summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup')
-rwxr-xr-xsource4/setup/provision15
-rw-r--r--source4/setup/provision.ldif43
-rw-r--r--source4/setup/provision_basedn.ldif8
-rw-r--r--source4/setup/provision_basedn_modify.ldif90
-rw-r--r--source4/setup/provision_templates.ldif19
-rw-r--r--source4/setup/provision_users.ldif2
6 files changed, 124 insertions, 53 deletions
diff --git a/source4/setup/provision b/source4/setup/provision
index d6497cf180..a58f4a5dce 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -28,7 +28,9 @@ options = GetOptions(ARGV,
'wheel=s',
'users=s',
'quiet',
- 'blank');
+ 'blank',
+ 'ldap-base',
+ 'ldap-backend=s');
if (options == undefined) {
println("Failed to parse options");
@@ -75,6 +77,8 @@ provision [options]
--users GROUPNAME choose 'users' group
--quiet Be quiet
--blank do not add users or groups, just the structure
+ --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
+ --ldap-backend LDAPSERVER LDAP server to use for this provision
You must provide at least a realm and domain
@@ -108,6 +112,7 @@ for (r in options) {
}
var blank = (options["blank"] != undefined);
+var ldapbase = (options["ldap-base"] != undefined);
if (!provision_validate(subobj, message)) {
return -1;
@@ -118,7 +123,11 @@ var creds = options.get_credentials();
var paths = provision_default_paths(subobj);
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
-provision(subobj, message, blank, paths, system_session, creds);
-provision_dns(subobj, message, paths, system_session, creds);
+if (ldapbase) {
+ provision_ldapbase(subobj, message, paths);
+} else {
+ provision(subobj, message, blank, paths, system_session, creds);
+ provision_dns(subobj, message, paths, system_session, creds);
+}
message("All OK\n");
return 0;
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index f59d92e769..c047d6d93a 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -1,38 +1,3 @@
-###############################
-# Domain Naming Context
-###############################
-dn: ${BASEDN}
-objectClass: top
-objectClass: domain
-objectClass: domainDNS
-dnsDomain: ${DNSDOMAIN}
-dc: ${RDN_DC}
-objectGUID: ${DOMAINGUID}
-creationTime: ${NTTIME}
-forceLogoff: 9223372036854775808
-lockoutDuration: -18000000000
-lockOutObservationWindow: -18000000000
-lockoutThreshold: 0
-maxPwdAge: -37108517437440
-minPwdAge: 0
-minPwdLength: 7
-modifiedCountAtLastProm: 0
-nextRid: 1000
-pwdProperties: 1
-pwdHistoryLength: 24
-objectSid: ${DOMAINSID}
-oEMInformation: Provisioned by Samba4: ${LDAPTIME}
-serverState: 1
-nTMixedDomain: 1
-msDS-Behavior-Version: 0
-ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
-uASCompat: 1
-modifiedCount: 1
-objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
-isCriticalSystemObject: TRUE
-subRefs: CN=Configuration,${BASEDN}
-subRefs: CN=Schema,CN=Configuration,${BASEDN}
-
dn: CN=Users,${BASEDN}
objectClass: top
objectClass: container
@@ -57,15 +22,15 @@ systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-dn: OU=Domain Controllers,${BASEDN}
+dn: CN=Domain Controllers,${BASEDN}
objectClass: top
-objectClass: organizationalUnit
-ou: Domain Controllers
+objectClass: container
+cn: Domain Controllers
description: Default container for domain controllers
instanceType: 4
showInAdvancedViewOnly: FALSE
systemFlags: 2348810240
-objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
dn: CN=ForeignSecurityPrincipals,${BASEDN}
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
new file mode 100644
index 0000000000..4cf850e728
--- /dev/null
+++ b/source4/setup/provision_basedn.ldif
@@ -0,0 +1,8 @@
+################################
+## Domain Naming Context
+################################
+dn: ${BASEDN}
+objectClass: top
+objectClass: domain
+dc: ${RDN_DC}
+
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
new file mode 100644
index 0000000000..91a8d66f24
--- /dev/null
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -0,0 +1,90 @@
+###############################
+# Domain Naming Context
+###############################
+dn: ${BASEDN}
+changetype: modify
+replace: objectClass
+objectClass: top
+objectClass: domain
+objectClass: domainDNS
+-
+replace: dnsDomain
+dnsDomain: ${DNSDOMAIN}
+-
+replace: dc
+dc: ${RDN_DC}
+-
+replace: objectGUID
+objectGUID: ${DOMAINGUID}
+-
+replace: creationTime
+creationTime: ${NTTIME}
+-
+replace: forceLogoff
+forceLogoff: 9223372036854775808
+-
+replace: lockoutDuration
+lockoutDuration: -18000000000
+-
+replace: lockOutObservationWindow
+lockOutObservationWindow: -18000000000
+-
+replace: lockoutThreshold
+lockoutThreshold: 0
+-
+replace: maxPwdAge
+maxPwdAge: -37108517437440
+-
+replace: minPwdAge
+minPwdAge: 0
+-
+replace: minPwdLength
+minPwdLength: 7
+-
+replace: modifiedCountAtLastProm
+modifiedCountAtLastProm: 0
+-
+replace: nextRid
+nextRid: 1000
+-
+replace: pwdProperties
+pwdProperties: 1
+-
+replace: pwdHistoryLength
+pwdHistoryLength: 24
+-
+replace: objectSid
+objectSid: ${DOMAINSID}
+-
+replace: oEMInformation
+oEMInformation: Provisioned by Samba4: ${LDAPTIME}
+-
+replace: serverState
+serverState: 1
+-
+replace: nTMixedDomain
+nTMixedDomain: 1
+-
+replace: msDS-Behavior-Version
+msDS-Behavior-Version: 0
+-
+replace: ridManagerReference
+ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
+-
+replace: uASCompat
+uASCompat: 1
+-
+replace: modifiedCount
+modifiedCount: 1
+-
+replace: objectCategory
+objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
+-
+replace: isCriticalSystemObject
+isCriticalSystemObject: TRUE
+-
+replace: subRefs
+subRefs: CN=Configuration,${BASEDN}
+subRefs: CN=Schema,CN=Configuration,${BASEDN}
+-
+
diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif
index 11501a5b42..3b70d42520 100644
--- a/source4/setup/provision_templates.ldif
+++ b/source4/setup/provision_templates.ldif
@@ -1,4 +1,4 @@
-dn: CN=Templates,${BASEDN}
+dn: CN=Templates
objectClass: top
objectClass: container
cn: Templates
@@ -14,7 +14,7 @@ isCriticalSystemObject: TRUE
# with what classes you put them in
###
-dn: CN=TemplateUser,CN=Templates,${BASEDN}
+dn: CN=TemplateUser,CN=Templates
objectClass: top
objectClass: person
objectClass: organizationalPerson
@@ -36,7 +36,7 @@ logonCount: 0
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
-dn: CN=TemplateComputer,CN=Templates,${BASEDN}
+dn: CN=TemplateComputer,CN=Templates
objectClass: top
objectClass: person
objectClass: organizationalPerson
@@ -58,7 +58,7 @@ logonCount: 0
sAMAccountType: 805306369
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
-dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
+dn: CN=TemplateTrustingDomain,CN=Templates
objectClass: top
objectClass: Template
objectClass: userTemplate
@@ -71,13 +71,12 @@ countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
-pwdLastSet: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
sAMAccountType: 805306370
-dn: CN=TemplateGroup,CN=Templates,${BASEDN}
+dn: CN=TemplateGroup,CN=Templates
objectClass: top
objectClass: Template
objectClass: groupTemplate
@@ -89,7 +88,7 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
# Currently this isn't used, we don't have a way to detect it different from an incoming alias
#
-# dn: CN=TemplateAlias,CN=Templates,${BASEDN}
+# dn: CN=TemplateAlias,CN=Templates
# objectClass: top
# objectClass: Template
# objectClass: aliasTemplate
@@ -98,7 +97,7 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
# groupType: -2147483644
# sAMAccountType: 268435456
-dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
+dn: CN=TemplateForeignSecurityPrincipal,CN=Templates
objectClass: top
objectClass: Template
objectClass: foreignSecurityPrincipalTemplate
@@ -107,7 +106,7 @@ instanceType: 4
showInAdvancedViewOnly: TRUE
objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
-dn: CN=TemplateSecret,CN=Templates,${BASEDN}
+dn: CN=TemplateSecret,CN=Templates
objectClass: top
objectClass: leaf
objectClass: Template
@@ -115,7 +114,7 @@ objectClass: secretTemplate
cn: TemplateSecret
instanceType: 4
-dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
+dn: CN=TemplateTrustedDomain,CN=Templates
objectClass: top
objectClass: leaf
objectClass: Template
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index dc7bc016d5..5cd5991c41 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -68,7 +68,7 @@ privilege: SeNetworkLogonRight
privilege: SeRemoteInteractiveLogonRight
-dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
+dn: CN=${NETBIOSNAME},CN=Domain Controllers,${BASEDN}
objectClass: computer
cn: ${NETBIOSNAME}
objectGUID: ${HOSTGUID}
generated by cgit (git 2.34.1) at 2024-07-05 09:30:29 +0000