diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-07-20 11:43:23 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:29:50 -0500 |
| commit | 24d2107324982d8ad69fb89d13037ba591f49534 (patch) | |
| tree | 580b56039438112db1fea6fc20416044aa045d5d /source4 | |
| parent | 79a87c55fe076fcc1b0196561a7d7715f456ea0f (diff) | |
| download | samba-24d2107324982d8ad69fb89d13037ba591f49534.tar.gz samba-24d2107324982d8ad69fb89d13037ba591f49534.tar.bz2 samba-24d2107324982d8ad69fb89d13037ba591f49534.zip | |
r8650: Use the timestamps and a new objectguid module rather than placing
boilerplate attributes in every entry in provision.ldif.
The next step will be to use templates.
Andrew Bartlett
(This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 9 | ||||
| -rw-r--r-- | source4/lib/ldb/common/ldb_modules.c | 10 | ||||
| -rw-r--r-- | source4/lib/ldb/config.mk | 9 | ||||
| -rw-r--r-- | source4/lib/ldb/modules/objectguid.c | 220 | ||||
| -rw-r--r-- | source4/scripting/libjs/provision.js | 19 | ||||
| -rw-r--r-- | source4/setup/provision.ldif | 201 | ||||
| -rw-r--r-- | source4/setup/provision_init.ldif | 51 |
7 files changed, 307 insertions, 212 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 04acbeaedf..3a0368db69 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -346,7 +346,8 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m /* some elements should not be copied from the template */ if (strcasecmp(el->name, "cn") == 0 || strcasecmp(el->name, "name") == 0 || - strcasecmp(el->name, "sAMAccountName") == 0) { + strcasecmp(el->name, "sAMAccountName") == 0 || + strcasecmp(el->name, "objectGUID")) { continue; } for (j = 0; j < el->num_values; j++) { @@ -447,8 +448,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - /* TODO: objectGUID */ - talloc_steal(msg, msg2); return msg2; @@ -533,9 +532,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } - /* TODO: objectGUID, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ - - talloc_steal(msg, msg2); + /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ return msg2; } diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index d4f35c0e56..dc1a90ebc2 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -189,6 +189,16 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) continue; } + if (strcmp(modules[i], "objectguid") == 0) { + current = objectguid_module_init(ldb, options); + if (!current) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "function 'init_module' in %s fails\n", modules[i]); + return -1; + } + DLIST_ADD(ldb->modules, current); + continue; + } + #ifdef _SAMBA_BUILD_ if (strcmp(modules[i], "samldb") == 0) { current = samldb_module_init(ldb, options); diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk index 0844fd056e..39bf004e5d 100644 --- a/source4/lib/ldb/config.mk +++ b/source4/lib/ldb/config.mk @@ -8,6 +8,15 @@ INIT_OBJ_FILES = \ ################################################ ################################################ +# Start MODULE libldb_objectguid +[MODULE::libldb_objectguid] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + lib/ldb/modules/objectguid.o +# End MODULE libldb_objectguid +################################################ + +################################################ # Start MODULE libldb_schema [MODULE::libldb_schema] SUBSYSTEM = LIBLDB diff --git a/source4/lib/ldb/modules/objectguid.c b/source4/lib/ldb/modules/objectguid.c new file mode 100644 index 0000000000..0e789c2bda --- /dev/null +++ b/source4/lib/ldb/modules/objectguid.c @@ -0,0 +1,220 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb objectguid module + * + * Description: add a unique objectGUID onto every new record + * + * Author: Simo Sorce + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" +#include <time.h> + +struct private_data { + const char *error_string; +}; + +static int objectguid_search(struct ldb_module *module, const char *base, + enum ldb_scope scope, const char *expression, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); + return ldb_next_search(module, base, scope, expression, attrs, res); +} + +static int objectguid_search_bytree(struct ldb_module *module, const char *base, + enum ldb_scope scope, struct ldb_parse_tree *tree, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); + return ldb_next_search_bytree(module, base, scope, tree, attrs, res); +} + +static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) +{ + int i; + + for (i = 0; i < msg->num_elements; i++) { + if (ldb_attr_cmp(name, msg->elements[i].name) == 0) { + return &msg->elements[i]; + } + } + + return NULL; +} + +/* add_record: add crateTimestamp/modifyTimestamp attributes */ +static int objectguid_add_record(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ldb_message *msg2; + struct ldb_message_element *attribute; + struct GUID guid; + char *guidstr; + int ret, i; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); + + if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + return ldb_next_add_record(module, msg); + } + + if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) { + return ldb_next_add_record(module, msg); + } + + msg2 = talloc(module, struct ldb_message); + if (!msg2) { + return -1; + } + + msg2->dn = msg->dn; + msg2->num_elements = msg->num_elements; + msg2->private_data = msg->private_data; + msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); + for (i = 0; i < msg2->num_elements; i++) { + msg2->elements[i] = msg->elements[i]; + } + + /* a new GUID */ + guid = GUID_random(); + guidstr = GUID_string(msg2, &guid); + if (!guidstr) { + return -1; + } + + if (ldb_msg_add_string(module->ldb, msg2, "objectGUID", guidstr) != 0) { + return -1; + } + + ret = ldb_next_add_record(module, msg2); + talloc_free(msg2); + + return ret; +} + +/* modify_record: change modifyTimestamp as well */ +static int objectguid_modify_record(struct ldb_module *module, const struct ldb_message *msg) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_modify_record\n"); + return ldb_next_modify_record(module, msg); +} + +static int objectguid_delete_record(struct ldb_module *module, const char *dn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_delete_record\n"); + return ldb_next_delete_record(module, dn); +} + +static int objectguid_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_rename_record\n"); + return ldb_next_rename_record(module, olddn, newdn); +} + +static int objectguid_lock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_lock\n"); + return ldb_next_named_lock(module, lockname); +} + +static int objectguid_unlock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_unlock\n"); + return ldb_next_named_unlock(module, lockname); +} + +/* return extended error information */ +static const char *objectguid_errstring(struct ldb_module *module) +{ + struct private_data *data = (struct private_data *)module->private_data; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_errstring\n"); + if (data->error_string) { + const char *error; + + error = data->error_string; + data->error_string = NULL; + return error; + } + + return ldb_next_errstring(module); +} + +static int objectguid_destructor(void *module_ctx) +{ + /* struct ldb_module *ctx = module_ctx; */ + /* put your clean-up functions here */ + return 0; +} + +static const struct ldb_module_ops objectguid_ops = { + .name = "objectguid", + .search = objectguid_search, + .search_bytree = objectguid_search_bytree, + .add_record = objectguid_add_record, + .modify_record = objectguid_modify_record, + .delete_record = objectguid_delete_record, + .rename_record = objectguid_rename_record, + .named_lock = objectguid_lock, + .named_unlock = objectguid_unlock, + .errstring = objectguid_errstring +}; + + +/* the init function */ +#ifdef HAVE_DLOPEN_DISABLED + struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + struct private_data *data; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + data = talloc(ctx, struct private_data); + if (!data) { + talloc_free(ctx); + return NULL; + } + + data->error_string = NULL; + ctx->private_data = data; + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &objectguid_ops; + + talloc_set_destructor (ctx, objectguid_destructor); + + return ctx; +} diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 894b42ceb7..db71392d8c 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -113,7 +113,7 @@ function hostip() } /* - return current time as a ldap time string + return next USN in the sequence */ function nextusn() { @@ -160,14 +160,19 @@ function ldb_erase(ldb) */ function setup_ldb(ldif, dbname, subobj) { + var erase = true; var extra = ""; var ldb = ldb_init(); var lp = loadparm_init(); - if (arguments.length == 4) { + if (arguments.length >= 4) { extra = arguments[3]; } + if (arguments.length == 5) { + erase = arguments[4]; + } + var dbfile = dbname; var src = lp.get("setup directory") + "/" + ldif; @@ -178,7 +183,9 @@ function setup_ldb(ldif, dbname, subobj) var ok = ldb.connect(dbfile); assert(ok); - ldb_erase(ldb); + if (erase) { + ldb_erase(ldb); + } ok = ldb.add(data); assert(ok); @@ -237,8 +244,10 @@ function provision(subobj, message) } message("Setting up hklm.ldb\n"); setup_ldb("hklm.ldif", "hklm.ldb", subobj); - message("Setting up sam.ldb\n"); - setup_ldb("provision.ldif", "sam.ldb", subobj, data); + message("Setting up sam.ldb attributes\n"); + setup_ldb("provision_init.ldif", "sam.ldb", subobj); + message("Setting up sam.ldb data\n"); + setup_ldb("provision.ldif", "sam.ldb", subobj, data, false); message("Setting up rootdse.ldb\n"); setup_ldb("rootdse.ldif", "rootdse.ldb", subobj); message("Setting up secrets.ldb\n"); diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c731e8cae5..bc4505e8a4 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,54 +1,3 @@ -dn: @INDEXLIST -@IDXATTR: name -@IDXATTR: sAMAccountName -@IDXATTR: objectSid -@IDXATTR: objectClass -@IDXATTR: member -@IDXATTR: unixID -@IDXATTR: unixName -@IDXATTR: privilege - -dn: @ATTRIBUTES -userPrincipalName: CASE_INSENSITIVE -servicePrincipalName: CASE_INSENSITIVE -dnsDomain: CASE_INSENSITIVE -dnsRoot: CASE_INSENSITIVE -nETBIOSName: CASE_INSENSITIVE -cn: CASE_INSENSITIVE -dc: CASE_INSENSITIVE -name: CASE_INSENSITIVE -dn: CASE_INSENSITIVE -sAMAccountName: CASE_INSENSITIVE -objectClass: CASE_INSENSITIVE -unicodePwd: HIDDEN -ntPwdHash: HIDDEN -ntPwdHistory: HIDDEN -lmPwdHash: HIDDEN -lmPwdHistory: HIDDEN -createTimestamp: HIDDEN -modifyTimestamp: HIDDEN -groupType: INTEGER -sAMAccountType: INTEGER -systemFlags: INTEGER -userAccountControl: INTEGER - -dn: @SUBCLASSES -top: domain -top: person -top: group -domain: domainDNS -domain: builtinDomain -person: organizationalPerson -organizationalPerson: user -user: computer -template: userTemplate -template: groupTemplate - -#Add modules to the list to activate them by default -#beware often order is important -dn: @MODULES -@LIST: samldb,timestamps - ############################### # Domain Naming Context ############################### @@ -66,8 +15,6 @@ forceLogoff: 0x8000000000000000 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 maxPwdAge: -37108517437440 @@ -96,13 +43,10 @@ objectClass: container cn: Users description: Default container for upgraded user accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Users -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -113,13 +57,10 @@ objectClass: container cn: Computers description: Default container for upgraded computer accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Computers -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -130,13 +71,10 @@ objectClass: organizationalUnit ou: Domain Controllers description: Default container for domain controllers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Domain Controllers -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -147,13 +85,10 @@ objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: ForeignSecurityPrincipals -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -164,13 +99,10 @@ objectClass: container cn: System description: Builtin system settings instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: System -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -180,13 +112,10 @@ objectclass: top objectclass: rIDManager cn: RID Manager$ instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: RID Manager$ -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -198,13 +127,10 @@ objectClass: top objectClass: container cn: DomainUpdates instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: DomainUpdates -objectGUID: ${NEWGUID} objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} @@ -212,13 +138,10 @@ objectClass: top objectClass: container cn: Windows2003Update instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Windows2003Update -objectGUID: ${NEWGUID} objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} revision: 8 @@ -227,13 +150,10 @@ objectclass: top objectclass: infrastructureUpdate cn: Infrastructure instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Infrastructure -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -272,8 +192,6 @@ objectClass: user cn: Administrator description: Built-in account for administering the computer/domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} memberOf: CN=Domain Admins,CN=Users,${BASEDN} @@ -282,7 +200,6 @@ memberOf: CN=Schema Admins,CN=Users,${BASEDN} memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Administrator -objectGUID: ${NEWGUID} userAccountControl: 0x10200 badPwdCount: 0 codePage: 0 @@ -311,13 +228,10 @@ objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Guest -objectGUID: ${NEWGUID} userAccountControl: 0x10222 badPwdCount: 0 codePage: 0 @@ -344,12 +258,9 @@ member: CN=Domain Admins,CN=Users,${BASEDN} member: CN=Enterprise Admins,CN=Users,${BASEDN} member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Administrators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators @@ -392,12 +303,9 @@ cn: Users description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications member: CN=Domain Users,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-545 sAMAccountName: Users sAMAccountType: 0x20000000 @@ -414,12 +322,9 @@ description: Guests have the same access as members of the Users group by defaul member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Guests -objectGUID: ${NEWGUID} objectSid: S-1-5-32-546 sAMAccountName: Guests sAMAccountType: 0x20000000 @@ -435,12 +340,9 @@ objectClass: group cn: Print Operators description: Members can administer domain printers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Print Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators @@ -459,12 +361,9 @@ objectClass: group cn: Backup Operators description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Backup Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators @@ -484,12 +383,9 @@ objectClass: group cn: Replicator description: Supports file replication in a domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Replicator -objectGUID: ${NEWGUID} objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator @@ -505,12 +401,9 @@ objectClass: group cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Remote Desktop Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users sAMAccountType: 0x20000000 @@ -525,12 +418,9 @@ objectClass: group cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Network Configuration Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators sAMAccountType: 0x20000000 @@ -545,12 +435,9 @@ objectClass: group cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Performance Monitor Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users sAMAccountType: 0x20000000 @@ -565,12 +452,9 @@ objectClass: group cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Performance Log Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users sAMAccountType: 0x20000000 @@ -587,8 +471,6 @@ objectClass: user objectClass: computer cn: ${NETBIOSNAME} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: ${NETBIOSNAME} @@ -626,13 +508,10 @@ objectClass: user cn: krbtgt description: Key Distribution Center Service Account instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: krbtgt -objectGUID: ${NEWGUID} userAccountControl: 514 badPwdCount: 0 codePage: 0 @@ -659,12 +538,9 @@ objectClass: group cn: Domain Computers description: All workstations and servers joined to the domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Domain Computers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers sAMAccountType: 0x10000000 @@ -678,12 +554,9 @@ objectClass: group cn: Domain Controllers description: All domain controllers in the domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Domain Controllers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-516 adminCount: 1 sAMAccountName: Domain Controllers @@ -699,12 +572,9 @@ cn: Schema Admins description: Designated administrators of the schema member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Schema Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins @@ -721,13 +591,10 @@ cn: Enterprise Admins description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Enterprise Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins @@ -743,12 +610,9 @@ objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Cert Publishers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers sAMAccountType: 0x20000000 @@ -763,13 +627,10 @@ cn: Domain Admins description: Designated administrators of the domain member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins @@ -785,13 +646,10 @@ objectClass: group cn: Domain Users description: All domain users instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Users,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Users -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users sAMAccountType: 0x10000000 @@ -806,13 +664,10 @@ objectClass: group cn: Domain Guests description: All domain guests instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Guests -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests sAMAccountType: 0x10000000 @@ -827,12 +682,9 @@ cn: Group Policy Creator Owners description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Group Policy Creator Owners -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners sAMAccountType: 0x10000000 @@ -847,12 +699,9 @@ objectClass: group cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: RAS and IAS Servers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 0x20000000 @@ -866,12 +715,9 @@ objectClass: group cn: Server Operators description: Members can administer domain servers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Server Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -893,12 +739,9 @@ objectClass: group cn: Account Operators description: Members can administer domain user and group accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Account Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators @@ -915,13 +758,10 @@ objectClass: container cn: Templates description: Container for SAM account templates instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Templates -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -1066,13 +906,10 @@ objectClass: top objectClass: configuration cn: Configuration instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Configuration -objectGUID: ${NEWGUID} objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -1083,13 +920,10 @@ objectClass: top objectClass: crossRefContainer cn: Partitions instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Partitions -objectGUID: ${NEWGUID} systemFlags: 0x80000000 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} msDS-Behavior-Version: 0 @@ -1100,13 +934,10 @@ objectClass: top objectClass: crossRef cn: Enterprise Configuration instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Enterprise Configuration -objectGUID: ${NEWGUID} systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Configuration,${BASEDN} @@ -1117,13 +948,10 @@ objectClass: top objectClass: crossRef cn: Enterprise Schema instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Enterprise Schema -objectGUID: ${NEWGUID} systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Schema,CN=Configuration,${BASEDN} @@ -1134,13 +962,10 @@ objectClass: top objectClass: crossRef cn: ${DOMAIN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: ${DOMAIN} -objectGUID: ${NEWGUID} systemFlags: 0x00000003 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: ${BASEDN} @@ -1152,13 +977,10 @@ objectClass: top objectClass: sitesContainer cn: Sites instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Sites -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -1167,13 +989,10 @@ objectClass: top objectClass: site cn: Sites instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Sites -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} @@ -1182,13 +1001,10 @@ objectClass: top objectClass: serversContainer cn: Servers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Servers -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -1197,13 +1013,10 @@ objectClass: top objectClass: server cn: ${NETBIOSNAME} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: ${NETBIOSNAME} -objectGUID: ${NEWGUID} systemFlags: 0x52000000 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} dNSHostName: ${DNSNAME} @@ -1215,8 +1028,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE @@ -1233,43 +1044,34 @@ objectClass: top objectClass: container cn: Services instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Services systemFlags: 0x80000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top objectClass: container cn: Windows NT instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Windows NT objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top objectClass: nTDSService cn: Directory Service instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Directory Service objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} sPNMappings: host=ldap,dns,cifs @@ -1281,13 +1083,10 @@ objectClass: top objectClass: dMD cn: Schema instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Schema -objectGUID: ${NEWGUID} objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif new file mode 100644 index 0000000000..cbe561eee9 --- /dev/null +++ b/source4/setup/provision_init.ldif @@ -0,0 +1,51 @@ +dn: @INDEXLIST +@IDXATTR: name +@IDXATTR: sAMAccountName +@IDXATTR: objectSid +@IDXATTR: objectClass +@IDXATTR: member +@IDXATTR: unixID +@IDXATTR: unixName +@IDXATTR: privilege + +dn: @ATTRIBUTES +userPrincipalName: CASE_INSENSITIVE +servicePrincipalName: CASE_INSENSITIVE +dnsDomain: CASE_INSENSITIVE +dnsRoot: CASE_INSENSITIVE +nETBIOSName: CASE_INSENSITIVE +cn: CASE_INSENSITIVE +dc: CASE_INSENSITIVE +name: CASE_INSENSITIVE +dn: CASE_INSENSITIVE +sAMAccountName: CASE_INSENSITIVE +objectClass: CASE_INSENSITIVE +unicodePwd: HIDDEN +ntPwdHash: HIDDEN +ntPwdHistory: HIDDEN +lmPwdHash: HIDDEN +lmPwdHistory: HIDDEN +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN +groupType: INTEGER +sAMAccountType: INTEGER +systemFlags: INTEGER +userAccountControl: INTEGER + +dn: @SUBCLASSES +top: domain +top: person +top: group +domain: domainDNS +domain: builtinDomain +person: organizationalPerson +organizationalPerson: user +user: computer +template: userTemplate +template: groupTemplate + +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: samldb,timestamps,objectguid + |