summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2009-04-09we should not be supplying a generated attribute in our schemaAndrew Tridgell1-13/+0
2009-04-03s4:schema Update Windows 2008 schema from Microsoft to latest versionAndrew Bartlett2-5145/+5148
2009-04-03Remove minschema generated schema - we now generate from setup/ad-schema/Andrew Bartlett1-10390/+0
2009-04-03Add parentGUID as an allowed attribute in samba4TopAndrew Bartlett1-0/+1
This is required to get provision against OpenLDAP working again
2009-03-20Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schemaAndrew Bartlett1-0/+15
2009-03-17added support for parentGUIDAndrew Tridgell1-0/+15
This is made up of 4 parts: 1) change our schema to include the parentGUID attribute type 2) in the add hook in the objectclass module, get the objectGUID of the parent and add it to the message as parentGUID 3) in the rename hook in the objectclass module, get the objectGUID of the new parent, and insert an async modify request after the renmam is done 4) added a simple test suite
2009-02-25Add the new, updated AD schema file from MicrosoftAndrew Bartlett3-1621/+1583
Also remove the copy of the licence text from licence.txt, to ensure we don't get variations between the copies. Andrew Bartlett
2009-02-25Updates to the recent cn=config support for the OpenLDAP backendOliver Liebel2-13/+3
- removed workaround for olcSyncprovConfig - creation (works perfect now with 2.4.15, release was today) - added 1 message-helpline, which is displayed when running provision-backend with olc and/or mmr setup - corrected 1 wrong slapcommand-helpline - slapd.conf is removed now in case of olc-setup - added 1 copyright-line to provision.py and provision-backend Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-02-24Added mmr and olc to the OpenLDAP backend provisioning-scriptsOliver Liebel12-22/+78
These extensions add mmr (multi-master-replication) and olc (openldap-online-configuration) capabilities to the provisioning-scripts (provision-backend and provision.py), for use with the openldap-backend (only versions >=2.4.15!). Changes / additions made to the provision-backend -script: added new command-line-options: --ol-mmr-urls=<list of whitespace separated ldap-urls> for use with mmr (can be combined with --ol-olc=yes), --ol-olc=[yes/no] (activate automatic conversion from static slapd.conf to olc), --ol-slaptest=<path to slaptest binary> (needed in conjunction with --ol-olc=yes) Changes / additions made to the provision.py -script: added extensions, that will automatically generate the chosen mmr and/or olc setup for the openldap backend, according to the to chosen parameters set in the provision-backend script Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-02-11Use convenience function for finding setup_dir based on location ofJelmer Vernooij3-5/+6
python module.
2009-02-11--interactive doesn't take any argument.Jelmer Vernooij1-1/+1
2009-01-21Use script path to find the setup directory.Jelmer Vernooij3-3/+3
2009-01-19Make sure server_role gets initialized in backend provisioning code -Jelmer Vernooij2-2/+2
fixes test.
2009-01-19Don't give fatal python errors when guessing the realmAndrew Bartlett1-2/+12
2009-01-16Add copyright headers.Jelmer Vernooij3-14/+53
2009-01-05Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij2-1/+6
2009-01-05More work to have OpenLDAP accept the full AD schemaAndrew Bartlett2-1/+6
We need to avoid handling DN+Binary and DN+String with the refint module for now, as this is a currently unsupported syntax. Also rename entryTTL to avoid a conflict with the operational attribute of the same name. Andrew Bartlett
2009-01-05Use fqdn rather than gethostname when guessing realm.Jelmer Vernooij1-1/+1
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij2-2/+2
2008-12-21Move tests for ParamFile.Jelmer Vernooij1-1/+1
2008-12-21Fix various Python-related bugs.Jelmer Vernooij1-1/+2
2008-12-20Corrections to Microsoft's schema and the OpenLDAP mapping fileAndrew Bartlett2-0/+63
2008-12-19Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij8-45/+24
2008-12-19Avoid use of parentheses in Python import statements, as it's not supported ↵Jelmer Vernooij2-4/+2
by Python2.3.
2008-12-19Fix errors in MS-AD_Schema_Attributes_v20080618.txtSreepathi Pai2-36/+9
- Remove spurious line breaks - Add missing attributeId from docs - Remove incorrect multiple values of systemFlags - Fix duplicate attributeId - Fix schemaIdGuid syntax Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-12-19Here's the prefixMap from w2k8.Stefan (metze) Metzmacher1-2/+9
We need to move 1.3.6.1.4.1.7165.4.1 and 1.3.6.1.4.1.7165.4.2 to the end...(if we still need them, which we should avoid) metze Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-12-19Move aggregate schema stub to it's own fileAndrew Bartlett2-3/+3
This should make it easier to import just the schema entries from the WSPP docs. Andrew Bartlett
2008-12-17s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference ↵Andrew Bartlett1-0/+2
depending on the backend This just changes the existing stratagy of loading different modules for the OpenLDAP backend to also include extended_dn_out_* When we provision the OpenLDAP backend, we make sure to include the 'deref' overlay (which must be made available by the OpenLDAP build) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-DomainAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}Andrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16s4/provision: Upper case default realm, use only first part of realm as ↵Jelmer Vernooij1-2/+2
default domain name.
2008-12-11Add interactive flag to setup/provision (also the default when no arguments ↵Jelmer Vernooij1-2/+27
are given).
2008-12-10Add AD schema from Microsoft's WSPP documentation.Andrew Bartlett3-0/+19124
This schema is *NOT* licenced under a standard Free Software licence, but does provide us the freedoms we need to use the schema, and the requirement to distribute as 'part of an implemenation' is similar to common Free font licences that are accepted by major linux distributions. Andrew Bartlett
2008-12-02Don't treat the DN+binary syntax as a DN.Andrew Bartlett2-4/+4
This should fix the OpenLDAP backend
2008-10-30Don't create LanMan Directory Replication Service key (bug 4934).Jelmer Vernooij1-4/+0
2008-10-20Mark clearTextPassword as a privilaged attributeAndrew Bartlett1-0/+1
2008-10-20Fix blackbox tests on IPv6-only hosts.Jelmer Vernooij1-2/+2
2008-10-16Transform the sequence_number operation into a normal extended operation as ↵Simo Sorce1-0/+2
it should always have been. Make it also async so that it is not a special case.
2008-10-02s4:setup: add wellknownObjects to the domain objectStefan Metzmacher1-0/+8
metze
2008-09-30Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell1-1/+1
2008-09-29Use the new 'samba4' name for our internal hdb plugin.Andrew Bartlett1-1/+1
2008-09-29added some more well known SIDs - thanks to the WSPP LSAT test suiteAndrew Tridgell1-0/+60
2008-09-29s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updatesStefan Metzmacher1-0/+2
We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze
2008-09-08Make it clear that the MMR password can differ from the admin passswordAndrew Bartlett1-1/+1
In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
2008-09-08Use DIGEST-MD5 authentication for OpenLDAP replicationOliver Liebel3-6/+19
This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
2008-09-08Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into ↵Andrew Bartlett2-1/+57
trusted-domains (This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
2008-09-06Remove <tab> in OpenLDAP MMR configOliver Liebel1-1/+0
Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
2008-08-30Add a setexpiry operation in samdb.pyAndrew Tridgell1-1/+13
This makes it easy to set the expiry (or no expiry) for a samdb user (This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
2008-08-30added a simple script for setting password expiryAndrew Tridgell1-0/+44
(This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
2008-08-22now that ldap integers are 32 bit, we need to put the right 32 bitAndrew Tridgell1-19/+19
value in for group type to avoid sign extension, otherwise we don't find the builtin groups (This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)