s4-provision: the DC object itself needs a fixed objectSID

We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

2 files changed, 3 insertions, 1 deletions

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d7d0a790ca..62ca9282d1 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -796,6 +796,7 @@ def setup_self_join(samdb, names,
               "DNSPASS_B64": b64encode(dnspass),
               "REALM": names.realm,
               "DOMAIN": names.domain,
+              "DOMAINSID": str(domainsid),
               "DNSDOMAIN": names.dnsdomain,
               "SAMBA_VERSION_STRING": version,
               "NTDSGUID": ntdsguid_line,
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index f110902316..0ad1b90fdb 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -33,6 +33,7 @@ servicePrincipalName: ldap/${DNSNAME}
 servicePrincipalName: ldap/${DNSNAME}/${REALM}
 userAccountControl: 532480
 userPassword:: ${MACHINEPASS_B64}
+objectSID: ${DOMAINSID}-1001
 
 dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
 objectClass: top
@@ -40,7 +41,7 @@ objectClass: rIDSet
 rIDAllocationPool: 1000-1499
 rIDPreviousAllocationPool: 1000-1499
 rIDUsedPool: 0
-rIDNextRID: 1000
+rIDNextRID: 1001
 
 
 # Here are missing the objects for the NTFRS subscription and the RID set since