summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-11-01 11:30:19 +0100
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-11-01 12:25:24 +0100
commit7578e04fb8022ba13fa07fb88eb3d00474337ea1 (patch)
tree9c692f0420a3b98df69011b1747fbddf735c7f0b
parent2a25f7515a68938249beef47546465889ca1c734 (diff)
downloadsamba-7578e04fb8022ba13fa07fb88eb3d00474337ea1.tar.gz
samba-7578e04fb8022ba13fa07fb88eb3d00474337ea1.tar.bz2
samba-7578e04fb8022ba13fa07fb88eb3d00474337ea1.zip
s4:provision - adapt the "provision" so that SIDs are only set on entry creation
SID modifications are denied.
-rw-r--r--source4/scripting/python/samba/provision.py12
-rw-r--r--source4/setup/provision_basedn.ldif1
-rw-r--r--source4/setup/provision_basedn_modify.ldif3
3 files changed, 5 insertions, 11 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 441c2b540b..7c38197bec 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1127,22 +1127,18 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
descr = b64encode(get_domain_descriptor(domainsid))
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
- "DOMAINGUID": domainguid_line,
- "DESCRIPTOR": descr
+ "DOMAINSID": str(domainsid),
+ "DESCRIPTOR": descr,
+ "DOMAINGUID": domainguid_line
})
-
setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
+ "DOMAINDN": names.domaindn,
"CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
- "DOMAINSID": str(domainsid),
"NEXTRID": str(next_rid),
- "SCHEMADN": names.schemadn,
- "NETBIOSNAME": names.netbiosname,
"DEFAULTSITE": names.sitename,
"CONFIGDN": names.configdn,
- "SERVERDN": names.serverdn,
"POLICYGUID": policyguid,
- "DOMAINDN": names.domaindn,
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"SAMBA_VERSION_STRING": version
})
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index b82f41452e..cb9173827c 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -5,5 +5,6 @@ dn: ${DOMAINDN}
objectClass: top
objectClass: domaindns
instanceType: 5
+objectSid: ${DOMAINSID}
nTSecurityDescriptor:: ${DESCRIPTOR}
${DOMAINGUID}
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 53845f7355..d67d674319 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -72,9 +72,6 @@ nextRid: ${NEXTRID}
replace: nTMixedDomain
nTMixedDomain: 0
-
-replace: objectSid
-objectSid: ${DOMAINSID}
--
# This does only exist in SAMBA
replace: oEMInformation
oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}