summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/display_specifiers.ldif11
-rw-r--r--source4/setup/fedorads-partitions.ldif2
-rwxr-xr-xsource4/setup/provision10
-rwxr-xr-xsource4/setup/provision-backend13
-rw-r--r--source4/setup/provision.ldif19
-rwxr-xr-xsource4/setup/provision.py10
-rw-r--r--source4/setup/provision_basedn.ldif1
-rw-r--r--source4/setup/provision_computers_modify.ldif3
-rw-r--r--source4/setup/provision_configuration.ldif24
-rw-r--r--source4/setup/provision_configuration_basedn.ldif1
-rw-r--r--source4/setup/provision_configuration_basedn_modify.ldif9
-rw-r--r--source4/setup/provision_schema_basedn.ldif1
-rw-r--r--source4/setup/provision_schema_basedn_modify.ldif6
-rw-r--r--source4/setup/provision_self_join.ldif6
-rw-r--r--source4/setup/provision_templates.ldif2
-rw-r--r--source4/setup/provision_users.ldif28
-rw-r--r--source4/setup/provision_users_modify.ldif3
-rw-r--r--source4/setup/schema-map-fedora-ds-1.02
-rw-r--r--source4/setup/schema_samba4.ldif20
-rw-r--r--source4/setup/slapd.conf12
20 files changed, 55 insertions, 128 deletions
diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif
index b76955a0cb..7d6633244d 100644
--- a/source4/setup/display_specifiers.ldif
+++ b/source4/setup/display_specifiers.ldif
@@ -1,22 +1,16 @@
dn: CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: container
-showInAdvancedViewOnly: TRUE
-instanceType: 4
dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: container
cn: 409
-name: 409
-instanceType: 4
-showInAdvancedViewOnly: TRUE
dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: displaySpecifier
cn: user-Display
-name: user-Display
contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
@@ -35,7 +29,6 @@ dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: displaySpecifier
cn: group-Display
-name: group-Display
contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
@@ -63,7 +56,6 @@ dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: displaySpecifier
cn: computer-Display
-name: computer-Display
contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
@@ -81,7 +73,6 @@ dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: displaySpecifier
cn: organizationalUnit-Display
-name: organizationalUnit-Display
contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
@@ -97,7 +88,6 @@ dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: displaySpecifier
cn: container-Display
-name: container-Display
contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
@@ -112,7 +102,6 @@ dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN}
objectClass: top
objectClass: displaySpecifier
cn: default-Display
-name: default-Display
adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif
index 12855f9c70..571fb599b9 100644
--- a/source4/setup/fedorads-partitions.ldif
+++ b/source4/setup/fedorads-partitions.ldif
@@ -7,6 +7,7 @@ nsslapd-backend: configData
cn: ${CONFIGDN}
dn: cn=configData,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: ${CONFIGDN}
@@ -21,6 +22,7 @@ nsslapd-backend: schemaData
cn: ${SCHEMADN}
dn: cn=schemaData,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: ${SCHEMADN}
diff --git a/source4/setup/provision b/source4/setup/provision
index 161698ccf4..8b24c51040 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -123,7 +123,6 @@ for (r in options) {
}
var blank = (options["blank"] != undefined);
-var ldapbase = (options["ldap-base"] != undefined);
var ldapbackend = (options["ldap-backend"] != undefined);
var ldapmodule = (options["ldap-module"] != undefined);
var partitions_only = (options["partitions-only"] != undefined);
@@ -141,7 +140,7 @@ if (ldapbackend) {
subobj.LDAPBACKEND = subobj.LDAPI_URI;
}
if (!ldapmodule) {
- subobj.LDAPMODULE = "entryuuid";
+ subobj.LDAPMODULE = "normalise,entryuuid";
subobj.TDB_MODULES_LIST = "";
}
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
@@ -161,10 +160,7 @@ var system_session = system_session();
var creds = options.get_credentials();
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
-if (ldapbase) {
- provision_ldapbase(subobj, message, paths);
- message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
-} else if (partitions_only) {
+if (partitions_only) {
provision_become_dc(subobj, message, false, paths, system_session);
} else {
provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
@@ -188,7 +184,7 @@ if (ldapbase) {
message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND);
}
if (ldapmodule) {
- message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE);
+ message("--ldap-module='%s' \\\n", + subobj.LDAPMODULE);
}
message("--aci='" + subobj.ACI + "' \\\n")
}
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index 66555c4e19..abd1b9a875 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -101,7 +101,7 @@ var backend_schema;
var slapd_command;
if (options["ldap-backend-type"] == "fedora-ds") {
mapping = "schema-map-fedora-ds-1.0";
- backend_schema = "backend-schema.ldif";
+ backend_schema = "99_ad.ldif";
if (options["ldap-backend-port"] != undefined) {
message("Will listen on TCP port " + options["ldap-backend-port"] + "\n");
subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"];
@@ -114,9 +114,8 @@ if (options["ldap-backend-type"] == "fedora-ds") {
slapd_command = "(see documentation)";
} else if (options["ldap-backend-type"] == "openldap") {
- provision_ldapbase(subobj, message, paths);
mapping = "schema-map-openldap-2.3";
- backend_schema = "99_ad.ldif";
+ backend_schema = "backend-schema.schema";
setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj);
setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj);
sys.mkdir(subobj.LDAPDIR + "/db", 0700);
@@ -151,10 +150,12 @@ if (options["ldap-backend-type"] == "fedora-ds") {
var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs);
assert(res.error == 0);
var memberof_config = "";
+ var refint_attributes = "";
for (i=0; i < res.msgs.length; i++) {
searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName");
if (target != undefined) {
+ refint_attributes = refint_attributes + " " + target + " " + res.msgs[i].lDAPDisplayName;
memberof_config = memberof_config + "overlay memberof
memberof-dangling error
memberof-refint TRUE
@@ -166,6 +167,12 @@ memberof-dangling-error 32
";
}
}
+
+ memberof_config = memberof_config + "
+overlay refint
+refint_attributes" + refint_attributes + "
+";
+
ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config);
if (!ok) {
message("failed to create file: " + f + "\n");
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index c6b07c5751..3fb9361d0b 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -3,28 +3,24 @@ objectClass: top
objectClass: organizationalUnit
cn: Domain Controllers
description: Default container for domain controllers
-instanceType: 4
-showInAdvancedViewOnly: FALSE
systemFlags: 2348810240
isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
objectClass: top
objectClass: container
cn: ForeignSecurityPrincipals
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
-instanceType: 4
-showInAdvancedViewOnly: FALSE
systemFlags: 2348810240
isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
dn: CN=System,${DOMAINDN}
objectClass: top
objectClass: container
cn: System
description: Builtin system settings
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2348810240
isCriticalSystemObject: TRUE
@@ -32,8 +28,6 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN}
objectclass: top
objectclass: rIDManager
cn: RID Manager$
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2348810240
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
@@ -43,23 +37,17 @@ dn: CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
cn: DomainUpdates
-instanceType: 4
-showInAdvancedViewOnly: TRUE
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
cn: Windows2003Update
-instanceType: 4
-showInAdvancedViewOnly: TRUE
revision: 8
dn: CN=Infrastructure,${DOMAINDN}
objectclass: top
objectclass: infrastructureUpdate
cn: Infrastructure
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2348810240
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
@@ -68,8 +56,6 @@ dn: CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: builtinDomain
cn: Builtin
-instanceType: 4
-showInAdvancedViewOnly: FALSE
forceLogoff: 9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
@@ -86,6 +72,7 @@ serverState: 1
uASCompat: 1
modifiedCount: 1
isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
diff --git a/source4/setup/provision.py b/source4/setup/provision.py
index e166d5f3dd..88015ce0a3 100755
--- a/source4/setup/provision.py
+++ b/source4/setup/provision.py
@@ -34,7 +34,7 @@ from auth import system_session
import samba.getopt as options
import param
from samba.provision import (provision,
- provision_paths_from_lp, provision_ldapbase)
+ provision_paths_from_lp)
parser = optparse.OptionParser("provision [options]")
parser.add_option_group(options.SambaOptions(parser))
@@ -81,9 +81,6 @@ parser.add_option("--users", type="string", metavar="GROUPNAME",
parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--blank", action="store_true",
help="do not add users or groups, just the structure")
-parser.add_option("--ldap-base",
- help="output only an LDIF file, suitable for creating an LDAP baseDN",
- action="store_true")
parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER",
help="LDAP server to use for this provision")
parser.add_option("--ldap-module=", type="string", metavar="MODULE",
@@ -152,10 +149,7 @@ creds = credopts.get_credentials()
setup_dir = opts.setupdir
if setup_dir is None:
setup_dir = "setup"
-if opts.ldap_base:
- provision_ldapbase(setup_dir, message, paths)
- message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif))
-elif opts.partitions_only:
+if opts.partitions_only:
provision_become_dc(setup_dir, message, False,
paths, lp, system_session(), creds)
else:
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index 234c1f9e8f..3c7537f013 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -5,7 +5,6 @@ dn: ${DOMAINDN}
objectClass: top
objectClass: domain
objectClass: domainDNS
-${EXTENSIBLEOBJECT}
${ACI}
dc: ${RDN_DC}
diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif
index b7502e5107..3bb4074d42 100644
--- a/source4/setup/provision_computers_modify.ldif
+++ b/source4/setup/provision_computers_modify.ldif
@@ -3,9 +3,6 @@ changetype: modify
replace: description
description: Default container for upgraded computer accounts
-
-replace: instanceType
-instanceType: 4
--
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE
-
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 050f110d9a..0fe90b0739 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -5,8 +5,6 @@ dn: CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRefContainer
cn: Partitions
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2147483648
msDS-Behavior-Version: 0
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
@@ -15,8 +13,6 @@ dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRef
cn: Enterprise Configuration
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 1
nCName: ${CONFIGDN}
dnsRoot: ${DNSDOMAIN}
@@ -25,8 +21,6 @@ dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRef
cn: Enterprise Schema
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 1
nCName: ${SCHEMADN}
dnsRoot: ${DNSDOMAIN}
@@ -35,8 +29,6 @@ dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRef
cn: ${DOMAIN}
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 3
nCName: ${DOMAINDN}
nETBIOSName: ${DOMAIN}
@@ -46,62 +38,46 @@ dn: CN=Sites,${CONFIGDN}
objectClass: top
objectClass: sitesContainer
cn: Sites
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2181038080
dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: site
cn: ${DEFAULTSITE}
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2181038080
dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: serversContainer
cn: Servers
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2181038080
dn: CN=Services,${CONFIGDN}
objectClass: top
objectClass: container
cn: Services
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 2147483648
dn: CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
objectClass: container
cn: Windows NT
-instanceType: 4
-showInAdvancedViewOnly: TRUE
dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
objectClass: nTDSService
cn: Directory Service
-instanceType: 4
-showInAdvancedViewOnly: TRUE
sPNMappings: host=ldap,dns,cifs,http
dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
objectClass: container
cn: Query-Policies
-instanceType: 4
-showInAdvancedViewOnly: TRUE
dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
objectClass: queryPolicy
cn: Default Query Policy
-instanceType: 4
-showInAdvancedViewOnly: TRUE
lDAPAdminLimits: MaxValRange=1500
lDAPAdminLimits: MaxReceiveBuffer=10485760
lDAPAdminLimits: MaxDatagramRecv=4096
diff --git a/source4/setup/provision_configuration_basedn.ldif b/source4/setup/provision_configuration_basedn.ldif
index df1e1b19ba..575f8faa0a 100644
--- a/source4/setup/provision_configuration_basedn.ldif
+++ b/source4/setup/provision_configuration_basedn.ldif
@@ -4,6 +4,5 @@
dn: ${CONFIGDN}
objectClass: top
objectClass: configuration
-${EXTENSIBLEOBJECT}
${ACI}
cn: Configuration
diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif
index 46ba4e9649..9b87e1cead 100644
--- a/source4/setup/provision_configuration_basedn_modify.ldif
+++ b/source4/setup/provision_configuration_basedn_modify.ldif
@@ -3,14 +3,5 @@
###############################
dn: ${CONFIGDN}
changetype: modify
-replace: instanceType
-instanceType: 13
--
-replace: showInAdvancedViewOnly
-showInAdvancedViewOnly: TRUE
--
-replace: objectCategory
-objectCategory: CN=Configuration,${SCHEMADN}
--
replace: subRefs
subRefs: ${SCHEMADN}
diff --git a/source4/setup/provision_schema_basedn.ldif b/source4/setup/provision_schema_basedn.ldif
index 7b4f599072..fbfd4c09d6 100644
--- a/source4/setup/provision_schema_basedn.ldif
+++ b/source4/setup/provision_schema_basedn.ldif
@@ -4,6 +4,5 @@
dn: ${SCHEMADN}
objectClass: top
objectClass: dMD
-${EXTENSIBLEOBJECT}
${ACI}
cn: Schema
diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif
index 92c5cf1ace..4e690376d7 100644
--- a/source4/setup/provision_schema_basedn_modify.ldif
+++ b/source4/setup/provision_schema_basedn_modify.ldif
@@ -3,12 +3,6 @@
###############################
dn: ${SCHEMADN}
changetype: modify
-replace: instanceType
-instanceType: 13
--
-replace: showInAdvancedViewOnly
-showInAdvancedViewOnly: TRUE
--
replace: fSMORoleOwner
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
-
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 06230e8d00..58669660f4 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -30,7 +30,6 @@ objectClass: organizationalPerson
objectClass: user
cn: dns
description: DNS Service Account
-showInAdvancedViewOnly: TRUE
userAccountControl: 514
accountExpires: 9223372036854775807
sAMAccountName: dns
@@ -38,13 +37,12 @@ sAMAccountType: 805306368
servicePrincipalName: DNS/${DNSDOMAIN}
isCriticalSystemObject: TRUE
sambaPassword:: ${DNSPASS_B64}
+showInAdvancedViewOnly: TRUE
dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: server
cn: ${NETBIOSNAME}
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 1375731712
dNSHostName: ${DNSNAME}
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
@@ -55,8 +53,6 @@ objectClass: applicationSettings
objectClass: nTDSDSA
cn: NTDS Settings
options: 1
-instanceType: 4
-showInAdvancedViewOnly: TRUE
systemFlags: 33554432
dMDLocation: ${SCHEMADN}
invocationId: ${INVOCATIONID}
diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif
index 8797efaf98..fafedc6966 100644
--- a/source4/setup/provision_templates.ldif
+++ b/source4/setup/provision_templates.ldif
@@ -66,12 +66,10 @@ sAMAccountType: 268435456
#
# dn: CN=TemplateAlias,CN=Templates
# cn: TemplateAlias
-# instanceType: 4
# groupType: -2147483644
# sAMAccountType: 268435456
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates
-showInAdvancedViewOnly: TRUE
dn: CN=TemplateSecret,CN=Templates
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 7c1a438d8e..05fde15974 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -134,7 +134,6 @@ objectClass: top
objectClass: group
cn: RAS and IAS Servers
description: Servers in this group can access remote access properties of users
-instanceType: 4
objectSid: ${DOMAINSID}-553
sAMAccountName: RAS and IAS Servers
sAMAccountType: 536870912
@@ -307,7 +306,6 @@ objectClass: top
objectClass: group
cn: Server Operators
description: Members can administer domain servers
-instanceType: 4
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
@@ -327,7 +325,6 @@ objectClass: top
objectClass: group
cn: Account Operators
description: Members can administer domain user and group accounts
-instanceType: 4
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
@@ -404,173 +401,148 @@ objectClass: top
objectClass: container
cn: WellKnown Security Principals
systemFlags: 2147483648
-showInAdvancedViewOnly: TRUE
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Anonymous Logon
objectSid: S-1-5-7
-showInAdvancedViewOnly: TRUE
dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Authenticated Users
objectSid: S-1-5-11
-showInAdvancedViewOnly: TRUE
dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Batch
objectSid: S-1-5-3
-showInAdvancedViewOnly: TRUE
dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Creator Group
objectSid: S-1-3-1
-showInAdvancedViewOnly: TRUE
dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Creator Owner
objectSid: S-1-3-0
-showInAdvancedViewOnly: TRUE
dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Dialup
objectSid: S-1-5-1
-showInAdvancedViewOnly: TRUE
dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Digest Authentication
objectSid: S-1-5-64-21
-showInAdvancedViewOnly: TRUE
dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Enterprise Domain Controllers
objectSid: S-1-5-9
-showInAdvancedViewOnly: TRUE
dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Everyone
objectSid: S-1-1-0
-showInAdvancedViewOnly: TRUE
dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Interactive
objectSid: S-1-5-4
-showInAdvancedViewOnly: TRUE
dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Local Service
objectSid: S-1-5-19
-showInAdvancedViewOnly: TRUE
dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Network
objectSid: S-1-5-2
-showInAdvancedViewOnly: TRUE
dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Network Service
objectSid: S-1-5-20
-showInAdvancedViewOnly: TRUE
dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: NTLM Authentication
objectSid: S-1-5-64-10
-showInAdvancedViewOnly: TRUE
dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Other Organization
objectSid: S-1-5-1000
-showInAdvancedViewOnly: TRUE
dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Proxy
objectSid: S-1-5-8
-showInAdvancedViewOnly: TRUE
dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Remote Interactive Logon
objectSid: S-1-5-14
-showInAdvancedViewOnly: TRUE
dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Restricted
objectSid: S-1-5-12
-showInAdvancedViewOnly: TRUE
dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: SChannel Authentication
objectSid: S-1-5-64-14
-showInAdvancedViewOnly: TRUE
dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Self
objectSid: S-1-5-10
-showInAdvancedViewOnly: TRUE
dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Service
objectSid: S-1-5-6
-showInAdvancedViewOnly: TRUE
dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Terminal Server User
objectSid: S-1-5-13
-showInAdvancedViewOnly: TRUE
dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: This Organization
objectSid: S-1-5-15
-showInAdvancedViewOnly: TRUE
dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
cn: Well-Known-Security-Id-System
objectSid: S-1-5-18
-showInAdvancedViewOnly: TRUE
diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif
index 42dff07080..06954c44f0 100644
--- a/source4/setup/provision_users_modify.ldif
+++ b/source4/setup/provision_users_modify.ldif
@@ -3,9 +3,6 @@ changetype: modify
replace: description
description: Default container for upgraded user accounts
-
-replace: instanceType
-instanceType: 4
--
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE
-
diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0
index 7419a8d7b8..86f8c0b726 100644
--- a/source4/setup/schema-map-fedora-ds-1.0
+++ b/source4/setup/schema-map-fedora-ds-1.0
@@ -14,6 +14,8 @@ dITContentRules
top
#This shouldn't make it to the ldap server
sambaPassword
+#This should be provided by the LDAP server, only in our schema to permit provision
+aci
#Skip ObjectClasses
#MiddleName has a conflicting OID
2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index a9f79f1635..8bd1705468 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -174,3 +174,23 @@ oMSyntax: 20
#Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5
#Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6
#Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7
+
+
+#
+# Fedora DS uses this attribute, and we need to set it via our module stack
+#
+dn: CN=aci,${SCHEMADN}
+cn: aci
+name: aci
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: aci
+isSingleValued: TRUE
+systemFlags: 16
+systemOnly: FALSE
+schemaIDGUID: d8e6c1fa-db08-4f26-a53b-23c414aac92d
+adminDisplayName: aci
+attributeID: 1.3.6.1.4.1.7165.4.1.11
+attributeSyntax: 2.5.5.4
+oMSyntax: 20
+
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index e4e86eece9..83f4da3359 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -34,6 +34,12 @@ index lDAPDisplayName eq
index subClassOf eq
index cn eq
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We only need this for the contextCSN attribute anyway....
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
+
database hdb
suffix ${CONFIGDN}
directory ${LDAPDIR}/db/config
@@ -48,6 +54,12 @@ index dnsRoot eq
index nETBIOSName eq
index cn eq
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We only need this for the contextCSN attribute anyway....
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
+
database hdb
suffix ${DOMAINDN}
rootdn ${LDAPMANAGERDN}
generated by cgit (git 2.34.1) at 2024-12-14 05:43:16 +0000