def delta_update_basesamdb(refsampath, sampath, creds, session, lp, message): """Update the provision container db: sam.ldb This function is aimed for alpha9 and newer; :param refsampath: Path to the samdb in the reference provision :param sampath: Path to the samdb in the upgraded provision :param creds: Credential used for openning LDB files :param session: Session to use for openning LDB files :param lp: A loadparam object :return: A msg_diff object with the difference between the @ATTRIBUTES of the current provision and the reference provision """ message(SIMPLE, "Update base samdb by searching difference with reference one") refsam = Ldb(refsampath, session_info=session, credentials=creds, lp=lp, options=["modules:"]) sam = Ldb(sampath, session_info=session, credentials=creds, lp=lp, options=["modules:"]) empty = ldb.Message() deltaattr = None reference = refsam.search(expression="") for refentry in reference: entry = sam.search(expression="distinguishedName=%s" % refentry["dn"], scope=SCOPE_SUBTREE) if not len(entry): delta = sam.msg_diff(empty, refentry) message(CHANGE, "Adding %s to sam db" % str(refentry.dn)) if str(refentry.dn) == "@PROVISION" and\ delta.get(samba.provision.LAST_PROVISION_USN_ATTRIBUTE): delta.remove(samba.provision.LAST_PROVISION_USN_ATTRIBUTE) delta.dn = refentry.dn sam.add(delta) else: delta = sam.msg_diff(entry[0], refentry) if str(refentry.dn) == "@ATTRIBUTES": deltaattr = sam.msg_diff(refentry, entry[0]) if str(refentry.dn) == "@PROVISION" and\ delta.get(samba.provision.LAST_PROVISION_USN_ATTRIBUTE): delta.remove(samba.provision.LAST_PROVISION_USN_ATTRIBUTE) if len(delta.items()) > 1: delta.dn = refentry.dn sam.modify(delta) return deltaattr
def post_setup(self): ldapi_db = Ldb(self.ldap_uri, credentials=self.credentials) # configure in-directory access control on Fedora DS via the aci # attribute (over a direct ldapi:// socket) aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn m = ldb.Message() m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci") for dnstring in (self.names.domaindn, self.names.configdn, self.names.schemadn): m.dn = ldb.Dn(ldapi_db, dnstring) ldapi_db.modify(m) return LDAPBackendResult(self.credentials, self.slapd_command_escaped, self.ldapdir)
def post_setup(self): ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials) # delete default SASL mappings res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"]) # configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket) for i in range (0, len(res)): dn = str(res[i]["dn"]) ldapi_db.delete(dn) aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn m = ldb.Message() m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci") m.dn = ldb.Dn(ldapi_db, self.names.domaindn) ldapi_db.modify(m) m.dn = ldb.Dn(ldapi_db, self.names.configdn) ldapi_db.modify(m) m.dn = ldb.Dn(ldapi_db, self.names.schemadn) ldapi_db.modify(m)
def post_setup(self): ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials) # delete default SASL mappings res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"]) # configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket) for i in range (0, len(res)): dn = str(res[i]["dn"]) ldapi_db.delete(dn) aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn m = ldb.Message() m["aci"] = ldb.MessageElement([aci], ldb.FLAG_MOD_REPLACE, "aci") m.dn = ldb.Dn(1, self.names.domaindn) ldapi_db.modify(m) m.dn = ldb.Dn(1, self.names.configdn) ldapi_db.modify(m) m.dn = ldb.Dn(1, self.names.schemadn) ldapi_db.modify(m)
if opts.ignore_exists and module in modules_list_0: continue else: updated_modules.append(module) updated_modules.extend(modules_list_0) for module in opts.append: if opts.ignore_exists and module in modules_list_0: continue else: updated_modules.append(module) updated_modules_str = ','.join(updated_modules) if opts.dry_run: print("Dry run @LIST:", updated_modules_str) sys.exit(0) modify_msg = ldb.Message() modify_msg.dn = ldb.Dn(ldb_object, "@MODULES") modify_msg["@LIST"] = ldb.MessageElement( [updated_modules_str.encode('UTF-8')], ldb.FLAG_MOD_REPLACE, "@LIST") ldb_object.modify(modify_msg) if opts.verbose: msg = ldb_object.search(base="@MODULES", scope=ldb.SCOPE_BASE, attrs=['@LIST']) print("Updated @LIST:", msg[0]["@LIST"]) else: print("Current @LIST attribute is multivalued, can't handle this") sys.exit(1)