summaryrefslogtreecommitdiff
path: root/source4/setup/provision_self_join.ldif
AgeCommit message (Collapse)AuthorFilesLines
2009-08-11s4:AD LDIFs - More refactoringMatthias Dieter Wallnöfer1-5/+1
This commit includes: - Additional static object data in SAMBA 4's AD to start supporting of - forest updates, - lost and found, - quotas on DS, - physical locations, - licensing of sites, - subnets, - policies for WMI, - DNS entries in AD - Reordering of provision*.ldif files to be able to find entries and make future additions easier - Add comments in provision*.ldif files to point out where subentries are located when they are based in other LDIFs - Removations of autogenerated "cn" attributes
2009-07-20[SAMBA 4 directory] Refactoring and clean up of directory structureMatthias Dieter Wallnöfer1-3/+2
- Adds more system objects which make sense to have them in SAMBA 4 also to have them when we add more and more services related to the directory (volume support, DFS, replication service, COM...) - Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes are set correctly on each object
2009-07-16s4:dsdb Handle dc/domain/forest functional levels properlyAndrew Bartlett1-2/+2
Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett
2009-07-01[SAMBA 4 directory] Adds the complete "objectclass path" to our self-created ↵Matthias Dieter Wallnöfer1-0/+4
DC object Found after some comparisons against Windows Server 2003 R2.
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-2/+2
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-04-09Be consistant in using ${SEVERDN}.Andrew Bartlett1-2/+2
This ensures we don't fall out of sync with the provision scripts. Andrew Bartlett (This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a)
2008-04-02Remove references to setting the host GUID, as the repl_meta_dataAndrew Bartlett1-1/+0
module prohibits it anyway. Andrew Bartlett (This used to be commit c5b287c056855892f30fbbf32efe7d65da31ce91)
2008-02-28Users and computers now share the same template.Andrew Bartlett1-2/+0
Slowly work away at the samldb module again, it is clear that AD does not use much of a templating system. samAccountType is managed, as far as I can tell, when groupType or userAccountControl changes. Andrew Bartlett (This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
2008-01-18Remove default 'showInAdvancedViewOnly' values.Andrew Bartlett1-3/+1
This means we only show and set the values when they are not the values the schema and objectclass module would impose. Andrew Bartlett (This used to be commit c2f2e01357c1b087aa1261fb2cac8687426d5a78)
2008-01-18Don't manually specify instanceID in the template files.Andrew Bartlett1-2/+0
The instanceid module creates this automaticlly, so we don't need this any more. Andrew Bartlett (This used to be commit f6dbdf34e8a790f460b705100e45ee3928b6b1b3)
2007-12-21r26298: Use metze's schema loading code to pre-initialise the schema into theAndrew Bartlett1-1/+6
samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
2007-10-10r25452: Move the creation of the server entry to the self join, as this makesAndrew Bartlett1-0/+23
no sense on a member server. Andrew Bartlett (This used to be commit 70467fa4c5d25b83c48dbbeb8236d5acb4550e77)
2007-10-10r25299: Modify the provision script to take an additional argument: ↵Andrew Bartlett1-0/+18
--server-role This must be set to either 'domain controller', 'domain member' or 'standalone'. The default for the provision now changes to 'standalone'. This is not because Samba4 is particularlly useful in that mode, but because we still want a positive sign from the administrator that we should advertise as a DC. We now do more to ensure the 'standalone' and 'member server' provision output is reasonable, and try not to set odd things into the database that only belong for the DC. Andrew Bartlett (This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
2007-10-10r24760: Ensure we base64 encode any password being put into LDIF, to avoidAndrew Bartlett1-1/+1
provision failures when some of the random password values are illigal LDIF. Andrew Bartlett (This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898)
2007-10-10r23815: Thanks to Matthias Wallnoefer <mwallnoefer@yahoo.de> for pointing outAndrew Bartlett1-1/+1
that we had the wrong objectClass for OU=Domain Controllers,${DOMAINDN} (was CN=Domain Controllers,${DOMAINDN}) This fixes both the SAMR server and the LDIF templates. Andrew Bartlett (This used to be commit 625a9e6c041bedc93925bdebb3a60af1dbdde317)
2007-10-10r23720: Allow the member server to work against an LDAP Backend. Another caseAndrew Bartlett1-0/+23
where LDB isn't as strict as OpenLDAP, the self join record contains duplicate servicePrincipalNames once the DNS name and domain name are made equal. (Easier to just skip the useless self-join). Andrew Bartlett (This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f)