Please find attach a second "release" of my updateprovision script, I
tried to take in account you remarks:
* do not spawn a separate process for provision
* use search_options, ldb_msg_diff, ldb python bindings instead of LDIF
I identified 5 steps for the script to be complete to my mind:
Update different partion
Directly call provision function without spawn a separate process
Update sensitive fields in a sensible way (ie
For this my plan is to closely inspect fields we have usually a value
that has changed from the default one because the object has lived a
little bit (add of services, add of user in the group ...) and we have
in the provision something else different as well. In this case the idea
is too add new bits from the fresh provision in the current provision
(well we can miss some needed removal but let's hope that we won't face
This is a not very simple update as there is various reason why a SD can
be different in the current provision and in the reference provision:
1 change has been volontary made on the SD
2 SD calculation algorithm has changed since last provision
3 change in the default security descriptor
In the first time I plan to be able to automatically update in case 2
and 3 and print an information message in case 1. We can hope that the 1
case will be pretty rare, in any case a more complicated update method
could manage to solve simple differences (ie. one right has been
added/removed, one user/group has been granted/ungranted).
In order to be able to handle case 2 and 3 we must be able to calculate
with the previous defaultSecurityDescriptor and the previous calculation
algorithm so that we can realize that if two SD are different they are
in fact the same (same value with a constant defaultSecurityDescriptor,
same value with a constant method of calculation of nTSecurityDescriptor
when given a certain defaultSecurityDescriptor).
Update non provisionned object (ie. created computers,users,group).
The plan here is to list the different type of object that needs to be
tested (computers,sitelink,subnet,...), then create one instance for
each of them, then check this instance with existing object and update
some fields. This part is the most blury right now because I do not have
any idea of wether it can works or not ... and which fields will need
update and if it will be easy to define a global behavior for the update
(add,replace,remove ...). I guess somes tests has to be done for this.
I am currently at step 2.
Any comments welcomed !
Description: Text Data