From 57d19ad002c523fb9a09694e6710ab7f588d44ec Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 8 Sep 2008 15:09:06 +1000 Subject: [PATCH] Make it clear that the MMR password can differ from the admin passsword In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett --- source/scripting/python/samba/provision.py | 14 ++++++++------ source/setup/cn=replicator.ldif | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/source/scripting/python/samba/provision.py b/source/scripting/python/samba/provision.py index f37d09d5e09..68f61532ad8 100644 --- a/source/scripting/python/samba/provision.py +++ b/source/scripting/python/samba/provision.py @@ -1273,7 +1273,10 @@ def provision_backend(setup_dir=None, message=None, mmr_syncrepl_user_config = "" if ol_mmr_urls is not None: - url_list=filter(None,ol_mmr_urls.split(' ')) + # For now, make these equal + mmr_pass = adminpass + + url_list=filter(None,ol_mmr_urls.split(' ')) if (len(url_list) == 1): url_list=filter(None,ol_mmr_urls.split(',')) @@ -1292,21 +1295,21 @@ def provision_backend(setup_dir=None, message=None, { "RID" : str(rid), "MMRDN": names.schemadn, "LDAPSERVER" : url, - "MMR_PASSWORD": adminpass}) + "MMR_PASSWORD": mmr_pass}) rid=rid+1 mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), { "RID" : str(rid), "MMRDN": names.configdn, "LDAPSERVER" : url, - "MMR_PASSWORD": adminpass}) + "MMR_PASSWORD": mmr_pass}) rid=rid+1 mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), { "RID" : str(rid), "MMRDN": names.domaindn, "LDAPSERVER" : url, - "MMR_PASSWORD": adminpass }) + "MMR_PASSWORD": mmr_pass }) setup_file(setup_path("slapd.conf"), paths.slapdconf, @@ -1322,7 +1325,6 @@ def provision_backend(setup_dir=None, message=None, "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config, "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config, "MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config, - "MMR_PASSWORD": adminpass, "REFINT_CONFIG": refint_config}) setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) @@ -1347,7 +1349,7 @@ def provision_backend(setup_dir=None, message=None, if ol_mmr_urls is not None: setup_file(setup_path("cn=replicator.ldif"), os.path.join(paths.ldapdir, "db", "samba", "cn=samba", "cn=replicator.ldif"), - {"LDAPADMINPASS_B64": b64encode(adminpass), + {"MMR_PASSWORD_B64": b64encode(mmr_pass), "UUID": str(uuid.uuid4()), "LDAPTIME": timestring(int(time.time()))} ) diff --git a/source/setup/cn=replicator.ldif b/source/setup/cn=replicator.ldif index e7c5a2408c4..6001456b4d2 100644 --- a/source/setup/cn=replicator.ldif +++ b/source/setup/cn=replicator.ldif @@ -2,7 +2,7 @@ dn: cn=replicator objectClass: top objectClass: person cn: replicator -userPassword:: ${LDAPADMINPASS_B64} +userPassword:: ${MMR_PASSWORD_B64} structuralObjectClass: person entryUUID: ${UUID} creatorsName: -- 2.47.2