Age | Commit message (Collapse) | Author | Files | Lines |
|
CN=Sites,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
CN=Partitions,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
This files set up DomainDnsZones and ForestDnsZones partitions and
other configuration parameters for replication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
With the fix introduced by Nadya in changeset
622ef6aed82a2f2f7748c2a88535486af77487de we are now able to generate
correct SD (at least the same as W2k3R2 with a Forest Level of 2003), so
there is no need for this fix anymore as it makes SDs for Forest Level
2003 and lower incorrect.
|
|
This should help to fix bug #7403.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
|
|
|
|
partitions
Discovered by the "ldapcmp" tool
|
|
|
|
|
|
should obviously be 10
Compared against my Windows Server 2008 and Zahari's output.
|
|
operation is of version 3
|
|
in the NTDS site settings
|
|
|
|
- The default site doesn't contain a licensing object
- Adequate two other values (a "showInAdvancedViewOnly" and a "systemFlags" one)
|
|
Server 2008"
This reverts commit 973ea198677c581064fad62cdac30baac7103ef8.
This change breaks DRS dcpromo.
|
|
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We are now defaulting to win2003 functional level, and see to report
the right revisions of our db and schema
|
|
When adding a W2K8 DC to a domain running earlier DC versions, the "adprep"
utility is used to perform schema updates and update other attributes as
necessary.
Adding these entries provides an indication that the adprep utility has been run
with the /forestprep, /domainprep and /rodcprep arguments. Although these
entries indicate adprep has been run, nothing has been done to verify that the
changes that the adprep utility would have made have actually been done.
The values used for the revision atttributes are as seen on a W2K8 DC (not
W2K8 R2, which will probably have higher values).
|
|
|
|
I reread some docs about this attributes and it seems that this as mapping
attribute isn't host specific but in common for the whole domain. To allow
Windows DCs to join our s4 domain sooner or later we have to provide the full
attribute.
|
|
|
|
Accidentally removed by a previous commit.
|
|
- The DC level we keep on Windows Server 2008 R2 (we should call ourself
always the newest server type)
- The domain/forest level we set to the minimum (Windows 2000 native) to
allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed"
mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is
set always to 0
- I'll add a script which allows to bump the DC level (basically sets the
"msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and
on the "DC" object)
|
|
- Fix up "servicePrincipalNames" attributes on the DC object
- Add some informative comments (most in "provision_self_join.ldif")
- Add also comments where objects are missing which we may add later when we
support the feature (mainly for FRS)
- Add "domain updates" objects also under "CN=Configuration" (they exist twice)
- Add the default services under "Services" to allow interoperability with some
MS client tools
- Smaller changes
|
|
- Add/change "wellKnownObjects" attributes
- Order entries in "provision_basedn_modify.ldif"
- Add/change "delete entries" object under BASEDN and CONFIGDN
- Fix default version number of "Default domain policy" group policy
- Add "domain updates" objects for interoperability with MS AD maintaining tools
- Show version number in the "oEMInformation" attribute (suggested by ekacnet)
- Smaller fixups
|
|
This patch brings up those subcontainers and fixes up the "systemFlags" on the
"Subnet" entry.
|
|
|
|
This will ensure that the GUID can be filled in correctly, and assist
us to validate DN targets in the future.
Andrew Bartlett
|
|
When objects are deleted they get renamed to this container. The
container needs to exist when we provision
|
|
This commit includes:
- Additional static object data in SAMBA 4's AD to start supporting of
- forest updates, - lost and found, - quotas on DS, - physical locations,
- licensing of sites, - subnets, - policies for WMI, - DNS entries in AD
- Reordering of provision*.ldif files to be able to find entries and make future
additions easier
- Add comments in provision*.ldif files to point out where subentries are located
when they are based in other LDIFs
- Removations of autogenerated "cn" attributes
|
|
- Adds more system objects which make sense to have them in SAMBA 4 also to
have them when we add more and more services related to the directory (volume
support, DFS, replication service, COM...)
- Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes
are set correctly on each object
|
|
Rather than have the functional levels scattered in 4 different,
unconnected locations, the provision script now sets it, and the
rootdse module maintains it's copy only as a cached view onto the
original values.
We also use the functional level to determine if we should store AES
Kerberos keys.
Andrew Bartlett
|
|
Set the values like Windows Server 2003 R2.
|
|
Incorrectly added in 95eeef91d3ed7daf8e19029eadcc610caf26db63, and
found by OpenLDAP backend tests run by Theodor Chirana <office@adaptcom.ro>
Andrew Bartlett
|
|
Without these entries, using the 'Delegate Control' option in ADUC results in
the following error message in the Delegation of Control Wizard:
"The templates could not be applied. One or more of the templates is not
applicable. Click Back and select different templates, and then try again."
|
|
This ensures we don't fall out of sync with the provision scripts.
Andrew Bartlett
(This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a)
|
|
This means we only show and set the values when they are not the
values the schema and objectclass module would impose.
Andrew Bartlett
(This used to be commit c2f2e01357c1b087aa1261fb2cac8687426d5a78)
|
|
The instanceid module creates this automaticlly, so we don't need this
any more.
Andrew Bartlett
(This used to be commit f6dbdf34e8a790f460b705100e45ee3928b6b1b3)
|
|
no sense on a member server.
Andrew Bartlett
(This used to be commit 70467fa4c5d25b83c48dbbeb8236d5acb4550e77)
|
|
autogenerated by the objectclass module when the the entries are
added.
Andrew Bartlett
(This used to be commit 79e13349f00d009fc5dd0cdddade379df906ebc8)
|
|
(This used to be commit b5afec8b828e1aba231501b68aa4196b94a87c32)
|
|
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
(This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
|
|
metze
(This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f)
|
|
under ${BASEDN}
metze
(This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87)
|
|
into an exsting LDAP server. (Allow some parts to pre-exist, and try
to blow away less data).
Andrew Bartlett
(This used to be commit 99faff0ad8fa12d596c599064a0125a6b3365134)
|