Index: univention-samba4/lib/base.sh =================================================================== --- univention-samba4/lib/base.sh (Revision 74106) +++ univention-samba4/lib/base.sh (Arbeitskopie) @@ -121,3 +121,24 @@ done <<<"$sRVRecord_attrs" done } + +get_available_s4connector_dc () { + local s4connector_dc + local s4connector_dc_candidates + s4connector_dc=() + s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') + if univention-ldapsearch -xLLL univentionservice=UCS@school dn | grep -q ^dn; then + for dc in "${s4connector_dc_candidates[@]}"; do + if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then + s4connector_dc+=( "$dc" ) + fi + if [ "${#s4connector_dc[@]}" -gt 1 ]; then + echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2 + return 1 ## this is fatal + fi + done + else + s4connector_dc="$s4connector_dc_candidates" + fi + echo "$s4connector_dc" +} Index: univention-samba4/96univention-samba4.inst =================================================================== --- univention-samba4/96univention-samba4.inst (Revision 74106) +++ univention-samba4/96univention-samba4.inst (Arbeitskopie) @@ -526,27 +526,6 @@ set_default_fACL /var/lib/samba/sysvol } -get_available_s4connector_dc () { - local s4connector_dc - local s4connector_dc_candidates - s4connector_dc=() - s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') - if univention-ldapsearch -xLLL univentionservice=UCS@school dn | grep -q ^dn; then - for dc in "${s4connector_dc_candidates[@]}"; do - if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then - s4connector_dc+=( "$dc" ) - fi - if [ "${#s4connector_dc[@]}" -gt 1 ]; then - echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2 - return 1 ## this is fatal - fi - done - else - s4connector_dc="$s4connector_dc_candidates" - fi - echo "$s4connector_dc" -} - wait_until_dc_was_replicated_to_connector_dc () { s4connector_dc=$(get_available_s4connector_dc) || return $? if [ -z "$s4connector_dc" ]; then @@ -553,6 +532,9 @@ echo "WARNING: Failed to search for S4 connector DC" return 0 fi + if [ "$s4connector_dc" = "$hostname" ]; then + return 0 + fi echo -n "Waiting for DRS replication: " for((i=0;i<300;i++)); do @@ -877,9 +859,7 @@ "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \ | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc - s4connector_is_used=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ - "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(cn=$hostname))" cn \ - | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') + s4connector_dc=$(get_available_s4connector_dc) /etc/init.d/samba stop @@ -888,7 +868,10 @@ kerberos/kpasswdserver=127.0.0.1 is_ucr_true samba4/provision/primary - if [ $? -eq 0 ] || [ -z "$samba4servicedcs" ] || [ -n "$s4connector_is_used" ]; then ## we are the first domaincontroller to provide this service + if [ $? -eq 0 ] \ + || [ -z "$samba4servicedcs" ] \ + || [ -z "$s4connector_dc" ] \ + || [ "$s4connector_dc" = "$hostname" ]; then if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then run_samba_provision "$@" Index: univention-s4-connector/97univention-s4-connector.inst =================================================================== --- univention-s4-connector/97univention-s4-connector.inst (Revision 75009) +++ univention-s4-connector/97univention-s4-connector.inst (Arbeitskopie) @@ -145,11 +144,15 @@ --udm_module /usr/share/pyshared/univention/admin/handlers/settings/msprintconnectionpolicy.py || die if ! is_ucr_true 'connector/s4/allow/secondary'; then - s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" | sed -ne 's|^DN: ||p')" + s4connector_dc=$(get_available_s4connector_dc) + fi -if [ -z "$s4connectorservicehost_dns" ]; then ## we are first system to provide this service +if [ -z "$s4connector_dc" ] \ + || [ "$s4connector_dc" = "$hostname" ]; then + ## we are first or only system to provide this service + LDB_URI="tdb:///var/lib/samba/private/sam.ldb" domaindn="DC=${kerberos_realm//./,DC=}" # that's what /usr/share/pyshared/samba/provision.py uses @@ -190,13 +193,12 @@ if [ $JS_LAST_EXECUTED_VERSION -le 0 ] && is_ucr_true connector/s4/mapping/gpo; then /etc/init.d/univention-s4-connector stop - s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" | sed -ne 's|^DN: ||p')" - # By default the connector will overwrite all Samba 4 objects by the UCS objects. # On a normal Samba 4 DC is is necessary that the MS GPO links will not be overwritten. # But on a "Slave PDC" the settings from the Master must be used - if [ -z "$s4connectorservicehost_dns" ]; then - # First Sama 4 server + if [ -z "$s4connector_dc" ] \ + || [ "$s4connector_dc" = "$hostname" ]; then + # First or only Sama 4 server /usr/share/univention-s4-connector/msgpo.py --write2ucs "$@" elif ! is_ucr_true 'connector/s4/allow/secondary'; then # Normal Samba 4 DC