3 files changed, 15 insertions, 12 deletions

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d0f612c7a8..f27cc17290 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1300,9 +1300,6 @@ refint_attributes""" + refint_attributes + "\n"
                                "UUID": str(uuid.uuid4()), 
                                "LDAPTIME": timestring(int(time.time()))} )
 
-#"LDAPMANAGERDN": names.ldapmanagerdn,
-                               
-
         mapping = "schema-map-openldap-2.3"
         backend_schema = "backend-schema.schema"
 
@@ -1323,7 +1320,12 @@ refint_attributes""" + refint_attributes + "\n"
     message("Hostname:            %s" % names.hostname)
     message("DNS Domain:          %s" % names.dnsdomain)
     message("Base DN:             %s" % names.domaindn)
-    message("LDAP admin DN:       %s" % names.ldapmanagerdn)
+
+    if ldap_backend_type == "openldap":
+        message("LDAP admin user:     samba-admin")
+    else:
+        message("LDAP admin DN:       %s" % names.ldapmanagerdn)
+
     message("LDAP admin password: %s" % adminpass)
     message(slapdcommand)
 
diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm
index 0be1acf371..896b013105 100644
--- a/source4/selftest/target/Samba4.pm
+++ b/source4/selftest/target/Samba4.pm
@@ -571,7 +571,6 @@ sub provision($$$$$$)
 	server max protocol = SMB2
 	notify:inotify = false
 	ldb:nosync = true
-	system:anonymous = true
 #We don't want to pass our self-tests if the PAC code is wrong
 	gensec:require_pac = true
 	log level = $smbd_loglevel
@@ -719,8 +718,7 @@ nogroup:x:65534:nobody
 	push (@provision_options, "--krbtgtpass=krbtgt$password");
 	push (@provision_options, "--machinepass=machine$password");
 	push (@provision_options, "--root=$unix_name");
-	push (@provision_options, "--username=samba-admin");
-	push (@provision_options, "--password=$password");
+
 	push (@provision_options, "--server-role=\"$server_role\"");
 
 	my $ldap_uri= "$ldapdir/ldapi";
@@ -753,15 +751,18 @@ nogroup:x:65534:nobody
 	if (defined($self->{ldap})) {
 
                 push (@provision_options, "--ldap-backend=$ldap_uri");
-	        system("$self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$unix_name --realm=$realm --domain=$domain --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
+	        system("$self->{setupdir}/provision-backend $configuration --ldap-admin-pass=$password --root=$unix_name --realm=$realm --domain=$domain --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
+
+	        push (@provision_options, "--password=$password");
 
 	        if ($self->{ldap} eq "openldap") {
+	               push (@provision_options, "--username=samba-admin");
 		       ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");
 		       push (@provision_options, "--ldap-backend-type=openldap");
 	        } elsif ($self->{ldap} eq "fedora-ds") {
+	               push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn");
 		       ($ret->{FEDORA_DS_DIR}, $ret->{FEDORA_DS_PIDFILE}) = $self->mk_fedora_ds($ldapdir, $configuration) or die("Unable to create fedora ds directories");
 		       push (@provision_options, "--ldap-backend-type=fedora-ds");
-		       push (@provision_options, "'--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK'");
                  }
 
 		$self->slapd_start($ret) or 
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index 54dc5839bf..845dc8679a 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -49,8 +49,8 @@ parser.add_option("--domain", type="string", metavar="DOMAIN",
 				  help="set domain")
 parser.add_option("--host-name", type="string", metavar="HOSTNAME", 
 		help="set hostname")
-parser.add_option("--ldap-manager-pass", type="string", metavar="PASSWORD", 
-		help="choose LDAP manager password (otherwise random)")
+parser.add_option("--ldap-admin-pass", type="string", metavar="PASSWORD", 
+		help="choose LDAP admin password (otherwise random)")
 parser.add_option("--root", type="string", metavar="USERNAME", 
 		help="choose 'root' unix username")
 parser.add_option("--quiet", help="Be quiet", action="store_true")
@@ -96,7 +96,7 @@ if setup_dir is None:
 provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir,
 		  realm=opts.realm, domain=opts.domain,
 		  hostname=opts.host_name,
-		  adminpass=opts.ldap_manager_pass,
+		  adminpass=opts.ldap_admin_pass,
 		  root=opts.root, serverrole=server_role, 
 		  ldap_backend_type=opts.ldap_backend_type,
 		  ldap_backend_port=opts.ldap_backend_port)