summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c9
-rw-r--r--source4/lib/ldb/common/ldb_modules.c10
-rw-r--r--source4/lib/ldb/config.mk9
-rw-r--r--source4/lib/ldb/modules/objectguid.c220
-rw-r--r--source4/scripting/libjs/provision.js19
-rw-r--r--source4/setup/provision.ldif201
-rw-r--r--source4/setup/provision_init.ldif51
7 files changed, 307 insertions, 212 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 04acbeaedf..3a0368db69 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -346,7 +346,8 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m
/* some elements should not be copied from the template */
if (strcasecmp(el->name, "cn") == 0 ||
strcasecmp(el->name, "name") == 0 ||
- strcasecmp(el->name, "sAMAccountName") == 0) {
+ strcasecmp(el->name, "sAMAccountName") == 0 ||
+ strcasecmp(el->name, "objectGUID")) {
continue;
}
for (j = 0; j < el->num_values; j++) {
@@ -447,8 +448,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
return NULL;
}
- /* TODO: objectGUID */
-
talloc_steal(msg, msg2);
return msg2;
@@ -533,9 +532,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
return NULL;
}
- /* TODO: objectGUID, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */
-
- talloc_steal(msg, msg2);
+ /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */
return msg2;
}
diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c
index d4f35c0e56..dc1a90ebc2 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -189,6 +189,16 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[])
continue;
}
+ if (strcmp(modules[i], "objectguid") == 0) {
+ current = objectguid_module_init(ldb, options);
+ if (!current) {
+ ldb_debug(ldb, LDB_DEBUG_FATAL, "function 'init_module' in %s fails\n", modules[i]);
+ return -1;
+ }
+ DLIST_ADD(ldb->modules, current);
+ continue;
+ }
+
#ifdef _SAMBA_BUILD_
if (strcmp(modules[i], "samldb") == 0) {
current = samldb_module_init(ldb, options);
diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk
index 0844fd056e..39bf004e5d 100644
--- a/source4/lib/ldb/config.mk
+++ b/source4/lib/ldb/config.mk
@@ -8,6 +8,15 @@ INIT_OBJ_FILES = \
################################################
################################################
+# Start MODULE libldb_objectguid
+[MODULE::libldb_objectguid]
+SUBSYSTEM = LIBLDB
+INIT_OBJ_FILES = \
+ lib/ldb/modules/objectguid.o
+# End MODULE libldb_objectguid
+################################################
+
+################################################
# Start MODULE libldb_schema
[MODULE::libldb_schema]
SUBSYSTEM = LIBLDB
diff --git a/source4/lib/ldb/modules/objectguid.c b/source4/lib/ldb/modules/objectguid.c
new file mode 100644
index 0000000000..0e789c2bda
--- /dev/null
+++ b/source4/lib/ldb/modules/objectguid.c
@@ -0,0 +1,220 @@
+/*
+ ldb database library
+
+ Copyright (C) Simo Sorce 2004
+
+ ** NOTE! The following LGPL license applies to the ldb
+ ** library. This does NOT imply that all of Samba is released
+ ** under the LGPL
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Name: ldb
+ *
+ * Component: ldb objectguid module
+ *
+ * Description: add a unique objectGUID onto every new record
+ *
+ * Author: Simo Sorce
+ */
+
+#include "includes.h"
+#include "ldb/include/ldb.h"
+#include "ldb/include/ldb_private.h"
+#include <time.h>
+
+struct private_data {
+ const char *error_string;
+};
+
+static int objectguid_search(struct ldb_module *module, const char *base,
+ enum ldb_scope scope, const char *expression,
+ const char * const *attrs, struct ldb_message ***res)
+{
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n");
+ return ldb_next_search(module, base, scope, expression, attrs, res);
+}
+
+static int objectguid_search_bytree(struct ldb_module *module, const char *base,
+ enum ldb_scope scope, struct ldb_parse_tree *tree,
+ const char * const *attrs, struct ldb_message ***res)
+{
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_search\n");
+ return ldb_next_search_bytree(module, base, scope, tree, attrs, res);
+}
+
+static struct ldb_message_element *objectguid_find_attribute(const struct ldb_message *msg, const char *name)
+{
+ int i;
+
+ for (i = 0; i < msg->num_elements; i++) {
+ if (ldb_attr_cmp(name, msg->elements[i].name) == 0) {
+ return &msg->elements[i];
+ }
+ }
+
+ return NULL;
+}
+
+/* add_record: add crateTimestamp/modifyTimestamp attributes */
+static int objectguid_add_record(struct ldb_module *module, const struct ldb_message *msg)
+{
+ struct ldb_message *msg2;
+ struct ldb_message_element *attribute;
+ struct GUID guid;
+ char *guidstr;
+ int ret, i;
+
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n");
+
+ if (msg->dn[0] == '@') { /* do not manipulate our control entries */
+ return ldb_next_add_record(module, msg);
+ }
+
+ if ((attribute = objectguid_find_attribute(msg, "objectGUID")) != NULL ) {
+ return ldb_next_add_record(module, msg);
+ }
+
+ msg2 = talloc(module, struct ldb_message);
+ if (!msg2) {
+ return -1;
+ }
+
+ msg2->dn = msg->dn;
+ msg2->num_elements = msg->num_elements;
+ msg2->private_data = msg->private_data;
+ msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements);
+ for (i = 0; i < msg2->num_elements; i++) {
+ msg2->elements[i] = msg->elements[i];
+ }
+
+ /* a new GUID */
+ guid = GUID_random();
+ guidstr = GUID_string(msg2, &guid);
+ if (!guidstr) {
+ return -1;
+ }
+
+ if (ldb_msg_add_string(module->ldb, msg2, "objectGUID", guidstr) != 0) {
+ return -1;
+ }
+
+ ret = ldb_next_add_record(module, msg2);
+ talloc_free(msg2);
+
+ return ret;
+}
+
+/* modify_record: change modifyTimestamp as well */
+static int objectguid_modify_record(struct ldb_module *module, const struct ldb_message *msg)
+{
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_modify_record\n");
+ return ldb_next_modify_record(module, msg);
+}
+
+static int objectguid_delete_record(struct ldb_module *module, const char *dn)
+{
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_delete_record\n");
+ return ldb_next_delete_record(module, dn);
+}
+
+static int objectguid_rename_record(struct ldb_module *module, const char *olddn, const char *newdn)
+{
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_rename_record\n");
+ return ldb_next_rename_record(module, olddn, newdn);
+}
+
+static int objectguid_lock(struct ldb_module *module, const char *lockname)
+{
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_lock\n");
+ return ldb_next_named_lock(module, lockname);
+}
+
+static int objectguid_unlock(struct ldb_module *module, const char *lockname)
+{
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_unlock\n");
+ return ldb_next_named_unlock(module, lockname);
+}
+
+/* return extended error information */
+static const char *objectguid_errstring(struct ldb_module *module)
+{
+ struct private_data *data = (struct private_data *)module->private_data;
+
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_errstring\n");
+ if (data->error_string) {
+ const char *error;
+
+ error = data->error_string;
+ data->error_string = NULL;
+ return error;
+ }
+
+ return ldb_next_errstring(module);
+}
+
+static int objectguid_destructor(void *module_ctx)
+{
+ /* struct ldb_module *ctx = module_ctx; */
+ /* put your clean-up functions here */
+ return 0;
+}
+
+static const struct ldb_module_ops objectguid_ops = {
+ .name = "objectguid",
+ .search = objectguid_search,
+ .search_bytree = objectguid_search_bytree,
+ .add_record = objectguid_add_record,
+ .modify_record = objectguid_modify_record,
+ .delete_record = objectguid_delete_record,
+ .rename_record = objectguid_rename_record,
+ .named_lock = objectguid_lock,
+ .named_unlock = objectguid_unlock,
+ .errstring = objectguid_errstring
+};
+
+
+/* the init function */
+#ifdef HAVE_DLOPEN_DISABLED
+ struct ldb_module *init_module(struct ldb_context *ldb, const char *options[])
+#else
+struct ldb_module *objectguid_module_init(struct ldb_context *ldb, const char *options[])
+#endif
+{
+ struct ldb_module *ctx;
+ struct private_data *data;
+
+ ctx = talloc(ldb, struct ldb_module);
+ if (!ctx)
+ return NULL;
+
+ data = talloc(ctx, struct private_data);
+ if (!data) {
+ talloc_free(ctx);
+ return NULL;
+ }
+
+ data->error_string = NULL;
+ ctx->private_data = data;
+ ctx->ldb = ldb;
+ ctx->prev = ctx->next = NULL;
+ ctx->ops = &objectguid_ops;
+
+ talloc_set_destructor (ctx, objectguid_destructor);
+
+ return ctx;
+}
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 894b42ceb7..db71392d8c 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -113,7 +113,7 @@ function hostip()
}
/*
- return current time as a ldap time string
+ return next USN in the sequence
*/
function nextusn()
{
@@ -160,14 +160,19 @@ function ldb_erase(ldb)
*/
function setup_ldb(ldif, dbname, subobj)
{
+ var erase = true;
var extra = "";
var ldb = ldb_init();
var lp = loadparm_init();
- if (arguments.length == 4) {
+ if (arguments.length >= 4) {
extra = arguments[3];
}
+ if (arguments.length == 5) {
+ erase = arguments[4];
+ }
+
var dbfile = dbname;
var src = lp.get("setup directory") + "/" + ldif;
@@ -178,7 +183,9 @@ function setup_ldb(ldif, dbname, subobj)
var ok = ldb.connect(dbfile);
assert(ok);
- ldb_erase(ldb);
+ if (erase) {
+ ldb_erase(ldb);
+ }
ok = ldb.add(data);
assert(ok);
@@ -237,8 +244,10 @@ function provision(subobj, message)
}
message("Setting up hklm.ldb\n");
setup_ldb("hklm.ldif", "hklm.ldb", subobj);
- message("Setting up sam.ldb\n");
- setup_ldb("provision.ldif", "sam.ldb", subobj, data);
+ message("Setting up sam.ldb attributes\n");
+ setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+ message("Setting up sam.ldb data\n");
+ setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
message("Setting up rootdse.ldb\n");
setup_ldb("rootdse.ldif", "rootdse.ldb", subobj);
message("Setting up secrets.ldb\n");
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index c731e8cae5..bc4505e8a4 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -1,54 +1,3 @@
-dn: @INDEXLIST
-@IDXATTR: name
-@IDXATTR: sAMAccountName
-@IDXATTR: objectSid
-@IDXATTR: objectClass
-@IDXATTR: member
-@IDXATTR: unixID
-@IDXATTR: unixName
-@IDXATTR: privilege
-
-dn: @ATTRIBUTES
-userPrincipalName: CASE_INSENSITIVE
-servicePrincipalName: CASE_INSENSITIVE
-dnsDomain: CASE_INSENSITIVE
-dnsRoot: CASE_INSENSITIVE
-nETBIOSName: CASE_INSENSITIVE
-cn: CASE_INSENSITIVE
-dc: CASE_INSENSITIVE
-name: CASE_INSENSITIVE
-dn: CASE_INSENSITIVE
-sAMAccountName: CASE_INSENSITIVE
-objectClass: CASE_INSENSITIVE
-unicodePwd: HIDDEN
-ntPwdHash: HIDDEN
-ntPwdHistory: HIDDEN
-lmPwdHash: HIDDEN
-lmPwdHistory: HIDDEN
-createTimestamp: HIDDEN
-modifyTimestamp: HIDDEN
-groupType: INTEGER
-sAMAccountType: INTEGER
-systemFlags: INTEGER
-userAccountControl: INTEGER
-
-dn: @SUBCLASSES
-top: domain
-top: person
-top: group
-domain: domainDNS
-domain: builtinDomain
-person: organizationalPerson
-organizationalPerson: user
-user: computer
-template: userTemplate
-template: groupTemplate
-
-#Add modules to the list to activate them by default
-#beware often order is important
-dn: @MODULES
-@LIST: samldb,timestamps
-
###############################
# Domain Naming Context
###############################
@@ -66,8 +15,6 @@ forceLogoff: 0x8000000000000000
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
maxPwdAge: -37108517437440
@@ -96,13 +43,10 @@ objectClass: container
cn: Users
description: Default container for upgraded user accounts
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: FALSE
name: Users
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -113,13 +57,10 @@ objectClass: container
cn: Computers
description: Default container for upgraded computer accounts
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: FALSE
name: Computers
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -130,13 +71,10 @@ objectClass: organizationalUnit
ou: Domain Controllers
description: Default container for domain controllers
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: FALSE
name: Domain Controllers
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -147,13 +85,10 @@ objectClass: container
cn: ForeignSecurityPrincipals
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: FALSE
name: ForeignSecurityPrincipals
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -164,13 +99,10 @@ objectClass: container
cn: System
description: Builtin system settings
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: System
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -180,13 +112,10 @@ objectclass: top
objectclass: rIDManager
cn: RID Manager$
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: RID Manager$
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -198,13 +127,10 @@ objectClass: top
objectClass: container
cn: DomainUpdates
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: DomainUpdates
-objectGUID: ${NEWGUID}
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN}
@@ -212,13 +138,10 @@ objectClass: top
objectClass: container
cn: Windows2003Update
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: Windows2003Update
-objectGUID: ${NEWGUID}
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
revision: 8
@@ -227,13 +150,10 @@ objectclass: top
objectclass: infrastructureUpdate
cn: Infrastructure
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: Infrastructure
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -272,8 +192,6 @@ objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
@@ -282,7 +200,6 @@ memberOf: CN=Schema Admins,CN=Users,${BASEDN}
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Administrator
-objectGUID: ${NEWGUID}
userAccountControl: 0x10200
badPwdCount: 0
codePage: 0
@@ -311,13 +228,10 @@ objectClass: user
cn: Guest
description: Built-in account for guest access to the computer/domain
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
memberOf: CN=Guests,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Guest
-objectGUID: ${NEWGUID}
userAccountControl: 0x10222
badPwdCount: 0
codePage: 0
@@ -344,12 +258,9 @@ member: CN=Domain Admins,CN=Users,${BASEDN}
member: CN=Enterprise Admins,CN=Users,${BASEDN}
member: CN=Administrator,CN=Users,${BASEDN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Administrators
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-544
adminCount: 1
sAMAccountName: Administrators
@@ -392,12 +303,9 @@ cn: Users
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
member: CN=Domain Users,CN=Users,${BASEDN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Users
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-545
sAMAccountName: Users
sAMAccountType: 0x20000000
@@ -414,12 +322,9 @@ description: Guests have the same access as members of the Users group by defaul
member: CN=Domain Guests,CN=Users,${BASEDN}
member: CN=Guest,CN=Users,${BASEDN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Guests
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-546
sAMAccountName: Guests
sAMAccountType: 0x20000000
@@ -435,12 +340,9 @@ objectClass: group
cn: Print Operators
description: Members can administer domain printers
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Print Operators
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-550
adminCount: 1
sAMAccountName: Print Operators
@@ -459,12 +361,9 @@ objectClass: group
cn: Backup Operators
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Backup Operators
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-551
adminCount: 1
sAMAccountName: Backup Operators
@@ -484,12 +383,9 @@ objectClass: group
cn: Replicator
description: Supports file replication in a domain
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Replicator
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-552
adminCount: 1
sAMAccountName: Replicator
@@ -505,12 +401,9 @@ objectClass: group
cn: Remote Desktop Users
description: Members in this group are granted the right to logon remotely
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Remote Desktop Users
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-555
sAMAccountName: Remote Desktop Users
sAMAccountType: 0x20000000
@@ -525,12 +418,9 @@ objectClass: group
cn: Network Configuration Operators
description: Members in this group can have some administrative privileges to manage configuration of networking features
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Network Configuration Operators
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-556
sAMAccountName: Network Configuration Operators
sAMAccountType: 0x20000000
@@ -545,12 +435,9 @@ objectClass: group
cn: Performance Monitor Users
description: Members of this group have remote access to monitor this computer
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Performance Monitor Users
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-558
sAMAccountName: Performance Monitor Users
sAMAccountType: 0x20000000
@@ -565,12 +452,9 @@ objectClass: group
cn: Performance Log Users
description: Members of this group have remote access to schedule logging of performance counters on this computer
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Performance Log Users
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-559
sAMAccountName: Performance Log Users
sAMAccountType: 0x20000000
@@ -587,8 +471,6 @@ objectClass: user
objectClass: computer
cn: ${NETBIOSNAME}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: ${NETBIOSNAME}
@@ -626,13 +508,10 @@ objectClass: user
cn: krbtgt
description: Key Distribution Center Service Account
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: krbtgt
-objectGUID: ${NEWGUID}
userAccountControl: 514
badPwdCount: 0
codePage: 0
@@ -659,12 +538,9 @@ objectClass: group
cn: Domain Computers
description: All workstations and servers joined to the domain
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Domain Computers
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-515
sAMAccountName: Domain Computers
sAMAccountType: 0x10000000
@@ -678,12 +554,9 @@ objectClass: group
cn: Domain Controllers
description: All domain controllers in the domain
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Domain Controllers
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-516
adminCount: 1
sAMAccountName: Domain Controllers
@@ -699,12 +572,9 @@ cn: Schema Admins
description: Designated administrators of the schema
member: CN=Administrator,CN=Users,${BASEDN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Schema Admins
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-518
adminCount: 1
sAMAccountName: Schema Admins
@@ -721,13 +591,10 @@ cn: Enterprise Admins
description: Designated administrators of the enterprise
member: CN=Administrator,CN=Users,${BASEDN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Enterprise Admins
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-519
adminCount: 1
sAMAccountName: Enterprise Admins
@@ -743,12 +610,9 @@ objectClass: group
cn: Cert Publishers
description: Members of this group are permitted to publish certificates to the Active Directory
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Cert Publishers
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
sAMAccountType: 0x20000000
@@ -763,13 +627,10 @@ cn: Domain Admins
description: Designated administrators of the domain
member: CN=Administrator,CN=Users,${BASEDN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Domain Admins
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-512
adminCount: 1
sAMAccountName: Domain Admins
@@ -785,13 +646,10 @@ objectClass: group
cn: Domain Users
description: All domain users
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
memberOf: CN=Users,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Domain Users
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-513
sAMAccountName: Domain Users
sAMAccountType: 0x10000000
@@ -806,13 +664,10 @@ objectClass: group
cn: Domain Guests
description: All domain guests
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
memberOf: CN=Guests,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Domain Guests
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-514
sAMAccountName: Domain Guests
sAMAccountType: 0x10000000
@@ -827,12 +682,9 @@ cn: Group Policy Creator Owners
description: Members in this group can modify group policy for the domain
member: CN=Administrator,CN=Users,${BASEDN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Group Policy Creator Owners
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-520
sAMAccountName: Group Policy Creator Owners
sAMAccountType: 0x10000000
@@ -847,12 +699,9 @@ objectClass: group
cn: RAS and IAS Servers
description: Servers in this group can access remote access properties of users
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: RAS and IAS Servers
-objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-553
sAMAccountName: RAS and IAS Servers
sAMAccountType: 0x20000000
@@ -866,12 +715,9 @@ objectClass: group
cn: Server Operators
description: Members can administer domain servers
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Server Operators
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
@@ -893,12 +739,9 @@ objectClass: group
cn: Account Operators
description: Members can administer domain user and group accounts
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
name: Account Operators
-objectGUID: ${NEWGUID}
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
@@ -915,13 +758,10 @@ objectClass: container
cn: Templates
description: Container for SAM account templates
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: Templates
-objectGUID: ${NEWGUID}
systemFlags: 0x8c000000
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -1066,13 +906,10 @@ objectClass: top
objectClass: configuration
cn: Configuration
instanceType: 13
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Configuration
-objectGUID: ${NEWGUID}
objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
subRefs: CN=Schema,CN=Configuration,${BASEDN}
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
@@ -1083,13 +920,10 @@ objectClass: top
objectClass: crossRefContainer
cn: Partitions
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Partitions
-objectGUID: ${NEWGUID}
systemFlags: 0x80000000
objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
msDS-Behavior-Version: 0
@@ -1100,13 +934,10 @@ objectClass: top
objectClass: crossRef
cn: Enterprise Configuration
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Enterprise Configuration
-objectGUID: ${NEWGUID}
systemFlags: 0x00000001
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: CN=Configuration,${BASEDN}
@@ -1117,13 +948,10 @@ objectClass: top
objectClass: crossRef
cn: Enterprise Schema
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Enterprise Schema
-objectGUID: ${NEWGUID}
systemFlags: 0x00000001
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: CN=Schema,CN=Configuration,${BASEDN}
@@ -1134,13 +962,10 @@ objectClass: top
objectClass: crossRef
cn: ${DOMAIN}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: ${DOMAIN}
-objectGUID: ${NEWGUID}
systemFlags: 0x00000003
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: ${BASEDN}
@@ -1152,13 +977,10 @@ objectClass: top
objectClass: sitesContainer
cn: Sites
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Sites
-objectGUID: ${NEWGUID}
systemFlags: 0x82000000
objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
@@ -1167,13 +989,10 @@ objectClass: top
objectClass: site
cn: Sites
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Sites
-objectGUID: ${NEWGUID}
systemFlags: 0x82000000
objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
@@ -1182,13 +1001,10 @@ objectClass: top
objectClass: serversContainer
cn: Servers
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Servers
-objectGUID: ${NEWGUID}
systemFlags: 0x82000000
objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
@@ -1197,13 +1013,10 @@ objectClass: top
objectClass: server
cn: ${NETBIOSNAME}
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: ${NETBIOSNAME}
-objectGUID: ${NEWGUID}
systemFlags: 0x52000000
objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
dNSHostName: ${DNSNAME}
@@ -1215,8 +1028,6 @@ objectClass: applicationSettings
objectClass: nTDSDSA
cn: NTDS Settings
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
@@ -1233,43 +1044,34 @@ objectClass: top
objectClass: container
cn: Services
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Services
systemFlags: 0x80000000
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-objectGUID: ${NEWGUID}
dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
objectClass: top
objectClass: container
cn: Windows NT
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Windows NT
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-objectGUID: ${NEWGUID}
dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
objectClass: top
objectClass: nTDSService
cn: Directory Service
instanceType: 4
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Directory Service
objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
-objectGUID: ${NEWGUID}
sPNMappings: host=ldap,dns,cifs
@@ -1281,13 +1083,10 @@ objectClass: top
objectClass: dMD
cn: Schema
instanceType: 13
-whenCreated: ${LDAPTIME}
-whenChanged: ${LDAPTIME}
uSNCreated: ${USN}
uSNChanged: ${USN}
showInAdvancedViewOnly: TRUE
name: Schema
-objectGUID: ${NEWGUID}
objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif
new file mode 100644
index 0000000000..cbe561eee9
--- /dev/null
+++ b/source4/setup/provision_init.ldif
@@ -0,0 +1,51 @@
+dn: @INDEXLIST
+@IDXATTR: name
+@IDXATTR: sAMAccountName
+@IDXATTR: objectSid
+@IDXATTR: objectClass
+@IDXATTR: member
+@IDXATTR: unixID
+@IDXATTR: unixName
+@IDXATTR: privilege
+
+dn: @ATTRIBUTES
+userPrincipalName: CASE_INSENSITIVE
+servicePrincipalName: CASE_INSENSITIVE
+dnsDomain: CASE_INSENSITIVE
+dnsRoot: CASE_INSENSITIVE
+nETBIOSName: CASE_INSENSITIVE
+cn: CASE_INSENSITIVE
+dc: CASE_INSENSITIVE
+name: CASE_INSENSITIVE
+dn: CASE_INSENSITIVE
+sAMAccountName: CASE_INSENSITIVE
+objectClass: CASE_INSENSITIVE
+unicodePwd: HIDDEN
+ntPwdHash: HIDDEN
+ntPwdHistory: HIDDEN
+lmPwdHash: HIDDEN
+lmPwdHistory: HIDDEN
+createTimestamp: HIDDEN
+modifyTimestamp: HIDDEN
+groupType: INTEGER
+sAMAccountType: INTEGER
+systemFlags: INTEGER
+userAccountControl: INTEGER
+
+dn: @SUBCLASSES
+top: domain
+top: person
+top: group
+domain: domainDNS
+domain: builtinDomain
+person: organizationalPerson
+organizationalPerson: user
+user: computer
+template: userTemplate
+template: groupTemplate
+
+#Add modules to the list to activate them by default
+#beware often order is important
+dn: @MODULES
+@LIST: samldb,timestamps,objectguid
+