncrepl on all OpenLDAP databases (creates contextCSN attribute) This module needs to be loaded on each database, not just the main partition. We use it to create the usn for the entries. Andrew Bartlett commit 35148fd51f22d81fe9f590b7d6f13285c35656a7 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Jan 18 13:27:05 2008 +1100 Search for memberOf when clients ask for a wildcard against OpenLDAP The memberOf module in OpenLDAP make this attribute operational, so we need to add it here or clients won't get it when using *. Andrew Bartlett commit d822dfa017b84895222ace8c44935fb872930548 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Jan 18 13:25:01 2008 +1100 Remove --ldap-base from the python provision script (This is a merge from the ejs script) Andrew Bartlett ----------------------------------------------------------------------- Summary of changes: source/dsdb/samdb/ldb_modules/simple_ldap_map.c | 1 + source/scripting/python/samba/provision.py | 32 -------------------- source/setup/display_specifiers.ldif | 2 - source/setup/provision.ldif | 8 ----- source/setup/provision.py | 10 +----- source/setup/provision_computers_modify.ldif | 3 -- source/setup/provision_configuration.ldif | 12 ------- .../provision_configuration_basedn_modify.ldif | 6 ---- source/setup/provision_schema_basedn_modify.ldif | 3 -- source/setup/provision_self_join.ldif | 2 - source/setup/provision_templates.ldif | 1 - source/setup/provision_users.ldif | 3 -- source/setup/provision_users_modify.ldif | 3 -- source/setup/slapd.conf | 12 +++++++ 14 files changed, 15 insertions(+), 83 deletions(-) Changeset truncated at 500 lines: diff --git a/source/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source/dsdb/samdb/ldb_modules/simple_ldap_map.c index 6e66d07..acf2fd6 100644 --- a/source/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -448,6 +448,7 @@ static const char * const entryuuid_wildcard_attributes[] = { "whenChanged", "usnCreated", "usnChanged", + "memberOf", NULL }; diff --git a/source/scripting/python/samba/provision.py b/source/scripting/python/samba/provision.py index 1607cb3..d59cea1 100644 --- a/source/scripting/python/samba/provision.py +++ b/source/scripting/python/samba/provision.py @@ -180,12 +180,6 @@ def provision_paths_from_lp(lp, dnsdomain): paths.dns_keytab = os.path.join(private_dir, "dns.keytab") paths.dns = os.path.join(private_dir, dnsdomain + ".zone") paths.winsdb = os.path.join(private_dir, "wins.ldb") - paths.ldap_basedn_ldif = os.path.join(private_dir, - dnsdomain + ".ldif") - paths.ldap_config_basedn_ldif = os.path.join(private_dir, - dnsdomain + "-config.ldif") - paths.ldap_schema_basedn_ldif = os.path.join(private_dir, - dnsdomain + "-schema.ldif") paths.s4_ldapi_path = os.path.join(private_dir, "ldapi") paths.phpldapadminconfig = os.path.join(private_dir, "phpldapadmin-config.php") @@ -465,7 +459,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), { "DOMAINDN": domaindn, "ACI": aci, - "EXTENSIBLEOBJECT": "# no objectClass: extensibleObject for local ldb", "RDN_DC": rdn_dc, }) @@ -823,31 +816,6 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, }) -def provision_ldapbase(setup_dir, message, paths): - """Write out a DNS zone file, from the info in the current database.""" - message("Setting up LDAP base entry: %s" % domaindn) - rdns = domaindn.split(",") - - rdn_dc = rdns[0][len("DC="):] - - def setup_path(file): - return os.path.join(setup_dir, file) - - setup_file(setup_path("provision_basedn.ldif"), - paths.ldap_basedn_ldif) - - setup_file(setup_path("provision_configuration_basedn.ldif"), - paths.ldap_config_basedn_ldif) - - setup_file(setup_path("provision_schema_basedn.ldif"), - paths.ldap_schema_basedn_ldif, { - "SCHEMADN": schemadn, - "ACI": "# no aci for local ldb", - "EXTENSIBLEOBJECT": "objectClass: extensibleObject"}) - - message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server") - - def load_schema(setup_path, samdb, schemadn, netbiosname, configdn): """Load schema. diff --git a/source/setup/display_specifiers.ldif b/source/setup/display_specifiers.ldif index b76955a..574912b 100644 --- a/source/setup/display_specifiers.ldif +++ b/source/setup/display_specifiers.ldif @@ -2,14 +2,12 @@ dn: CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container showInAdvancedViewOnly: TRUE -instanceType: 4 dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 name: 409 -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} diff --git a/source/setup/provision.ldif b/source/setup/provision.ldif index c6b07c5..5e15bf3 100644 --- a/source/setup/provision.ldif +++ b/source/setup/provision.ldif @@ -3,7 +3,6 @@ objectClass: top objectClass: organizationalUnit cn: Domain Controllers description: Default container for domain controllers -instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -13,7 +12,6 @@ objectClass: top objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains -instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -23,7 +21,6 @@ objectClass: top objectClass: container cn: System description: Builtin system settings -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -32,7 +29,6 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectclass: top objectclass: rIDManager cn: RID Manager$ -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -43,14 +39,12 @@ dn: CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: DomainUpdates -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: Windows2003Update -instanceType: 4 showInAdvancedViewOnly: TRUE revision: 8 @@ -58,7 +52,6 @@ dn: CN=Infrastructure,${DOMAINDN} objectclass: top objectclass: infrastructureUpdate cn: Infrastructure -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -68,7 +61,6 @@ dn: CN=Builtin,${DOMAINDN} objectClass: top objectClass: builtinDomain cn: Builtin -instanceType: 4 showInAdvancedViewOnly: FALSE forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 diff --git a/source/setup/provision.py b/source/setup/provision.py index e166d5f..88015ce 100755 --- a/source/setup/provision.py +++ b/source/setup/provision.py @@ -34,7 +34,7 @@ from auth import system_session import samba.getopt as options import param from samba.provision import (provision, - provision_paths_from_lp, provision_ldapbase) + provision_paths_from_lp) parser = optparse.OptionParser("provision [options]") parser.add_option_group(options.SambaOptions(parser)) @@ -81,9 +81,6 @@ parser.add_option("--users", type="string", metavar="GROUPNAME", parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") -parser.add_option("--ldap-base", - help="output only an LDIF file, suitable for creating an LDAP baseDN", - action="store_true") parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", help="LDAP server to use for this provision") parser.add_option("--ldap-module=", type="string", metavar="MODULE", @@ -152,10 +149,7 @@ creds = credopts.get_credentials() setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -if opts.ldap_base: - provision_ldapbase(setup_dir, message, paths) - message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) -elif opts.partitions_only: +if opts.partitions_only: provision_become_dc(setup_dir, message, False, paths, lp, system_session(), creds) else: diff --git a/source/setup/provision_computers_modify.ldif b/source/setup/provision_computers_modify.ldif index b7502e5..3bb4074 100644 --- a/source/setup/provision_computers_modify.ldif +++ b/source/setup/provision_computers_modify.ldif @@ -3,9 +3,6 @@ changetype: modify replace: description description: Default container for upgraded computer accounts - -replace: instanceType -instanceType: 4 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - diff --git a/source/setup/provision_configuration.ldif b/source/setup/provision_configuration.ldif index 050f110..750fa13 100644 --- a/source/setup/provision_configuration.ldif +++ b/source/setup/provision_configuration.ldif @@ -5,7 +5,6 @@ dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer cn: Partitions -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 msDS-Behavior-Version: 0 @@ -15,7 +14,6 @@ dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Configuration -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${CONFIGDN} @@ -25,7 +23,6 @@ dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Schema -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${SCHEMADN} @@ -35,7 +32,6 @@ dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: ${DOMAIN} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 3 nCName: ${DOMAINDN} @@ -46,7 +42,6 @@ dn: CN=Sites,${CONFIGDN} objectClass: top objectClass: sitesContainer cn: Sites -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -54,7 +49,6 @@ dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: site cn: ${DEFAULTSITE} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -62,7 +56,6 @@ dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: serversContainer cn: Servers -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -70,7 +63,6 @@ dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Services -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 @@ -78,14 +70,12 @@ dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Windows NT -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: nTDSService cn: Directory Service -instanceType: 4 showInAdvancedViewOnly: TRUE sPNMappings: host=ldap,dns,cifs,http @@ -93,14 +83,12 @@ dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Query-Policies -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: queryPolicy cn: Default Query Policy -instanceType: 4 showInAdvancedViewOnly: TRUE lDAPAdminLimits: MaxValRange=1500 lDAPAdminLimits: MaxReceiveBuffer=10485760 diff --git a/source/setup/provision_configuration_basedn_modify.ldif b/source/setup/provision_configuration_basedn_modify.ldif index 46ba4e9..a72f2c8 100644 --- a/source/setup/provision_configuration_basedn_modify.ldif +++ b/source/setup/provision_configuration_basedn_modify.ldif @@ -3,14 +3,8 @@ ############################### dn: ${CONFIGDN} changetype: modify -replace: instanceType -instanceType: 13 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - -replace: objectCategory -objectCategory: CN=Configuration,${SCHEMADN} -- replace: subRefs subRefs: ${SCHEMADN} diff --git a/source/setup/provision_schema_basedn_modify.ldif b/source/setup/provision_schema_basedn_modify.ldif index 92c5cf1..986f0d6 100644 --- a/source/setup/provision_schema_basedn_modify.ldif +++ b/source/setup/provision_schema_basedn_modify.ldif @@ -3,9 +3,6 @@ ############################### dn: ${SCHEMADN} changetype: modify -replace: instanceType -instanceType: 13 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - diff --git a/source/setup/provision_self_join.ldif b/source/setup/provision_self_join.ldif index 06230e8..1caa621 100644 --- a/source/setup/provision_self_join.ldif +++ b/source/setup/provision_self_join.ldif @@ -43,7 +43,6 @@ dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: server cn: ${NETBIOSNAME} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1375731712 dNSHostName: ${DNSNAME} @@ -55,7 +54,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings options: 1 -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 33554432 dMDLocation: ${SCHEMADN} diff --git a/source/setup/provision_templates.ldif b/source/setup/provision_templates.ldif index 8797efa..04eaabc 100644 --- a/source/setup/provision_templates.ldif +++ b/source/setup/provision_templates.ldif @@ -66,7 +66,6 @@ sAMAccountType: 268435456 # # dn: CN=TemplateAlias,CN=Templates # cn: TemplateAlias -# instanceType: 4 # groupType: -2147483644 # sAMAccountType: 268435456 diff --git a/source/setup/provision_users.ldif b/source/setup/provision_users.ldif index 7c1a438..3e6f717 100644 --- a/source/setup/provision_users.ldif +++ b/source/setup/provision_users.ldif @@ -134,7 +134,6 @@ objectClass: top objectClass: group cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users -instanceType: 4 objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 536870912 @@ -307,7 +306,6 @@ objectClass: top objectClass: group cn: Server Operators description: Members can administer domain servers -instanceType: 4 objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -327,7 +325,6 @@ objectClass: top objectClass: group cn: Account Operators description: Members can administer domain user and group accounts -instanceType: 4 objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators diff --git a/source/setup/provision_users_modify.ldif b/source/setup/provision_users_modify.ldif index 42dff07..06954c4 100644 --- a/source/setup/provision_users_modify.ldif +++ b/source/setup/provision_users_modify.ldif @@ -3,9 +3,6 @@ changetype: modify replace: description description: Default container for upgraded user accounts - -replace: instanceType -instanceType: 4 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - diff --git a/source/setup/slapd.conf b/source/setup/slapd.conf index e4e86ee..83f4da3 100644 --- a/source/setup/slapd.conf +++ b/source/setup/slapd.conf @@ -34,6 +34,12 @@ index lDAPDisplayName eq index subClassOf eq index cn eq +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 + database hdb suffix ${CONFIGDN} directory ${LDAPDIR}/db/config @@ -48,6 +54,12 @@ index dnsRoot eq index nETBIOSName eq index cn eq +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 + database hdb suffix ${DOMAINDN} rootdn ${LDAPMANAGERDN} -- Samba Shared Repository