View | Details | Raw Unified | Return to bug 43478
Collapse All | Expand All

(-)univention-samba4/lib/base.sh (+21 lines)
 Lines 121-123    Link Here 
121
		done <<<"$sRVRecord_attrs"
121
		done <<<"$sRVRecord_attrs"
122
	done
122
	done
123
}
123
}
124
125
get_available_s4connector_dc () {
126
	local s4connector_dc
127
	local s4connector_dc_candidates
128
	s4connector_dc=()
129
	s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')
130
	if univention-ldapsearch -xLLL univentionservice=UCS@school dn | grep -q ^dn; then
131
		for dc in "${s4connector_dc_candidates[@]}"; do
132
			if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then
133
				s4connector_dc+=( "$dc" )
134
			fi
135
			if [ "${#s4connector_dc[@]}" -gt 1 ]; then
136
				echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2
137
				return 1	## this is fatal
138
			fi
139
		done
140
	else
141
		s4connector_dc="$s4connector_dc_candidates"
142
	fi
143
	echo "$s4connector_dc"
144
}
(-)univention-samba4/96univention-samba4.inst (-25 / +8 lines)
 Lines 526-552    Link Here 
526
	set_default_fACL /var/lib/samba/sysvol
526
	set_default_fACL /var/lib/samba/sysvol
527
}
527
}
528
528
529
get_available_s4connector_dc () {
530
	local s4connector_dc
531
	local s4connector_dc_candidates
532
	s4connector_dc=()
533
	s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')
534
	if univention-ldapsearch -xLLL univentionservice=UCS@school dn | grep -q ^dn; then
535
		for dc in "${s4connector_dc_candidates[@]}"; do
536
			if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then
537
				s4connector_dc+=( "$dc" )
538
			fi
539
			if [ "${#s4connector_dc[@]}" -gt 1 ]; then
540
				echo "ERROR: More than one S4 Connector hosts available: $s4connector_dc_candidates" 1>&2
541
				return 1	## this is fatal
542
			fi
543
		done
544
	else
545
		s4connector_dc="$s4connector_dc_candidates"
546
	fi
547
	echo "$s4connector_dc"
548
}
549
550
wait_until_dc_was_replicated_to_connector_dc () {
529
wait_until_dc_was_replicated_to_connector_dc () {
551
	s4connector_dc=$(get_available_s4connector_dc) || return $?
530
	s4connector_dc=$(get_available_s4connector_dc) || return $?
552
	if [ -z "$s4connector_dc" ]; then
531
	if [ -z "$s4connector_dc" ]; then
 Lines 553-558    Link Here 
553
		echo "WARNING: Failed to search for S4 connector DC"
532
		echo "WARNING: Failed to search for S4 connector DC"
554
		return 0
533
		return 0
555
	fi
534
	fi
535
	if [ "$s4connector_dc" = "$hostname" ]; then
536
		return 0
537
	fi
556
538
557
	echo -n "Waiting for DRS replication: "
539
	echo -n "Waiting for DRS replication: "
558
	for((i=0;i<300;i++)); do
540
	for((i=0;i<300;i++)); do
 Lines 877-885    Link Here 
877
	                   "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \
859
	                   "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \
878
					   | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')	## currently there is no u-d-m module computers/dc
860
					   | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')	## currently there is no u-d-m module computers/dc
879
861
880
	s4connector_is_used=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \
862
	s4connector_dc=$(get_available_s4connector_dc)
881
	                   "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(cn=$hostname))" cn \
882
					   | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')
883
863
884
	/etc/init.d/samba stop
864
	/etc/init.d/samba stop
885
865
 Lines 888-894    Link Here 
888
		kerberos/kpasswdserver=127.0.0.1
868
		kerberos/kpasswdserver=127.0.0.1
889
869
890
	is_ucr_true samba4/provision/primary
870
	is_ucr_true samba4/provision/primary
891
	if [ $? -eq 0 ] || [ -z "$samba4servicedcs" ] || [ -n "$s4connector_is_used" ]; then	## we are the first domaincontroller to provide this service
871
	if [ $? -eq 0 ] \
872
		|| [ -z "$samba4servicedcs" ] \
873
		|| [ -z "$s4connector_dc" ] \
874
		|| [ "$s4connector_dc" = "$hostname" ]; then
892
875
893
		if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
876
		if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
894
			run_samba_provision "$@"
877
			run_samba_provision "$@"
(-)univention-s4-connector/97univention-s4-connector.inst (-6 / +9 lines)
 Lines 145-155    Link Here 
145
	--udm_module /usr/share/pyshared/univention/admin/handlers/settings/msprintconnectionpolicy.py || die
144
	--udm_module /usr/share/pyshared/univention/admin/handlers/settings/msprintconnectionpolicy.py || die
146
145
147
if ! is_ucr_true 'connector/s4/allow/secondary'; then
146
if ! is_ucr_true 'connector/s4/allow/secondary'; then
148
	s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" | sed -ne 's|^DN: ||p')"
147
	s4connector_dc=$(get_available_s4connector_dc)
148
149
fi
149
fi
150
150
151
if [ -z "$s4connectorservicehost_dns" ]; then	## we are first system to provide this service
151
if [ -z "$s4connector_dc" ] \
152
	|| [ "$s4connector_dc" = "$hostname" ]; then
152
153
154
	## we are first or only system to provide this service
155
153
	LDB_URI="tdb:///var/lib/samba/private/sam.ldb"
156
	LDB_URI="tdb:///var/lib/samba/private/sam.ldb"
154
157
155
	domaindn="DC=${kerberos_realm//./,DC=}" # that's what /usr/share/pyshared/samba/provision.py uses
158
	domaindn="DC=${kerberos_realm//./,DC=}" # that's what /usr/share/pyshared/samba/provision.py uses
 Lines 190-202    Link Here 
190
	if [ $JS_LAST_EXECUTED_VERSION -le 0 ] && is_ucr_true connector/s4/mapping/gpo; then
193
	if [ $JS_LAST_EXECUTED_VERSION -le 0 ] && is_ucr_true connector/s4/mapping/gpo; then
191
		/etc/init.d/univention-s4-connector stop
194
		/etc/init.d/univention-s4-connector stop
192
195
193
		s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" | sed -ne 's|^DN: ||p')"
194
195
		# By default the connector will overwrite all Samba 4 objects by the UCS objects.
196
		# By default the connector will overwrite all Samba 4 objects by the UCS objects.
196
		# On a normal Samba 4 DC is is necessary that the MS GPO links will not be overwritten.
197
		# On a normal Samba 4 DC is is necessary that the MS GPO links will not be overwritten.
197
		# But on a "Slave PDC" the settings from the Master must be used
198
		# But on a "Slave PDC" the settings from the Master must be used
198
		if [ -z "$s4connectorservicehost_dns" ]; then
199
		if [ -z "$s4connector_dc" ] \
199
			# First Sama 4 server
200
			|| [ "$s4connector_dc" = "$hostname" ]; then
201
			# First or only Sama 4 server
200
			/usr/share/univention-s4-connector/msgpo.py --write2ucs "$@"
202
			/usr/share/univention-s4-connector/msgpo.py --write2ucs "$@"
201
		elif ! is_ucr_true 'connector/s4/allow/secondary'; then
203
		elif ! is_ucr_true 'connector/s4/allow/secondary'; then
202
			# Normal Samba 4 DC
204
			# Normal Samba 4 DC

Return to bug 43478