def delta_update_basesamdb(refsampath, sampath, creds, session, lp, message):
"""Update the provision container db: sam.ldb
This function is aimed for alpha9 and newer;
:param refsampath: Path to the samdb in the reference provision
:param sampath: Path to the samdb in the upgraded provision
:param creds: Credential used for openning LDB files
:param session: Session to use for openning LDB files
:param lp: A loadparam object
:return: A msg_diff object with the difference between the @ATTRIBUTES
of the current provision and the reference provision
"""
message(SIMPLE,
"Update base samdb by searching difference with reference one")
refsam = Ldb(refsampath,
session_info=session,
credentials=creds,
lp=lp,
options=["modules:"])
sam = Ldb(sampath,
session_info=session,
credentials=creds,
lp=lp,
options=["modules:"])
empty = ldb.Message()
deltaattr = None
reference = refsam.search(expression="")
for refentry in reference:
entry = sam.search(expression="distinguishedName=%s" % refentry["dn"],
scope=SCOPE_SUBTREE)
if not len(entry):
delta = sam.msg_diff(empty, refentry)
message(CHANGE, "Adding %s to sam db" % str(refentry.dn))
if str(refentry.dn) == "@PROVISION" and\
delta.get(samba.provision.LAST_PROVISION_USN_ATTRIBUTE):
delta.remove(samba.provision.LAST_PROVISION_USN_ATTRIBUTE)
delta.dn = refentry.dn
sam.add(delta)
else:
delta = sam.msg_diff(entry[0], refentry)
if str(refentry.dn) == "@ATTRIBUTES":
deltaattr = sam.msg_diff(refentry, entry[0])
if str(refentry.dn) == "@PROVISION" and\
delta.get(samba.provision.LAST_PROVISION_USN_ATTRIBUTE):
delta.remove(samba.provision.LAST_PROVISION_USN_ATTRIBUTE)
if len(delta.items()) > 1:
delta.dn = refentry.dn
sam.modify(delta)
return deltaattr
def post_setup(self):
ldapi_db = Ldb(self.ldap_uri, credentials=self.credentials)
# configure in-directory access control on Fedora DS via the aci
# attribute (over a direct ldapi:// socket)
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
m = ldb.Message()
m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
for dnstring in (self.names.domaindn, self.names.configdn,
self.names.schemadn):
m.dn = ldb.Dn(ldapi_db, dnstring)
ldapi_db.modify(m)
return LDAPBackendResult(self.credentials, self.slapd_command_escaped,
self.ldapdir)
def post_setup(self):
ldapi_db = Ldb(self.ldap_uri, credentials=self.credentials)
# configure in-directory access control on Fedora DS via the aci
# attribute (over a direct ldapi:// socket)
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
m = ldb.Message()
m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
for dnstring in (self.names.domaindn, self.names.configdn,
self.names.schemadn):
m.dn = ldb.Dn(ldapi_db, dnstring)
ldapi_db.modify(m)
return LDAPBackendResult(self.credentials, self.slapd_command_escaped,
self.ldapdir)
def delta_update_basesamdb(refsampath, sampath, creds, session, lp, message):
"""Update the provision container db: sam.ldb
This function is aimed for alpha9 and newer;
:param refsampath: Path to the samdb in the reference provision
:param sampath: Path to the samdb in the upgraded provision
:param creds: Credential used for openning LDB files
:param session: Session to use for openning LDB files
:param lp: A loadparam object
:return: A msg_diff object with the difference between the @ATTRIBUTES
of the current provision and the reference provision
"""
message(SIMPLE,
"Update base samdb by searching difference with reference one")
refsam = Ldb(refsampath, session_info=session, credentials=creds,
lp=lp, options=["modules:"])
sam = Ldb(sampath, session_info=session, credentials=creds, lp=lp,
options=["modules:"])
empty = ldb.Message()
deltaattr = None
reference = refsam.search(expression="")
for refentry in reference:
entry = sam.search(expression="distinguishedName=%s" % refentry["dn"],
scope=SCOPE_SUBTREE)
if not len(entry):
delta = sam.msg_diff(empty, refentry)
message(CHANGE, "Adding %s to sam db" % str(refentry.dn))
if str(refentry.dn) == "@PROVISION" and\
delta.get(samba.provision.LAST_PROVISION_USN_ATTRIBUTE):
delta.remove(samba.provision.LAST_PROVISION_USN_ATTRIBUTE)
delta.dn = refentry.dn
sam.add(delta)
else:
delta = sam.msg_diff(entry[0], refentry)
if str(refentry.dn) == "@ATTRIBUTES":
deltaattr = sam.msg_diff(refentry, entry[0])
if str(refentry.dn) == "@PROVISION" and\
delta.get(samba.provision.LAST_PROVISION_USN_ATTRIBUTE):
delta.remove(samba.provision.LAST_PROVISION_USN_ATTRIBUTE)
if len(delta.items()) > 1:
delta.dn = refentry.dn
sam.modify(delta)
return deltaattr
def post_setup(self):
ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
# delete default SASL mappings
res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"])
# configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket)
for i in range (0, len(res)):
dn = str(res[i]["dn"])
ldapi_db.delete(dn)
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
m = ldb.Message()
m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
m.dn = ldb.Dn(ldapi_db, self.names.domaindn)
ldapi_db.modify(m)
m.dn = ldb.Dn(ldapi_db, self.names.configdn)
ldapi_db.modify(m)
m.dn = ldb.Dn(ldapi_db, self.names.schemadn)
ldapi_db.modify(m)
def post_setup(self):
ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials)
# delete default SASL mappings
res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"])
# configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket)
for i in range (0, len(res)):
dn = str(res[i]["dn"])
ldapi_db.delete(dn)
aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn
m = ldb.Message()
m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci")
m.dn = ldb.Dn(1, self.names.domaindn)
ldapi_db.modify(m)
m.dn = ldb.Dn(1, self.names.configdn)
ldapi_db.modify(m)
m.dn = ldb.Dn(1, self.names.schemadn)
ldapi_db.modify(m)
if opts.ignore_exists and module in modules_list_0:
continue
else:
updated_modules.append(module)
updated_modules.extend(modules_list_0)
for module in opts.append:
if opts.ignore_exists and module in modules_list_0:
continue
else:
updated_modules.append(module)
updated_modules_str = ','.join(updated_modules)
if opts.dry_run:
print("Dry run @LIST:", updated_modules_str)
sys.exit(0)
modify_msg = ldb.Message()
modify_msg.dn = ldb.Dn(ldb_object, "@MODULES")
modify_msg["@LIST"] = ldb.MessageElement(
[updated_modules_str.encode('UTF-8')], ldb.FLAG_MOD_REPLACE,
"@LIST")
ldb_object.modify(modify_msg)
if opts.verbose:
msg = ldb_object.search(base="@MODULES",
scope=ldb.SCOPE_BASE,
attrs=['@LIST'])
print("Updated @LIST:", msg[0]["@LIST"])
else:
print("Current @LIST attribute is multivalued, can't handle this")
sys.exit(1)
