summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-07-05 06:15:40 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:59:08 -0500
commit967866f17084df7a78ed6ecfcb9d2b31deaa28a1 (patch)
tree0827759af3160905337f746044bbadbfb62d0773 /source4
parentcc0756c3020ff4e1c7cc3f5945155b3375e9b608 (diff)
downloadsamba-967866f17084df7a78ed6ecfcb9d2b31deaa28a1.tar.gz
samba-967866f17084df7a78ed6ecfcb9d2b31deaa28a1.tar.bz2
samba-967866f17084df7a78ed6ecfcb9d2b31deaa28a1.zip
r23720: Allow the member server to work against an LDAP Backend. Another case
where LDB isn't as strict as OpenLDAP, the self join record contains duplicate servicePrincipalNames once the DNS name and domain name are made equal. (Easier to just skip the useless self-join). Andrew Bartlett (This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f)
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/libjs/provision.js10
-rw-r--r--source4/selftest/Samba4.pm6
-rw-r--r--source4/setup/provision_self_join.ldif23
-rw-r--r--source4/setup/provision_users.ldif23
4 files changed, 37 insertions, 25 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 323c7cdacb..deaa97114a 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -700,6 +700,11 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
message("Setting up sam.ldb users and groups\n");
setup_add_ldif("provision_users.ldif", info, samdb, false);
+ if (lp.get("server role") == "domain controller") {
+ message("Setting up self join\n");
+ setup_add_ldif("provision_self_join.ldif", info, samdb, false);
+ }
+
if (setup_name_mappings(info, samdb) == false) {
return false;
}
@@ -769,6 +774,11 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
/* Write out a DNS zone file, from the info in the current database */
function provision_dns(subobj, message, paths, session_info, credentials)
{
+ var lp = loadparm_init();
+ if (lp.get("server role") != "domain controller") {
+ message("No DNS zone required for role %s\n", lp.get("server role"));
+ return;
+ }
message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
var ldb = ldb_init();
ldb.session_info = session_info;
diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm
index ec34358e0a..1da0439757 100644
--- a/source4/selftest/Samba4.pm
+++ b/source4/selftest/Samba4.pm
@@ -281,6 +281,8 @@ sub provision($$$$$$)
$localdomain = $netbiosname if $server_role eq "member server";
my $localrealm = $realm;
$localrealm = $netbiosname if $server_role eq "member server";
+ my $localbasedn = $basedn;
+ $localbasedn = "DC=$netbiosname" if $server_role eq "member server";
open(CONFFILE, ">$conffile");
print CONFFILE "
@@ -400,7 +402,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi
push (@provision_options, "--krbtgtpass=krbtgt$password");
push (@provision_options, "--machinepass=machine$password");
push (@provision_options, "--root=$root");
- push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn");
+ push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn");
push (@provision_options, "--password=$password");
push (@provision_options, "--root=$root");
@@ -430,7 +432,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi
if (defined($self->{ldap})) {
push (@provision_options, "--ldap-backend=$ldap_uri");
- system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
+ system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$localrealm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
if ($self->{ldap} eq "openldap") {
($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
new file mode 100644
index 0000000000..5ebc87b106
--- /dev/null
+++ b/source4/setup/provision_self_join.ldif
@@ -0,0 +1,23 @@
+#Join the DC to itself by default
+
+dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
+objectClass: computer
+cn: ${NETBIOSNAME}
+userAccountControl: 532480
+localPolicyFlags: 0
+primaryGroupID: 516
+accountExpires: 9223372036854775807
+sAMAccountName: ${NETBIOSNAME}$
+sAMAccountType: 805306369
+operatingSystem: Samba
+operatingSystemVersion: 4.0
+dNSHostName: ${DNSNAME}
+isCriticalSystemObject: TRUE
+sambaPassword: ${MACHINEPASS}
+servicePrincipalName: HOST/${DNSNAME}
+servicePrincipalName: HOST/${NETBIOSNAME}
+servicePrincipalName: HOST/${DNSNAME}/${REALM}
+servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
+servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
+servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
+${HOSTGUID_ADD}
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index d00570b121..f1244fe8a1 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -67,29 +67,6 @@ privilege: SeInteractiveLogonRight
privilege: SeNetworkLogonRight
privilege: SeRemoteInteractiveLogonRight
-
-dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
-objectClass: computer
-cn: ${NETBIOSNAME}
-userAccountControl: 532480
-localPolicyFlags: 0
-primaryGroupID: 516
-accountExpires: 9223372036854775807
-sAMAccountName: ${NETBIOSNAME}$
-sAMAccountType: 805306369
-operatingSystem: Samba
-operatingSystemVersion: 4.0
-dNSHostName: ${DNSNAME}
-isCriticalSystemObject: TRUE
-sambaPassword: ${MACHINEPASS}
-servicePrincipalName: HOST/${DNSNAME}
-servicePrincipalName: HOST/${NETBIOSNAME}
-servicePrincipalName: HOST/${DNSNAME}/${REALM}
-servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
-servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
-servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
-${HOSTGUID_ADD}
-
dn: CN=Users,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group