summaryrefslogtreecommitdiff
path: root/source4/setup/schema_samba4.ldif
AgeCommit message (Collapse)AuthorFilesLines
2009-10-17s4-schema: We should not need Samba4TopExtra nowAndrew Tridgell1-23/+0
The last attribute this contained was 'privilege' which is now gone
2009-10-17s4-provision: removed the old privilege attributesAndrew Tridgell1-13/+14
Our schema is getting a bit cleaner :-)
2009-10-12s4:provision Remove all references to samba4LocalDomainAndrew Bartlett1-20/+23
This was a bad idea all along, as Simo said at the time. With the full MS schema and enforcement of it, it is an even worse idea. This fixes the provision of the member server in 'make test' Andrew Bartlett
2009-09-10s4: Use SASL authentication against Fedora DS.Endi Sukma Dewata1-18/+0
1. During instance creation the provisioning script will import the SASL mapping for samba-admin. It's done here due to missing config schema preventing adding the mapping via ldapi. 2. After that it will use ldif2db to import the cn=samba-admin user as the target of SASL mapping. 3. Then it will start FDS and continue to do provisioning using the Directory Manager with simple bind. 4. The SASL credentials will be stored in secrets.ldb, so when Samba server runs later it will use the SASL credentials. 5. After the provisioning is done (just before stopping the slapd) it will use the DM over direct ldapi to delete the default SASL mappings included automatically by FDS, leaving just the new samba-admin mapping. 6. Also before stopping slapd it will use the DM over direct ldapi to set the ACL on the root entries of the user, configuration, and schema partitions. The ACL will give samba-admin the full access to these partitions. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-08-17s4:provision Remove the ACI element from the provision templatesAndrew Bartlett1-14/+14
We need to find a better way to apply this (used in the Fedora DS LDAP backend), not by trying to tunnel this down the module stack. Andrew Bartlett
2009-07-27s4:setup add 'cn' attribute to Samba4 local schemaAndrew Bartlett1-0/+4
(We recently made the ms_schema.py script also add this attribute)
2009-07-20[SAMBA 4 directory] Refactoring and clean up of directory structureMatthias Dieter Wallnöfer1-3/+0
- Adds more system objects which make sense to have them in SAMBA 4 also to have them when we add more and more services related to the directory (volume support, DFS, replication service, COM...) - Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes are set correctly on each object
2009-04-09we should not be supplying a generated attribute in our schemaAndrew Tridgell1-13/+0
2009-04-03Add parentGUID as an allowed attribute in samba4TopAndrew Bartlett1-0/+1
This is required to get provision against OpenLDAP working again
2009-01-05More work to have OpenLDAP accept the full AD schemaAndrew Bartlett1-0/+2
We need to avoid handling DN+Binary and DN+String with the refint module for now, as this is a currently unsupported syntax. Also rename entryTTL to avoid a conflict with the operational attribute of the same name. Andrew Bartlett
2008-12-17s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-DomainAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-10-16Transform the sequence_number operation into a normal extended operation as ↵Simo Sorce1-0/+2
it should always have been. Make it also async so that it is not a special case.
2008-09-29s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updatesStefan Metzmacher1-0/+2
We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze
2008-07-23Explain where some other OIDs are allocated.Andrew Bartlett1-0/+6
This is an odd place for an OID registry - we perhaps need a central wiki page. Andrew Bartlett (This used to be commit 1c909973977ae117703c1ccf7589acc4625e76e5)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-12/+15
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-10Avoid the use of extensibleObject in ldap mapping backend.Andrew Bartlett1-17/+141
Instead of extensibleObject, we use the new (more correct) ad2oLschema tool, and a new objectClass called 'samba4Top', which we add and remove in the same way we did extensibleObject. Andrew Bartlett (This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett1-0/+38
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-01-11Make Samba4 and Fedora DS happierAndrew Bartlett1-0/+20
Recent changes to Samba4 have made the Fedora DS backend fail. This is a start on fixing that. Andrew Bartlett (This used to be commit 48dc07902ffb792532ff216e507e53103d448b7b)
2007-12-21r26298: Use metze's schema loading code to pre-initialise the schema into theAndrew Bartlett1-12/+15
samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
2007-10-10r22531: Fix up OpenLDAP schema map to almost pass 'make test'.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit ef9320ae5b0b01bd39b60c22ff4e3698ac0ae9a7)
2007-10-10r22497: Support renaming objectclasses and attributes for the LDAP backend.Andrew Bartlett1-0/+4
OpenLDAP is fussy about operational attributes in user-supplied schema. Andrew Bartlett (This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a)
2007-10-10r22478: Update the LDAP backend code to handle initialisation of multipleAndrew Bartlett1-8/+2
partitions onto the target LDAP server. Make the LDAP provision run before smbd starts, then stop the LDAP server. This ensures this occurs synchronously, We then restart it for the 'real run' (with slapd's stdin being the FIFO). This required fixing a few things in the provision scripts, with more containers being created via a add/modify pair. Andrew Bartlett (This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1)
2007-10-10r21435: ntPwdHash,lmPwdHash,sambaNTPwdHistory,sambaLMPwdHistory and krb5KeyStefan Metzmacher1-73/+88
are not used anymore metze (This used to be commit 9e91bd64492c45ee333f5e797d4d492378600356)
2007-10-10r20826: make the dsdb_control_current_partition struct public and allocate ↵Stefan Metzmacher1-0/+2
an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
2007-10-10r20728: the DSDB_CONTROL_REPLICATED_OBJECT_OID control isn't used anymoreStefan Metzmacher1-1/+1
because we now use DSDB_EXTENDED_REPLICATED_OBJECTS_OID extended operation metze (This used to be commit 4380cc9ed6ac2e6c133b5a36f922b341474a8e7e)
2007-10-10r20586: - allocate an OID range for LDB/LDAP extended operationsStefan Metzmacher1-0/+3
- allocate an OID for DSDB_EXTENDED_REPLICATED_OBJECTS_OID which will replace the DSDB_CONTROL_REPLICATED_OBJECT_OID soon metze (This used to be commit 6397f014482172573facd3d87d1f9eec1b320ac5)
2007-10-10r20577: - allocate an OID range for samba4 LDB/LDAP ControlsStefan Metzmacher1-0/+2
- allocate an OID for LDB Control that hold meta data when applying replicated objects metze (This used to be commit 2660c5ab211f353324452694b4bd5fd8bd17745b)
2007-10-10r20553: add ${CONFIGDN} and ${SCHEMADN} instead of using hardcoded pathsStefan Metzmacher1-9/+9
under ${BASEDN} metze (This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87)
2007-10-10r19336: Merge from release branch: new Mapped OIDs, in own subtree.Andrew Bartlett1-3/+4
Andrew Bartlett (This used to be commit ac5abff4b66619c29357adb7e013700bdf686709)
2007-10-10r19315: Record some OID allocations.Andrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit 0ceffb52eb218cd2beff0054679a07f137f0f23a)
2007-10-10r17653: fix typoSimo Sorce1-1/+1
(This used to be commit aca800bdcc5f402c1fc241e9e9c495933c85b715)
2007-10-10r17652: add oMSyntax to these attributesSimo Sorce1-0/+9
(This used to be commit 425fda84e2a4636c87b30df9df3f2c998202c933)
2007-10-10r17600: Finish the schema conversion tool, and add a mapping file, used to mapAndrew Bartlett1-14/+0
OIDs and skip built-in attributes. Andrew Bartlett (This used to be commit cb2b9d800d1228d41f7872a7b7c8ea5f07816c61)
2007-10-10r17499: Open the main database only the minimum times during a provision.Andrew Bartlett1-0/+149
This causes things to operate as just one transaction (locally), and to make a minimum of TCP connections when connecting to a remote LDAP server. Taking advantage of this, create another file to handle loading the Samba4 specific schema extensions. Also comment out 'middleName' and reassign the OID to one in the Samba4 range, as it is 'stolen' from a netscape range that is used in OpenLDAP and interenet standards for 'ref'. Andrew Bartlett (This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35)