summaryrefslogtreecommitdiff
path: root/source4/setup/provision_templates.ldif
AgeCommit message (Collapse)AuthorFilesLines
2008-08-19Fix templates.ldb reprovision handling.Andrew Bartlett1-10/+0
This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)
2008-03-07accountExpires: Windows default is 9223372036854775807, not -1.Andrew Kroeger1-2/+2
(This used to be commit be47cc7fdfa3cae0508e564f38b793aa27b6eb92)
2008-02-28Users and computers now share the same template.Andrew Bartlett1-25/+1
Slowly work away at the samldb module again, it is clear that AD does not use much of a templating system. samAccountType is managed, as far as I can tell, when groupType or userAccountControl changes. Andrew Bartlett (This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
2008-01-18Remove default 'showInAdvancedViewOnly' values.Andrew Bartlett1-1/+0
This means we only show and set the values when they are not the values the schema and objectclass module would impose. Andrew Bartlett (This used to be commit c2f2e01357c1b087aa1261fb2cac8687426d5a78)
2008-01-18Don't manually specify instanceID in the template files.Andrew Bartlett1-1/+0
The instanceid module creates this automaticlly, so we don't need this any more. Andrew Bartlett (This used to be commit f6dbdf34e8a790f460b705100e45ee3928b6b1b3)
2007-12-21r25940: Rework the samldb and templates handling.Andrew Bartlett1-8/+14
Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
2007-10-10r24914: In response to bug #4892 by Matthias Wallnöfer <mwallnoefer@yahoo.de>,Andrew Bartlett1-30/+0
allow the objectclass module to reconstruct the objectclass hierarchy, rather than using templates. The issue being fixed in particular is that 'top' was not being set on containers. This should ensure we do this right for all objects. Andrew Bartlett (This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6)
2007-10-10r24262: Set the objectCategory by default in the objectclass module, rather ↵Andrew Bartlett1-5/+0
than using templates. Modify the samba3sam test to be less fussy, and not use the objectclass module (which requires proper schema stuff now). Andrew Bartlett (This used to be commit 53c248c2645e86fbc8720860aed92a479483b528)
2007-10-10r20956: cn and instanceType are autogenerated values, later we need to ↵Stefan Metzmacher1-16/+0
remove them from all ldif files, but for now only the ones used by the NET-API-BECOME-DC test metze (This used to be commit 7510b9ca4a79c12c31abcf4a64b5eaba2f6c2fe9)
2007-10-10r20553: add ${CONFIGDN} and ${SCHEMADN} instead of using hardcoded pathsStefan Metzmacher1-5/+5
under ${BASEDN} metze (This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-10/+9
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16166: Remove hexidecimal constants from the Samba4 provision files.Andrew Bartlett1-17/+19
This change is required for compatibility with the OSX client, in particular, but returning 0x80000002 rather than -2147483646 violates what LDAP clients expect in general. Andrew Bartlett (This used to be commit 81f3cd1c4592d2108d521acd701ed4a70a23c465)
2007-10-10r14200: Now we have real USN support, don't force the values in the provisionAndrew Bartlett1-2/+0
scripts. This tests the real module, and avoids duplication. Andrew Bartlett (This used to be commit 0859ba59ae00029177cd63366fc59efe8b19c973)
2007-10-10r12598: Make the 'objectClass' part of the templating process actually work.Andrew Bartlett1-2/+4
We need to add to the multivalued objectClass, not ignore it because the user has already specified a value. Also rename the template again. This was caught by more stringent tests in the unicodePwd module, but breaks MMC. A later commit will sort the objectClass. Andrew Bartlett (This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f)
2007-10-10r12427: Move SAMR CreateUser2 to transactions, and re-add support forAndrew Bartlett1-22/+2
different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-0/+3
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8667: Further simply the provision script, by removing the 'name' attribute.Andrew Bartlett1-10/+0
This is now calculated on the fly for every add and modify. Andrew Bartlett (This used to be commit ed1f2e029c840d2b3ecb49dbe6e8cd67588eeeed)
2007-10-10r8660: Use templates for the initial provision of user and computer accounts.Andrew Bartlett1-0/+150
This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)