Attachment #5721 for bug #33890

View | Details | Raw Unified | Return to bug 33890
Collapse All | Expand All

(-)univention-ldap/debian/control (-2 / +2 lines)

Lines 23-30	Link Here

 univention-ipcalc,

 univention-ipcalc,

 univention-ldap-acl-master | univention-ldap-acl-slave,

 univention-ldap-acl-master | univention-ldap-acl-slave,

 bind9-host,

 bind9-host,

 shell-univention-lib (>= 3.0.1-1),

 shell-univention-lib (>= 3.0.26-14),

 python-univention-lib (>= 3.0.12-4),

 python-univention-lib (>= 3.0.26-14),

 univention-newsid,

 univention-newsid,

 univention-join

 univention-join

Conflicts: univention-5250 (<< 0.5),

Conflicts: univention-5250 (<< 0.5),




NETMASK="$(get_default_netmask)"
NETWORK="$(get_default_network)"

users_default_administrator=$(custom_username "Administrator")
groups_default_domainadmins=$(custom_groupname "Domain Admins")
groups_default_domainusers=$(custom_groupname "Domain Users")

reverse=$(univention-ipcalc6 --netmask "$NETMASK" --ip "$IP" --output reverse --calcdns)


		if [ -f /var/lib/univention-ldap/root.secret ] ; then
			# mailPrimaryAddress is required on ox systems
			if [ -n "$ox_primary_maildomain" ] ; then
				univention-directory-manager users/user create "$@" --position="cn=users,$ldap_base" --set mailPrimaryAddress="administrator@$ox_primary_maildomain" --set firstname="Admin" --set username="$users_default_administrator" --set sambaRID=500 --set unixhome="/home/$users_default_administrator" --set lastname="$users_default_administrator" --set password="$(cat /var/lib/univention-ldap/root.secret)" --set primaryGroup="cn=$groups_default_domainadmins,cn=groups,$ldap_base" --policy-reference "cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base" || die
			else	
				univention-directory-manager users/user create "$@" --position="cn=users,$ldap_base" --set username="$users_default_administrator" --set sambaRID=500 --set unixhome="/home/$users_default_administrator" --set lastname="$users_default_administrator" --set password="$(cat /var/lib/univention-ldap/root.secret)" --set primaryGroup="cn=$groups_default_domainadmins,cn=groups,$ldap_base" --policy-reference "cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base" || die
			fi
		fi
		univention-directory-manager groups/group modify "$@" --dn "cn=DC Backup Hosts,cn=groups,$ldap_base" --append users="uid=$users_default_administrator,cn=users,$ldap_base" || die
		univention-directory-manager groups/group modify "$@" --dn "cn=$groups_default_domainusers,cn=groups,$ldap_base" --append users="uid=$users_default_administrator,cn=users,$ldap_base" || die

		#create default network
		forwardZone=$(univention-directory-manager dns/forward_zone list "$@" --filter zone="$domainname" | sed -ne 's/DN: //p;T;q')

(-)univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-master (-3 / +6 lines)

Lines 1-4	Link Here

@!@

@!@

from univention.lib.misc import custom_username, custom_groupname

ldap_base=baseConfig['ldap/base']

ldap_base=baseConfig['ldap/base']

ldap_port=baseConfig['slapd/port']

ldap_port=baseConfig['slapd/port']

if baseConfig['ldap/server/type']=="master":

if baseConfig['ldap/server/type']=="master":

Lines 6-12	Link Here

else:

else:

	usr="read"

	usr="read"

groups_default_domainadmins = configRegistry.get('groups/default/domainadmins', 'Domain Admins')

groups_default_domainadmins = custom_groupname('Domain Admins')

users_default_administrator = custom_username('Administrator')

print 'sasl-regexp'

print 'sasl-regexp'

print '    uid=(.*),cn=gssapi,cn=auth'

print '    uid=(.*),cn=gssapi,cn=auth'

Lines 26-36	Link Here

print 'access to *'

print 'access to *'

print '    by sockname="PATH=/var/run/slapd/ldapi" %s' % (usr)

print '    by sockname="PATH=/var/run/slapd/ldapi" %s' % (usr)

print '    by dn.base="cn=admin,%s" %s' % ( ldap_base, usr)

print '    by dn.base="cn=admin,%s" %s' % ( ldap_base, usr)

print '    by dn.base="uid=Administrator,cn=users,%s" %s' % ( ldap_base, usr)

print '    by dn.base="uid=%s,cn=users,%s" %s' % ( users_default_administrator, ldap_base, usr)

print '    by * none break'

print '    by * none break'

print ''

print ''

print 'access to dn="uid=Administrator,cn=users,%s"' % ( ldap_base )

print 'access to dn="uid=%s,cn=users,%s"' % ( users_default_administrator, ldap_base )

print '    by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr)

print '    by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr)

print '    by dn.base="cn=admin,%s" %s' % ( ldap_base, usr)

print '    by dn.base="cn=admin,%s" %s' % ( ldap_base, usr)

print '    by self %s' % ( usr )

print '    by self %s' % ( usr )

(-)univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave (-1 / +3 lines)

Lines 10-16	Link Here

access to attrs=userPassword,krb5Key,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,sambaPwdCanChange,sambaPwdMustChange,sambaPasswordHistory,sambaClearTextPassword,sambaPreviousClearTextPassword

access to attrs=userPassword,krb5Key,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,sambaPwdCanChange,sambaPwdMustChange,sambaPasswordHistory,sambaClearTextPassword,sambaPreviousClearTextPassword

   by sockname="PATH=/var/run/slapd/ldapi" read

   by sockname="PATH=/var/run/slapd/ldapi" read

@!@

@!@

groups_default_domainadmins = configRegistry.get('groups/default/domainadmins', 'Domain Admins')

from univention.lib.misc import custom_groupname

groups_default_domainadmins = custom_groupname('Domain Admins')

ldap_base = configRegistry['ldap/base']

ldap_base = configRegistry['ldap/base']

print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" read' % ( groups_default_domainadmins, ldap_base )

print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" read' % ( groups_default_domainadmins, ldap_base )

(-)univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end (-2 / +4 lines)

Lines 1-12	Link Here

@!@

@!@

from univention.lib.misc import custom_groupname

ldap_base = configRegistry['ldap/base']

ldap_base = configRegistry['ldap/base']

if configRegistry.get('ldap/server/type') == "master":

if configRegistry.get('ldap/server/type') == "master":

	usr="write"

	usr="write"

else:

else:

	usr="read"

	usr="read"

groups_default_domainadmins = configRegistry.get('groups/default/domainadmins', 'Domain Admins')

groups_default_domainadmins = custom_groupname('Domain Admins')

groups_default_windowshosts = configRegistry.get('groups/default/windowshosts', 'Windows Hosts')

groups_default_windowshosts = custom_groupname('Windows Hosts')

nestedGroups = configRegistry.is_true('ldap/acl/nestedgroups', True)

nestedGroups = configRegistry.is_true('ldap/acl/nestedgroups', True)

(-)univention-ldap/debian/univention-ldap-server.postinst (-3 / +3 lines)

Lines 215-223	Link Here

215

216

if [ "$1" = "configure" -a "$server_role" = "domaincontroller_master" ] && dpkg --compare-versions "$2" lt-nl 8.0.71-1; then

216

if [ "$1" = "configure" -a "$server_role" = "domaincontroller_master" ] && dpkg --compare-versions "$2" lt-nl 8.0.71-1; then

217

218

	groups_default_authenticatedusers="${groups_default_authenticatedusers:-Authenticated Users}"

218

	groups_default_authenticatedusers=$(custom_groupname "Authenticated Users")

219

	groups_default_enterpriseadmins="${groups_default_enterpriseadmins:-Enterprise Admins}"

219

	groups_default_enterpriseadmins=$(custom_groupname "Enterprise Admins")

220

	groups_default_windowshosts="${groups_default_windowshosts:-Windows Hosts}"

220

	groups_default_windowshosts=$(custom_groupname "Windows Hosts")

221

222

	sambaSID="$(univention-ldapsearch -x sambaDomainName="$windows_domain" sambaSID | sed -ne 's|^sambaSID: ||p')"

222

	sambaSID="$(univention-ldapsearch -x sambaDomainName="$windows_domain" sambaSID | sed -ne 's|^sambaSID: ||p')"

223

	if [ -n "$sambaSID" ]; then

223

	if [ -n "$sambaSID" ]; then

(-)univention-ldap/test/listner-notifier-test (-2 / +3 lines)

Lines 30-35	Link Here

# /usr/share/common-licenses/AGPL-3; if not, see

# /usr/share/common-licenses/AGPL-3; if not, see

# <http://www.gnu.org/licenses/>.

# <http://www.gnu.org/licenses/>.

. /usr/share/univention-lib/base.sh

cat << End

cat << End

Possible Tests:

Possible Tests:

Lines 119-126	Link Here

119

121

120

user () # create a users/user object

122

user () # create a users/user object

121

123

122

	eval "$(ucr shell "groups/default/domainusers")"

124

	groups_default_domainusers=$(custom_groupname "Domain Users")

123

	groups_default_domainusers = "${groups_default_domainusers:-Domain Users}"

124

	univention-admin "$module" create --set username="$rand1" --set lastname="$rand2" --set password=univention --set unixhome="/home/$rand1" --set primaryGroup="cn=$groups_default_domainusers,cn=groups,$ldap_base" --position="cn=users,$ldap_base"

125

	univention-admin "$module" create --set username="$rand1" --set lastname="$rand2" --set password=univention --set unixhome="/home/$rand1" --set primaryGroup="cn=$groups_default_domainusers,cn=groups,$ldap_base" --position="cn=users,$ldap_base"

125

126

127

Return to bug 33890