summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c17
-rw-r--r--source4/scripting/libjs/provision.js2
-rw-r--r--source4/setup/provision.ldif232
-rw-r--r--source4/setup/provision_templates.ldif150
4 files changed, 164 insertions, 237 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 3a0368db69..40b6b72713 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -347,7 +347,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m
if (strcasecmp(el->name, "cn") == 0 ||
strcasecmp(el->name, "name") == 0 ||
strcasecmp(el->name, "sAMAccountName") == 0 ||
- strcasecmp(el->name, "objectGUID")) {
+ strcasecmp(el->name, "objectGUID") == 0) {
continue;
}
for (j = 0; j < el->num_values; j++) {
@@ -395,7 +395,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
return NULL;
}
- if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) {
+ if (samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))") != 0) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n");
return NULL;
}
@@ -473,9 +473,16 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
return NULL;
}
- if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) {
- ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying template!\n");
- return NULL;
+ if (samldb_find_attribute(msg, "objectclass", "computer") == NULL) {
+ if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n");
+ return NULL;
+ }
+ } else {
+ if (samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))") != 0) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n");
+ return NULL;
+ }
}
if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) {
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index db71392d8c..38f3fc066e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -246,6 +246,8 @@ function provision(subobj, message)
setup_ldb("hklm.ldif", "hklm.ldb", subobj);
message("Setting up sam.ldb attributes\n");
setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+ message("Setting up sam.ldb templates\n");
+ setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
message("Setting up sam.ldb data\n");
setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
message("Setting up rootdse.ldb\n");
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index bc4505e8a4..10ea5248c8 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -191,7 +191,6 @@ objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
-instanceType: 4
uSNCreated: 1
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
@@ -201,21 +200,10 @@ memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Administrator
userAccountControl: 0x10200
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
objectSid: ${DOMAINSID}-500
adminCount: 1
accountExpires: -1
-logonCount: 0
sAMAccountName: Administrator
-sAMAccountType: 0x30000000
-objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unicodePwd: ${ADMINPASS}
unixName: ${ROOT}
@@ -227,26 +215,14 @@ objectClass: organizationalPerson
objectClass: user
cn: Guest
description: Built-in account for guest access to the computer/domain
-instanceType: 4
uSNCreated: 1
memberOf: CN=Guests,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Guest
userAccountControl: 0x10222
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
primaryGroupID: 514
objectSid: ${DOMAINSID}-501
-accountExpires: -1
-logonCount: 0
sAMAccountName: Guest
-sAMAccountType: 0x30000000
-objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
dn: CN=Administrators,CN=Builtin,${BASEDN}
@@ -257,7 +233,6 @@ description: Administrators have complete and unrestricted access to the compute
member: CN=Domain Admins,CN=Users,${BASEDN}
member: CN=Enterprise Admins,CN=Users,${BASEDN}
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Administrators
@@ -302,7 +277,6 @@ objectClass: group
cn: Users
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
member: CN=Domain Users,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Users
@@ -321,7 +295,6 @@ cn: Guests
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
member: CN=Domain Guests,CN=Users,${BASEDN}
member: CN=Guest,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Guests
@@ -339,7 +312,6 @@ objectClass: top
objectClass: group
cn: Print Operators
description: Members can administer domain printers
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Print Operators
@@ -360,7 +332,6 @@ objectClass: top
objectClass: group
cn: Backup Operators
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Backup Operators
@@ -382,7 +353,6 @@ objectClass: top
objectClass: group
cn: Replicator
description: Supports file replication in a domain
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Replicator
@@ -400,7 +370,6 @@ objectClass: top
objectClass: group
cn: Remote Desktop Users
description: Members in this group are granted the right to logon remotely
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Remote Desktop Users
@@ -417,7 +386,6 @@ objectClass: top
objectClass: group
cn: Network Configuration Operators
description: Members in this group can have some administrative privileges to manage configuration of networking features
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Network Configuration Operators
@@ -434,7 +402,6 @@ objectClass: top
objectClass: group
cn: Performance Monitor Users
description: Members of this group have remote access to monitor this computer
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Performance Monitor Users
@@ -451,7 +418,6 @@ objectClass: top
objectClass: group
cn: Performance Log Users
description: Members of this group have remote access to schedule logging of performance counters on this computer
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Performance Log Users
@@ -467,33 +433,24 @@ dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
objectClass: top
objectClass: person
objectClass: organizationalPerson
-objectClass: user
objectClass: computer
cn: ${NETBIOSNAME}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: ${NETBIOSNAME}
objectGUID: ${HOSTGUID}
userAccountControl: 532480
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
lastLogon: 127273269057298624
localPolicyFlags: 0
pwdLastSet: 127258826171655328
primaryGroupID: 516
objectSid: ${DOMAINSID}-1000
accountExpires: 9223372036854775807
-logonCount: 30
sAMAccountName: ${NETBIOSNAME}$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0
dNSHostName: ${DNSNAME}
-objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unicodePwd: ${MACHINEPASS}
servicePrincipalName: HOST/${DNSNAME}
@@ -507,28 +464,18 @@ objectClass: organizationalPerson
objectClass: user
cn: krbtgt
description: Key Distribution Center Service Account
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: krbtgt
userAccountControl: 514
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
pwdLastSet: 127258826179466560
-primaryGroupID: 513
objectSid: ${DOMAINSID}-502
adminCount: 1
accountExpires: 9223372036854775807
-logonCount: 0
sAMAccountName: krbtgt
sAMAccountType: 805306368
servicePrincipalName: kadmin/changepw
-objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unicodePwd: ${KRBTGTPASS}
@@ -537,14 +484,11 @@ objectClass: top
objectClass: group
cn: Domain Computers
description: All workstations and servers joined to the domain
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Domain Computers
objectSid: ${DOMAINSID}-515
sAMAccountName: Domain Computers
-sAMAccountType: 0x10000000
-groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -553,16 +497,12 @@ objectClass: top
objectClass: group
cn: Domain Controllers
description: All domain controllers in the domain
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Domain Controllers
objectSid: ${DOMAINSID}-516
adminCount: 1
sAMAccountName: Domain Controllers
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
dn: CN=Schema Admins,CN=Users,${BASEDN}
@@ -571,16 +511,12 @@ objectClass: group
cn: Schema Admins
description: Designated administrators of the schema
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Schema Admins
objectSid: ${DOMAINSID}-518
adminCount: 1
sAMAccountName: Schema Admins
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -590,7 +526,6 @@ objectClass: group
cn: Enterprise Admins
description: Designated administrators of the enterprise
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
@@ -598,9 +533,6 @@ name: Enterprise Admins
objectSid: ${DOMAINSID}-519
adminCount: 1
sAMAccountName: Enterprise Admins
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -609,14 +541,11 @@ objectClass: top
objectClass: group
cn: Cert Publishers
description: Members of this group are permitted to publish certificates to the Active Directory
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Cert Publishers
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
-sAMAccountType: 0x20000000
-groupType: 0x80000004
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -626,7 +555,6 @@ objectClass: group
cn: Domain Admins
description: Designated administrators of the domain
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
@@ -634,9 +562,6 @@ name: Domain Admins
objectSid: ${DOMAINSID}-512
adminCount: 1
sAMAccountName: Domain Admins
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -645,16 +570,12 @@ objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
-instanceType: 4
uSNCreated: 1
memberOf: CN=Users,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Domain Users
objectSid: ${DOMAINSID}-513
sAMAccountName: Domain Users
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${USERS}
@@ -663,16 +584,12 @@ objectClass: top
objectClass: group
cn: Domain Guests
description: All domain guests
-instanceType: 4
uSNCreated: 1
memberOf: CN=Guests,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Domain Guests
objectSid: ${DOMAINSID}-514
sAMAccountName: Domain Guests
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
@@ -681,14 +598,11 @@ objectClass: group
cn: Group Policy Creator Owners
description: Members in this group can modify group policy for the domain
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Group Policy Creator Owners
objectSid: ${DOMAINSID}-520
sAMAccountName: Group Policy Creator Owners
-sAMAccountType: 0x10000000
-groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -752,152 +666,6 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight
-dn: CN=Templates,${BASEDN}
-objectClass: top
-objectClass: container
-cn: Templates
-description: Container for SAM account templates
-instanceType: 4
-uSNCreated: 1
-uSNChanged: 1
-showInAdvancedViewOnly: TRUE
-name: Templates
-systemFlags: 0x8c000000
-objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-isCriticalSystemObject: TRUE
-
-###
-# note! the template users must not match normal searches. Be careful
-# with what classes you put them in
-###
-
-dn: CN=TemplateUser,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateUser
-name: TemplateUser
-instanceType: 4
-userAccountControl: 0x202
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000000
-
-dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateMemberServer
-name: TemplateMemberServer
-instanceType: 4
-userAccountControl: 0x1002
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000001
-
-dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateDomainController
-name: TemplateDomainController
-instanceType: 4
-userAccountControl: 0x2002
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000001
-
-dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateTrustingDomain
-name: TemplateTrustingDomain
-instanceType: 4
-userAccountControl: 0x820
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000002
-
-dn: CN=TemplateGroup,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: groupTemplate
-cn: TemplateGroup
-name: TemplateGroup
-instanceType: 4
-groupType: 0x80000002
-sAMAccountType: 0x10000000
-
-dn: CN=TemplateAlias,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: aliasTemplate
-cn: TemplateAlias
-name: TemplateAlias
-instanceType: 4
-groupType: 0x80000004
-sAMAccountType: 0x10000000
-
-dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: foreignSecurityPrincipalTemplate
-cn: TemplateForeignSecurityPrincipal
-name: TemplateForeignSecurityPrincipal
-
-dn: CN=TemplateSecret,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: leaf
-objectClass: Template
-objectClass: secretTemplate
-cn: TemplateSecret
-name: TemplateSecret
-instanceType: 4
-
-dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: leaf
-objectClass: Template
-objectClass: trustedDomainTemplate
-cn: TemplateTrustedDomain
-name: TemplateTrustedDomain
-instanceType: 4
-
###############################
# Configuration Naming Context
###############################
diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif
new file mode 100644
index 0000000000..43901a41e8
--- /dev/null
+++ b/source4/setup/provision_templates.ldif
@@ -0,0 +1,150 @@
+dn: CN=Templates,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Templates
+description: Container for SAM account templates
+instanceType: 4
+uSNCreated: 1
+uSNChanged: 1
+showInAdvancedViewOnly: TRUE
+name: Templates
+systemFlags: 0x8c000000
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+isCriticalSystemObject: TRUE
+
+###
+# note! the template users must not match normal searches. Be careful
+# with what classes you put them in
+###
+
+dn: CN=TemplateUser,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateUser
+name: TemplateUser
+instanceType: 4
+userAccountControl: 0x202
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000000
+objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateMemberServer
+name: TemplateMemberServer
+instanceType: 4
+userAccountControl: 0x1002
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000001
+objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateDomainController
+name: TemplateDomainController
+instanceType: 4
+userAccountControl: 0x2002
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000001
+objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateTrustingDomain
+name: TemplateTrustingDomain
+instanceType: 4
+userAccountControl: 0x820
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000002
+
+dn: CN=TemplateGroup,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: groupTemplate
+cn: TemplateGroup
+name: TemplateGroup
+instanceType: 4
+groupType: 0x80000002
+sAMAccountType: 0x10000000
+objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateAlias,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: aliasTemplate
+cn: TemplateAlias
+name: TemplateAlias
+instanceType: 4
+groupType: 0x80000004
+sAMAccountType: 0x10000000
+
+dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: foreignSecurityPrincipalTemplate
+cn: TemplateForeignSecurityPrincipal
+name: TemplateForeignSecurityPrincipal
+
+dn: CN=TemplateSecret,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: leaf
+objectClass: Template
+objectClass: secretTemplate
+cn: TemplateSecret
+name: TemplateSecret
+instanceType: 4
+
+dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: leaf
+objectClass: Template
+objectClass: trustedDomainTemplate
+cn: TemplateTrustedDomain
+name: TemplateTrustedDomain
+instanceType: 4
+