summaryrefslogtreecommitdiff
path: root/source4/setup/provision_configuration.ldif
AgeCommit message (Collapse)AuthorFilesLines
2010-10-23s4:provision.py - add the correct "CN=Sites" security descriptorMatthias Dieter Wallnöfer1-0/+1
This should help to fix bug #7403. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
2010-06-06s4:provision - fix typo in substitution variableMatthias Dieter Wallnöfer1-1/+1
2010-05-13s4:domain functional level - it is also specified in the domain object under ↵Matthias Dieter Wallnöfer1-0/+1
partitions Discovered by the "ldapcmp" tool
2010-05-13s4:provision_configuration.ldif - add more extended rights objectsMatthias Dieter Wallnöfer1-0/+60
2010-05-13s4:provision_configuration.ldif - add more Windows 2008 forest operationsMatthias Dieter Wallnöfer1-0/+120
2010-05-13s4:provision_configuration.ldif - the revision level of "Windows2003Update" ↵Matthias Dieter Wallnöfer1-1/+1
should obviously be 10 Compared against my Windows Server 2008 and Zahari's output.
2010-05-13s4:provision_configuration.ldif - "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa" ↵Matthias Dieter Wallnöfer1-0/+1
operation is of version 3
2010-05-13s4:provision_configuration.ldif - set the right schedule on the default site ↵Matthias Dieter Wallnöfer1-0/+1
in the NTDS site settings
2010-05-13s4:provision_configuration.ldif - The "NTDS Quotas" object is system-criticalMatthias Dieter Wallnöfer1-0/+1
2010-05-13s4:provision_configuration.ldif - "sites" objectMatthias Dieter Wallnöfer1-6/+2
- The default site doesn't contain a licensing object - Adequate two other values (a "showInAdvancedViewOnly" and a "systemFlags" one)
2010-02-26Revert "s4:AD content - adequate some revision levels to match Windows ↵Andrew Tridgell1-3/+3
Server 2008" This reverts commit 973ea198677c581064fad62cdac30baac7103ef8. This change breaks DRS dcpromo.
2010-02-21s4:AD content - adequate some revision levels to match Windows Server 2008Matthias Dieter Wallnöfer1-3/+3
2010-02-16s4-drs: enable the recyclebin optional featureEduardo Lima1-0/+12
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-10-06s4-provision: match win2003 functional levelAndrew Tridgell1-2/+2
We are now defaulting to win2003 functional level, and see to report the right revisions of our db and schema
2009-09-30s4:provision: Show domains and forests are W2K8 DC capable.Andrew Kroeger1-0/+10
When adding a W2K8 DC to a domain running earlier DC versions, the "adprep" utility is used to perform schema updates and update other attributes as necessary. Adding these entries provides an indication that the adprep utility has been run with the /forestprep, /domainprep and /rodcprep arguments. Although these entries indicate adprep has been run, nothing has been done to verify that the changes that the adprep utility would have made have actually been done. The values used for the revision atttributes are as seen on a W2K8 DC (not W2K8 R2, which will probably have higher values).
2009-09-25s4:LDIFs - enhance the section commentsMatthias Dieter Wallnöfer1-0/+8
2009-09-20s4:provision_configuration - fix "sPNMappings"Matthias Dieter Wallnöfer1-2/+1
I reread some docs about this attributes and it seems that this as mapping attribute isn't host specific but in common for the whole domain. To allow Windows DCs to join our s4 domain sooner or later we have to provide the full attribute.
2009-09-18s4:provision_configuration - "sPNMappings": "http" missed on regenerationMatthias Dieter Wallnöfer1-1/+1
2009-09-18s4/provision_configuration - re-add the "sPNMappings"Matthias Dieter Wallnöfer1-0/+3
Accidentally removed by a previous commit.
2009-09-18s4:provision - Bump down the domain and forest level to Windows 2000Matthias Dieter Wallnöfer1-6/+7
- The DC level we keep on Windows Server 2008 R2 (we should call ourself always the newest server type) - The domain/forest level we set to the minimum (Windows 2000 native) to allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed" mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is set always to 0 - I'll add a script which allows to bump the DC level (basically sets the "msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and on the "DC" object)
2009-09-17s4:provision - Some rework (continuation)Matthias Dieter Wallnöfer1-1/+246
- Fix up "servicePrincipalNames" attributes on the DC object - Add some informative comments (most in "provision_self_join.ldif") - Add also comments where objects are missing which we may add later when we support the feature (mainly for FRS) - Add "domain updates" objects also under "CN=Configuration" (they exist twice) - Add the default services under "Services" to allow interoperability with some MS client tools - Smaller changes
2009-09-17s4:provision - Some reworkMatthias Dieter Wallnöfer1-6/+8
- Add/change "wellKnownObjects" attributes - Order entries in "provision_basedn_modify.ldif" - Add/change "delete entries" object under BASEDN and CONFIGDN - Fix default version number of "Default domain policy" group policy - Add "domain updates" objects for interoperability with MS AD maintaining tools - Show version number in the "oEMInformation" attribute (suggested by ekacnet) - Smaller fixups
2009-09-12s4:sites & services - Adds Intersite transport containersMatthieu Patou1-5/+28
This patch brings up those subcontainers and fixes up the "systemFlags" on the "Subnet" entry.
2009-09-07s4:setup: Updated comment to reflect new DisplaySpecifiers location.Andrew Kroeger1-1/+3
2009-08-26s4:provision Only create references to our server DN after the self joinAndrew Bartlett1-2/+0
This will ensure that the GUID can be filled in correctly, and assist us to validate DN targets in the future. Andrew Bartlett
2009-08-19we need the Deleted Objects container for replicationAndrew Tridgell1-0/+6
When objects are deleted they get renamed to this container. The container needs to exist when we provision
2009-08-11s4:AD LDIFs - More refactoringMatthias Dieter Wallnöfer1-155/+130
This commit includes: - Additional static object data in SAMBA 4's AD to start supporting of - forest updates, - lost and found, - quotas on DS, - physical locations, - licensing of sites, - subnets, - policies for WMI, - DNS entries in AD - Reordering of provision*.ldif files to be able to find entries and make future additions easier - Add comments in provision*.ldif files to point out where subentries are located when they are based in other LDIFs - Removations of autogenerated "cn" attributes
2009-07-20[SAMBA 4 directory] Refactoring and clean up of directory structureMatthias Dieter Wallnöfer1-0/+1
- Adds more system objects which make sense to have them in SAMBA 4 also to have them when we add more and more services related to the directory (volume support, DFS, replication service, COM...) - Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes are set correctly on each object
2009-07-16s4:dsdb Handle dc/domain/forest functional levels properlyAndrew Bartlett1-1/+1
Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett
2009-07-01[SAMBA 4 directory] Corrects the "systemFlags" attributesMatthias Dieter Wallnöfer1-5/+5
Set the values like Windows Server 2003 R2.
2009-05-29s4:setup Remove generated attributes from provision_configurationAndrew Bartlett1-195/+0
Incorrectly added in 95eeef91d3ed7daf8e19029eadcc610caf26db63, and found by OpenLDAP backend tests run by Theodor Chirana <office@adaptcom.ro> Andrew Bartlett
2009-05-26s4:Added Extended-Rights and subentries.Andrew Kroeger1-0/+881
Without these entries, using the 'Delegate Control' option in ADUC results in the following error message in the Delegation of Control Wizard: "The templates could not be applied. One or more of the templates is not applicable. Click Back and select different templates, and then try again."
2008-04-09Be consistant in using ${SEVERDN}.Andrew Bartlett1-1/+1
This ensures we don't fall out of sync with the provision scripts. Andrew Bartlett (This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a)
2008-01-18Remove default 'showInAdvancedViewOnly' values.Andrew Bartlett1-12/+0
This means we only show and set the values when they are not the values the schema and objectclass module would impose. Andrew Bartlett (This used to be commit c2f2e01357c1b087aa1261fb2cac8687426d5a78)
2008-01-18Don't manually specify instanceID in the template files.Andrew Bartlett1-12/+0
The instanceid module creates this automaticlly, so we don't need this any more. Andrew Bartlett (This used to be commit f6dbdf34e8a790f460b705100e45ee3928b6b1b3)
2007-10-10r25452: Move the creation of the server entry to the self join, as this makesAndrew Bartlett1-23/+0
no sense on a member server. Andrew Bartlett (This used to be commit 70467fa4c5d25b83c48dbbeb8236d5acb4550e77)
2007-10-10r24694: Remove objectCategory entries from the setup templates. These can beAndrew Bartlett1-14/+0
autogenerated by the objectclass module when the the entries are added. Andrew Bartlett (This used to be commit 79e13349f00d009fc5dd0cdddade379df906ebc8)
2007-10-10r22572: Don't manually set objectGUID valuesAndrew Bartlett1-1/+0
(This used to be commit b5afec8b828e1aba231501b68aa4196b94a87c32)
2007-10-10r22478: Update the LDAP backend code to handle initialisation of multipleAndrew Bartlett1-26/+0
partitions onto the target LDAP server. Make the LDAP provision run before smbd starts, then stop the LDAP server. This ensures this occurs synchronously, We then restart it for the 'real run' (with slapd's stdin being the FIFO). This required fixing a few things in the provision scripts, with more containers being created via a add/modify pair. Andrew Bartlett (This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
2007-10-10r20557: use ${DOMAINDN} instead of ${BASEDN}Stefan Metzmacher1-2/+2
metze (This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f)
2007-10-10r20553: add ${CONFIGDN} and ${SCHEMADN} instead of using hardcoded pathsStefan Metzmacher1-42/+42
under ${BASEDN} metze (This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87)
2007-10-10r20468: Patch from Martin Kuehl <kuehl@univention.de> to make it easier to loadAndrew Bartlett1-0/+182
into an exsting LDAP server. (Allow some parts to pre-exist, and try to blow away less data). Andrew Bartlett (This used to be commit 99faff0ad8fa12d596c599064a0125a6b3365134)