From 7578e04fb8022ba13fa07fb88eb3d00474337ea1 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Mon, 1 Nov 2010 11:30:19 +0100
Subject: s4:provision - adapt the "provision" so that SIDs are only set on
 entry creation

SID modifications are denied.
---
 source4/scripting/python/samba/provision.py | 12 ++++--------
 source4/setup/provision_basedn.ldif         |  1 +
 source4/setup/provision_basedn_modify.ldif  |  3 ---
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 441c2b540b..7c38197bec 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1127,22 +1127,18 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
         descr = b64encode(get_domain_descriptor(domainsid))
         setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
                 "DOMAINDN": names.domaindn,
-                "DOMAINGUID": domainguid_line,
-                "DESCRIPTOR": descr
+                "DOMAINSID": str(domainsid),
+                "DESCRIPTOR": descr,
+                "DOMAINGUID": domainguid_line
                 })
 
-
         setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
+            "DOMAINDN": names.domaindn,
             "CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
-            "DOMAINSID": str(domainsid),
             "NEXTRID": str(next_rid),
-            "SCHEMADN": names.schemadn, 
-            "NETBIOSNAME": names.netbiosname,
             "DEFAULTSITE": names.sitename,
             "CONFIGDN": names.configdn,
-            "SERVERDN": names.serverdn,
             "POLICYGUID": policyguid,
-            "DOMAINDN": names.domaindn,
             "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
             "SAMBA_VERSION_STRING": version
             })
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index b82f41452e..cb9173827c 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -5,5 +5,6 @@ dn: ${DOMAINDN}
 objectClass: top
 objectClass: domaindns
 instanceType: 5
+objectSid: ${DOMAINSID}
 nTSecurityDescriptor:: ${DESCRIPTOR}
 ${DOMAINGUID}
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 53845f7355..d67d674319 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -72,9 +72,6 @@ nextRid: ${NEXTRID}
 replace: nTMixedDomain
 nTMixedDomain: 0
 -
-replace: objectSid
-objectSid: ${DOMAINSID}
--
 # This does only exist in SAMBA
 replace: oEMInformation
 oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}
-- 
cgit