From f77c4100842f8c5357fa90822e04319810a04b8d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Jun 2006 18:04:24 +0000 Subject: r16264: Add, but do not yet enable, the partitions module. This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a) --- source4/setup/provision_basedn.ldif | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 source4/setup/provision_basedn.ldif (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif new file mode 100644 index 0000000000..4cf850e728 --- /dev/null +++ b/source4/setup/provision_basedn.ldif @@ -0,0 +1,8 @@ +################################ +## Domain Naming Context +################################ +dn: ${BASEDN} +objectClass: top +objectClass: domain +dc: ${RDN_DC} + -- cgit From cf7ccba67e342b7a99e39200e7c1321f638286ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Aug 2006 05:58:06 +0000 Subject: r17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't like this. Instead, handle this one in the add. Andrew Bartlett (This used to be commit ab355e1f5f0747225b4c3fc2e65ffb044fe03040) --- source4/setup/provision_basedn.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 4cf850e728..4111f77789 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -4,5 +4,6 @@ dn: ${BASEDN} objectClass: top objectClass: domain +objectClass: domainDNS dc: ${RDN_DC} -- cgit From ba1c80524ae34662b11b4c5acbaa90d831a5213a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 1 Sep 2006 04:34:21 +0000 Subject: r17982: One final hack... When against a real, schema-checking LDAP backend, we need extensibleObject on the baseDN entry (as entryUUID isn't run for creating this basic ldif) output. (This used to be commit befac43f59c4688f6c6827eb2e4e916c1056a740) --- source4/setup/provision_basedn.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 4111f77789..ab79319f20 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -5,5 +5,6 @@ dn: ${BASEDN} objectClass: top objectClass: domain objectClass: domainDNS +${EXTENSIBLEOBJECT} dc: ${RDN_DC} -- cgit From e8dfa06d45b4aaa784b9f8795f4197451aed4188 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Jan 2007 05:31:50 +0000 Subject: r20495: Further notes on joining with fedora DS. Add in a hook for adding an ACI, needed to allow anonymous access until we hook across a SYSTEM token to the LDAP server. Andrew Bartlett (This used to be commit f45504e2714680978f101b4a98516686a17531df) --- source4/setup/provision_basedn.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index ab79319f20..e8cf8005f3 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -6,5 +6,6 @@ objectClass: top objectClass: domain objectClass: domainDNS ${EXTENSIBLEOBJECT} +${ACI} dc: ${RDN_DC} -- cgit From 8f0a0ebcb380acf57d418a6598c75e42b0bf24dc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 17:40:43 +0000 Subject: r20557: use ${DOMAINDN} instead of ${BASEDN} metze (This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f) --- source4/setup/provision_basedn.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index e8cf8005f3..234c1f9e8f 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -1,7 +1,7 @@ ################################ ## Domain Naming Context ################################ -dn: ${BASEDN} +dn: ${DOMAINDN} objectClass: top objectClass: domain objectClass: domainDNS -- cgit From f1e177a7b8e660b245d5fb9b11a66b43c9b69784 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2008 12:00:27 +1100 Subject: provision: simplfy by removing old code to manually create baseDNs. Previously, we would create the first record in the DB as an LDIF file, with the expectation that the administrator would use slapadd to create the database. We now do everything over LDAP, which is far simpler, and allows the LDB module chain to do its work, without special cases. Also fix naming of the output schema when suggesting the comamnd line to run ad2oLschema in provision-backend. Andrew Bartlett (This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f) --- source4/setup/provision_basedn.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 234c1f9e8f..3c7537f013 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -5,7 +5,6 @@ dn: ${DOMAINDN} objectClass: top objectClass: domain objectClass: domainDNS -${EXTENSIBLEOBJECT} ${ACI} dc: ${RDN_DC} -- cgit From 1557e7b930b95fa5309390c46f72e14628447703 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 11:33:37 +1100 Subject: Kill another sub that the modules will handle for us. (This used to be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8) --- source4/setup/provision_basedn.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 3c7537f013..11eb0593e8 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -6,5 +6,4 @@ objectClass: top objectClass: domain objectClass: domainDNS ${ACI} -dc: ${RDN_DC} -- cgit From 0c882402360a10b19a038bce9f87e241051c9ba8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 11:36:58 +1100 Subject: Rework to have member server 'domains' be CN=NETBIOSNAME This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402) --- source4/setup/provision_basedn.ldif | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/setup/provision_basedn.ldif') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 11eb0593e8..7fdecfa3c0 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -3,7 +3,6 @@ ################################ dn: ${DOMAINDN} objectClass: top -objectClass: domain -objectClass: domainDNS +objectClass: ${DOMAIN_OC} ${ACI} -- cgit