From 1c027f35d70b0719ba671034e897834b4bed9c4f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 08:36:25 +0000 Subject: r12598: Make the 'objectClass' part of the templating process actually work. We need to add to the multivalued objectClass, not ignore it because the user has already specified a value. Also rename the template again. This was caught by more stringent tests in the unicodePwd module, but breaks MMC. A later commit will sort the objectClass. Andrew Bartlett (This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f) --- source4/dsdb/samdb/ldb_modules/samldb.c | 43 ++++++++++++++++++++------------- source4/setup/provision_templates.ldif | 6 +++-- source4/setup/provision_users.ldif | 10 -------- 3 files changed, 30 insertions(+), 29 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index cc4465b17d..84ffcdd1be 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -305,22 +305,31 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m continue; } for (j = 0; j < el->num_values; j++) { - if (strcasecmp(el->name, "objectClass") == 0 && - (strcasecmp((char *)el->values[j].data, "Template") == 0 || - strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "foreignSecurityPrincipalTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || - strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) { - continue; - } - if ( ! samldb_find_or_add_attribute(module, msg, el->name, - NULL, - (char *)el->values[j].data)) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); - talloc_free(res); - return -1; + if (strcasecmp(el->name, "objectClass") == 0) { + if (strcasecmp((char *)el->values[j].data, "Template") == 0 || + strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "foreignSecurityPrincipalTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "secretTemplate") == 0) { + continue; + } + if ( ! samldb_find_or_add_attribute(module, msg, el->name, + (char *)el->values[j].data, + (char *)el->values[j].data)) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + talloc_free(res); + return -1; + } + } else { + if ( ! samldb_find_or_add_attribute(module, msg, el->name, + NULL, + (char *)el->values[j].data)) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + talloc_free(res); + return -1; + } } } } @@ -407,7 +416,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module } if (samldb_find_attribute(msg, "objectclass", "computer") != NULL) { - if (samldb_copy_template(module, msg2, "(&(CN=TemplateServer)(objectclass=userTemplate))") != 0) { + if (samldb_copy_template(module, msg2, "(&(CN=TemplateComputer)(objectclass=userTemplate))") != 0) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n"); return NULL; } diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 6305b498f4..7b0fe1994c 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -38,11 +38,13 @@ logonCount: 0 sAMAccountType: 0x30000000 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateServer,CN=Templates,${BASEDN} +dn: CN=TemplateComputer,CN=Templates,${BASEDN} objectClass: top +objectClass: person +objectClass: organizationalPerson objectClass: Template objectClass: userTemplate -cn: TemplateServer +cn: TemplateComputer instanceType: 4 userAccountControl: 0x1002 badPwdCount: 0 diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 5ec29869d8..c002923268 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -1,7 +1,4 @@ dn: CN=Administrator,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson objectClass: user cn: Administrator description: Built-in account for administering the computer/domain @@ -22,9 +19,6 @@ unicodePwd: ${ADMINPASS} unixName: ${ROOT} dn: CN=Guest,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain @@ -83,10 +77,6 @@ privilege: SeRemoteInteractiveLogonRight dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user objectClass: computer cn: ${NETBIOSNAME} uSNCreated: 1 -- cgit