From: Endi S. Dewata Date: Fri, 29 Jan 2010 22:05:22 +0000 (-0600) Subject: s4:provision - Moved default FDS SASL mappings deletion from post_setup() to init(). X-Git-Tag: samba-3.6.0pre1~4847 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c54699faf2796e1e8acbb2215fab835a6d86318e;p=thirdparty%2Fsamba.git s4:provision - Moved default FDS SASL mappings deletion from post_setup() to init(). Signed-off-by: Andrew Bartlett --- diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py index 75e00979dfe..1919c5d81c6 100644 --- a/source4/scripting/python/samba/provisionbackend.py +++ b/source4/scripting/python/samba/provisionbackend.py @@ -721,14 +721,7 @@ class FDSBackend(LDAPBackend): def post_setup(self): ldapi_db = Ldb(self.ldapi_uri, credentials=self.credentials) - # delete default SASL mappings - res = ldapi_db.search(expression="(!(cn=samba-admin mapping))", base="cn=mapping,cn=sasl,cn=config", scope=SCOPE_ONELEVEL, attrs=["dn"]) - # configure in-directory access control on Fedora DS via the aci attribute (over a direct ldapi:// socket) - for i in range (0, len(res)): - dn = str(res[i]["dn"]) - ldapi_db.delete(dn) - aci = """(targetattr = "*") (version 3.0;acl "full access to all by samba-admin";allow (all)(userdn = "ldap:///CN=samba-admin,%s");)""" % self.sambadn m = ldb.Message() diff --git a/source4/setup/fedorads-sasl.ldif b/source4/setup/fedorads-sasl.ldif index 99bb6a72cdb..d0f954f35c8 100644 --- a/source4/setup/fedorads-sasl.ldif +++ b/source4/setup/fedorads-sasl.ldif @@ -7,3 +7,14 @@ nsSaslMapRegexString: ^samba-admin$ nsSaslMapBaseDNTemplate: CN=samba-admin,${SAMBADN} nsSaslMapFilterTemplate: (objectclass=*) +dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config +changetype: delete + +dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config +changetype: delete + +dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config +changetype: delete + +dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config +changetype: delete