/[smeserver]/rpms/e-smith-samba/sme8/e-smith-samba-2.2.0-ldap-auth.patch
ViewVC logotype

Annotation of /rpms/e-smith-samba/sme8/e-smith-samba-2.2.0-ldap-auth.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Tue Nov 2 16:57:29 2010 UTC (13 years, 7 months ago) by slords
Branch: MAIN
CVS Tags: e-smith-samba-2_2_0-47_el5_sme, e-smith-samba-2_2_0-52_el5_sme, e-smith-samba-2_2_0-49_el5_sme, e-smith-samba-2_2_0-40_el5_sme, e-smith-samba-2_2_0-43_el5_sme, e-smith-samba-2_2_0-44_el5_sme, e-smith-samba-2_2_0-63_el5_sme, e-smith-samba-2_2_0-61_el5_sme, e-smith-samba-2_2_0-31_el5_sme, e-smith-samba-2_2_0-32_el5_sme, e-smith-samba-2_2_0-57_el5_sme, e-smith-samba-2_2_0-54_el5_sme, e-smith-samba-2_2_0-41_el5_sme, e-smith-samba-2_2_0-55_el5_sme, e-smith-samba-2_2_0-39_el5_sme, e-smith-samba-2_2_0-46_el5_sme, e-smith-samba-2_2_0-53_el5_sme, e-smith-samba-2_2_0-50_el5_sme, e-smith-samba-2_2_0-58_el5_sme, e-smith-samba-2_2_0-30_el5_sme, e-smith-samba-2_2_0-33_el5_sme, e-smith-samba-2_2_0-56_el5_sme, e-smith-samba-2_2_0-51_el5_sme, e-smith-samba-2_2_0-42_el5_sme, e-smith-samba-2_2_0-65_el5_sme, e-smith-samba-2_2_0-64_el5_sme, e-smith-samba-2_2_0-60_el5_sme, e-smith-samba-2_2_0-62_el5_sme, e-smith-samba-2_2_0-34_el5_sme, e-smith-samba-2_2_0-35_el5_sme, e-smith-samba-2_2_0-45_el5_sme, e-smith-samba-2_2_0-48_el5_sme, e-smith-samba-2_2_0-37_el5_sme, e-smith-samba-2_2_0-38_el5_sme, e-smith-samba-2_2_0-36_el5_sme, e-smith-samba-2_2_0-29_el5_sme, e-smith-samba-2_2_0-66_el5_sme, e-smith-samba-2_2_0-59_el5_sme, HEAD 
Add routines for ldap auth
1 slords 1.1 diff -up e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps
2     --- e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps.ldap-auth 2010-11-01 12:00:21.000000000 -0600
3     +++ e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps 2010-11-01 12:03:56.000000000 -0600
4     @@ -5,12 +5,25 @@ package esmith;
5     use strict;
6     use Errno;
7     use esmith::AccountsDB;
8     +use esmith::ConfigDB;
9     +use esmith::util;
10    
11     # events: console-save, bootstrap-console-save, group-modify-samba, group-create
12     # post-install, post-upgrade, workgroup-update
13     my $debug = "--debuglevel=1";
14    
15     my $a = esmith::AccountsDB->open_ro or die "Couldn't open accounts db\n";
16     +my $c = esmith::ConfigDB->open_ro or die "Could not open Config DB";
17     +
18     +my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
19     +my $pw = esmith::util::LdapPassword();
20     +
21     +if ($ldapauth eq 'enabled')
22     +{
23     + # Add the LDAP admin password in secret.tdb
24     + warn "Couldn't add LDAP password in secret.tdb\n" unless
25     + system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
26     +}
27    
28     my $g = `/usr/bin/net getlocalsid`;
29     unless ($g =~ /SID.*is: (.+)/) {
30     @@ -20,6 +33,12 @@ unless ($g =~ /SID.*is: (.+)/) {
31     rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time;
32     $g = `/usr/bin/net getlocalsid`;
33     $g =~ /SID.*is: (.+)/ or die "Could not get current sid\n";
34     + if ($ldapauth eq 'enabled')
35     + {
36     + # Add the LDAP admin password in secret.tdb
37     + warn "Couldn't add LDAP password in secret.tdb\n" unless
38     + system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
39     + }
40     }
41     my $local_sid = $1;
42    
43     diff -up e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend
44     --- e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend.ldap-auth 2005-02-17 16:04:02.000000000 -0700
45     +++ e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend 2010-11-01 12:06:50.000000000 -0600
46     @@ -1,4 +1,25 @@
47     {
48     #Set the Samba user account dbase backend
49     -}
50     + if ( ($ldap{Authentication} || 'disabled') eq 'enabled')
51     + {
52     + my $base = esmith::util::ldapBase ($DomainName);
53     + $OUT .= <<EOF;
54     +passdb backend = ldapsam:ldap://localhost
55     +
56     +ldap admin dn = cn=root,$base
57     +ldap suffix = $base
58     +ldap group suffix = ou=Groups
59     +ldap user suffix = ou=Users
60     +ldap machine suffix = ou=Computers
61     +ldap delete dn = no
62     +ldap passwd sync = yes
63     +ldap ssl = off
64     +EOF
65     + }
66     + else
67     + {
68     + $OUT .= <<EOF;
69     passdb backend = smbpasswd:/etc/samba/smbpasswd
70     +EOF
71     + }
72     +}
73     diff -up e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync
74     --- e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync.ldap-auth 2007-12-15 08:53:08.000000000 -0700
75     +++ e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync 2010-11-01 12:09:26.000000000 -0600
76     @@ -5,10 +5,23 @@
77     # NOTE2: You do NOT need these to allow workstations to change only
78     # the encrypted SMB passwords. They allow the Unix password
79     # to be kept in sync with the SMB password.
80     -}
81     +
82     + if ( ($ldap{Authentication} || 'disabled') eq 'enabled')
83     + {
84     + $OUT .= <<EOF;
85     +unix password sync = no
86     +pam password change = no
87     +EOF
88     + }
89     + else
90     + {
91     + $OUT .= <<'EOF';
92     unix password sync = Yes
93     pam password change = Yes
94    
95     passwd program = /usr/bin/passwd %u
96     passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
97     check password script = /sbin/e-smith/samba_check_password
98     +EOF
99     + }
100     +}
101     diff -up e-smith-samba-2.2.0/root/var/service/smbd/run.ldap-auth e-smith-samba-2.2.0/root/var/service/smbd/run
102     --- e-smith-samba-2.2.0/root/var/service/smbd/run.ldap-auth 2010-11-01 12:00:21.000000000 -0600
103     +++ e-smith-samba-2.2.0/root/var/service/smbd/run 2010-11-01 12:11:21.000000000 -0600
104     @@ -8,6 +8,8 @@
105     #fi
106     # We currently don't care about /etc/sysconfig/samba, but that may change.
107    
108     +ldapauth=$(/sbin/e-smith/config getprop ldap Authentication || echo disabled)
109     +
110     status=$(/sbin/e-smith/config getprop smb status)
111     if [ "$status" = "disabled" ]
112     then
113     @@ -39,5 +41,10 @@ do
114     [ -r "$tdb" ] && tdbbackup "$tdb" .bak
115     done
116    
117     +if [ "$ldapauth" == "enabled" ]
118     +then
119     + /usr/bin/smbpasswd -w "$(cat /etc/ldap.secret)"
120     +fi
121     +
122     exec 2>&1
123     exec $smbd -F
124     diff -up e-smith-samba-2.2.0/createlinks.ldap-auth e-smith-samba-2.2.0/createlinks
125     --- e-smith-samba-2.2.0/createlinks.ldap-auth 2007-12-15 08:53:09.000000000 -0700
126     +++ e-smith-samba-2.2.0/createlinks 2010-11-01 12:14:17.000000000 -0600
127     @@ -31,7 +31,8 @@
128    
129     my $event = "console-save";
130    
131     -$event = "bootstrap-console-save";
132     +$event = "bootstrap-ldap-save";
133     +templates2events("/etc/samba/smb.conf", $event);
134     event_link("update-domain-group-maps", $event, "56");
135    
136     $event = "group-create";
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed