Univention Bugzilla – Attachment 4850 Details for
Bug 29460
Vollständiges Entfernen eines Samba4-DCs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
purge_s4_computer.py
purge_s4_computer.py (text/plain), 7.12 KB, created by
Arvid Requate
on 2012-11-29 17:39 CET
(
hide
)
Description:
purge_s4_computer.py
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2012-11-29 17:39 CET
Size:
7.12 KB
patch
obsolete
>#!/usr/bin/python2.6 ># ># Univention helper script ># to remove computer with DC objects from Samba 4 and UDM ># ># Copyright 2012-2013 Univention GmbH ># ># http://www.univention.de/ ># ># All rights reserved. ># ># The source code of this program is made available ># under the terms of the GNU Affero General Public License version 3 ># (GNU AGPL V3) as published by the Free Software Foundation. ># ># Binary versions of this program provided by Univention to you as ># well as other copyrighted, protected or trademarked materials like ># Logos, graphics, fonts, specific documentations and configurations, ># cryptographic keys etc. are subject to a license agreement between ># you and Univention and not subject to the GNU AGPL V3. ># ># In the case you use this program under the terms of the GNU AGPL V3, ># the program is provided in the hope that it will be useful, ># but WITHOUT ANY WARRANTY; without even the implied warranty of ># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ># GNU Affero General Public License for more details. ># ># You should have received a copy of the GNU Affero General Public ># License with the Debian GNU/Linux or Univention distribution in file ># /usr/share/common-licenses/AGPL-3; if not, see ># <http://www.gnu.org/licenses/>. > >from optparse import OptionParser, OptionValueError >import sys, os >from univention import config_registry >import samba >from samba.samdb import SamDB >from samba.auth import system_session >from samba.param import LoadParm >import univention.admin.uldap >import univention.admin.uexceptions as uexceptions >import univention.admin.modules >univention.admin.modules.update() >import univention.admin.objects >import univention.admin.config >import traceback > >SAMBA_DIR = '/var/lib/samba' >SAMBA_PRIVATE_DIR = os.path.join(SAMBA_DIR, 'private') > >def purge_computer_with_DC_objects(ucr, computername, binddn, bindpw): > > lp = LoadParm() > lp.load('/etc/samba/smb.conf') > > samdb = SamDB(os.path.join(SAMBA_PRIVATE_DIR, "sam.ldb"), session_info=system_session(lp), lp=lp) > > backlink_attribute_list = ["serverReferenceBL", "frsComputerReferenceBL", "msDFSR-ComputerReferenceBL"] > msgs = samdb.search(base=ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, > expression="(&(objectClass=computer)(sAMAccountName=%s$))" % computername, > attrs=backlink_attribute_list) > if not msgs: > print "Samba 4 computer account '%s' not found." % (computername,) > sys.exit(1) > > answer = raw_input("Really remove %s from Samba 4 and UDM? [y/N]: " % computername) > if not answer.lower() in ('y', 'yes'): > print "Ok, stopping as requested.\n" > sys.exit(2) > > answer = raw_input("If you are really sure type YES and hit enter: ") > if not answer == 'YES': > print "The answer was not 'YES', confirmation failed.\n" > sys.exit(1) > else: > print "Ok, continuing as requested.\n" > > ## remove objects from Samba 4 SAM database > obj = msgs[0] > for backlink_attribute in backlink_attribute_list: > if backlink_attribute in obj: > backlink_object = obj[backlink_attribute][0] > try: > print "Removing %s from SAM database." % (backlink_object,) > samdb.delete(backlink_object, ["tree_delete:0"]) > except: > print >>sys.stderr, "Removal of Samba 4 %s objects %s from Samba 4 SAM database failed." % (backlink_attribute, backlink_object,) > print traceback.format_exc() > > ## Now delete the Samba 4 computer account and sub-objects > ## Cannot use tree_delete on isCriticalSystemObject, perform recursive delete like ldbdel code does it: > msgs = samdb.search(base=obj.dn, scope=samba.ldb.SCOPE_SUBTREE, > attrs=["dn"]) > obj_dn_list = [obj.dn for obj in msgs] > obj_dn_list.sort(key=len) > obj_dn_list.reverse() > for obj_dn in obj_dn_list: > try: > print "Removing %s from SAM database." % (obj_dn,) > samdb.delete(obj_dn) > except: > print >>sys.stderr, "Removal of Samba 4 computer account object %s from Samba 4 SAM database failed." % (obj_dn,) > print >>sys.stderr, traceback.format_exc() > > > ## Finally, for consistency remove S4 computer object from UDM > try: > lo = univention.admin.uldap.access(host=ucr["ldap/master"], base=ucr["ldap/base"], binddn=binddn, bindpw=bindpw, start_tls=2) > except Exception, e: > print 'authentication error: %s' % str(e) > sys.exit(1) > computer_filter = "(&(objectClass=univentionHost)(uid=%s$))" % computername > result = lo.search(filter=computer_filter, base=ucr["ldap/base"], scope='sub', attr=['univentionObjectType'], unique=1) > if result and len(result)>0 and result[0] and len(result[0])>0 and result[0][0]: > univentionObjectType = result[0][1]['univentionObjectType'][0] > module = univention.admin.modules.get(univentionObjectType) > position = univention.admin.uldap.position(ucr["ldap/base"]) > univention.admin.modules.init(lo, position, module) > co = univention.admin.config.config() > filter = univention.admin.filter.expression('name', computername) > objs = module.lookup(co, lo, filter, scope='domain', base=position.getDomain(), unique=1) > if objs: > print "Removing Samba 4 computer account '%s' from Univention Directory Manager" % computername > obj = objs[0] > try: > obj.remove() > except univention.admin.uexceptions.ldapError, e: > print >>sys.stderr, "Removal of UDM computer account %s via UDM failed (univentionObjectType: %s)." % (computername, univentionObjectType,) > sys.exit(1) > if univention.admin.objects.wantsCleanup(obj): > univention.admin.objects.performCleanup(obj) > > > >if __name__ == '__main__': > > parser = OptionParser("%prog [options] <AD server name>") > # parser.add_option("-v", "--verbose", action="store_true") > parser.add_option("--computername", dest="computername", help="Hostname of the Samba computer account to delete") > parser.add_option("-U", "--bind_account", dest="bind_account") > parser.add_option("-P", "--bind_password", dest="bind_password") > opts, args = parser.parse_args() > > if not opts.computername: > parser.print_help() > sys.exit(1) > > ucr = config_registry.ConfigRegistry() > ucr.load() > > if (opts.bind_account and opts.bind_password): > machine_secret = '' > if os.path.exists('/etc/machine.secret'): > with file('/etc/machine.secret') as f: > machine_secret = f.read().rstrip('\n') > else: > print "/etc/machine.secret missing, maybe the system is not joined yet?" > sys.exit(1) > > try: > lo = univention.admin.uldap.access(host=ucr["ldap/server/name"], base=ucr["ldap/base"], binddn=ucr["ldap/hostdn"], bindpw=machine_secret, start_tls=0) > except Exception, e: > print 'authentication error: %s' % str(e) > sys.exit(1) > > user_searchfilter = "(&(|(&(objectClass=posixAccount)(objectClass=shadowAccount))(objectClass=sambaSamAccount))(uid=%s))" % opts.bind_account > result = lo.searchDn(filter=user_searchfilter, base=ucr["ldap/base"], scope='sub', unique=1) > if result: > binddn = result[0] > else: > print "Cannot determine DN for bind account %s" % opts.bind_account > sys.exit(1) > bindpw = opts.bind_password > elif os.path.exists('/etc/ldap.secret'): > binddn = "cn=admin,%s" % ucr["ldap/base"] > with file('/etc/ldap.secret') as f: > bindpw = f.read().rstrip('\n') > else: > print "On this system the options --bind_account and --bind_password are required." > parser.print_help() > sys.exit(1) > > purge_computer_with_DC_objects(ucr, opts.computername, binddn, bindpw)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 29460
:
4850
|
4851
|
4854
|
5058