diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 9 | ||||
-rw-r--r-- | source4/lib/ldb/common/ldb_modules.c | 10 | ||||
-rw-r--r-- | source4/lib/ldb/config.mk | 9 | ||||
-rw-r--r-- | source4/lib/ldb/modules/objectguid.c | 220 | ||||
-rw-r--r-- | source4/scripting/libjs/provision.js | 19 | ||||
-rw-r--r-- | source4/setup/provision.ldif | 201 | ||||
-rw-r--r-- | source4/setup/provision_init.ldif | 51 |
7 files changed, 307 insertions, 212 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 04acbeaedf..3a0368db69 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -346,7 +346,8 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m /* some elements should not be copied from the template */ if (strcasecmp(el->name, "cn") == 0 || strcasecmp(el->name, "name") == 0 || - strcasecmp(el->name, "sAMAccountName") == 0) { + strcasecmp(el->name, "sAMAccountName") == 0 || + strcasecmp(el->name, "objectGUID")) { continue; } for (j = 0; j < el->num_values; j++) { @@ -447,8 +448,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c return NULL; } - /* TODO: objectGUID */ - talloc_steal(msg, msg2); return msg2; @@ -533,9 +532,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module return NULL; } - /* TODO: objectGUID, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ - - talloc_steal(msg, msg2); + /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ return msg2; } diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index d4f35c0e56..dc1a90ebc2 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -189,6 +189,16 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) continue; } + if (strcmp(modules[i], "objectguid") == 0) { + current = objectguid_module_init(ldb, options); + if (!current) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "function 'init_module' in %s fails\n", modules[i]); + return -1; + } + DLIST_ADD(ldb->modules, current); + continue; + } + #ifdef _SAMBA_BUILD_ if (strcmp(modules[i], "samldb") == 0) { current = samldb_module_init(ldb, options); diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk index 0844fd056e..39bf004e5d 100644 --- a/source4/lib/ldb/config.mk +++ b/source4/lib/ldb/config.mk @@ -8,6 +8,15 @@ INIT_OBJ_FILES = \ ################################################ ################################################ +# Start MODULE libldb_objectguid +[MODULE::libldb_objectguid] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + lib/ldb/modules/objectguid.o +# End MODULE libldb_objectguid +################################################ + +################################################ # Start MODULE libldb_schema [MODULE::libldb_schema] SUBSYSTEM = LIBLDB diff --git a/source4/lib/ldb/modules/objectguid.c b/source4/lib/ldb/modules/objectguid.c new file mode 100644 index 0000000000..0e789c2bda --- /dev/null +++ b/source4/lib/ldb/modules/objectguid.c @@ -0,0 +1,220 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb objectguid module + * + * Description: add a unique objectGUID onto every new record + * + * Author: Simo Sorce + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" +#include <time.h> + +struct private_data { + const char *error_string; +}; + +static int objectguid_search(struct ldb_module *module, const char *base, + enum ldb_scope scope, const char *expression, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); + return ldb_next_search(module, base, scope, expression, attrs, res); +} + +static int objectguid_search_bytree(struct ldb_module *module, const char *base, + enum ldb_scope scope, struct ldb_parse_tree *tree, + const char * const *attrs, struct ldb_message ***res) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n"); + return ldb_next_search_bytree(module, base, scope, tree, attrs, res); +} + +static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name) +{ + int i; + + for (i = 0; i < msg->num_elements; i++) { + if (ldb_attr_cmp(name, msg->elements[i].name) == 0) { + return &msg->elements[i]; + } + } + + return NULL; +} + +/* add_record: add crateTimestamp/modifyTimestamp attributes */ +static int objectguid_add_record(struct ldb_module *module, const struct ldb_message *msg) +{ + struct ldb_message *msg2; + struct ldb_message_element *attribute; + struct GUID guid; + char *guidstr; + int ret, i; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); + + if (msg->dn[0] == '@') { /* do not manipulate our control entries */ + return ldb_next_add_record(module, msg); + } + + if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) { + return ldb_next_add_record(module, msg); + } + + msg2 = talloc(module, struct ldb_message); + if (!msg2) { + return -1; + } + + msg2->dn = msg->dn; + msg2->num_elements = msg->num_elements; + msg2->private_data = msg->private_data; + msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); + for (i = 0; i < msg2->num_elements; i++) { + msg2->elements[i] = msg->elements[i]; + } + + /* a new GUID */ + guid = GUID_random(); + guidstr = GUID_string(msg2, &guid); + if (!guidstr) { + return -1; + } + + if (ldb_msg_add_string(module->ldb, msg2, "objectGUID", guidstr) != 0) { + return -1; + } + + ret = ldb_next_add_record(module, msg2); + talloc_free(msg2); + + return ret; +} + +/* modify_record: change modifyTimestamp as well */ +static int objectguid_modify_record(struct ldb_module *module, const struct ldb_message *msg) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_modify_record\n"); + return ldb_next_modify_record(module, msg); +} + +static int objectguid_delete_record(struct ldb_module *module, const char *dn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_delete_record\n"); + return ldb_next_delete_record(module, dn); +} + +static int objectguid_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_rename_record\n"); + return ldb_next_rename_record(module, olddn, newdn); +} + +static int objectguid_lock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_lock\n"); + return ldb_next_named_lock(module, lockname); +} + +static int objectguid_unlock(struct ldb_module *module, const char *lockname) +{ + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_unlock\n"); + return ldb_next_named_unlock(module, lockname); +} + +/* return extended error information */ +static const char *objectguid_errstring(struct ldb_module *module) +{ + struct private_data *data = (struct private_data *)module->private_data; + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_errstring\n"); + if (data->error_string) { + const char *error; + + error = data->error_string; + data->error_string = NULL; + return error; + } + + return ldb_next_errstring(module); +} + +static int objectguid_destructor(void *module_ctx) +{ + /* struct ldb_module *ctx = module_ctx; */ + /* put your clean-up functions here */ + return 0; +} + +static const struct ldb_module_ops objectguid_ops = { + .name = "objectguid", + .search = objectguid_search, + .search_bytree = objectguid_search_bytree, + .add_record = objectguid_add_record, + .modify_record = objectguid_modify_record, + .delete_record = objectguid_delete_record, + .rename_record = objectguid_rename_record, + .named_lock = objectguid_lock, + .named_unlock = objectguid_unlock, + .errstring = objectguid_errstring +}; + + +/* the init function */ +#ifdef HAVE_DLOPEN_DISABLED + struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + struct private_data *data; + + ctx = talloc(ldb, struct ldb_module); + if (!ctx) + return NULL; + + data = talloc(ctx, struct private_data); + if (!data) { + talloc_free(ctx); + return NULL; + } + + data->error_string = NULL; + ctx->private_data = data; + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &objectguid_ops; + + talloc_set_destructor (ctx, objectguid_destructor); + + return ctx; +} diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 894b42ceb7..db71392d8c 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -113,7 +113,7 @@ function hostip() } /* - return current time as a ldap time string + return next USN in the sequence */ function nextusn() { @@ -160,14 +160,19 @@ function ldb_erase(ldb) */ function setup_ldb(ldif, dbname, subobj) { + var erase = true; var extra = ""; var ldb = ldb_init(); var lp = loadparm_init(); - if (arguments.length == 4) { + if (arguments.length >= 4) { extra = arguments[3]; } + if (arguments.length == 5) { + erase = arguments[4]; + } + var dbfile = dbname; var src = lp.get("setup directory") + "/" + ldif; @@ -178,7 +183,9 @@ function setup_ldb(ldif, dbname, subobj) var ok = ldb.connect(dbfile); assert(ok); - ldb_erase(ldb); + if (erase) { + ldb_erase(ldb); + } ok = ldb.add(data); assert(ok); @@ -237,8 +244,10 @@ function provision(subobj, message) } message("Setting up hklm.ldb\n"); setup_ldb("hklm.ldif", "hklm.ldb", subobj); - message("Setting up sam.ldb\n"); - setup_ldb("provision.ldif", "sam.ldb", subobj, data); + message("Setting up sam.ldb attributes\n"); + setup_ldb("provision_init.ldif", "sam.ldb", subobj); + message("Setting up sam.ldb data\n"); + setup_ldb("provision.ldif", "sam.ldb", subobj, data, false); message("Setting up rootdse.ldb\n"); setup_ldb("rootdse.ldif", "rootdse.ldb", subobj); message("Setting up secrets.ldb\n"); diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c731e8cae5..bc4505e8a4 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,54 +1,3 @@ -dn: @INDEXLIST -@IDXATTR: name -@IDXATTR: sAMAccountName -@IDXATTR: objectSid -@IDXATTR: objectClass -@IDXATTR: member -@IDXATTR: unixID -@IDXATTR: unixName -@IDXATTR: privilege - -dn: @ATTRIBUTES -userPrincipalName: CASE_INSENSITIVE -servicePrincipalName: CASE_INSENSITIVE -dnsDomain: CASE_INSENSITIVE -dnsRoot: CASE_INSENSITIVE -nETBIOSName: CASE_INSENSITIVE -cn: CASE_INSENSITIVE -dc: CASE_INSENSITIVE -name: CASE_INSENSITIVE -dn: CASE_INSENSITIVE -sAMAccountName: CASE_INSENSITIVE -objectClass: CASE_INSENSITIVE -unicodePwd: HIDDEN -ntPwdHash: HIDDEN -ntPwdHistory: HIDDEN -lmPwdHash: HIDDEN -lmPwdHistory: HIDDEN -createTimestamp: HIDDEN -modifyTimestamp: HIDDEN -groupType: INTEGER -sAMAccountType: INTEGER -systemFlags: INTEGER -userAccountControl: INTEGER - -dn: @SUBCLASSES -top: domain -top: person -top: group -domain: domainDNS -domain: builtinDomain -person: organizationalPerson -organizationalPerson: user -user: computer -template: userTemplate -template: groupTemplate - -#Add modules to the list to activate them by default -#beware often order is important -dn: @MODULES -@LIST: samldb,timestamps - ############################### # Domain Naming Context ############################### @@ -66,8 +15,6 @@ forceLogoff: 0x8000000000000000 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 maxPwdAge: -37108517437440 @@ -96,13 +43,10 @@ objectClass: container cn: Users description: Default container for upgraded user accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Users -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -113,13 +57,10 @@ objectClass: container cn: Computers description: Default container for upgraded computer accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Computers -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -130,13 +71,10 @@ objectClass: organizationalUnit ou: Domain Controllers description: Default container for domain controllers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Domain Controllers -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -147,13 +85,10 @@ objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: ForeignSecurityPrincipals -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -164,13 +99,10 @@ objectClass: container cn: System description: Builtin system settings instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: System -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -180,13 +112,10 @@ objectclass: top objectclass: rIDManager cn: RID Manager$ instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: RID Manager$ -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -198,13 +127,10 @@ objectClass: top objectClass: container cn: DomainUpdates instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: DomainUpdates -objectGUID: ${NEWGUID} objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} @@ -212,13 +138,10 @@ objectClass: top objectClass: container cn: Windows2003Update instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Windows2003Update -objectGUID: ${NEWGUID} objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} revision: 8 @@ -227,13 +150,10 @@ objectclass: top objectclass: infrastructureUpdate cn: Infrastructure instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Infrastructure -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -272,8 +192,6 @@ objectClass: user cn: Administrator description: Built-in account for administering the computer/domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} memberOf: CN=Domain Admins,CN=Users,${BASEDN} @@ -282,7 +200,6 @@ memberOf: CN=Schema Admins,CN=Users,${BASEDN} memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Administrator -objectGUID: ${NEWGUID} userAccountControl: 0x10200 badPwdCount: 0 codePage: 0 @@ -311,13 +228,10 @@ objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Guest -objectGUID: ${NEWGUID} userAccountControl: 0x10222 badPwdCount: 0 codePage: 0 @@ -344,12 +258,9 @@ member: CN=Domain Admins,CN=Users,${BASEDN} member: CN=Enterprise Admins,CN=Users,${BASEDN} member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Administrators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators @@ -392,12 +303,9 @@ cn: Users description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications member: CN=Domain Users,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-545 sAMAccountName: Users sAMAccountType: 0x20000000 @@ -414,12 +322,9 @@ description: Guests have the same access as members of the Users group by defaul member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Guests -objectGUID: ${NEWGUID} objectSid: S-1-5-32-546 sAMAccountName: Guests sAMAccountType: 0x20000000 @@ -435,12 +340,9 @@ objectClass: group cn: Print Operators description: Members can administer domain printers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Print Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators @@ -459,12 +361,9 @@ objectClass: group cn: Backup Operators description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Backup Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators @@ -484,12 +383,9 @@ objectClass: group cn: Replicator description: Supports file replication in a domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Replicator -objectGUID: ${NEWGUID} objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator @@ -505,12 +401,9 @@ objectClass: group cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Remote Desktop Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users sAMAccountType: 0x20000000 @@ -525,12 +418,9 @@ objectClass: group cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Network Configuration Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators sAMAccountType: 0x20000000 @@ -545,12 +435,9 @@ objectClass: group cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Performance Monitor Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users sAMAccountType: 0x20000000 @@ -565,12 +452,9 @@ objectClass: group cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Performance Log Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users sAMAccountType: 0x20000000 @@ -587,8 +471,6 @@ objectClass: user objectClass: computer cn: ${NETBIOSNAME} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: ${NETBIOSNAME} @@ -626,13 +508,10 @@ objectClass: user cn: krbtgt description: Key Distribution Center Service Account instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: krbtgt -objectGUID: ${NEWGUID} userAccountControl: 514 badPwdCount: 0 codePage: 0 @@ -659,12 +538,9 @@ objectClass: group cn: Domain Computers description: All workstations and servers joined to the domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Domain Computers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers sAMAccountType: 0x10000000 @@ -678,12 +554,9 @@ objectClass: group cn: Domain Controllers description: All domain controllers in the domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Domain Controllers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-516 adminCount: 1 sAMAccountName: Domain Controllers @@ -699,12 +572,9 @@ cn: Schema Admins description: Designated administrators of the schema member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Schema Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins @@ -721,13 +591,10 @@ cn: Enterprise Admins description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Enterprise Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins @@ -743,12 +610,9 @@ objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Cert Publishers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers sAMAccountType: 0x20000000 @@ -763,13 +627,10 @@ cn: Domain Admins description: Designated administrators of the domain member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins @@ -785,13 +646,10 @@ objectClass: group cn: Domain Users description: All domain users instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Users,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Users -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users sAMAccountType: 0x10000000 @@ -806,13 +664,10 @@ objectClass: group cn: Domain Guests description: All domain guests instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Guests -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests sAMAccountType: 0x10000000 @@ -827,12 +682,9 @@ cn: Group Policy Creator Owners description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Group Policy Creator Owners -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners sAMAccountType: 0x10000000 @@ -847,12 +699,9 @@ objectClass: group cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: RAS and IAS Servers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 0x20000000 @@ -866,12 +715,9 @@ objectClass: group cn: Server Operators description: Members can administer domain servers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Server Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -893,12 +739,9 @@ objectClass: group cn: Account Operators description: Members can administer domain user and group accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Account Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators @@ -915,13 +758,10 @@ objectClass: container cn: Templates description: Container for SAM account templates instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Templates -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -1066,13 +906,10 @@ objectClass: top objectClass: configuration cn: Configuration instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Configuration -objectGUID: ${NEWGUID} objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -1083,13 +920,10 @@ objectClass: top objectClass: crossRefContainer cn: Partitions instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Partitions -objectGUID: ${NEWGUID} systemFlags: 0x80000000 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} msDS-Behavior-Version: 0 @@ -1100,13 +934,10 @@ objectClass: top objectClass: crossRef cn: Enterprise Configuration instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Enterprise Configuration -objectGUID: ${NEWGUID} systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Configuration,${BASEDN} @@ -1117,13 +948,10 @@ objectClass: top objectClass: crossRef cn: Enterprise Schema instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Enterprise Schema -objectGUID: ${NEWGUID} systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Schema,CN=Configuration,${BASEDN} @@ -1134,13 +962,10 @@ objectClass: top objectClass: crossRef cn: ${DOMAIN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: ${DOMAIN} -objectGUID: ${NEWGUID} systemFlags: 0x00000003 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: ${BASEDN} @@ -1152,13 +977,10 @@ objectClass: top objectClass: sitesContainer cn: Sites instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Sites -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -1167,13 +989,10 @@ objectClass: top objectClass: site cn: Sites instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Sites -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} @@ -1182,13 +1001,10 @@ objectClass: top objectClass: serversContainer cn: Servers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Servers -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -1197,13 +1013,10 @@ objectClass: top objectClass: server cn: ${NETBIOSNAME} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: ${NETBIOSNAME} -objectGUID: ${NEWGUID} systemFlags: 0x52000000 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} dNSHostName: ${DNSNAME} @@ -1215,8 +1028,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE @@ -1233,43 +1044,34 @@ objectClass: top objectClass: container cn: Services instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Services systemFlags: 0x80000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top objectClass: container cn: Windows NT instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Windows NT objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top objectClass: nTDSService cn: Directory Service instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Directory Service objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} sPNMappings: host=ldap,dns,cifs @@ -1281,13 +1083,10 @@ objectClass: top objectClass: dMD cn: Schema instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Schema -objectGUID: ${NEWGUID} objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif new file mode 100644 index 0000000000..cbe561eee9 --- /dev/null +++ b/source4/setup/provision_init.ldif @@ -0,0 +1,51 @@ +dn: @INDEXLIST +@IDXATTR: name +@IDXATTR: sAMAccountName +@IDXATTR: objectSid +@IDXATTR: objectClass +@IDXATTR: member +@IDXATTR: unixID +@IDXATTR: unixName +@IDXATTR: privilege + +dn: @ATTRIBUTES +userPrincipalName: CASE_INSENSITIVE +servicePrincipalName: CASE_INSENSITIVE +dnsDomain: CASE_INSENSITIVE +dnsRoot: CASE_INSENSITIVE +nETBIOSName: CASE_INSENSITIVE +cn: CASE_INSENSITIVE +dc: CASE_INSENSITIVE +name: CASE_INSENSITIVE +dn: CASE_INSENSITIVE +sAMAccountName: CASE_INSENSITIVE +objectClass: CASE_INSENSITIVE +unicodePwd: HIDDEN +ntPwdHash: HIDDEN +ntPwdHistory: HIDDEN +lmPwdHash: HIDDEN +lmPwdHistory: HIDDEN +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN +groupType: INTEGER +sAMAccountType: INTEGER +systemFlags: INTEGER +userAccountControl: INTEGER + +dn: @SUBCLASSES +top: domain +top: person +top: group +domain: domainDNS +domain: builtinDomain +person: organizationalPerson +organizationalPerson: user +user: computer +template: userTemplate +template: groupTemplate + +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: samldb,timestamps,objectguid + |