summaryrefslogtreecommitdiff
path: root/source4/setup/provision_templates.ldif
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-10/+9
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16166: Remove hexidecimal constants from the Samba4 provision files.Andrew Bartlett1-17/+19
This change is required for compatibility with the OSX client, in particular, but returning 0x80000002 rather than -2147483646 violates what LDAP clients expect in general. Andrew Bartlett (This used to be commit 81f3cd1c4592d2108d521acd701ed4a70a23c465)
2007-10-10r14200: Now we have real USN support, don't force the values in the provisionAndrew Bartlett1-2/+0
scripts. This tests the real module, and avoids duplication. Andrew Bartlett (This used to be commit 0859ba59ae00029177cd63366fc59efe8b19c973)
2007-10-10r12598: Make the 'objectClass' part of the templating process actually work.Andrew Bartlett1-2/+4
We need to add to the multivalued objectClass, not ignore it because the user has already specified a value. Also rename the template again. This was caught by more stringent tests in the unicodePwd module, but breaks MMC. A later commit will sort the objectClass. Andrew Bartlett (This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f)
2007-10-10r12427: Move SAMR CreateUser2 to transactions, and re-add support forAndrew Bartlett1-22/+2
different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-0/+3
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8667: Further simply the provision script, by removing the 'name' attribute.Andrew Bartlett1-10/+0
This is now calculated on the fly for every add and modify. Andrew Bartlett (This used to be commit ed1f2e029c840d2b3ecb49dbe6e8cd67588eeeed)
2007-10-10r8660: Use templates for the initial provision of user and computer accounts.Andrew Bartlett1-0/+150
This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)