summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-07-10 12:48:18 +0200
committerAndrew Bartlett <abartlet@samba.org>2009-07-20 14:21:09 +1000
commit2fc5331e5c23e3f448b53fa7838e478772d0caed (patch)
tree5e4532822732f497a115f43bc1ffbe68fc23b409 /source4/setup
parent7889823783625e16e273770f73f285920828e411 (diff)
downloadsamba-2fc5331e5c23e3f448b53fa7838e478772d0caed.tar.gz
samba-2fc5331e5c23e3f448b53fa7838e478772d0caed.tar.bz2
samba-2fc5331e5c23e3f448b53fa7838e478772d0caed.zip
[SAMBA 4 directory] Refactoring and clean up of directory structure
- Adds more system objects which make sense to have them in SAMBA 4 also to have them when we add more and more services related to the directory (volume support, DFS, replication service, COM...) - Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes are set correctly on each object
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/provision.ldif184
-rw-r--r--source4/setup/provision_basedn_modify.ldif6
-rw-r--r--source4/setup/provision_computers_modify.ldif6
-rw-r--r--source4/setup/provision_configuration.ldif1
-rw-r--r--source4/setup/provision_group_policy.ldif11
-rw-r--r--source4/setup/provision_self_join.ldif5
-rw-r--r--source4/setup/provision_users.ldif26
-rw-r--r--source4/setup/provision_users_modify.ldif6
-rw-r--r--source4/setup/schema_samba4.ldif3
9 files changed, 167 insertions, 81 deletions
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index e5b20d03e1..9f50b45dff 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -1,7 +1,28 @@
+dn: CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: builtinDomain
+forceLogoff: -9223372036854775808
+lockoutDuration: -18000000000
+lockOutObservationWindow: -18000000000
+lockoutThreshold: 0
+maxPwdAge: -37108517437440
+minPwdAge: 0
+minPwdLength: 0
+modifiedCountAtLastProm: 0
+nextRid: 1000
+pwdProperties: 0
+pwdHistoryLength: 0
+objectSid: S-1-5-32
+serverState: 1
+uASCompat: 1
+modifiedCount: 1
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
+
dn: OU=Domain Controllers,${DOMAINDN}
objectClass: top
objectClass: organizationalUnit
-cn: Domain Controllers
description: Default container for domain controllers
systemFlags: -1946157056
isCriticalSystemObject: TRUE
@@ -10,82 +31,171 @@ showInAdvancedViewOnly: FALSE
dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
objectClass: top
objectClass: container
-cn: ForeignSecurityPrincipals
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
+dn: CN=Infrastructure,${DOMAINDN}
+objectClass: top
+objectClass: infrastructureUpdate
+systemFlags: -1946157056
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=LostAndFound,${DOMAINDN}
+objectClass: top
+objectClass: lostAndFound
+description: Default container for orphaned objects
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=NTDS Quotas,${DOMAINDN}
+objectClass: top
+objectClass: msDS-QuotaContainer
+description: Quota specifications container
+msDS-TombstoneQuotaFactor: 100
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=Program Data,${DOMAINDN}
+objectClass: top
+objectClass: container
+description: Default location for storage of application data.
+
+dn: CN=Microsoft,CN=Program Data,${DOMAINDN}
+objectClass: top
+objectClass: container
+description: Default location for storage of Microsoft application data.
+
dn: CN=System,${DOMAINDN}
objectClass: top
objectClass: container
-cn: System
description: Builtin system settings
systemFlags: -1946157056
isCriticalSystemObject: TRUE
-dn: CN=RID Manager$,CN=System,${DOMAINDN}
-objectclass: top
-objectclass: rIDManager
-cn: RID Manager$
+dn: CN=AdminSDHolder,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
systemFlags: -1946157056
isCriticalSystemObject: TRUE
-fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
-rIDAvailablePool: 4611686014132423217
+
+dn: CN=ComPartitions,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=ComPartitionSets,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: leaf
+objectClass: domainPolicy
+isCriticalSystemObject: TRUE
+
+dn: CN=AppCategories,CN=Default Domain Policy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: classStore
+isCriticalSystemObject: TRUE
+
+dn: CN=Dfs-Configuration,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: dfsConfiguration
+isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
dn: CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
-cn: DomainUpdates
+
+dn: CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
-cn: Windows2003Update
revision: 8
-dn: CN=Infrastructure,${DOMAINDN}
-objectclass: top
-objectclass: infrastructureUpdate
-cn: Infrastructure
+dn: CN=File Replication Service,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: applicationSettings
+objectClass: nTFRSSettings
systemFlags: -1946157056
isCriticalSystemObject: TRUE
-fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
-dn: CN=Builtin,${DOMAINDN}
+dn: CN=FileLinks,CN=System,${DOMAINDN}
objectClass: top
-objectClass: builtinDomain
-cn: Builtin
-forceLogoff: -9223372036854775808
-lockoutDuration: -18000000000
-lockOutObservationWindow: -18000000000
-lockoutThreshold: 0
-maxPwdAge: -37108517437440
-minPwdAge: 0
-minPwdLength: 0
-modifiedCountAtLastProm: 0
-nextRid: 1000
-pwdProperties: 0
-pwdHistoryLength: 0
-objectSid: S-1-5-32
-serverState: 1
-uASCompat: 1
-modifiedCount: 1
+objectClass: fileLinkTracking
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
-showInAdvancedViewOnly: FALSE
+
+dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: fileLinkTracking
+objectClass: linkTrackObjectMoveTable
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=VolumeTable,CN=FileLinks,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: fileLinkTracking
+objectClass: linkTrackVolumeTable
systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+
+dn: CN=Meetings,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
systemFlags: -1946157056
+isCriticalSystemObject: TRUE
-dn: CN=IP Security,CN=System,${DOMAINDN}
+dn: CN=RAS and IAS Servers Access Check,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
-dn: CN=ComPartitionSets,CN=System,${DOMAINDN}
+dn: CN=RID Manager$,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: rIDManager
+systemFlags: -1946157056
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+rIDAvailablePool: 4611686014132423217
+isCriticalSystemObject: TRUE
+
+dn: CN=RpcServices,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+objectClass: rpcContainer
systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=Server,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: securityObject
+objectClass: samServer
+systemFlags: -1946157056
+revision: 65543
+isCriticalSystemObject: TRUE
+dn: CN=WinsockServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 36e80ec69c..29ba75be98 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -67,9 +67,6 @@ fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
replace: systemFlags
systemFlags: -1946157056
-
-replace: isCriticalSystemObject
-isCriticalSystemObject: TRUE
--
replace: subRefs
subRefs: ${CONFIGDN}
-
@@ -84,4 +81,7 @@ wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
-
+replace: isCriticalSystemObject
+isCriticalSystemObject: TRUE
+-
${DOMAINGUID_MOD}
diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif
index 110c44c356..b3d9dc1fa8 100644
--- a/source4/setup/provision_computers_modify.ldif
+++ b/source4/setup/provision_computers_modify.ldif
@@ -3,11 +3,11 @@ changetype: modify
replace: description
description: Default container for upgraded computer accounts
-
-replace: showInAdvancedViewOnly
-showInAdvancedViewOnly: FALSE
--
replace: systemFlags
systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
+-
+replace: showInAdvancedViewOnly
+showInAdvancedViewOnly: FALSE
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 0dad24c705..4109c2236c 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -8,6 +8,7 @@ cn: Partitions
systemFlags: -2147483648
msDS-Behavior-Version: ${FOREST_FUNCTIONALALITY}
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+showInAdvancedViewOnly: TRUE
dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
objectClass: top
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index d6a4659250..65ab1eaf5f 100644
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -1,14 +1,3 @@
-dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: leaf
-objectClass: domainPolicy
-isCriticalSystemObject: TRUE
-
-dn: CN=AppCategories,CN=Default Domain Policy,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: classStore
-isCriticalSystemObject: TRUE
-
dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index b60fea6576..da8c5b9e1d 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -15,7 +15,6 @@ sAMAccountName: ${NETBIOSNAME}$
operatingSystem: Samba
operatingSystemVersion: ${SAMBA_VERSION_STRING}
dNSHostName: ${DNSNAME}
-isCriticalSystemObject: TRUE
userPassword:: ${MACHINEPASS_B64}
servicePrincipalName: HOST/${DNSNAME}
servicePrincipalName: HOST/${NETBIOSNAME}
@@ -23,6 +22,7 @@ servicePrincipalName: HOST/${DNSNAME}/${REALM}
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
+isCriticalSystemObject: TRUE
#Provide a account for DNS keytab export
dn: CN=dns,CN=Users,${DOMAINDN}
@@ -36,9 +36,8 @@ userAccountControl: 514
accountExpires: 9223372036854775807
sAMAccountName: dns
servicePrincipalName: DNS/${DNSDOMAIN}
-isCriticalSystemObject: TRUE
userPassword:: ${DNSPASS_B64}
-showInAdvancedViewOnly: TRUE
+isCriticalSystemObject: TRUE
dn: ${SERVERDN}
objectClass: top
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 88146d8cac..47240a9d07 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -7,8 +7,8 @@ objectSid: ${DOMAINSID}-500
adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: Administrator
-isCriticalSystemObject: TRUE
userPassword:: ${ADMINPASS_B64}
+isCriticalSystemObject: TRUE
dn: CN=Guest,CN=Users,${DOMAINDN}
objectClass: user
@@ -45,8 +45,8 @@ adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: krbtgt
servicePrincipalName: kadmin/changepw
-isCriticalSystemObject: TRUE
userPassword:: ${KRBTGTPASS_B64}
+isCriticalSystemObject: TRUE
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
objectClass: top
@@ -187,16 +187,6 @@ sAMAccountName: Event Log Readers
groupType: -2147483644
isCriticalSystemObject: TRUE
-dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: IIS_IUSRS
-description: IIS_IUSRS
-objectSid: ${DOMAINSID}-568
-sAMAccountName: IIS_IUSRS
-groupType: -2147483644
-isCriticalSystemObject: TRUE
-
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@@ -210,7 +200,6 @@ adminCount: 1
sAMAccountName: Administrators
systemFlags: -1946157056
groupType: -2147483643
-isCriticalSystemObject: TRUE
privilege: SeSecurityPrivilege
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
@@ -235,6 +224,7 @@ privilege: SeEnableDelegationPrivilege
privilege: SeInteractiveLogonRight
privilege: SeNetworkLogonRight
privilege: SeRemoteInteractiveLogonRight
+isCriticalSystemObject: TRUE
dn: CN=Users,CN=Builtin,${DOMAINDN}
objectClass: top
@@ -271,10 +261,10 @@ adminCount: 1
sAMAccountName: Print Operators
systemFlags: -1946157056
groupType: -2147483643
-isCriticalSystemObject: TRUE
privilege: SeLoadDriverPrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
+isCriticalSystemObject: TRUE
dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
objectClass: top
@@ -286,11 +276,11 @@ adminCount: 1
sAMAccountName: Backup Operators
systemFlags: -1946157056
groupType: -2147483643
-isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
+isCriticalSystemObject: TRUE
dn: CN=Replicator,CN=Builtin,${DOMAINDN}
objectClass: top
@@ -358,13 +348,13 @@ adminCount: 1
sAMAccountName: Server Operators
systemFlags: -1946157056
groupType: -2147483643
-isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
privilege: SeSystemtimePrivilege
privilege: SeRemoteShutdownPrivilege
privilege: SeRestorePrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
+isCriticalSystemObject: TRUE
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
objectClass: top
@@ -376,8 +366,8 @@ adminCount: 1
sAMAccountName: Account Operators
systemFlags: -1946157056
groupType: -2147483643
-isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight
+isCriticalSystemObject: TRUE
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
objectClass: top
@@ -388,9 +378,9 @@ objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
systemFlags: -1946157056
groupType: -2147483643
-isCriticalSystemObject: TRUE
privilege: SeRemoteInteractiveLogonRight
privilege: SeChangeNotifyPrivilege
+isCriticalSystemObject: TRUE
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
objectClass: top
diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif
index a7e8a4336a..6a2e180b15 100644
--- a/source4/setup/provision_users_modify.ldif
+++ b/source4/setup/provision_users_modify.ldif
@@ -3,11 +3,11 @@ changetype: modify
replace: description
description: Default container for upgraded user accounts
-
-replace: showInAdvancedViewOnly
-showInAdvancedViewOnly: FALSE
--
replace: systemFlags
systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
+-
+replace: showInAdvancedViewOnly
+showInAdvancedViewOnly: FALSE
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index c11e65e465..591aefbb75 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -220,7 +220,6 @@ objectClass: classSchema
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.2
rDNAttID: cn
-showInAdvancedViewOnly: TRUE
adminDisplayName: Samba4-Local-Domain
adminDescription: Samba4-Local-Domain
systemMayContain: msDS-Behavior-Version
@@ -243,7 +242,6 @@ subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.1
mayContain: msDS-ObjectReferenceBL
rDNAttID: cn
-showInAdvancedViewOnly: TRUE
adminDisplayName: Samba4TopTop
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
objectClassCategory: 3
@@ -344,7 +342,6 @@ objectClass: classSchema
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.3
rDNAttID: cn
-showInAdvancedViewOnly: TRUE
adminDisplayName: Samba4TopExtra
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
objectClassCategory: 2