14 files changed, 179 insertions, 96 deletions

diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i
index 0a604cf002..152d2e673c 100644
--- a/source4/auth/credentials/credentials.i
+++ b/source4/auth/credentials/credentials.i
@@ -95,6 +95,8 @@ typedef struct cli_credentials {
         bool set_workstation(const char *workstation, 
                              enum credentials_obtained obtained=CRED_SPECIFIED);
 
+        NTSTATUS set_machine_account(struct loadparm_context *lp_ctx);
+
         void guess(struct loadparm_context *lp_ctx);
         bool is_anonymous(void);
 
diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py
index 2b40fbeead..ba0000dcda 100644
--- a/source4/auth/credentials/credentials.py
+++ b/source4/auth/credentials/credentials.py
@@ -82,6 +82,7 @@ Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_d
 Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
 Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
 Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
+Credentials.set_machine_account = new_instancemethod(_credentials.Credentials_set_machine_account,None,Credentials)
 Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
 Credentials.is_anonymous = new_instancemethod(_credentials.Credentials_is_anonymous,None,Credentials)
 Credentials.get_nt_hash = new_instancemethod(_credentials.Credentials_get_nt_hash,None,Credentials)
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 8bcbc65575..1bbdf8a5ad 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -327,7 +327,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
  * @retval NTSTATUS error detailing any failure
  */
 _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
-					     struct loadparm_context *lp_ctx)
+						      struct loadparm_context *lp_ctx)
 {
 	char *filter;
 	/* Bleh, nasty recursion issues: We are setting a machine
diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c
index 909233aaff..6c99802b09 100644
--- a/source4/auth/credentials/credentials_wrap.c
+++ b/source4/auth/credentials/credentials_wrap.c
@@ -2456,24 +2456,25 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
 
 /* -------- TYPES TABLE (BEGIN) -------- */
 
-#define SWIGTYPE_p_TALLOC_CTX swig_types[0]
-#define SWIGTYPE_p_char swig_types[1]
-#define SWIGTYPE_p_cli_credentials swig_types[2]
-#define SWIGTYPE_p_int swig_types[3]
-#define SWIGTYPE_p_loadparm_context swig_types[4]
-#define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long swig_types[6]
-#define SWIGTYPE_p_param_context swig_types[7]
-#define SWIGTYPE_p_param_opt swig_types[8]
-#define SWIGTYPE_p_param_section swig_types[9]
-#define SWIGTYPE_p_short swig_types[10]
-#define SWIGTYPE_p_signed_char swig_types[11]
-#define SWIGTYPE_p_unsigned_char swig_types[12]
-#define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long swig_types[14]
-#define SWIGTYPE_p_unsigned_short swig_types[15]
-static swig_type_info *swig_types[17];
-static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
+#define SWIGTYPE_p_NTSTATUS swig_types[0]
+#define SWIGTYPE_p_TALLOC_CTX swig_types[1]
+#define SWIGTYPE_p_char swig_types[2]
+#define SWIGTYPE_p_cli_credentials swig_types[3]
+#define SWIGTYPE_p_int swig_types[4]
+#define SWIGTYPE_p_loadparm_context swig_types[5]
+#define SWIGTYPE_p_loadparm_service swig_types[6]
+#define SWIGTYPE_p_long_long swig_types[7]
+#define SWIGTYPE_p_param_context swig_types[8]
+#define SWIGTYPE_p_param_opt swig_types[9]
+#define SWIGTYPE_p_param_section swig_types[10]
+#define SWIGTYPE_p_short swig_types[11]
+#define SWIGTYPE_p_signed_char swig_types[12]
+#define SWIGTYPE_p_unsigned_char swig_types[13]
+#define SWIGTYPE_p_unsigned_int swig_types[14]
+#define SWIGTYPE_p_unsigned_long_long swig_types[15]
+#define SWIGTYPE_p_unsigned_short swig_types[16]
+static swig_type_info *swig_types[18];
+static swig_module_info swig_module = {swig_types, 17, 0, 0, 0, 0};
 #define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
 #define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
 
@@ -3409,6 +3410,46 @@ fail:
 }
 
 
+SWIGINTERN PyObject *_wrap_Credentials_set_machine_account(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+  PyObject *resultobj = 0;
+  cli_credentials *arg1 = (cli_credentials *) 0 ;
+  struct loadparm_context *arg2 = (struct loadparm_context *) 0 ;
+  NTSTATUS result;
+  void *argp1 = 0 ;
+  int res1 = 0 ;
+  void *argp2 = 0 ;
+  int res2 = 0 ;
+  PyObject * obj0 = 0 ;
+  PyObject * obj1 = 0 ;
+  char *  kwnames[] = {
+    (char *) "self",(char *) "lp_ctx", NULL 
+  };
+  
+  arg1 = NULL;
+  arg2 = loadparm_init(NULL);
+  if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_machine_account",kwnames,&obj0,&obj1)) SWIG_fail;
+  if (obj0) {
+    res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 |  0 );
+    if (!SWIG_IsOK(res1)) {
+      SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_machine_account" "', argument " "1"" of type '" "cli_credentials *""'"); 
+    }
+    arg1 = (cli_credentials *)(argp1);
+  }
+  if (obj1) {
+    res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_loadparm_context, 0 |  0 );
+    if (!SWIG_IsOK(res2)) {
+      SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "Credentials_set_machine_account" "', argument " "2"" of type '" "struct loadparm_context *""'"); 
+    }
+    arg2 = (struct loadparm_context *)(argp2);
+  }
+  result = cli_credentials_set_machine_account(arg1,arg2);
+  resultobj = SWIG_NewPointerObj((NTSTATUS *)memcpy((NTSTATUS *)malloc(sizeof(NTSTATUS)),&result,sizeof(NTSTATUS)), SWIGTYPE_p_NTSTATUS, SWIG_POINTER_OWN |  0 );
+  return resultobj;
+fail:
+  return NULL;
+}
+
+
 SWIGINTERN PyObject *_wrap_Credentials_guess(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
   PyObject *resultobj = 0;
   cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3646,6 +3687,7 @@ static PyMethodDef SwigMethods[] = {
 	 { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
 	 { (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
 	 { (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
+	 { (char *)"Credentials_set_machine_account", (PyCFunction) _wrap_Credentials_set_machine_account, METH_VARARGS | METH_KEYWORDS, NULL},
 	 { (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
 	 { (char *)"Credentials_is_anonymous", (PyCFunction) _wrap_Credentials_is_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
 	 { (char *)"Credentials_get_nt_hash", (PyCFunction) _wrap_Credentials_get_nt_hash, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3661,31 +3703,33 @@ static PyMethodDef SwigMethods[] = {
 
 /* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
 
+static swig_type_info _swigt__p_NTSTATUS = {"_p_NTSTATUS", "NTSTATUS *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
 
 static swig_type_info *swig_type_initial[] = {
+  &_swigt__p_NTSTATUS,
   &_swigt__p_TALLOC_CTX,
   &_swigt__p_char,
   &_swigt__p_cli_credentials,
   &_swigt__p_int,
   &_swigt__p_loadparm_context,
   &_swigt__p_loadparm_service,
-  &_swigt__p_long,
+  &_swigt__p_long_long,
   &_swigt__p_param_context,
   &_swigt__p_param_opt,
   &_swigt__p_param_section,
@@ -3693,17 +3737,18 @@ static swig_type_info *swig_type_initial[] = {
   &_swigt__p_signed_char,
   &_swigt__p_unsigned_char,
   &_swigt__p_unsigned_int,
-  &_swigt__p_unsigned_long,
+  &_swigt__p_unsigned_long_long,
   &_swigt__p_unsigned_short,
 };
 
+static swig_cast_info _swigc__p_NTSTATUS[] = {  {&_swigt__p_NTSTATUS, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_TALLOC_CTX[] = {  {&_swigt__p_TALLOC_CTX, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_char[] = {  {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_cli_credentials[] = {  {&_swigt__p_cli_credentials, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_int[] = {  {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_loadparm_context[] = {  {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_loadparm_service[] = {  {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long[] = {  {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long_long[] = {  {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_context[] = {  {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_opt[] = {  {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_section[] = {  {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3711,17 +3756,18 @@ static swig_cast_info _swigc__p_short[] = {  {&_swigt__p_short, 0, 0, 0},{0, 0,
 static swig_cast_info _swigc__p_signed_char[] = {  {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_char[] = {  {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_int[] = {  {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long[] = {  {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long_long[] = {  {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_short[] = {  {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
 
 static swig_cast_info *swig_cast_initial[] = {
+  _swigc__p_NTSTATUS,
   _swigc__p_TALLOC_CTX,
   _swigc__p_char,
   _swigc__p_cli_credentials,
   _swigc__p_int,
   _swigc__p_loadparm_context,
   _swigc__p_loadparm_service,
-  _swigc__p_long,
+  _swigc__p_long_long,
   _swigc__p_param_context,
   _swigc__p_param_opt,
   _swigc__p_param_section,
@@ -3729,7 +3775,7 @@ static swig_cast_info *swig_cast_initial[] = {
   _swigc__p_signed_char,
   _swigc__p_unsigned_char,
   _swigc__p_unsigned_int,
-  _swigc__p_unsigned_long,
+  _swigc__p_unsigned_long_long,
   _swigc__p_unsigned_short,
 };
 
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 3235b24ef9..50f333d095 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -26,6 +26,7 @@
 #include "lib/ldb/include/ldb_private.h"
 #include "system/time.h"
 #include "dsdb/samdb/samdb.h"
+#include "version.h"
 
 struct private_data {
 	int num_controls;
@@ -202,6 +203,13 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 		}
 	}
 
+	if (schema && do_attribute_explicit(attrs, "vendorVersion")) {
+		if (ldb_msg_add_fmt(msg, "vendorVersion", 
+				    "%s", SAMBA_VERSION_STRING) != 0) {
+			goto failed;
+		}
+	}
+
 	/* TODO: lots more dynamic attributes should be added here */
 
 	return LDB_SUCCESS;
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 6917aa1a54..80dcd522df 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -265,7 +265,8 @@ def provision_paths_from_lp(lp, dnsdomain):
     return paths
 
 def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None,
-              rootdn=None, domaindn=None, configdn=None, schemadn=None, sitename=None):
+                rootdn=None, domaindn=None, configdn=None, schemadn=None, serverdn=None, 
+                sitename=None):
 
     if hostname is None:
         hostname = socket.gethostname().split(".")[0].lower()
@@ -287,7 +288,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=
 
     if lp.get("realm").upper() != realm:
         raise Exception("realm '%s' in %s must match chosen realm '%s'" %
-                        (lp.get("realm"), smbconf, realm))
+                        (lp.get("realm"), lp.configfile(), realm))
     
     dnsdomain = dnsdomain.lower()
 
@@ -332,6 +333,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=
     names.netbiosname = netbiosname
     names.hostname = hostname
     names.sitename = sitename
+    names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn)
     
     return names
     
@@ -543,9 +545,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
         samdb.load_ldif_file_add(setup_path("provision_init.ldif"))
 
         message("Setting up sam.ldb rootDSE")
-        setup_samdb_rootdse(samdb, setup_path, names.schemadn, names.domaindn, names.hostname, 
-                            names.dnsdomain, names.realm, names.rootdn, names.configdn, names.netbiosname,
-                            names.sitename)
+        setup_samdb_rootdse(samdb, setup_path, names)
 
         if erase:
             message("Erasing data from partitions")
@@ -656,25 +656,22 @@ def setup_idmapdb(path, setup_path, session_info, credentials, lp):
     idmap_ldb.load_ldif_file_add(setup_path("idmap_init.ldif"))
     return idmap_ldb
 
-def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname, 
-                        dnsdomain, realm, rootdn, configdn, netbiosname,
-                        sitename):
+def setup_samdb_rootdse(samdb, setup_path, names):
     """Setup the SamDB rootdse.
 
     :param samdb: Sam Database handle
     :param setup_path: Obtain setup path
     """
     setup_add_ldif(samdb, setup_path("provision_rootdse_add.ldif"), {
-        "SCHEMADN": schemadn, 
-        "NETBIOSNAME": netbiosname,
-        "DNSDOMAIN": dnsdomain,
-        "DEFAULTSITE": sitename,
-        "REALM": realm,
-        "DNSNAME": "%s.%s" % (hostname, dnsdomain),
-        "DOMAINDN": domaindn,
-        "ROOTDN": rootdn,
-        "CONFIGDN": configdn,
-        "VERSION": samba.version(),
+        "SCHEMADN": names.schemadn, 
+        "NETBIOSNAME": names.netbiosname,
+        "DNSDOMAIN": names.dnsdomain,
+        "REALM": names.realm,
+        "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
+        "DOMAINDN": names.domaindn,
+        "ROOTDN": names.rootdn,
+        "CONFIGDN": names.configdn,
+        "SERVERDN": names.serverdn,
         })
         
 
@@ -879,7 +876,8 @@ FILL_DRS = "DRS"
 
 def provision(setup_dir, message, session_info, 
               credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, 
-              rootdn=None, domaindn=None, schemadn=None, configdn=None,
+              rootdn=None, domaindn=None, schemadn=None, configdn=None, 
+              serverdn=None,
               domain=None, hostname=None, hostip=None, hostip6=None, 
               domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None, 
               policyguid=None, invocationid=None, machinepass=None, 
@@ -932,7 +930,8 @@ def provision(setup_dir, message, session_info,
 
     names = guess_names(lp=lp, hostname=hostname, domain=domain, 
                         dnsdomain=realm, serverrole=serverrole, sitename=sitename,
-                        rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn)
+                        rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn,
+                        serverdn=serverdn)
 
     paths = provision_paths_from_lp(lp, names.dnsdomain)
 
@@ -1046,8 +1045,8 @@ def provision(setup_dir, message, session_info,
 
     message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
 
-    message("Once the above files are installed, your server will be ready to use")
-    message("Server Type:    %s" % serverrole)
+    message("Once the above files are installed, your Samba4 server will be ready to use")
+    message("Server Role:    %s" % serverrole)
     message("Hostname:       %s" % names.hostname)
     message("NetBIOS Domain: %s" % names.domain)
     message("DNS Domain:     %s" % names.dnsdomain)
@@ -1064,12 +1063,13 @@ def provision(setup_dir, message, session_info,
 def provision_become_dc(setup_dir=None,
                         smbconf=None, targetdir=None, realm=None, 
                         rootdn=None, domaindn=None, schemadn=None, configdn=None,
+                        serverdn=None,
                         domain=None, hostname=None, domainsid=None, 
                         adminpass=None, krbtgtpass=None, domainguid=None, 
                         policyguid=None, invocationid=None, machinepass=None, 
                         dnspass=None, root=None, nobody=None, nogroup=None, users=None, 
                         wheel=None, backup=None, aci=None, serverrole=None, 
-                        ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE):
+                        ldap_backend=None, ldap_backend_type=None, sitename=None):
 
     def message(text):
 	"""print a message if quiet is not set."""
@@ -1077,7 +1077,7 @@ def provision_become_dc(setup_dir=None,
 
     provision(setup_dir, message, system_session(), None,
               smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm, 
-              rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, 
+              rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, serverdn=serverdn,
               domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename);
     
 
@@ -1096,7 +1096,7 @@ def provision_backend(setup_dir=None, message=None,
                       smbconf=None, targetdir=None, realm=None, 
                       rootdn=None, domaindn=None, schemadn=None, configdn=None,
                       domain=None, hostname=None, adminpass=None, root=None, serverrole=None, 
-                      ldap_backend_type=None):
+                      ldap_backend_type=None, ldap_backend_port=None):
 
     def setup_path(file):
         return os.path.join(setup_dir, file)
@@ -1144,7 +1144,12 @@ def provision_backend(setup_dir=None, message=None,
                    {"SCHEMADN": names.schemadn})
 
     if ldap_backend_type == "fedora-ds":
-        setup_file(setup_path("fedora-ds.inf"), paths.fedoradsinf, 
+        if ldap_backend_port is not None:
+            serverport = "ServerPort=%d" % ldap_backend_port
+        else:
+            serverport = ""
+
+        setup_file(setup_path("fedorads.inf"), paths.fedoradsinf, 
                    {"ROOT": root,
                     "HOSTNAME": hostname,
                     "DNSDOMAIN": names.dnsdomain,
@@ -1152,19 +1157,18 @@ def provision_backend(setup_dir=None, message=None,
                     "DOMAINDN": names.domaindn,
                     "LDAPMANAGERDN": names.ldapmanagerdn,
                     "LDAPMANAGERPASS": adminpass, 
-                    "SERVERPORT": ""})
+                    "SERVERPORT": serverport})
         
-        setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, 
+        setup_file(setup_path("fedorads-partitions.ldif"), paths.fedoradspartitions, 
                    {"CONFIGDN": names.configdn,
                     "SCHEMADN": names.schemadn,
                     })
         
-        setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, 
-                   {"CONFIGDN": names.configdn,
-                    "SCHEMADN": names.schemadn,
-                    })
         mapping = "schema-map-fedora-ds-1.0"
         backend_schema = "99_ad.ldif"
+        
+        slapdcommand="Initailise Fedora DS with: setup-ds.pl --file=%s" % paths.fedoradsinf
+       
     elif ldap_backend_type == "openldap":
         attrs = ["linkID", "lDAPDisplayName"]
 	res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs);
@@ -1215,14 +1219,26 @@ refint_attributes""" + refint_attributes + "\n";
         
 
         ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
-        message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri)
-                
+        if ldap_backend_port is not None:
+            server_port_string = " -h ldap://0.0.0.0:%d" % ldap_backend_port
+        else:
+            server_port_string = ""
+        slapdcommand="Start slapd with:    slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string
 
     schema_command = "bin/ad2oLschema --option=convert:target=" + ldap_backend_type + " -I " + setup_path(mapping) + " -H tdb://" + schemadb_path + " -O " + os.path.join(paths.ldapdir, backend_schema);
 
     os.system(schema_command)
 
 
+    message("Your %s Backend for Samba4 is now configured, and is ready to be started" % ( ldap_backend_type) )
+    message("Server Role:         %s" % serverrole)
+    message("Hostname:            %s" % names.hostname)
+    message("DNS Domain:          %s" % names.dnsdomain)
+    message("Base DN:             %s" % names.domaindn)
+    message("LDAP admin DN:       %s" % names.ldapmanagerdn)
+    message("LDAP admin password: %s" % adminpass)
+    message(slapdcommand)
+
 
 def create_phpldapadmin_config(path, setup_path, ldapi_uri):
     """Create a PHP LDAP admin configuration file.
diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm
index 262c8035f6..552f6535af 100644
--- a/source4/selftest/target/Samba4.pm
+++ b/source4/selftest/target/Samba4.pm
@@ -201,8 +201,6 @@ sub mk_fedora_ds($$$)
 
 	my $pidfile = "$fedora_ds_dir/logs/slapd-samba4.pid";
 
-	system("$self->{bindir}/ad2oLschema $configuration -H $ldapdir/schema-tmp.ldb --option=convert:target=fedora-ds -I $self->{setupdir}/schema-map-fedora-ds-1.0 -O $ldapdir/99_ad.ldif >&2") == 0 or die("schema conversion for Fedora DS failed");
-
 my $dir = getcwd();
 chdir "$ENV{FEDORA_DS_ROOT}/bin" || die;
 	if (system("perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent --file=$fedora_ds_inf >&2") != 0) {
@@ -222,9 +220,6 @@ sub mk_openldap($$$)
 	my $pidfile = "$ldapdir/slapd.pid";
 	my $modconf = "$ldapdir/modules.conf";
 
-	#This uses the backend provision we just did, to read out the schema
-	system("$self->{bindir}/ad2oLschema $configuration --option=convert:target=openldap -H $ldapdir/schema-tmp.ldb -I $self->{setupdir}/schema-map-openldap-2.3 -O $ldapdir/backend-schema.schema >&2") == 0 or die("schema conversion for OpenLDAP failed");
-
 	my $oldpath = $ENV{PATH};
 	my $olpath = "";
 	my $olroot = "";
diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend
index ada6dcef8d..4f222c467a 100755
--- a/source4/setup/provision-backend
+++ b/source4/setup/provision-backend
@@ -54,6 +54,8 @@ parser.add_option("--quiet", help="Be quiet", action="store_true")
 parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", 
 		help="LDB mapping module to use for the LDAP backend",
 		choices=["fedora-ds", "openldap"])
+parser.add_option("--ldap-backend-port", type="int", metavar="PORT", 
+		help="TCP Port LDAP server should listen to (default ldapi only)")
 parser.add_option("--server-role", type="choice", metavar="ROLE",
 		  choices=["domain controller", "dc", "member server", "member", "standalone"],
 		help="Set server role to provision for (default standalone)")
@@ -89,10 +91,9 @@ if setup_dir is None:
 	setup_dir = "setup"
 
 provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir,
-          realm=opts.realm, domain=opts.domain,
-          hostname=opts.host_name,
-          adminpass=opts.ldap_manager_pass,
-          root=opts.root, serverrole=server_role, 
-          ldap_backend_type=opts.ldap_backend_type)
-
-message("All OK")
+		  realm=opts.realm, domain=opts.domain,
+		  hostname=opts.host_name,
+		  adminpass=opts.ldap_manager_pass,
+		  root=opts.root, serverrole=server_role, 
+		  ldap_backend_type=opts.ldap_backend_type,
+		  ldap_backend_port=opts.ldap_backend_port)
diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif
index 9f19796ec6..14e0d71df6 100644
--- a/source4/setup/provision_rootdse_add.ldif
+++ b/source4/setup/provision_rootdse_add.ldif
@@ -1,7 +1,7 @@
 # the rootDSE module looks in this record for its base data
 dn: @ROOTDSE
 subschemaSubentry: CN=Aggregate,${SCHEMADN}
-dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+dsServiceName: CN=NTDS Settings,${SERVERDN}
 defaultNamingContext: ${DOMAINDN}
 rootDomainNamingContext: ${ROOTDN}
 configurationNamingContext: ${CONFIGDN}
@@ -9,10 +9,9 @@ schemaNamingContext: ${SCHEMADN}
 supportedLDAPVersion: 3
 dnsHostName: ${DNSNAME}
 ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
-serverName: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+serverName: ${SERVERDN}
 domainFunctionality: 0
 forestFunctionality: 0
 domainControllerFunctionality: 2
 isSynchronized: FALSE
 vendorName: Samba Team (http://samba.org)
-vendorVersion: ${VERSION}
diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c
index 3f8edd40e8..f8699fe06a 100644
--- a/source4/torture/libnet/libnet_BecomeDC.c
+++ b/source4/torture/libnet/libnet_BecomeDC.c
@@ -84,6 +84,7 @@ static NTSTATUS test_become_dc_prepare_db(void *private_data,
 	settings.netbios_name = p->dest_dsa->netbios_name;
 	settings.realm = torture_join_dom_dns_name(s->tj);
 	settings.domain = torture_join_dom_netbios_name(s->tj);
+	settings.server_dn_str = torture_join_server_dn_str(s->tj);
 	settings.machine_password = cli_credentials_get_password(s->machine_account);
 	settings.targetdir = s->targetdir;
 
diff --git a/source4/torture/local/torture.c b/source4/torture/local/torture.c
index bb6e21ed4f..9bd60d9620 100644
--- a/source4/torture/local/torture.c
+++ b/source4/torture/local/torture.c
@@ -42,27 +42,28 @@ static bool test_tempdir(struct torture_context *tctx)
 static bool test_provision(struct torture_context *tctx)
 {
 	NTSTATUS status;
-	struct provision_settings settings;
-	char *location = NULL;
-	torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &location), 
+	struct provision_settings *settings = talloc(tctx, struct provision_settings);
+	char *targetdir = NULL;
+
+	torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &targetdir), 
 				   "torture_temp_dir should return NT_STATUS_OK" );
+	settings->targetdir = talloc_steal(settings, targetdir);
 
-	settings.dns_name = "example.com";
-	settings.site_name = "SOME-SITE-NAME";
-	settings.root_dn_str = "DC=EXAMPLE,DC=COM";
-	settings.domain_dn_str = "DC=EXAMPLE,DC=COM";
-	settings.config_dn_str = NULL;
-	settings.schema_dn_str = NULL;
-	settings.invocation_id = NULL;
-	settings.netbios_name = "FOO";
-	settings.realm = "EXAMPLE.COM";
-	settings.domain = "EXAMPLE";
-	settings.ntds_guid = NULL;
-	settings.ntds_dn_str = NULL;
-	settings.machine_password = "geheim";
-	settings.targetdir = location;
+	settings->dns_name = "example.com";
+	settings->site_name = "SOME-SITE-NAME";
+	settings->root_dn_str = "DC=EXAMPLE,DC=COM";
+	settings->domain_dn_str = "DC=EXAMPLE,DC=COM";
+	settings->config_dn_str = NULL;
+	settings->schema_dn_str = NULL;
+	settings->invocation_id = NULL;
+	settings->netbios_name = "FOO";
+	settings->realm = "EXAMPLE.COM";
+	settings->domain = "EXAMPLE";
+	settings->ntds_guid = NULL;
+	settings->ntds_dn_str = NULL;
+	settings->machine_password = "geheim";
 
-	status = provision_bare(tctx, tctx->lp_ctx, &settings);
+	status = provision_bare(settings, tctx->lp_ctx, settings);
 			
 	torture_assert_ntstatus_ok(tctx, status, "provision");
 
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 02f04946d6..892886c08c 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -553,6 +553,14 @@ const char *torture_join_dom_dns_name(struct test_join *join)
 	return join->dom_dns_name;
 }
 
+const char *torture_join_server_dn_str(struct test_join *join)
+{
+	if (join->libnet_r) {
+		return join->libnet_r->out.server_dn_str;
+	}
+	return NULL;
+}
+
 
 #if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */
 struct test_join_ads_dc {
diff --git a/source4/torture/util.h b/source4/torture/util.h
index 477a828120..72f97e4766 100644
--- a/source4/torture/util.h
+++ b/source4/torture/util.h
@@ -27,6 +27,7 @@ struct provision_settings {
 	const char *domain_dn_str;
 	const char *config_dn_str;
 	const char *schema_dn_str;
+	const char *server_dn_str;
 	const struct GUID *invocation_id;
 	const char *netbios_name;
 	const char *host_ip;
diff --git a/source4/torture/util_provision.c b/source4/torture/util_provision.c
index cce8e18fdc..3167a37cdf 100644
--- a/source4/torture/util_provision.c
+++ b/source4/torture/util_provision.c
@@ -105,6 +105,10 @@ NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
 		PyDict_SetItemString(parameters, "configdn", 
 				     PyString_FromString(settings->config_dn_str));
 	
+	if (settings->server_dn_str) 
+		PyDict_SetItemString(parameters, "serverdn", 
+				     PyString_FromString(settings->server_dn_str));
+	
 	if (settings->site_name) 
 		PyDict_SetItemString(parameters, "sitename", 
 				     PyString_FromString(settings->site_name));