diff options
-rw-r--r-- | source4/build/m4/public.m4 | 44 | ||||
-rw-r--r-- | source4/build/smb_build/env.pm | 24 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 6 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 85 | ||||
-rw-r--r-- | source4/scripting/python/samba/tests/provision.py | 23 | ||||
-rw-r--r-- | source4/scripting/python/samba/upgrade.py | 4 | ||||
-rwxr-xr-x | source4/selftest/samba4_tests.sh | 2 | ||||
-rw-r--r-- | source4/setup/provision.ldif | 4 | ||||
-rwxr-xr-x | source4/setup/provision.py | 9 | ||||
-rw-r--r-- | source4/setup/schema.ldif | 281 | ||||
-rwxr-xr-x | source4/setup/upgrade.py | 1 | ||||
-rw-r--r-- | testprogs/ejs/minschema_classes.txt | 3 |
12 files changed, 386 insertions, 100 deletions
diff --git a/source4/build/m4/public.m4 b/source4/build/m4/public.m4 index 81da34db86..4192128bbd 100644 --- a/source4/build/m4/public.m4 +++ b/source4/build/m4/public.m4 @@ -64,30 +64,28 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG], fi if test "$PKG_CONFIG" = "no" ; then - echo "*** The pkg-config script could not be found. Make sure it is" - echo "*** in your path, or set the PKG_CONFIG environment variable" - echo "*** to the full path to pkg-config." - echo "*** Or see http://pkg-config.freedesktop.org/ to get pkg-config." + echo "*** The pkg-config script could not be found. Make sure it is" + echo "*** in your path, or set the PKG_CONFIG environment variable" + echo "*** to the full path to pkg-config." + echo "*** Or see http://pkg-config.freedesktop.org/ to get pkg-config." ac_cv_$1_found=no else if $PKG_CONFIG --atleast-pkgconfig-version 0.9.0; then - AC_MSG_CHECKING(for $2) + AC_MSG_CHECKING(for $2) - if $PKG_CONFIG --exists '$2' ; then + if $PKG_CONFIG --exists '$2' ; then AC_MSG_RESULT(yes) - $1_CFLAGS="`$PKG_CONFIG --cflags '$2'`" - OLD_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $$1_CFLAGS" - AC_MSG_CHECKING([that the C compiler can use the $1_CFLAGS]) - AC_TRY_RUN([#include "${srcdir-.}/build/tests/trivial.c"], + OLD_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $$1_CFLAGS" + AC_MSG_CHECKING([that the C compiler can use the $1_CFLAGS]) + AC_TRY_RUN([#include "${srcdir-.}/build/tests/trivial.c"], SMB_ENABLE($1, YES) - AC_MSG_RESULT(yes), + AC_MSG_RESULT(yes), AC_MSG_RESULT(no), AC_MSG_WARN([cannot run when cross-compiling])) - CFLAGS="$OLD_CFLAGS" - + CFLAGS="$OLD_CFLAGS" SMB_EXT_LIB($1, [`$PKG_CONFIG --libs-only-l '$2'`], @@ -97,17 +95,17 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG], [ $2 ]) ac_cv_$1_found=yes - else + else AC_MSG_RESULT(no) - $PKG_CONFIG --errors-to-stdout --print-errors '$2' - ac_cv_$1_found=no - fi - else - echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." - echo "*** See http://pkg-config.freedesktop.org/" + $PKG_CONFIG --errors-to-stdout --print-errors '$2' ac_cv_$1_found=no - fi - fi + fi + else + echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." + echo "*** See http://pkg-config.freedesktop.org/" + ac_cv_$1_found=no + fi + fi if test x$ac_cv_$1_found = x"yes"; then ifelse([$3], [], [echo -n ""], [$3]) else diff --git a/source4/build/smb_build/env.pm b/source4/build/smb_build/env.pm index bbb72b520f..76cd8d1a26 100644 --- a/source4/build/smb_build/env.pm +++ b/source4/build/smb_build/env.pm @@ -54,28 +54,4 @@ sub _set_config($$) $self->{automatic_deps} = ($self->{config}->{automatic_dependencies} eq "yes"); } -sub Import($$) -{ - my ($self,$items) = @_; - - foreach (keys %$items) { - if (defined($self->{items})) { - print "Warning: Importing $_ twice!\n"; - } - $self->{items}->{$_} = $items->{$_}; - } -} - -sub GetInfo($$) -{ - my ($self,$name) = @_; - - unless (defined($self->{info}->{$name})) - { - $self->{info}->{$name} = $self->{items}->Build($self); - } - - return $self->{info}->{$name}; -} - 1; diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index c11eea1757..a01e442587 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -103,8 +103,8 @@ int samdb_copy_template(struct ldb_context *ldb, if (!templates_ldb) { templates_ldb_path = samdb_relative_path(ldb, - msg, - "templates.ldb"); + msg, + "templates.ldb"); if (!templates_ldb_path) { *errstring = talloc_asprintf(msg, "samdb_copy_template: ERROR: Failed to contruct path for template db"); return LDB_ERR_OPERATIONS_ERROR; @@ -115,6 +115,8 @@ int samdb_copy_template(struct ldb_context *ldb, NULL, 0, NULL); talloc_free(templates_ldb_path); if (!templates_ldb) { + *errstring = talloc_asprintf(msg, "samdb_copy_template: ERROR: Failed to connect to templates db at: %s", + templates_ldb_path); return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 9a44983d8e..7dd564fae1 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -64,9 +64,6 @@ class ProvisionPaths: self.dns_keytab = None self.dns = None self.winsdb = None - self.ldap_basedn_ldif = None - self.ldap_config_basedn_ldif = None - self.ldap_schema_basedn_ldif = None def check_install(lp, session_info, credentials): @@ -84,14 +81,19 @@ def check_install(lp, session_info, credentials): raise "No administrator account found" -def findnss(nssfn, *names): - """Find a user or group from a list of possibilities.""" +def findnss(nssfn, names): + """Find a user or group from a list of possibilities. + + :param nssfn: NSS Function to try (should raise KeyError if not found) + :param names: Names to check. + :return: Value return by first names list. + """ for name in names: try: return nssfn(name) except KeyError: pass - raise Exception("Unable to find user/group for %s" % arguments[1]) + raise KeyError("Unable to find user/group %r" % names) def open_ldb(session_info, credentials, lp, dbname): @@ -149,6 +151,14 @@ def setup_modify_ldif(ldb, ldif_path, substvars=None): def setup_ldb(ldb, ldif_path, subst_vars): + """Import a LDIF a file into a LDB handle, optionally substituting variables. + + :note: Either all LDIF data will be added or none (using transactions). + + :param ldb: LDB file to import into. + :param ldif_path: Path to the LDIF file. + :param subst_vars: Dictionary with substitution variables. + """ assert ldb is not None ldb.transaction_start() try: @@ -179,20 +189,16 @@ def setup_file(template, fname, substvars): open(f, 'w').write(data) -def provision_paths_from_lp(lp, dnsdomain, private_dir=None): +def provision_paths_from_lp(lp, dnsdomain): """Set the default paths for provisioning. :param lp: Loadparm context. :param dnsdomain: DNS Domain name """ paths = ProvisionPaths() - if private_dir is None: - private_dir = lp.get("private dir") - paths.keytab = "secrets.keytab" - paths.dns_keytab = "dns.keytab" - else: - paths.keytab = os.path.join(private_dir, "secrets.keytab") - paths.dns_keytab = os.path.join(private_dir, "dns.keytab") + private_dir = lp.get("private dir") + paths.keytab = "secrets.keytab" + paths.dns_keytab = "dns.keytab" paths.shareconf = os.path.join(private_dir, "share.ldb") paths.samdb = os.path.join(private_dir, lp.get("sam database") or "samdb.ldb") @@ -201,6 +207,7 @@ def provision_paths_from_lp(lp, dnsdomain, private_dir=None): paths.dns = os.path.join(private_dir, dnsdomain + ".zone") paths.winsdb = os.path.join(private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(private_dir, "ldapi") + paths.smbconf = os.path.join(private_dir, "smb.conf") paths.phpldapadminconfig = os.path.join(private_dir, "phpldapadmin-config.php") paths.hklm = "hklm.ldb" @@ -319,12 +326,14 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, domaindn_ldb = "users.ldb" if ldap_backend is not None: - domaindn_ldb = ldap_backend + domaindn_ldb = ldap_backend configdn_ldb = "configuration.ldb" if ldap_backend is not None: - configdn_ldb = ldap_backend + configdn_ldb = ldap_backend schemadn_ldb = "schema.ldb" if ldap_backend is not None: + schema_ldb = ldap_backend + schemadn_ldb = ldap_backend if ldap_backend_type == "fedora-ds": @@ -456,7 +465,6 @@ def setup_registry(path, setup_path, session_info, credentials, lp): :param lp: Loadparm context """ reg = registry.Registry() - print path hive = registry.open_ldb(path, session_info=session_info, credentials=credentials, lp_ctx=lp) reg.mount_hive(hive, "HKEY_LOCAL_MACHINE") @@ -527,6 +535,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, serverrole, ldap_backend=None, ldap_backend_type=None): """Setup a complete SAM Database. + :note: This will wipe the main SAM database file! """ # Also wipes the database @@ -716,22 +725,23 @@ def provision(lp, setup_dir, message, paths, session_info, if dnspass is None: dnspass = misc.random_password(12) if root is None: - root = findnss(pwd.getpwnam, "root")[0] + root = findnss(pwd.getpwnam, ["root"])[0] if nobody is None: - nobody = findnss(pwd.getpwnam, "nobody")[0] + nobody = findnss(pwd.getpwnam, ["nobody"])[0] if nogroup is None: - nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[0] + nogroup = findnss(grp.getgrnam, ["nogroup", "nobody"])[0] if users is None: - users = findnss(grp.getgrnam, "users", "guest", "other", "unknown", - "usr")[0] + users = findnss(grp.getgrnam, ["users", "guest", "other", "unknown", + "usr"])[0] if wheel is None: - wheel = findnss(grp.getgrnam, "wheel", "root", "staff", "adm")[0] + wheel = findnss(grp.getgrnam, ["wheel", "root", "staff", "adm"])[0] if backup is None: - backup = findnss(grp.getgrnam, "backup", "wheel", "root", "staff")[0] + backup = findnss(grp.getgrnam, ["backup", "wheel", "root", "staff"])[0] if aci is None: aci = "# no aci for local ldb" if serverrole is None: serverrole = lp.get("server role") + assert serverrole in ("domain controller", "member server") if invocationid is None and serverrole == "domain controller": invocationid = uuid.random() @@ -745,8 +755,8 @@ def provision(lp, setup_dir, message, paths, session_info, ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="") if ldap_backend == "ldapi": - # provision-backend will set this path suggested slapd command line / fedorads.inf - ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="") + # provision-backend will set this path suggested slapd command line / fedorads.inf + ldap_backend = "ldapi://" % urllib.quote(os.path.join(lp.get("private dir"), "ldap", "ldapi"), safe="") assert realm is not None realm = realm.upper() @@ -761,9 +771,9 @@ def provision(lp, setup_dir, message, paths, session_info, if not valid_netbios_name(netbiosname): raise InvalidNetbiosName(netbiosname) - dnsdomain = realm.lower() + dnsdomain = realm.lower() if serverrole == "domain controller": - domaindn = "DC=" + dnsdomain.replace(".", ",DC=") + domaindn = "DC=" + dnsdomain.replace(".", ",DC=") if domain is None: domain = lp.get("workgroup") @@ -775,16 +785,15 @@ def provision(lp, setup_dir, message, paths, session_info, domain = domain.upper() if not valid_netbios_name(domain): raise InvalidNetbiosName(domain) - else: - domaindn = "CN=" + netbiosname - domain = netbiosname - + domaindn = "CN=" + netbiosname + domain = netbiosname + if rootdn is None: - rootdn = domaindn + rootdn = domaindn - configdn = "CN=Configuration," + rootdn - schemadn = "CN=Schema," + configdn + configdn = "CN=Configuration," + rootdn + schemadn = "CN=Schema," + configdn message("set DOMAIN SID: %s" % str(domainsid)) message("Provisioning for %s in realm %s" % (domain, realm)) @@ -799,8 +808,6 @@ def provision(lp, setup_dir, message, paths, session_info, smbconfsuffix = "dc" elif serverrole == "member": smbconfsuffix = "member" - else: - assert "Invalid server role setting: %s" % serverrole setup_file(setup_path("provision.smb.conf.%s" % smbconfsuffix), paths.smbconf, { "HOSTNAME": hostname, @@ -810,7 +817,7 @@ def provision(lp, setup_dir, message, paths, session_info, "NETLOGONPATH": paths.netlogon, "SYSVOLPATH": paths.sysvol, }) - lp.reload() + lp.load(paths.smbconf) # only install a new shares config db if there is none if not os.path.exists(paths.shareconf): @@ -940,7 +947,7 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, def load_schema(setup_path, samdb, schemadn, netbiosname, configdn): - """Load schema. + """Load schema for the SamDB. :param samdb: Load a schema into a SamDB. :param setup_path: Setup path function. diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py index 4e9fa9c3ef..eb49f7af83 100644 --- a/source4/scripting/python/samba/tests/provision.py +++ b/source4/scripting/python/samba/tests/provision.py @@ -18,10 +18,11 @@ # import os -from samba.provision import setup_secretsdb, secretsdb_become_dc +from samba.provision import setup_secretsdb, secretsdb_become_dc, findnss import samba.tests from ldb import Dn import param +import unittest lp = param.LoadParm() lp.load("st/dc/etc/smb.conf") @@ -66,6 +67,25 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir): del secrets_ldb os.unlink(path) + +class FindNssTests(unittest.TestCase): + """Test findnss() function.""" + def test_nothing(self): + def x(y): + raise KeyError + self.assertRaises(KeyError, findnss, x, []) + + def test_first(self): + self.assertEquals("bla", findnss(lambda x: "bla", ["bla"])) + + def test_skip_first(self): + def x(y): + if y != "bla": + raise KeyError + return "ha" + self.assertEquals("ha", findnss(x, ["bloe", "bla"])) + + class Disabled: def test_setup_templatesdb(self): raise NotImplementedError(self.test_setup_templatesdb) @@ -100,3 +120,4 @@ class Disabled: def test_erase_partitions(self): raise NotImplementedError(self.test_erase_partitions) + diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index a118af2526..b332bb89ae 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -246,8 +246,8 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, machinepass = None domaindn = provision(lp=lp, setup_dir=setup_dir, message=message, - samdb_fill=FILL_DRS, ldapbackend=None, - paths=paths, session_info=session_info, credentials=credentials, realm=realm, + samdb_fill=FILL_DRS, paths=paths, session_info=session_info, + credentials=credentials, realm=realm, domain=domainname, domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole) diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 17b6020abb..d00b492953 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -330,5 +330,5 @@ then rm -rf $PREFIX/upgrade plantest "blackbox.upgrade" none $PYTHON setup/upgrade.py $CONFIGURATION --targetdir=$PREFIX/upgrade ../testdata/samba3 ../testdata/samba3/smb.conf rm -rf $PREFIX/provision - plantest "blackbox.provision.py" none $PYTHON ./setup/provision.py $CONFIGURATION --domain=FOO --realm=foo --targetdir=$PREFIX/provision + plantest "blackbox.provision.py" none $PYTHON ./setup/provision.py $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/provision fi diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 3fb9361d0b..37b6bdaa60 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -78,3 +78,7 @@ dn: CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container +dn: CN=IP Security,CN=System,${DOMAINDN} +objectClass: top +objectClass: container + diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 9f887e8b3b..033d2491f2 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -26,9 +26,6 @@ import getopt import optparse import os, sys -# Add path to the library for in-tree use -sys.path.append("scripting/python") - import samba from auth import system_session @@ -130,12 +127,12 @@ lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) lp.set("server role", opts.server_role or "domain controller") - if opts.aci is not None: print "set ACI: %s" % opts.aci -paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir) -paths.smbconf = sambaopts.get_loadparm_path() +paths = provision_paths_from_lp(lp, opts.realm.lower()) +if sambaopts.get_loadparm_path() is not None: + paths.smbconf = sambaopts.get_loadparm_path() creds = credopts.get_credentials() diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 585b418311..be68ed2b91 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -2249,6 +2249,24 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-ISAKMP-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.626 +attributeSyntax: 2.5.5.1 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-ISAKMP-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-ISAKMP-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecISAKMPReference +schemaIDGUID: b40ff820-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=Application-Name,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -2990,6 +3008,23 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-ID,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.621 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-ID +adminDescription: Ipsec-ID +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: ipsecID +schemaIDGUID: b40ff81d-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=LDAP-Admin-Limits,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -3317,6 +3352,24 @@ systemFlags: 16 isMemberOfPartialAttributeSet: TRUE objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-NFA-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.627 +attributeSyntax: 2.5.5.1 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-NFA-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-NFA-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecNFAReference +schemaIDGUID: b40ff821-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=secretary,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -7279,6 +7332,24 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Owners-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.624 +attributeSyntax: 2.5.5.1 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Owners-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-Owners-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecOwnersReference +schemaIDGUID: b40ff824-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=State-Or-Province-Name,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -7808,6 +7879,24 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Filter-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.629 +attributeSyntax: 2.5.5.1 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Filter-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-Filter-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecFilterReference +schemaIDGUID: b40ff823-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=User-Comment,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -7946,7 +8035,6 @@ searchFlags: 0 lDAPDisplayName: msDRM-IdentityCertificate schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 systemFlags: 16 -isMemberOfPartialAttributeSet: TRUE objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logoff,${SCHEMADN} @@ -8078,6 +8166,40 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Data-Type,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.622 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Data-Type +adminDescription: Ipsec-Data-Type +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: ipsecDataType +schemaIDGUID: b40ff81e-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Ipsec-Data,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.623 +attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Data +adminDescription: Ipsec-Data +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: ipsecData +schemaIDGUID: b40ff81f-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=RID-Manager-Reference,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -8501,6 +8623,23 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Name,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.620 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Name +adminDescription: Ipsec-Name +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: ipsecName +schemaIDGUID: b40ff81c-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=CA-Certificate,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -8522,6 +8661,24 @@ systemFlags: 16 isMemberOfPartialAttributeSet: TRUE objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Negotiation-Policy-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.628 +attributeSyntax: 2.5.5.1 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Negotiation-Policy-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-Negotiation-Policy-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecNegotiationPolicyReference +schemaIDGUID: b40ff822-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=MHS-OR-Address,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -9014,6 +9171,28 @@ defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Top,${SCHEMADN} +dn: CN=Ipsec-ISAKMP-Policy,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: ipsecBase +governsID: 1.2.840.113556.1.5.120 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-ISAKMP-Policy +adminDescription: Ipsec-ISAKMP-Policy +objectClassCategory: 1 +lDAPDisplayName: ipsecISAKMPPolicy +schemaIDGUID: b40ff828-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: container +systemPossSuperiors: computer +systemPossSuperiors: organizationalUnit +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,${SCHEMADN} + dn: CN=Domain-DNS,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9246,6 +9425,30 @@ defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Display-Specifier,${SCHEMADN} +dn: CN=Ipsec-Base,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.2.840.113556.1.5.7000.56 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Base +adminDescription: Ipsec-Base +objectClassCategory: 2 +lDAPDisplayName: ipsecBase +schemaIDGUID: b40ff825-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemMayContain: ipsecOwnersReference +systemMayContain: ipsecName +systemMayContain: ipsecID +systemMayContain: ipsecDataType +systemMayContain: ipsecData +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-Base,${SCHEMADN} + dn: CN=ms-DS-Az-Scope,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9546,10 +9749,13 @@ possibleInferiors: user possibleInferiors: container possibleInferiors: groupPolicyContainer possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: locality possibleInferiors: msDS-AzAdminManager possibleInferiors: organizationalUnit +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson +possibleInferiors: ipsecISAKMPPolicy rDNAttID: ou showInAdvancedViewOnly: TRUE adminDisplayName: Organizational-Unit @@ -9600,6 +9806,30 @@ defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Organizational-Unit,${SCHEMADN} +dn: CN=Ipsec-NFA,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: ipsecBase +governsID: 1.2.840.113556.1.5.121 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-NFA +adminDescription: Ipsec-NFA +objectClassCategory: 1 +lDAPDisplayName: ipsecNFA +schemaIDGUID: b40ff829-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: container +systemPossSuperiors: computer +systemPossSuperiors: organizationalUnit +systemMayContain: ipsecNegotiationPolicyReference +systemMayContain: ipsecFilterReference +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-NFA,${SCHEMADN} + dn: CN=Lost-And-Found,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9625,6 +9855,7 @@ possibleInferiors: site possibleInferiors: organization possibleInferiors: domainDNS possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: queryPolicy possibleInferiors: locality possibleInferiors: subnet @@ -9635,8 +9866,10 @@ possibleInferiors: nTDSService possibleInferiors: country possibleInferiors: organizationalUnit possibleInferiors: secret +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson possibleInferiors: server +possibleInferiors: ipsecISAKMPPolicy rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Lost-And-Found @@ -9829,6 +10062,9 @@ objectClass: top objectClass: classSchema subClassOf: user governsID: 1.2.840.113556.1.3.30 +possibleInferiors: ipsecNFA +possibleInferiors: ipsecPolicy +possibleInferiors: ipsecISAKMPPolicy rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Computer @@ -9899,6 +10135,30 @@ defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Person,${SCHEMADN} +dn: CN=Ipsec-Policy,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: ipsecBase +governsID: 1.2.840.113556.1.5.98 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Policy +adminDescription: Ipsec-Policy +objectClassCategory: 1 +lDAPDisplayName: ipsecPolicy +schemaIDGUID: b7b13121-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: organizationalUnit +systemPossSuperiors: computer +systemPossSuperiors: container +systemMayContain: ipsecNFAReference +systemMayContain: ipsecISAKMPReference +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-Policy,${SCHEMADN} + dn: CN=Container,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9912,12 +10172,15 @@ possibleInferiors: user possibleInferiors: container possibleInferiors: groupPolicyContainer possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: queryPolicy possibleInferiors: msDS-AzAdminManager possibleInferiors: displaySpecifier possibleInferiors: nTDSService possibleInferiors: secret +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson +possibleInferiors: ipsecISAKMPPolicy mayContain: msDS-ObjectReference rDNAttID: cn showInAdvancedViewOnly: TRUE @@ -10624,12 +10887,15 @@ possibleInferiors: user possibleInferiors: container possibleInferiors: groupPolicyContainer possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: queryPolicy possibleInferiors: msDS-AzAdminManager possibleInferiors: displaySpecifier possibleInferiors: nTDSService possibleInferiors: secret +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson +possibleInferiors: ipsecISAKMPPolicy rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Group-Policy-Container @@ -10656,6 +10922,7 @@ objectClass: top objectClass: subSchema objectCategory: CN=SubSchema,${SCHEMADN} objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) +objectClasses: ( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' SUP ipsecBase STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) objectClasses: ( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY ( msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzApplicationVersion $ msDS-AzClassId $ msDS-AzApplicationName $ description ) ) objectClasses: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' SUP top STRUCTURAL ) @@ -10664,6 +10931,7 @@ objectClasses: ( 1.2.840.113556.1.5.12 NAME 'configuration' SUP top STRUCTURAL M objectClasses: ( 1.2.840.113556.1.3.11 NAME 'crossRef' SUP top STRUCTURAL MUST ( nCName $ dnsRoot $ cn ) MAY ( trustParent $ superiorDNSRoot $ rootTrust $ nTMixedDomain $ nETBIOSName $ Enabled $ msDS-SDReferenceDomain $ msDS-Replication-Notify-Subsequent-DSA-Delay $ msDS-Replication-Notify-First-DSA-Delay $ msDS-NC-Replica-Locations $ msDS-DnsRootAlias $ msDS-Behavior-Version ) ) objectClasses: ( 1.2.840.113556.1.5.83 NAME 'rIDManager' SUP top STRUCTURAL MUST ( rIDAvailablePool ) ) objectClasses: ( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURAL MAY ( treatAsLeaf $ shellPropertyPages $ shellContextMenu $ scopeFlags $ queryFilter $ iconPath $ extraColumns $ creationWizard $ createWizardExt $ createDialog $ contextMenu $ classDisplayName $ attributeDisplayNames $ adminPropertyPages $ adminMultiselectPropertyPages $ adminContextMenu ) ) +objectClasses: ( 1.2.840.113556.1.5.7000.56 NAME 'ipsecBase' SUP top ABSTRACT MAY ( ipsecOwnersReference $ ipsecName $ ipsecID $ ipsecDataType $ ipsecData ) ) objectClasses: ( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST ( msDS-AzScopeName ) MAY ( msDS-AzApplicationData $ description ) ) objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST ( l ) MAY ( street $ st $ seeAlso $ searchGuide ) ) objectClasses: ( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY ( msDS-SPNSuffixes $ uPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-Behavior-Version ) ) @@ -10674,6 +10942,7 @@ objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( t objectClasses: ( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuide ) ) objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) ) +objectClasses: ( 1.2.840.113556.1.5.121 NAME 'ipsecNFA' SUP ipsecBase STRUCTURAL MAY ( ipsecNegotiationPolicyReference $ ipsecFilterReference ) ) objectClasses: ( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY ( moveTreeState ) ) objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) ) objectClasses: ( 1.2.840.113556.1.3.14 NAME 'attributeSchema' SUP top STRUCTURAL MUST ( schemaIDGUID $ oMSyntax $ lDAPDisplayName $ isSingleValued $ cn $ attributeSyntax $ attributeID ) MAY ( systemOnly $ searchFlags $ schemaFlagsEx $ rangeUpper $ rangeLower $ oMObjectClass $ msDs-Schema-Extensions $ msDS-IntId $ mAPIID $ linkID $ isMemberOfPartialAttributeSet $ isEphemeral $ isDefunct $ extendedCharsAllowed $ classDisplayName $ attributeSecurityGUID ) ) @@ -10681,6 +10950,7 @@ objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY ( volumeCount $ siteGUID $ rIDSetReferences $ policyReplicationFlags $ physicalLocationObject $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ operatingSystem $ networkAddress $ netbootSIFFile $ netbootMirrorDataFile $ netbootMachineFilePath $ netbootInitialization $ netbootGUID $ msDS-AdditionalSamAccountName $ msDS-AdditionalDnsHostName $ managedBy $ machineRole $ location $ localPolicyFlags $ dNSHostName $ defaultLocalPolicyObject $ cn $ catalogs ) ) objectClasses: ( 2.5.6.6 NAME 'person' SUP top MUST ( cn ) MAY ( userPassword $ telephoneNumber $ sn $ serialNumber $ seeAlso $ attributeCertificateAttribute ) ) +objectClasses: ( 1.2.840.113556.1.5.98 NAME 'ipsecPolicy' SUP ipsecBase STRUCTURAL MAY ( ipsecNFAReference $ ipsecISAKMPReference ) ) objectClasses: ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaVersion $ defaultClassStore $ msDS-ObjectReference ) ) objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( notificationList $ mSMQSiteID $ mSMQSiteForeign $ mSMQNt4Stub $ mSMQInterval2 $ mSMQInterval1 $ managedBy $ location $ gPOptions $ gPLink ) ) objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) ) @@ -10825,6 +11095,7 @@ attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.1 attributeTypes: ( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.639 NAME 'isMemberOfPartialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.626 NAME 'ipsecISAKMPReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) @@ -10866,6 +11137,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6 attributeTypes: ( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.621 NAME 'ipsecID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.843 NAME 'lDAPAdminLimits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) @@ -10884,6 +11156,7 @@ attributeTypes: ( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.627 NAME 'ipsecNFAReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -11098,6 +11371,7 @@ attributeTypes: ( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6. attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.624 NAME 'ipsecOwnersReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) @@ -11126,6 +11400,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX ' attributeTypes: ( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.629 NAME 'ipsecFilterReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -11141,6 +11416,8 @@ attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.622 NAME 'ipsecDataType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.623 NAME 'ipsecData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) @@ -11164,7 +11441,9 @@ attributeTypes: ( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1. attributeTypes: ( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.615 NAME 'shellContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.610 NAME 'classDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.620 NAME 'ipsecName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.628 NAME 'ipsecNegotiationPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 4cf9641ef2..960cd1b9e2 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -7,7 +7,6 @@ import getopt import optparse import os, sys -sys.path.append("scripting/python") import param import samba import samba.getopt as options diff --git a/testprogs/ejs/minschema_classes.txt b/testprogs/ejs/minschema_classes.txt index 0479438fa5..9327a4af2f 100644 --- a/testprogs/ejs/minschema_classes.txt +++ b/testprogs/ejs/minschema_classes.txt @@ -34,3 +34,6 @@ attributeSchema subSchema queryPolicy groupPolicyContainer +ipsecPolicy +ipsecISAKMPPolicy +ipsecNFA |