summaryrefslogtreecommitdiff
path: root/source4/setup/provision_basedn_modify.ldif
AgeCommit message (Collapse)AuthorFilesLines
2009-11-17s4:provision Split up reference creation, load schema earlier in the stackAndrew Bartlett1-13/+1
The schema needs to be loaded above the extended_dn_out modules as otherwise we don't get an extended DN in the search results. The reference split is to ensure we create references after the objects they reference exist. Andrew Bartlett
2009-10-02s4: Improve provisioning: use relax controlMatthieu Patou1-1/+0
Give the possibility to specify controls when loading ldif files. Relax control is specified by default for all ldb_add_diff (request Andrew B). Set domainguid if specified at the creation of object instead of modifying afterward Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
2009-09-20s4:provision_basedn_modify - fix the "auditPolicy" attributeMatthias Dieter Wallnöfer1-1/+2
I had to think about how to encode the string 0x0001 (taken from Windows Server). The problem is due to the "0" byte at the beginning of it. BASE64 encoding seems a good method to do it.
2009-09-17s4:provision - Some reworkMatthias Dieter Wallnöfer1-27/+55
- Add/change "wellKnownObjects" attributes - Order entries in "provision_basedn_modify.ldif" - Add/change "delete entries" object under BASEDN and CONFIGDN - Fix default version number of "Default domain policy" group policy - Add "domain updates" objects for interoperability with MS AD maintaining tools - Show version number in the "oEMInformation" attribute (suggested by ekacnet) - Smaller fixups
2009-08-26s4:provision Only create references to our server DN after the self joinAndrew Bartlett1-3/+0
This will ensure that the GUID can be filled in correctly, and assist us to validate DN targets in the future. Andrew Bartlett
2009-07-20[SAMBA 4 directory] Refactoring and clean up of directory structureMatthias Dieter Wallnöfer1-3/+3
- Adds more system objects which make sense to have them in SAMBA 4 also to have them when we add more and more services related to the directory (volume support, DFS, replication service, COM...) - Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes are set correctly on each object
2009-07-16s4:dsdb Handle dc/domain/forest functional levels properlyAndrew Bartlett1-2/+2
Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett
2009-07-02[SAMBA 4 directory] Changes "forceLogoff" and corrects the "subRefs"Matthias Dieter Wallnöfer1-2/+4
- This changes the attribute "forceLogoff" to its' default values according to Windows Server 2003 R2 - Also this corrects the "subRefs" attribute of the base-DN which only refers to direct child partitions (and therefore not to the complete transitive closure)
2008-12-17s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}Andrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-10-02s4:setup: add wellknownObjects to the domain objectStefan Metzmacher1-0/+8
metze
2008-05-21GPO: Do not provision Default Domain Policy as initially enforced. (bz #5480)Andrew Kroeger1-1/+1
This only solves part of bz #5480. The settings for Enforced & Link Enabled now match the default settings of a Windows DC, but they are still "locked" and cannot be changed via the GUI. (This used to be commit 761e667e45475d3a7d5a41558b400ba4c94c4650)
2008-04-09Be consistant in using ${SEVERDN}.Andrew Bartlett1-1/+1
This ensures we don't fall out of sync with the provision scripts. Andrew Bartlett (This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a)
2008-01-24Kill another sub that the modules will handle for us.Andrew Bartlett1-3/+0
(This used to be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8)
2007-12-21r26298: Use metze's schema loading code to pre-initialise the schema into theAndrew Bartlett1-8/+0
samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
2007-10-10r22972: added the basic ldif needed to support group policies in Samba4. WinXPAndrew Tridgell1-0/+3
clients do correctly see our group policies, but the gpmc admin tool doesn't yet work to allow you to edit the policies (This used to be commit 4c6e01a585f59caf7d2d87833f5eedc018ed8acc)
2007-10-10r20557: use ${DOMAINDN} instead of ${BASEDN}Stefan Metzmacher1-2/+2
metze (This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f)
2007-10-10r20553: add ${CONFIGDN} and ${SCHEMADN} instead of using hardcoded pathsStefan Metzmacher1-6/+6
under ${BASEDN} metze (This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87)
2007-10-10r20332: add mastered-By and msDs-mastered-By attributes to the domain objectStefan Metzmacher1-1/+6
the config and schema head objects already have them metze (This used to be commit 6d43c1963856c5140ca3447aa2f9a276035eff8c)
2007-10-10r20152: Commit missing files from last night's commit. We no longer maintainAndrew Bartlett1-0/+3
a distinction between PDC and BDC in the configuration files, only as an entry in the ldb. Andrew Bartlett (This used to be commit dc9eee7cb37e4a6828c2cba23b0d836df9eac7b5)
2007-10-10r17876: Require one less patch for the LDAP backend to work.Andrew Bartlett1-3/+1
This lets the modules or backend generate the host and domain GUID, rather than the randguid() function. These can still be specified from the command line. Andrew Bartlett (This used to be commit 32996ca9d62568006f8bee85a1f2f37c64c04fb5)
2007-10-10r17377: This attribute is maintained by the modules, don't override it.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit d942a8b2b6dcdc8d406d2c5b00983f0191e2a30d)
2007-10-10r17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't likeAndrew Bartlett1-5/+0
this. Instead, handle this one in the add. Andrew Bartlett (This used to be commit ab355e1f5f0747225b4c3fc2e65ffb044fe03040)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-0/+90
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)