summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/build/m4/public.m444
-rw-r--r--source4/build/smb_build/env.pm24
-rw-r--r--source4/dsdb/samdb/samdb.c6
-rw-r--r--source4/scripting/python/samba/provision.py85
-rw-r--r--source4/scripting/python/samba/tests/provision.py23
-rw-r--r--source4/scripting/python/samba/upgrade.py4
-rwxr-xr-xsource4/selftest/samba4_tests.sh2
-rw-r--r--source4/setup/provision.ldif4
-rwxr-xr-xsource4/setup/provision.py9
-rw-r--r--source4/setup/schema.ldif281
-rwxr-xr-xsource4/setup/upgrade.py1
-rw-r--r--testprogs/ejs/minschema_classes.txt3
12 files changed, 386 insertions, 100 deletions
diff --git a/source4/build/m4/public.m4 b/source4/build/m4/public.m4
index 81da34db86..4192128bbd 100644
--- a/source4/build/m4/public.m4
+++ b/source4/build/m4/public.m4
@@ -64,30 +64,28 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG],
fi
if test "$PKG_CONFIG" = "no" ; then
- echo "*** The pkg-config script could not be found. Make sure it is"
- echo "*** in your path, or set the PKG_CONFIG environment variable"
- echo "*** to the full path to pkg-config."
- echo "*** Or see http://pkg-config.freedesktop.org/ to get pkg-config."
+ echo "*** The pkg-config script could not be found. Make sure it is"
+ echo "*** in your path, or set the PKG_CONFIG environment variable"
+ echo "*** to the full path to pkg-config."
+ echo "*** Or see http://pkg-config.freedesktop.org/ to get pkg-config."
ac_cv_$1_found=no
else
if $PKG_CONFIG --atleast-pkgconfig-version 0.9.0; then
- AC_MSG_CHECKING(for $2)
+ AC_MSG_CHECKING(for $2)
- if $PKG_CONFIG --exists '$2' ; then
+ if $PKG_CONFIG --exists '$2' ; then
AC_MSG_RESULT(yes)
-
$1_CFLAGS="`$PKG_CONFIG --cflags '$2'`"
- OLD_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $$1_CFLAGS"
- AC_MSG_CHECKING([that the C compiler can use the $1_CFLAGS])
- AC_TRY_RUN([#include "${srcdir-.}/build/tests/trivial.c"],
+ OLD_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $$1_CFLAGS"
+ AC_MSG_CHECKING([that the C compiler can use the $1_CFLAGS])
+ AC_TRY_RUN([#include "${srcdir-.}/build/tests/trivial.c"],
SMB_ENABLE($1, YES)
- AC_MSG_RESULT(yes),
+ AC_MSG_RESULT(yes),
AC_MSG_RESULT(no),
AC_MSG_WARN([cannot run when cross-compiling]))
- CFLAGS="$OLD_CFLAGS"
-
+ CFLAGS="$OLD_CFLAGS"
SMB_EXT_LIB($1,
[`$PKG_CONFIG --libs-only-l '$2'`],
@@ -97,17 +95,17 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG],
[ $2 ])
ac_cv_$1_found=yes
- else
+ else
AC_MSG_RESULT(no)
- $PKG_CONFIG --errors-to-stdout --print-errors '$2'
- ac_cv_$1_found=no
- fi
- else
- echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
- echo "*** See http://pkg-config.freedesktop.org/"
+ $PKG_CONFIG --errors-to-stdout --print-errors '$2'
ac_cv_$1_found=no
- fi
- fi
+ fi
+ else
+ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
+ echo "*** See http://pkg-config.freedesktop.org/"
+ ac_cv_$1_found=no
+ fi
+ fi
if test x$ac_cv_$1_found = x"yes"; then
ifelse([$3], [], [echo -n ""], [$3])
else
diff --git a/source4/build/smb_build/env.pm b/source4/build/smb_build/env.pm
index bbb72b520f..76cd8d1a26 100644
--- a/source4/build/smb_build/env.pm
+++ b/source4/build/smb_build/env.pm
@@ -54,28 +54,4 @@ sub _set_config($$)
$self->{automatic_deps} = ($self->{config}->{automatic_dependencies} eq "yes");
}
-sub Import($$)
-{
- my ($self,$items) = @_;
-
- foreach (keys %$items) {
- if (defined($self->{items})) {
- print "Warning: Importing $_ twice!\n";
- }
- $self->{items}->{$_} = $items->{$_};
- }
-}
-
-sub GetInfo($$)
-{
- my ($self,$name) = @_;
-
- unless (defined($self->{info}->{$name}))
- {
- $self->{info}->{$name} = $self->{items}->Build($self);
- }
-
- return $self->{info}->{$name};
-}
-
1;
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index c11eea1757..a01e442587 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -103,8 +103,8 @@ int samdb_copy_template(struct ldb_context *ldb,
if (!templates_ldb) {
templates_ldb_path = samdb_relative_path(ldb,
- msg,
- "templates.ldb");
+ msg,
+ "templates.ldb");
if (!templates_ldb_path) {
*errstring = talloc_asprintf(msg, "samdb_copy_template: ERROR: Failed to contruct path for template db");
return LDB_ERR_OPERATIONS_ERROR;
@@ -115,6 +115,8 @@ int samdb_copy_template(struct ldb_context *ldb,
NULL, 0, NULL);
talloc_free(templates_ldb_path);
if (!templates_ldb) {
+ *errstring = talloc_asprintf(msg, "samdb_copy_template: ERROR: Failed to connect to templates db at: %s",
+ templates_ldb_path);
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 9a44983d8e..7dd564fae1 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -64,9 +64,6 @@ class ProvisionPaths:
self.dns_keytab = None
self.dns = None
self.winsdb = None
- self.ldap_basedn_ldif = None
- self.ldap_config_basedn_ldif = None
- self.ldap_schema_basedn_ldif = None
def check_install(lp, session_info, credentials):
@@ -84,14 +81,19 @@ def check_install(lp, session_info, credentials):
raise "No administrator account found"
-def findnss(nssfn, *names):
- """Find a user or group from a list of possibilities."""
+def findnss(nssfn, names):
+ """Find a user or group from a list of possibilities.
+
+ :param nssfn: NSS Function to try (should raise KeyError if not found)
+ :param names: Names to check.
+ :return: Value return by first names list.
+ """
for name in names:
try:
return nssfn(name)
except KeyError:
pass
- raise Exception("Unable to find user/group for %s" % arguments[1])
+ raise KeyError("Unable to find user/group %r" % names)
def open_ldb(session_info, credentials, lp, dbname):
@@ -149,6 +151,14 @@ def setup_modify_ldif(ldb, ldif_path, substvars=None):
def setup_ldb(ldb, ldif_path, subst_vars):
+ """Import a LDIF a file into a LDB handle, optionally substituting variables.
+
+ :note: Either all LDIF data will be added or none (using transactions).
+
+ :param ldb: LDB file to import into.
+ :param ldif_path: Path to the LDIF file.
+ :param subst_vars: Dictionary with substitution variables.
+ """
assert ldb is not None
ldb.transaction_start()
try:
@@ -179,20 +189,16 @@ def setup_file(template, fname, substvars):
open(f, 'w').write(data)
-def provision_paths_from_lp(lp, dnsdomain, private_dir=None):
+def provision_paths_from_lp(lp, dnsdomain):
"""Set the default paths for provisioning.
:param lp: Loadparm context.
:param dnsdomain: DNS Domain name
"""
paths = ProvisionPaths()
- if private_dir is None:
- private_dir = lp.get("private dir")
- paths.keytab = "secrets.keytab"
- paths.dns_keytab = "dns.keytab"
- else:
- paths.keytab = os.path.join(private_dir, "secrets.keytab")
- paths.dns_keytab = os.path.join(private_dir, "dns.keytab")
+ private_dir = lp.get("private dir")
+ paths.keytab = "secrets.keytab"
+ paths.dns_keytab = "dns.keytab"
paths.shareconf = os.path.join(private_dir, "share.ldb")
paths.samdb = os.path.join(private_dir, lp.get("sam database") or "samdb.ldb")
@@ -201,6 +207,7 @@ def provision_paths_from_lp(lp, dnsdomain, private_dir=None):
paths.dns = os.path.join(private_dir, dnsdomain + ".zone")
paths.winsdb = os.path.join(private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(private_dir, "ldapi")
+ paths.smbconf = os.path.join(private_dir, "smb.conf")
paths.phpldapadminconfig = os.path.join(private_dir,
"phpldapadmin-config.php")
paths.hklm = "hklm.ldb"
@@ -319,12 +326,14 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
domaindn_ldb = "users.ldb"
if ldap_backend is not None:
- domaindn_ldb = ldap_backend
+ domaindn_ldb = ldap_backend
configdn_ldb = "configuration.ldb"
if ldap_backend is not None:
- configdn_ldb = ldap_backend
+ configdn_ldb = ldap_backend
schemadn_ldb = "schema.ldb"
if ldap_backend is not None:
+ schema_ldb = ldap_backend
+
schemadn_ldb = ldap_backend
if ldap_backend_type == "fedora-ds":
@@ -456,7 +465,6 @@ def setup_registry(path, setup_path, session_info, credentials, lp):
:param lp: Loadparm context
"""
reg = registry.Registry()
- print path
hive = registry.open_ldb(path, session_info=session_info,
credentials=credentials, lp_ctx=lp)
reg.mount_hive(hive, "HKEY_LOCAL_MACHINE")
@@ -527,6 +535,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
serverrole, ldap_backend=None, ldap_backend_type=None):
"""Setup a complete SAM Database.
+ :note: This will wipe the main SAM database file!
"""
# Also wipes the database
@@ -716,22 +725,23 @@ def provision(lp, setup_dir, message, paths, session_info,
if dnspass is None:
dnspass = misc.random_password(12)
if root is None:
- root = findnss(pwd.getpwnam, "root")[0]
+ root = findnss(pwd.getpwnam, ["root"])[0]
if nobody is None:
- nobody = findnss(pwd.getpwnam, "nobody")[0]
+ nobody = findnss(pwd.getpwnam, ["nobody"])[0]
if nogroup is None:
- nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[0]
+ nogroup = findnss(grp.getgrnam, ["nogroup", "nobody"])[0]
if users is None:
- users = findnss(grp.getgrnam, "users", "guest", "other", "unknown",
- "usr")[0]
+ users = findnss(grp.getgrnam, ["users", "guest", "other", "unknown",
+ "usr"])[0]
if wheel is None:
- wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[0]
+ wheel = findnss(grp.getgrnam, ["wheel", "root", "staff", "adm"])[0]
if backup is None:
- backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[0]
+ backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0]
if aci is None:
aci = "# no aci for local ldb"
if serverrole is None:
serverrole = lp.get("server role")
+ assert serverrole in ("domain controller", "member server")
if invocationid is None and serverrole == "domain controller":
invocationid = uuid.random()
@@ -745,8 +755,8 @@ def provision(lp, setup_dir, message, paths, session_info,
ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="")
if ldap_backend == "ldapi":
- # provision-backend will set this path suggested slapd command line / fedorads.inf
- ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="")
+ # provision-backend will set this path suggested slapd command line / fedorads.inf
+ ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="")
assert realm is not None
realm = realm.upper()
@@ -761,9 +771,9 @@ def provision(lp, setup_dir, message, paths, session_info,
if not valid_netbios_name(netbiosname):
raise InvalidNetbiosName(netbiosname)
- dnsdomain = realm.lower()
+ dnsdomain = realm.lower()
if serverrole == "domain controller":
- domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
+ domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
if domain is None:
domain = lp.get("workgroup")
@@ -775,16 +785,15 @@ def provision(lp, setup_dir, message, paths, session_info,
domain = domain.upper()
if not valid_netbios_name(domain):
raise InvalidNetbiosName(domain)
-
else:
- domaindn = "CN=" + netbiosname
- domain = netbiosname
-
+ domaindn = "CN=" + netbiosname
+ domain = netbiosname
+
if rootdn is None:
- rootdn = domaindn
+ rootdn = domaindn
- configdn = "CN=Configuration," + rootdn
- schemadn = "CN=Schema," + configdn
+ configdn = "CN=Configuration," + rootdn
+ schemadn = "CN=Schema," + configdn
message("set DOMAIN SID: %s" % str(domainsid))
message("Provisioning for %s in realm %s" % (domain, realm))
@@ -799,8 +808,6 @@ def provision(lp, setup_dir, message, paths, session_info,
smbconfsuffix = "dc"
elif serverrole == "member":
smbconfsuffix = "member"
- else:
- assert "Invalid server role setting: %s" % serverrole
setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix),
paths.smbconf, {
"HOSTNAME": hostname,
@@ -810,7 +817,7 @@ def provision(lp, setup_dir, message, paths, session_info,
"NETLOGONPATH": paths.netlogon,
"SYSVOLPATH": paths.sysvol,
})
- lp.reload()
+ lp.load(paths.smbconf)
# only install a new shares config db if there is none
if not os.path.exists(paths.shareconf):
@@ -940,7 +947,7 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn,
def load_schema(setup_path, samdb, schemadn, netbiosname, configdn):
- """Load schema.
+ """Load schema for the SamDB.
:param samdb: Load a schema into a SamDB.
:param setup_path: Setup path function.
diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py
index 4e9fa9c3ef..eb49f7af83 100644
--- a/source4/scripting/python/samba/tests/provision.py
+++ b/source4/scripting/python/samba/tests/provision.py
@@ -18,10 +18,11 @@
#
import os
-from samba.provision import setup_secretsdb, secretsdb_become_dc
+from samba.provision import setup_secretsdb, secretsdb_become_dc, findnss
import samba.tests
from ldb import Dn
import param
+import unittest
lp = param.LoadParm()
lp.load("st/dc/etc/smb.conf")
@@ -66,6 +67,25 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
del secrets_ldb
os.unlink(path)
+
+class FindNssTests(unittest.TestCase):
+ """Test findnss() function."""
+ def test_nothing(self):
+ def x(y):
+ raise KeyError
+ self.assertRaises(KeyError, findnss, x, [])
+
+ def test_first(self):
+ self.assertEquals("bla", findnss(lambda x: "bla", ["bla"]))
+
+ def test_skip_first(self):
+ def x(y):
+ if y != "bla":
+ raise KeyError
+ return "ha"
+ self.assertEquals("ha", findnss(x, ["bloe", "bla"]))
+
+
class Disabled:
def test_setup_templatesdb(self):
raise NotImplementedError(self.test_setup_templatesdb)
@@ -100,3 +120,4 @@ class Disabled:
def test_erase_partitions(self):
raise NotImplementedError(self.test_erase_partitions)
+
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index a118af2526..b332bb89ae 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -246,8 +246,8 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp,
machinepass = None
domaindn = provision(lp=lp, setup_dir=setup_dir, message=message,
- samdb_fill=FILL_DRS, ldapbackend=None,
- paths=paths, session_info=session_info, credentials=credentials, realm=realm,
+ samdb_fill=FILL_DRS, paths=paths, session_info=session_info,
+ credentials=credentials, realm=realm,
domain=domainname, domainsid=domainsid, domainguid=domainguid,
machinepass=machinepass, serverrole=serverrole)
diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh
index 17b6020abb..d00b492953 100755
--- a/source4/selftest/samba4_tests.sh
+++ b/source4/selftest/samba4_tests.sh
@@ -330,5 +330,5 @@ then
rm -rf $PREFIX/upgrade
plantest "blackbox.upgrade" none $PYTHON setup/upgrade.py $CONFIGURATION --targetdir=$PREFIX/upgrade ../testdata/samba3 ../testdata/samba3/smb.conf
rm -rf $PREFIX/provision
- plantest "blackbox.provision.py" none $PYTHON ./setup/provision.py $CONFIGURATION --domain=FOO --realm=foo --targetdir=$PREFIX/provision
+ plantest "blackbox.provision.py" none $PYTHON ./setup/provision.py $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/provision
fi
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 3fb9361d0b..37b6bdaa60 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -78,3 +78,7 @@ dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+dn: CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
diff --git a/source4/setup/provision.py b/source4/setup/provision.py
index 9f887e8b3b..033d2491f2 100755
--- a/source4/setup/provision.py
+++ b/source4/setup/provision.py
@@ -26,9 +26,6 @@ import getopt
import optparse
import os, sys
-# Add path to the library for in-tree use
-sys.path.append("scripting/python")
-
import samba
from auth import system_session
@@ -130,12 +127,12 @@ lp.set("realm", opts.realm)
lp.set("workgroup", opts.domain)
lp.set("server role", opts.server_role or "domain controller")
-
if opts.aci is not None:
print "set ACI: %s" % opts.aci
-paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir)
-paths.smbconf = sambaopts.get_loadparm_path()
+paths = provision_paths_from_lp(lp, opts.realm.lower())
+if sambaopts.get_loadparm_path() is not None:
+ paths.smbconf = sambaopts.get_loadparm_path()
creds = credopts.get_credentials()
diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif
index 585b418311..be68ed2b91 100644
--- a/source4/setup/schema.ldif
+++ b/source4/setup/schema.ldif
@@ -2249,6 +2249,24 @@ systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-ISAKMP-Reference,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-ISAKMP-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecISAKMPReference
+schemaIDGUID: b40ff820-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=Application-Name,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -2990,6 +3008,23 @@ systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-ID,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ID
+adminDescription: Ipsec-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecID
+schemaIDGUID: b40ff81d-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=LDAP-Admin-Limits,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -3317,6 +3352,24 @@ systemFlags: 16
isMemberOfPartialAttributeSet: TRUE
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-NFA-Reference,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-NFA-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNFAReference
+schemaIDGUID: b40ff821-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=secretary,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -7279,6 +7332,24 @@ systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-Owners-Reference,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Owners-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Owners-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecOwnersReference
+schemaIDGUID: b40ff824-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=State-Or-Province-Name,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -7808,6 +7879,24 @@ systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-Filter-Reference,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Filter-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecFilterReference
+schemaIDGUID: b40ff823-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=User-Comment,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -7946,7 +8035,6 @@ searchFlags: 0
lDAPDisplayName: msDRM-IdentityCertificate
schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0
systemFlags: 16
-isMemberOfPartialAttributeSet: TRUE
objectCategory: CN=Attribute-Schema,${SCHEMADN}
dn: CN=Last-Logoff,${SCHEMADN}
@@ -8078,6 +8166,40 @@ systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-Data-Type,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data-Type
+adminDescription: Ipsec-Data-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipsecDataType
+schemaIDGUID: b40ff81e-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
+dn: CN=Ipsec-Data,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data
+adminDescription: Ipsec-Data
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ipsecData
+schemaIDGUID: b40ff81f-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=RID-Manager-Reference,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -8501,6 +8623,23 @@ systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-Name,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Name
+adminDescription: Ipsec-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecName
+schemaIDGUID: b40ff81c-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=CA-Certificate,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -8522,6 +8661,24 @@ systemFlags: 16
isMemberOfPartialAttributeSet: TRUE
objectCategory: CN=Attribute-Schema,${SCHEMADN}
+dn: CN=Ipsec-Negotiation-Policy-Reference,${SCHEMADN}
+objectClass: top
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Negotiation-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNegotiationPolicyReference
+schemaIDGUID: b40ff822-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,${SCHEMADN}
+
dn: CN=MHS-OR-Address,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
@@ -9014,6 +9171,28 @@ defaultHidingValue: TRUE
objectCategory: CN=Class-Schema,${SCHEMADN}
defaultObjectCategory: CN=Top,${SCHEMADN}
+dn: CN=Ipsec-ISAKMP-Policy,${SCHEMADN}
+objectClass: top
+objectClass: classSchema
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.120
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Policy
+adminDescription: Ipsec-ISAKMP-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecISAKMPPolicy
+schemaIDGUID: b40ff828-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,${SCHEMADN}
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,${SCHEMADN}
+
dn: CN=Domain-DNS,${SCHEMADN}
objectClass: top
objectClass: classSchema
@@ -9246,6 +9425,30 @@ defaultHidingValue: TRUE
objectCategory: CN=Class-Schema,${SCHEMADN}
defaultObjectCategory: CN=Display-Specifier,${SCHEMADN}
+dn: CN=Ipsec-Base,${SCHEMADN}
+objectClass: top
+objectClass: classSchema
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.56
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Base
+adminDescription: Ipsec-Base
+objectClassCategory: 2
+lDAPDisplayName: ipsecBase
+schemaIDGUID: b40ff825-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemMayContain: ipsecOwnersReference
+systemMayContain: ipsecName
+systemMayContain: ipsecID
+systemMayContain: ipsecDataType
+systemMayContain: ipsecData
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,${SCHEMADN}
+defaultObjectCategory: CN=Ipsec-Base,${SCHEMADN}
+
dn: CN=ms-DS-Az-Scope,${SCHEMADN}
objectClass: top
objectClass: classSchema
@@ -9546,10 +9749,13 @@ possibleInferiors: user
possibleInferiors: container
possibleInferiors: groupPolicyContainer
possibleInferiors: person
+possibleInferiors: ipsecNFA
possibleInferiors: locality
possibleInferiors: msDS-AzAdminManager
possibleInferiors: organizationalUnit
+possibleInferiors: ipsecPolicy
possibleInferiors: organizationalPerson
+possibleInferiors: ipsecISAKMPPolicy
rDNAttID: ou
showInAdvancedViewOnly: TRUE
adminDisplayName: Organizational-Unit
@@ -9600,6 +9806,30 @@ defaultHidingValue: FALSE
objectCategory: CN=Class-Schema,${SCHEMADN}
defaultObjectCategory: CN=Organizational-Unit,${SCHEMADN}
+dn: CN=Ipsec-NFA,${SCHEMADN}
+objectClass: top
+objectClass: classSchema
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.121
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA
+adminDescription: Ipsec-NFA
+objectClassCategory: 1
+lDAPDisplayName: ipsecNFA
+schemaIDGUID: b40ff829-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+systemMayContain: ipsecNegotiationPolicyReference
+systemMayContain: ipsecFilterReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,${SCHEMADN}
+defaultObjectCategory: CN=Ipsec-NFA,${SCHEMADN}
+
dn: CN=Lost-And-Found,${SCHEMADN}
objectClass: top
objectClass: classSchema
@@ -9625,6 +9855,7 @@ possibleInferiors: site
possibleInferiors: organization
possibleInferiors: domainDNS
possibleInferiors: person
+possibleInferiors: ipsecNFA
possibleInferiors: queryPolicy
possibleInferiors: locality
possibleInferiors: subnet
@@ -9635,8 +9866,10 @@ possibleInferiors: nTDSService
possibleInferiors: country
possibleInferiors: organizationalUnit
possibleInferiors: secret
+possibleInferiors: ipsecPolicy
possibleInferiors: organizationalPerson
possibleInferiors: server
+possibleInferiors: ipsecISAKMPPolicy
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: Lost-And-Found
@@ -9829,6 +10062,9 @@ objectClass: top
objectClass: classSchema
subClassOf: user
governsID: 1.2.840.113556.1.3.30
+possibleInferiors: ipsecNFA
+possibleInferiors: ipsecPolicy
+possibleInferiors: ipsecISAKMPPolicy
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: Computer
@@ -9899,6 +10135,30 @@ defaultHidingValue: TRUE
objectCategory: CN=Class-Schema,${SCHEMADN}
defaultObjectCategory: CN=Person,${SCHEMADN}
+dn: CN=Ipsec-Policy,${SCHEMADN}
+objectClass: top
+objectClass: classSchema
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.98
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy
+adminDescription: Ipsec-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecPolicy
+schemaIDGUID: b7b13121-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: ipsecNFAReference
+systemMayContain: ipsecISAKMPReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,${SCHEMADN}
+defaultObjectCategory: CN=Ipsec-Policy,${SCHEMADN}
+
dn: CN=Container,${SCHEMADN}
objectClass: top
objectClass: classSchema
@@ -9912,12 +10172,15 @@ possibleInferiors: user
possibleInferiors: container
possibleInferiors: groupPolicyContainer
possibleInferiors: person
+possibleInferiors: ipsecNFA
possibleInferiors: queryPolicy
possibleInferiors: msDS-AzAdminManager
possibleInferiors: displaySpecifier
possibleInferiors: nTDSService
possibleInferiors: secret
+possibleInferiors: ipsecPolicy
possibleInferiors: organizationalPerson
+possibleInferiors: ipsecISAKMPPolicy
mayContain: msDS-ObjectReference
rDNAttID: cn
showInAdvancedViewOnly: TRUE
@@ -10624,12 +10887,15 @@ possibleInferiors: user
possibleInferiors: container
possibleInferiors: groupPolicyContainer
possibleInferiors: person
+possibleInferiors: ipsecNFA
possibleInferiors: queryPolicy
possibleInferiors: msDS-AzAdminManager
possibleInferiors: displaySpecifier
possibleInferiors: nTDSService
possibleInferiors: secret
+possibleInferiors: ipsecPolicy
possibleInferiors: organizationalPerson
+possibleInferiors: ipsecISAKMPPolicy
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: Group-Policy-Container
@@ -10656,6 +10922,7 @@ objectClass: top
objectClass: subSchema
objectCategory: CN=SubSchema,${SCHEMADN}
objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) )
+objectClasses: ( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' SUP ipsecBase STRUCTURAL )
objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) )
objectClasses: ( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY ( msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzApplicationVersion $ msDS-AzClassId $ msDS-AzApplicationName $ description ) )
objectClasses: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' SUP top STRUCTURAL )
@@ -10664,6 +10931,7 @@ objectClasses: ( 1.2.840.113556.1.5.12 NAME 'configuration' SUP top STRUCTURAL M
objectClasses: ( 1.2.840.113556.1.3.11 NAME 'crossRef' SUP top STRUCTURAL MUST ( nCName $ dnsRoot $ cn ) MAY ( trustParent $ superiorDNSRoot $ rootTrust $ nTMixedDomain $ nETBIOSName $ Enabled $ msDS-SDReferenceDomain $ msDS-Replication-Notify-Subsequent-DSA-Delay $ msDS-Replication-Notify-First-DSA-Delay $ msDS-NC-Replica-Locations $ msDS-DnsRootAlias $ msDS-Behavior-Version ) )
objectClasses: ( 1.2.840.113556.1.5.83 NAME 'rIDManager' SUP top STRUCTURAL MUST ( rIDAvailablePool ) )
objectClasses: ( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURAL MAY ( treatAsLeaf $ shellPropertyPages $ shellContextMenu $ scopeFlags $ queryFilter $ iconPath $ extraColumns $ creationWizard $ createWizardExt $ createDialog $ contextMenu $ classDisplayName $ attributeDisplayNames $ adminPropertyPages $ adminMultiselectPropertyPages $ adminContextMenu ) )
+objectClasses: ( 1.2.840.113556.1.5.7000.56 NAME 'ipsecBase' SUP top ABSTRACT MAY ( ipsecOwnersReference $ ipsecName $ ipsecID $ ipsecDataType $ ipsecData ) )
objectClasses: ( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST ( msDS-AzScopeName ) MAY ( msDS-AzApplicationData $ description ) )
objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST ( l ) MAY ( street $ st $ seeAlso $ searchGuide ) )
objectClasses: ( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY ( msDS-SPNSuffixes $ uPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-Behavior-Version ) )
@@ -10674,6 +10942,7 @@ objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( t
objectClasses: ( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) )
objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuide ) )
objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) )
+objectClasses: ( 1.2.840.113556.1.5.121 NAME 'ipsecNFA' SUP ipsecBase STRUCTURAL MAY ( ipsecNegotiationPolicyReference $ ipsecFilterReference ) )
objectClasses: ( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY ( moveTreeState ) )
objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) )
objectClasses: ( 1.2.840.113556.1.3.14 NAME 'attributeSchema' SUP top STRUCTURAL MUST ( schemaIDGUID $ oMSyntax $ lDAPDisplayName $ isSingleValued $ cn $ attributeSyntax $ attributeID ) MAY ( systemOnly $ searchFlags $ schemaFlagsEx $ rangeUpper $ rangeLower $ oMObjectClass $ msDs-Schema-Extensions $ msDS-IntId $ mAPIID $ linkID $ isMemberOfPartialAttributeSet $ isEphemeral $ isDefunct $ extendedCharsAllowed $ classDisplayName $ attributeSecurityGUID ) )
@@ -10681,6 +10950,7 @@ objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY
objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL )
objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY ( volumeCount $ siteGUID $ rIDSetReferences $ policyReplicationFlags $ physicalLocationObject $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ operatingSystem $ networkAddress $ netbootSIFFile $ netbootMirrorDataFile $ netbootMachineFilePath $ netbootInitialization $ netbootGUID $ msDS-AdditionalSamAccountName $ msDS-AdditionalDnsHostName $ managedBy $ machineRole $ location $ localPolicyFlags $ dNSHostName $ defaultLocalPolicyObject $ cn $ catalogs ) )
objectClasses: ( 2.5.6.6 NAME 'person' SUP top MUST ( cn ) MAY ( userPassword $ telephoneNumber $ sn $ serialNumber $ seeAlso $ attributeCertificateAttribute ) )
+objectClasses: ( 1.2.840.113556.1.5.98 NAME 'ipsecPolicy' SUP ipsecBase STRUCTURAL MAY ( ipsecNFAReference $ ipsecISAKMPReference ) )
objectClasses: ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaVersion $ defaultClassStore $ msDS-ObjectReference ) )
objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( notificationList $ mSMQSiteID $ mSMQSiteForeign $ mSMQNt4Stub $ mSMQInterval2 $ mSMQInterval1 $ managedBy $ location $ gPOptions $ gPLink ) )
objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) )
@@ -10825,6 +11095,7 @@ attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.1
attributeTypes: ( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.639 NAME 'isMemberOfPartialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
+attributeTypes: ( 1.2.840.113556.1.4.626 NAME 'ipsecISAKMPReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
@@ -10866,6 +11137,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6
attributeTypes: ( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
+attributeTypes: ( 1.2.840.113556.1.4.621 NAME 'ipsecID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.843 NAME 'lDAPAdminLimits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
attributeTypes: ( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION )
@@ -10884,6 +11156,7 @@ attributeTypes: ( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4.
attributeTypes: ( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+attributeTypes: ( 1.2.840.113556.1.4.627 NAME 'ipsecNFAReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
@@ -11098,6 +11371,7 @@ attributeTypes: ( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6.
attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
+attributeTypes: ( 1.2.840.113556.1.4.624 NAME 'ipsecOwnersReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
attributeTypes: ( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )
@@ -11126,6 +11400,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX '
attributeTypes: ( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
+attributeTypes: ( 1.2.840.113556.1.4.629 NAME 'ipsecFilterReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
attributeTypes: ( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
@@ -11141,6 +11416,8 @@ attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4.
attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
+attributeTypes: ( 1.2.840.113556.1.4.622 NAME 'ipsecDataType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
+attributeTypes: ( 1.2.840.113556.1.4.623 NAME 'ipsecData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )
attributeTypes: ( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
@@ -11164,7 +11441,9 @@ attributeTypes: ( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1.
attributeTypes: ( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
attributeTypes: ( 1.2.840.113556.1.4.615 NAME 'shellContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
attributeTypes: ( 1.2.840.113556.1.4.610 NAME 'classDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+attributeTypes: ( 1.2.840.113556.1.4.620 NAME 'ipsecName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
attributeTypes: ( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )
+attributeTypes: ( 1.2.840.113556.1.4.628 NAME 'ipsecNegotiationPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )
attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py
index 4cf9641ef2..960cd1b9e2 100755
--- a/source4/setup/upgrade.py
+++ b/source4/setup/upgrade.py
@@ -7,7 +7,6 @@
import getopt
import optparse
import os, sys
-sys.path.append("scripting/python")
import param
import samba
import samba.getopt as options
diff --git a/testprogs/ejs/minschema_classes.txt b/testprogs/ejs/minschema_classes.txt
index 0479438fa5..9327a4af2f 100644
--- a/testprogs/ejs/minschema_classes.txt
+++ b/testprogs/ejs/minschema_classes.txt
@@ -34,3 +34,6 @@ attributeSchema
subSchema
queryPolicy
groupPolicyContainer
+ipsecPolicy
+ipsecISAKMPPolicy
+ipsecNFA