Univention Bugzilla – Attachment 8552 Details for
Bug 43904
univention-samba4: Cleanup shell scripts
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Cleanup some shell issues
samba-cleanup.diff (text/plain), 23.79 KB, created by
Philipp Hahn
on 2017-03-16 11:58 CET
(
hide
)
Description:
Cleanup some shell issues
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2017-03-16 11:58 CET
Size:
23.79 KB
patch
obsolete
>diff --git a/services/univention-samba4/96univention-samba4.inst b/services/univention-samba4/96univention-samba4.inst >index 5c61fa5..87d9cc6 100755 >--- a/services/univention-samba4/96univention-samba4.inst >+++ b/services/univention-samba4/96univention-samba4.inst >@@ -209,20 +209,19 @@ stop_conflicting_services() { > fi > fi > >- tmp_ucr_key_value_list=() >+ declare -a tmp_ucr_key_value_list=() > if [ "$samba_autostart" != "no" ]; then >- tmp_ucr_key_value_list[0]="samba/autostart=no" >+ tmp_ucr_key_value_list+=("samba/autostart=no") > fi > if [ "$winbind_autostart" != "no" ]; then >- tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="winbind/autostart=no" >+ tmp_ucr_key_value_list+=("winbind/autostart=no") > fi > if [ "$kerberos_autostart" != "no" ]; then >- tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="kerberos/autostart=no" >+ tmp_ucr_key_value_list+=("kerberos/autostart=no") > fi > if [ -n "$tmp_ucr_key_value_list" ]; then > univention-config-registry set "${tmp_ucr_key_value_list[@]}" > fi >- unset tmp_ucr_key_value_list > } > > get_samba_role() { >@@ -309,11 +308,11 @@ samba_domain_join() { > fi > else > >- # Let's try to join against the S4 Connector >- s4connector_dc=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ >+ # Let's try to join against the S4 Connector >+ s4connector_dc=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ > "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(!(univentionService=S4 SlavePDC)))" cn \ >- | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') >- >+ | sed -n 's/^cn: //p') >+ > if [ -n "$s4connector_dc" ]; then > echo "Join against S4 Connector server: $s4connector_dc" > if samba-tool domain info "$s4connector_dc.$domainname"; then >@@ -343,9 +342,9 @@ samba_domain_join() { > > if [ -z "$success" ]; then > # try again with --server >- cn=($(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ >+ cn=($(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ > "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" cn \ >- | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p' )) >+ | sed -n 's/^cn: //p' )) > for name in "${cn[@]}"; do > if samba-tool domain info "$name.$domainname"; then > samba-tool domain join "$domainname" "$samba4_role" --server "$name.$domainname" "${samba_join_options[@]}" >@@ -392,7 +391,7 @@ disable_slapd_on_standard_port() { > } > > backup_samba4_keytab() { >- pre_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: \(.*\)/\1/p') >+ pre_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: //p') > if [ -n "$pre_join_kvno" ]; then > if ! [ -f /etc/krb5.keytab ]; then > ## usually the keytab is removed during 03univention-directory-listener.inst >@@ -416,7 +415,7 @@ backup_samba4_keytab() { > > merge_backup_samba4_keytab() { > if [ -n "$pre_join_kvno" ] && [ -f "$backup_dir/krb5.keytab" ]; then >- post_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: \(.*\)/\1/p') >+ post_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: //p') > if [ "$post_join_kvno" -gt "$pre_join_kvno" ]; then > tmp_krb5_keytab=$(mktemp) > cp "$backup_dir/krb5.keytab" "$tmp_krb5_keytab" >@@ -461,8 +460,8 @@ set_default_fACL() { > register_server_ips_with_domain() { > zone="$(udm dns/forward_zone list "$@" --filter zoneName="$domainname" | sed -ne 's|^DN: ||p')" > if [ -n "$zone" ]; then >- IPs=$(univention-ldapsearch "(&(relativeDomainname=$hostname)(zoneName=$domainname))" aRecord aAAARecord \ >- | ldapsearch-wrapper | sed -ne 's|^aRecord: ||p;s|^aAAARecord: ||p') >+ IPs=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(relativeDomainname=$hostname)(zoneName=$domainname))" aRecord aAAARecord \ >+ | sed -ne 's|^aRecord: ||p;s|^aAAARecord: ||p') > for ip in $IPs; do > udm dns/forward_zone modify "$@" --ignore_exists --dn "$zone" --append a="$ip" > done >@@ -472,9 +471,9 @@ register_server_ips_with_domain() { > set_samba4_sysvol_sync_host() { > ## determine default sysvol parent for this host from univentionService="S4 Connector" > if [ -z "$samba4_sysvol_sync_host" ]; then >- s4connectorservicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ >+ s4connectorservicedcs=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ > "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(!(univentionService=S4 SlavePDC)))" cn \ >- | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc >+ | sed -n 's/^cn: //p') ## currently there is no u-d-m module computers/dc > if [ -n "$s4connectorservicedcs" ]; then > univention-config-registry set samba4/sysvol/sync/host="$s4connectorservicedcs" > fi >@@ -521,7 +520,7 @@ get_available_s4connector_dc() { > local s4connector_dc > local s4connector_dc_candidates > s4connector_dc=() >- s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') >+ s4connector_dc_candidates=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | sed -n 's/^cn: //p') > if univention-ldapsearch -LLL univentionservice=UCS@school dn | grep -q ^dn; then > for dc in "${s4connector_dc_candidates[@]}"; do > if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then >@@ -547,7 +546,7 @@ wait_until_dc_was_replicated_to_connector_dc() { > > echo -n "Waiting for DRS replication: " > for((i=0;i<300;i++)); do >- search_result="$(ldbsearch -H "ldap://$s4connector_dc" -U"${hostname}$"%"$(</etc/machine.secret)" "(&(objectClass=computer)(cn=${hostname}))" cn 2>/dev/null| sed -n 's/^cn: \(.*\)/\1/p')" >+ search_result="$(ldbsearch -H "ldap://$s4connector_dc" -U"${hostname}$"%"$(</etc/machine.secret)" "(&(objectClass=computer)(cn=${hostname}))" cn 2>/dev/null| sed -n 's/^cn: //p')" > test -n "$search_result" && break > echo -n "." > sleep 1 >@@ -645,8 +644,8 @@ _create_group_with_special_sid() > local ldif > > shift 3 >- >- group_dn="$(univention-ldapsearch "(&(objectClass=univentionGroup)(cn=$name))" | ldapsearch-wrapper | sed -ne 's|dn: ||p')" >+ >+ group_dn="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=univentionGroup)(cn=$name))" dn | sed -ne 's|^dn: ||p')" > > if [ -z "$group_dn" ]; then > >@@ -683,8 +682,8 @@ univentionSamba4SID: $sid > " > fi > >- echo "$ldif" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" >- >+ echo "$ldif" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" >+ > if [ "$name" = "Authenticated Users" ]; then > udm groups/group modify "$@" --dn "cn=$name,$position,$ldap_base" \ > --append nestedGroup="cn=DC Slave Hosts,cn=groups,$ldap_base" \ >@@ -742,8 +741,8 @@ _update_pseudo_group() > local name="$1" > > shift 1 >- >- group_dn="$(univention-ldapsearch "(&(objectClass=univentionGroup)(cn=$name)(!(univentionGroupType=-2147483643)))" | ldapsearch-wrapper | sed -ne 's|dn: ||p')" >+ >+ group_dn="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=univentionGroup)(cn=$name)(!(univentionGroupType=-2147483643)))" | sed -ne 's|^dn: ||p')" > > if [ -n "$group_dn" ]; then > extract_binddn_and_bindpwd_from_args "$@" >@@ -759,7 +758,7 @@ add: univentionGroupType > univentionGroupType: -2147483643 > - > replace: sambaGroupType >-sambaGroupType: 5" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" >+sambaGroupType: 5" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" > fi > } > >@@ -784,9 +783,9 @@ exit_on_slave_if_no_s4_connector_on_master_or_backup() > if [ "$server_role" != "domaincontroller_slave" ]; then > return > fi >- s4connectorservicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ >+ s4connectorservicedcs=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ > "(&(univentionService=S4 Connector)(|(univentionServerRole=master)(univentionServerRole=backup)))" cn \ >- | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') >+ | sed -n 's/^cn: //p') > if [ -z "$s4connectorservicedcs" ]; then > echo "ERROR: No S4 Connector installed yet on DC Master or DC Backup." > exit 1 >@@ -802,8 +801,8 @@ exit_on_slave_if_no_s4_connector_on_master_or_backup > > extract_binddn_and_bindpwd_from_args "$@" > if [ -n "$binddn" ]; then >- dcaccount=$(ldapsearch -xLLL -ZZ -D "$ldap_hostdn" -y /etc/machine.secret \ >- -s base -b "$binddn" uid | ldapsearch-wrapper | sed -n 's/^uid: //p') >+ dcaccount=$(ldapsearch -xLLLo ldif-wrap=no -ZZ -D "$ldap_hostdn" -y /etc/machine.secret \ >+ -s base -b "$binddn" uid | sed -n 's/^uid: //p') > fi > > configure_samba_role >@@ -864,13 +863,13 @@ if [ "$samba4_role" = 'DC' ]; then > fi > > ## check if we there already is a **domaincontroller** providing the service "Samba 4" >- samba4servicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ >+ samba4servicedcs=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ > "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \ >- | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc >+ | sed -n 's/^cn: //p') ## currently there is no u-d-m module computers/dc > >- s4connector_is_used=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ >+ s4connector_is_used=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ > "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(cn=$hostname))" cn \ >- | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') >+ | sed -n 's/^cn: //p') > > /etc/init.d/samba stop > >@@ -1149,7 +1148,7 @@ fi > > /etc/init.d/samba restart > >-# To prevent a DRS replication conflict: >+# To prevent a DRS replication conflict: > # https://forge.univention.org/bugzilla/show_bug.cgi?id=32257 > wait_until_dc_was_replicated_to_connector_dc > >diff --git a/services/univention-samba4/98univention-samba4-dns.inst b/services/univention-samba4/98univention-samba4-dns.inst >index 053754a..f78dd1b 100644 >--- a/services/univention-samba4/98univention-samba4-dns.inst >+++ b/services/univention-samba4/98univention-samba4-dns.inst >@@ -74,7 +74,7 @@ if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then > fi > > # Change the dns/backend to samba4 only whether a S4 Connector is installed in our domain >-s4connectorservicedcs="$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')" >+s4connectorservicedcs="$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | sed -n 's/^cn: //p')" > > if [ $JS_LAST_EXECUTED_VERSION = 0 ] && [ "$dns_backend" != "samba4" ] && [ -n "$s4connectorservicedcs" ]; then > univention-config-registry set dns/backend=samba4 >diff --git a/services/univention-samba4/debian/univention-samba4.postinst b/services/univention-samba4/debian/univention-samba4.postinst >index a218785..a333753 100644 >--- a/services/univention-samba4/debian/univention-samba4.postinst >+++ b/services/univention-samba4/debian/univention-samba4.postinst >@@ -187,16 +187,15 @@ divert_univention_heimdal_service_cfg() { > > if [ "$1" = "configure" ]; then > >- > if [ -z "$2" ]; then >- univention-config-registry set samba4/autostart="no" >+ univention-config-registry set samba4/autostart="no" > > # only set this for new installations > if [ "$server_role" = "domaincontroller_master" ]; then > univention-config-registry set samba/domain/master?yes > fi > >- ## New installation, remove leftover samba3.x rc?.d links >+ ## New installation, remove leftover samba3.x rc?.d links > update-rc.d -f samba remove > /dev/null > > divert_univention_heimdal_service_cfg >@@ -248,14 +247,14 @@ secret: $machine_secret > fi > fi > fi >- >+ > ### The following block of code may be removed after ucs_3.2-0 > if dpkg --compare-versions "$2" lt-nl "2.0.44-24"; then > default_domain_gpo_dir="/var/lib/samba/sysvol/$domainname/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" > if [ -d "$default_domain_gpo_dir" ]; then > gpo_dir_owner=$(stat --printf '%U' "$default_domain_gpo_dir" 2>&1) > if [ "$gpo_dir_owner" = "UNKNOWN" ]; then >- samba-tool ntacl sysvolreset >+ samba-tool ntacl sysvolreset > fi > fi > fi >@@ -284,11 +283,11 @@ secret: $machine_secret > backup_dir="/var/backups/samba4.$backup_id" > if [ -d "$backup_dir" ]; then > rm -rf "$backup_dir" >- fi >+ fi > mkdir "$backup_dir" && \ > cp -a /var/lib/samba/private "$backup_dir" && \ > samba-tool dbcheck --cross-ncs --fix --yes >- fi >+ fi > > if ! [ -r "/etc/krb5.keytab" ]; then > echo "/etc/krb5.keytab does not exist yet." >@@ -321,13 +320,13 @@ secret: $machine_secret > backup_dir="/var/backups/samba4_update_to_ucs4.1-4.$backup_id" > if [ -d "$backup_dir" ]; then > rm -rf "$backup_dir" >- fi >+ fi > service samba stop > mkdir "$backup_dir" && \ > cp -a /var/lib/samba/private "$backup_dir" && \ > samba-tool dbcheck --cross-ncs --fix --yes > service samba start >- fi >+ fi > fi > fi > >@@ -376,7 +375,7 @@ call_joinscript 96univention-samba4.inst > > # Run a samba-tool ntacl sysvolreset, this is required for the rc6 upgrade > if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt-nl 2.0.28; then >- samba-tool ntacl sysvolreset >+ samba-tool ntacl sysvolreset > fi > > exit 0 >diff --git a/services/univention-samba4/debian/univention-samba4.prerm b/services/univention-samba4/debian/univention-samba4.prerm >index 4e5e52c..7e154d6 100644 >--- a/services/univention-samba4/debian/univention-samba4.prerm >+++ b/services/univention-samba4/debian/univention-samba4.prerm >@@ -82,11 +82,10 @@ if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then > > ucr unset kerberos/autostart > test -x /etc/init.d/heimdal-kdc && invoke-rc.d heimdal-kdc start >- >+ > divert_univention_heimdal_service_cfg > > cp /usr/lib/univention-uninstall/04univention-samba4.uinst /usr/lib/univention-install/ > fi > > exit 0 >- >diff --git a/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh b/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh >index 1797952..2e3a122 100755 >--- a/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh >+++ b/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh >@@ -29,7 +29,7 @@ > > eval "$(univention-config-registry shell windows/domain samba4/ldap/base ldap/hostdn)" > >-Domain_GUID="$(ldbsearch -H /var/lib/samba/private/sam.ldb -s base objectGUID | sed -n 's/^objectGUID: \(.*\)/\1/p')" >+Domain_GUID="$(ldbsearch -H /var/lib/samba/private/sam.ldb -s base objectGUID | sed -n 's/^objectGUID: //p')" > > ## Now lookup DNS entries > host gc._msdcs >@@ -51,16 +51,16 @@ kpasswd udp > ## retrive DC specific GUID > NTDS_objectGUIDs=() > sites=() >-samba4servicedcs=$(ldapsearch -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc >+samba4servicedcs=$(ldapsearch -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" cn | sed -n 's/^cn: //p') ## currently there is no u-d-m module computers/dc > > for s4dc in $samba4servicedcs; do > server_object_dn=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="${s4dc}\$" \ >- serverReferenceBL | ldapsearch-wrapper | sed -n 's/^serverReferenceBL: \(.*\)/\1/p') >+ serverReferenceBL | ldapsearch-wrapper | sed -n 's/^serverReferenceBL: //p') > if [ -z "$server_object_dn" ]; then > continue > fi > NTDS_objectGUID=$(ldbsearch -H /var/lib/samba/private/sam.ldb -b "$server_object_dn" \ >- "CN=NTDS Settings" objectGUID | ldapsearch-wrapper | sed -n 's/^objectGUID: \(.*\)/\1/p') >+ "CN=NTDS Settings" objectGUID | ldapsearch-wrapper | sed -n 's/^objectGUID: //p') > NTDS_objectGUIDs+=($NTDS_objectGUID) > > ## Determine sitename >diff --git a/services/univention-samba4/scripts/create_spn_account.sh b/services/univention-samba4/scripts/create_spn_account.sh >index eee1ea3..0b2de47 100755 >--- a/services/univention-samba4/scripts/create_spn_account.sh >+++ b/services/univention-samba4/scripts/create_spn_account.sh >@@ -160,7 +160,7 @@ create_spn_account() { > > # get msDS-KeyVersionNumber > msdsKeyVersion=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="$spn_account_name" msDS-KeyVersionNumber \ >- | sed -n 's/^msDS-KeyVersionNumber: \(.*\)/\1/p') >+ | sed -n 's/^msDS-KeyVersionNumber: //p') > if [ -z "$msdsKeyVersion" ]; then > echo "ERROR: Could not determine msDS-KeyVersionNumber of $spn_account_name account!" > exit 1 >diff --git a/services/univention-samba4/scripts/setup-s4.sh b/services/univention-samba4/scripts/setup-s4.sh >index bca1cba..2addcef 100755 >--- a/services/univention-samba4/scripts/setup-s4.sh >+++ b/services/univention-samba4/scripts/setup-s4.sh >@@ -84,7 +84,7 @@ while getopts "h-:W:" option; do > esac > done > >-DOMAIN_SID="$(univention-ldapsearch "(&(objectclass=sambadomain)(sambaDomainName=$windows_domain))" sambaSID | ldapsearch-wrapper | sed -n 's/sambaSID: \(.*\)/\1/p')" >+DOMAIN_SID="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectclass=sambadomain)(sambaDomainName=$windows_domain))" sambaSID | sed -n 's/sambaSID: //p')" > > ## helper function > stop_conflicting_services() { >@@ -105,25 +105,24 @@ stop_conflicting_services() { > fi > fi > >- tmp_ucr_key_value_list=() >+ declare -a tmp_ucr_key_value_list=() > if [ "$samba_autostart" != "no" ]; then >- tmp_ucr_key_value_list[0]="samba/autostart=no" >+ tmp_ucr_key_value_list+=("samba/autostart=no") > fi > if [ "$winbind_autostart" != "no" ]; then >- tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="winbind/autostart=no" >+ tmp_ucr_key_value_list+=("winbind/autostart=no") > fi > if [ "$kerberos_autostart" != "no" ]; then >- tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="kerberos/autostart=no" >+ tmp_ucr_key_value_list+=("kerberos/autostart=no") > fi > if [ -n "$tmp_ucr_key_value_list" ]; then > univention-config-registry set "${tmp_ucr_key_value_list[@]}" 2>&1 | tee -a "$LOGFILE" > fi >- unset tmp_ucr_key_value_list > } > > set_machine_secret() { > ## 1. store password locally in secrets.ldb >- old_kvno=$(ldbsearch -H "$samba_sam" samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/msDS-KeyVersionNumber: \(.*\)/\1/p') >+ old_kvno=$(ldbsearch -H "$samba_sam" samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/msDS-KeyVersionNumber: //p') > new_kvno=$(($old_kvno + 1)) > > ldbmodify -H "$samba_secrets" <<-%EOF >@@ -142,7 +141,7 @@ set_machine_secret() { > } > > # Search for Samba 3 DCs >-S3_DCS="$(univention-ldapsearch "(&(objectclass=univentionDomainController)(univentionService=Samba 3))" cn | ldapsearch-wrapper | sed -n 's/cn: \(.*\)/\1/p')" >+S3_DCS="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectclass=univentionDomainController)(univentionService=Samba 3))" cn | sed -n 's/^cn: //p')" > if [ -n "$S3_DCS" ]; then > ## safty belt > if is_ucr_true samba4/ignore/mixsetup; then >@@ -226,7 +225,7 @@ if [ -z "$S3_DCS" ] || [ -z "$DOMAIN_SID" ] || is_ucr_true samba4/provision/seco > > else > ## Before starting the upgrade check for Samba accounts that are not POSIX accounts: >- non_posix_sambaSamAccount_dns=$(univention-ldapsearch -LLL "(&(objectClass=sambaSamAccount)(!(objectClass=posixAccount)))" dn | ldapsearch-wrapper | sed -n 's/^dn: \(.*\)/\1/p') >+ non_posix_sambaSamAccount_dns=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=sambaSamAccount)(!(objectClass=posixAccount)))" dn | sed -n 's/^dn: //p') > if [ -n "$non_posix_sambaSamAccount_dns" ]; then > echo "ERROR: Found Samba accounts in LDAP that are not POSIX accounts, please remove these before updating to Samba 4" >&2 > echo "$non_posix_sambaSamAccount_dns" | while read dn; do >@@ -238,7 +237,7 @@ else > ## Before starting the upgrade check for group names colliding with user names > uid_ldap_check_function() { > local filter="$1" >- collision=$(univention-ldapsearch -LLL "(&(objectClass=posixAccount)(|$filter))" uid | ldapsearch-wrapper | sed -n 's/^uid: \(.*\)/\1/p') >+ collision=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=posixAccount)(|$filter))" uid | sed -n 's/^uid: //p') > if [ -n "$collision" ]; then > echo "ERROR: Group names and user names must be unique, please rename these before updating to Samba 4" >&2 > echo "The following user names are also present as group names:" >&2 >@@ -255,7 +254,7 @@ else > uid_ldap_check_function "$filter" > filter="(uid=$name)" > fi >- done < <(univention-ldapsearch -LLL "(objectClass=posixGroup)" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') >+ done < <(univention-ldapsearch -LLLo ldif-wrap=no "(objectClass=posixGroup)" cn | sed -n 's/^cn: //p') > if [ -n "$filter" ]; then > uid_ldap_check_function "$filter" > fi >@@ -264,10 +263,10 @@ else > extract_binddn_and_bindpwd_from_args "$@" > groups=("Windows Hosts" "DC Backup Hosts" "DC Slave Hosts" "Computers" "Power Users") > for group in "${groups[@]}"; do >- record=$(univention-ldapsearch -LLL "(&(cn=$group)(objectClass=univentionGroup))" dn description | ldapsearch-wrapper) >- description=$(echo "$record" | sed -n 's/^description: \(.*\)/\1/p') >+ record=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(cn=$group)(objectClass=univentionGroup))" dn description) >+ description=$(echo "$record" | sed -n 's/^description: //p') > if [ -z "$description" ]; then >- dn=$(echo "$record" | sed -n 's/^dn: \(.*\)/\1/p') >+ dn=$(echo "$record" | sed -n 's/^dn: //p') > univention-directory-manager groups/group modify "$@" --dn "$dn" --set description="$group" > fi > done >diff --git a/services/univention-samba4/server_password_change.d/univention-samba4 b/services/univention-samba4/server_password_change.d/univention-samba4 >index 734122f..8c55086 100755 >--- a/services/univention-samba4/server_password_change.d/univention-samba4 >+++ b/services/univention-samba4/server_password_change.d/univention-samba4 >@@ -33,7 +33,7 @@ eval "$(univention-config-registry shell)" > > set_machine_secret() { > ## 1. store password locally in secrets.ldb >- old_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/msDS-KeyVersionNumber: \(.*\)/\1/p') >+ old_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: //p') > new_kvno=$(($old_kvno + 1)) > > ldbmodify -H /var/lib/samba/private/secrets.ldb <<-%EOF >diff --git a/services/univention-samba4/univention-s4search b/services/univention-samba4/univention-s4search >index b29244d..e08abaa 100755 >--- a/services/univention-samba4/univention-s4search >+++ b/services/univention-samba4/univention-s4search >@@ -59,7 +59,7 @@ if ! [ "$credentials_given" = 'true' ]; then > > ## currently the password in the secrets.ldb is set to machine.secret only on provision host, so we need to look it up from the secrets.ldb > # sampassword=$(cat /etc/machine.secret) >- sampassword=$(ldbsearch -H /var/lib/samba/private/secrets.ldb samAccountName="${hostname}\$" secret | ldapsearch-wrapper | sed -n 's/secret: \(.*\)/\1/p') >+ sampassword=$(ldbsearch -H /var/lib/samba/private/secrets.ldb samAccountName="${hostname}\$" secret | ldapsearch-wrapper | sed -n 's/^secret: //p') > samaccount="${hostname}\$" > > fi
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 43904
: 8552