Attachment #8298 for bug #30131

View | Details | Raw Unified | Return to bug 30131
Collapse All | Expand All




		done <<<"$sRVRecord_attrs"
	done
}

get_available_s4connector_dc () {
	local s4connector_dc
	local s4connector_dc_candidates
	s4connector_dc=()
	s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')
	if univention-ldapsearch -xLLL univentionservice=UCS@school dn | grep -q ^dn; then
		for dc in "${s4connector_dc_candidates[@]}"; do
			if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then
				s4connector_dc+=( "$dc" )
			fi
			if [ "${#s4connector_dc[@]}" -gt 1 ]; then
				echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2
				return 1	## this is fatal
			fi
		done
	else
		s4connector_dc="$s4connector_dc_candidates"
	fi
	echo "$s4connector_dc"
}




	set_default_fACL /var/lib/samba/sysvol
}

get_available_s4connector_dc () {
	local s4connector_dc
	local s4connector_dc_candidates
	s4connector_dc=()
	s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')
	if univention-ldapsearch -xLLL univentionservice=UCS@school dn | grep -q ^dn; then
		for dc in "${s4connector_dc_candidates[@]}"; do
			if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then
				s4connector_dc+=( "$dc" )
			fi
			if [ "${#s4connector_dc[@]}" -gt 1 ]; then
				echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2
				return 1	## this is fatal
			fi
		done
	else
		s4connector_dc="$s4connector_dc_candidates"
	fi
	echo "$s4connector_dc"
}

wait_until_dc_was_replicated_to_connector_dc () {
	s4connector_dc=$(get_available_s4connector_dc) || return $?
	if [ -z "$s4connector_dc" ]; then

		echo "WARNING: Failed to search for S4 connector DC"
		return 0
	fi
	if [ "$s4connector_dc" = "$hostname" ]; then
		return 0
	fi

	echo -n "Waiting for DRS replication: "
	for((i=0;i<300;i++)); do

	                   "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \
					   | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')	## currently there is no u-d-m module computers/dc

	s4connector_dc=$(get_available_s4connector_dc)
	                   "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(cn=$hostname))" cn \
					   | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')

	/etc/init.d/samba stop


		kerberos/kpasswdserver=127.0.0.1

	is_ucr_true samba4/provision/primary
	if [ $? -eq 0 ] \
		|| [ -z "$samba4servicedcs" ] \
		|| [ -z "$s4connector_dc" ] \
		|| [ "$s4connector_dc" = "$hostname" ]; then

		if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
			run_samba_provision "$@"




	--udm_module /usr/share/pyshared/univention/admin/handlers/settings/msprintconnectionpolicy.py || die

if ! is_ucr_true 'connector/s4/allow/secondary'; then
	s4connector_dc=$(get_available_s4connector_dc)

fi

if [ -z "$s4connector_dc" ] \
	|| [ "$s4connector_dc" = "$hostname" ]; then

	## we are first or only system to provide this service

	LDB_URI="tdb:///var/lib/samba/private/sam.ldb"

	domaindn="DC=${kerberos_realm//./,DC=}" # that's what /usr/share/pyshared/samba/provision.py uses

	if [ $JS_LAST_EXECUTED_VERSION -le 0 ] && is_ucr_true connector/s4/mapping/gpo; then
		/etc/init.d/univention-s4-connector stop

		s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" | sed -ne 's|^DN: ||p')"

		# By default the connector will overwrite all Samba 4 objects by the UCS objects.
		# On a normal Samba 4 DC is is necessary that the MS GPO links will not be overwritten.
		# But on a "Slave PDC" the settings from the Master must be used
		if [ -z "$s4connector_dc" ] \
			|| [ "$s4connector_dc" = "$hostname" ]; then
			# First or only Sama 4 server
			/usr/share/univention-s4-connector/msgpo.py --write2ucs "$@"
		elif ! is_ucr_true 'connector/s4/allow/secondary'; then
			# Normal Samba 4 DC

Return to bug 30131

Lines 121-123 Link Here

(-)univention-samba4/lib/base.sh (+21 lines)
121	done <<<"$sRVRecord_attrs"	121	done <<<"$sRVRecord_attrs"
122	done	122	done
123	}	123	}
		124
		125	get_available_s4connector_dc () {
		126	local s4connector_dc
		127	local s4connector_dc_candidates
		128	s4connector_dc=()
		129	s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn \| ldapsearch-wrapper \| sed -n 's/^cn: \(.*\)/\1/p')
		130	if univention-ldapsearch -xLLL univentionservice=UCS@school dn \| grep -q ^dn; then
		131	for dc in "${s4connector_dc_candidates[@]}"; do
		132	if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then
		133	s4connector_dc+=( "$dc" )
		134	fi
		135	if [ "${#s4connector_dc[@]}" -gt 1 ]; then
		136	echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2
		137	return 1 ## this is fatal
		138	fi
		139	done
		140	else
		141	s4connector_dc="$s4connector_dc_candidates"
		142	fi
		143	echo "$s4connector_dc"
		144	}

Lines 526-552 Link Here

(-)univention-samba4/96univention-samba4.inst (-25 / +8 lines)
526	set_default_fACL /var/lib/samba/sysvol	526	set_default_fACL /var/lib/samba/sysvol
527	}	527	}
528		528
529	get_available_s4connector_dc () {
530	local s4connector_dc
531	local s4connector_dc_candidates
532	s4connector_dc=()
533	s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn \| ldapsearch-wrapper \| sed -n 's/^cn: \(.*\)/\1/p')
534	if univention-ldapsearch -xLLL univentionservice=UCS@school dn \| grep -q ^dn; then
535	for dc in "${s4connector_dc_candidates[@]}"; do
536	if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then
537	s4connector_dc+=( "$dc" )
538	fi
539	if [ "${#s4connector_dc[@]}" -gt 1 ]; then
540	echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2
541	return 1 ## this is fatal
542	fi
543	done
544	else
545	s4connector_dc="$s4connector_dc_candidates"
546	fi
547	echo "$s4connector_dc"
548	}
549
550	wait_until_dc_was_replicated_to_connector_dc () {	529	wait_until_dc_was_replicated_to_connector_dc () {
551	s4connector_dc=$(get_available_s4connector_dc) \|\| return $?	530	s4connector_dc=$(get_available_s4connector_dc) \|\| return $?
552	if [ -z "$s4connector_dc" ]; then	531	if [ -z "$s4connector_dc" ]; then
Lines 553-558 Link Here
553	echo "WARNING: Failed to search for S4 connector DC"	532	echo "WARNING: Failed to search for S4 connector DC"
554	return 0	533	return 0
555	fi	534	fi
		535	if [ "$s4connector_dc" = "$hostname" ]; then
		536	return 0
		537	fi
556		538
557	echo -n "Waiting for DRS replication: "	539	echo -n "Waiting for DRS replication: "
558	for((i=0;i<300;i++)); do	540	for((i=0;i<300;i++)); do
Lines 877-885 Link Here
877	"(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \	859	"(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \
878	\| ldapsearch-wrapper \| sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc	860	\| ldapsearch-wrapper \| sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc
879		861
880	s4connector_is_used=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \	862	s4connector_dc=$(get_available_s4connector_dc)
881	"(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(cn=$hostname))" cn \
882	\| ldapsearch-wrapper \| sed -n 's/^cn: \(.*\)/\1/p')
883		863
884	/etc/init.d/samba stop	864	/etc/init.d/samba stop
885		865
Lines 888-894 Link Here
888	kerberos/kpasswdserver=127.0.0.1	868	kerberos/kpasswdserver=127.0.0.1
889		869
890	is_ucr_true samba4/provision/primary	870	is_ucr_true samba4/provision/primary
891	if [ $? -eq 0 ] \|\| [ -z "$samba4servicedcs" ] \|\| [ -n "$s4connector_is_used" ]; then ## we are the first domaincontroller to provide this service	871	if [ $? -eq 0 ] \
		872	\|\| [ -z "$samba4servicedcs" ] \
		873	\|\| [ -z "$s4connector_dc" ] \
		874	\|\| [ "$s4connector_dc" = "$hostname" ]; then
892		875
893	if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then	876	if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
894	run_samba_provision "$@"	877	run_samba_provision "$@"

Lines 145-155 Link Here

(-)univention-s4-connector/97univention-s4-connector.inst (-6 / +9 lines)
145	--udm_module /usr/share/pyshared/univention/admin/handlers/settings/msprintconnectionpolicy.py \|\| die	144	--udm_module /usr/share/pyshared/univention/admin/handlers/settings/msprintconnectionpolicy.py \|\| die
146		145
147	if ! is_ucr_true 'connector/s4/allow/secondary'; then	146	if ! is_ucr_true 'connector/s4/allow/secondary'; then
148	s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" \| sed -ne 's\|^DN: \|\|p')"	147	s4connector_dc=$(get_available_s4connector_dc)
		148
149	fi	149	fi
150		150
151	if [ -z "$s4connectorservicehost_dns" ]; then ## we are first system to provide this service	151	if [ -z "$s4connector_dc" ] \
		152	\|\| [ "$s4connector_dc" = "$hostname" ]; then
152		153
		154	## we are first or only system to provide this service
		155
153	LDB_URI="tdb:///var/lib/samba/private/sam.ldb"	156	LDB_URI="tdb:///var/lib/samba/private/sam.ldb"
154		157
155	domaindn="DC=${kerberos_realm//./,DC=}" # that's what /usr/share/pyshared/samba/provision.py uses	158	domaindn="DC=${kerberos_realm//./,DC=}" # that's what /usr/share/pyshared/samba/provision.py uses
Lines 190-202 Link Here
190	if [ $JS_LAST_EXECUTED_VERSION -le 0 ] && is_ucr_true connector/s4/mapping/gpo; then	193	if [ $JS_LAST_EXECUTED_VERSION -le 0 ] && is_ucr_true connector/s4/mapping/gpo; then
191	/etc/init.d/univention-s4-connector stop	194	/etc/init.d/univention-s4-connector stop
192		195
193	s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" \| sed -ne 's\|^DN: \|\|p')"
194
195	# By default the connector will overwrite all Samba 4 objects by the UCS objects.	196	# By default the connector will overwrite all Samba 4 objects by the UCS objects.
196	# On a normal Samba 4 DC is is necessary that the MS GPO links will not be overwritten.	197	# On a normal Samba 4 DC is is necessary that the MS GPO links will not be overwritten.
197	# But on a "Slave PDC" the settings from the Master must be used	198	# But on a "Slave PDC" the settings from the Master must be used
198	if [ -z "$s4connectorservicehost_dns" ]; then	199	if [ -z "$s4connector_dc" ] \
199	# First Sama 4 server	200	\|\| [ "$s4connector_dc" = "$hostname" ]; then
		201	# First or only Sama 4 server
200	/usr/share/univention-s4-connector/msgpo.py --write2ucs "$@"	202	/usr/share/univention-s4-connector/msgpo.py --write2ucs "$@"
201	elif ! is_ucr_true 'connector/s4/allow/secondary'; then	203	elif ! is_ucr_true 'connector/s4/allow/secondary'; then
202	# Normal Samba 4 DC	204	# Normal Samba 4 DC