From 4fa327a19f3da86df0fa7e63a66b5ee352de2c5d Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 17 Sep 2009 16:00:55 +0200 Subject: s4:provision - Some rework - Add/change "wellKnownObjects" attributes - Order entries in "provision_basedn_modify.ldif" - Add/change "delete entries" object under BASEDN and CONFIGDN - Fix default version number of "Default domain policy" group policy - Add "domain updates" objects for interoperability with MS AD maintaining tools - Show version number in the "oEMInformation" attribute (suggested by ekacnet) - Smaller fixups --- source4/setup/provision_basedn_modify.ldif | 82 ++++++++++++++++++++---------- 1 file changed, 55 insertions(+), 27 deletions(-) (limited to 'source4/setup/provision_basedn_modify.ldif') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 4dd75bb1e2..a9d1716151 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -4,9 +4,22 @@ dn: ${DOMAINDN} changetype: modify - +replace: auditingPolicy +auditingPolicy:  +- +replace: creationTime +creationTime: ${CREATTIME} +- replace: forceLogoff forceLogoff: -9223372036854775808 - +# "fSMORoleOwner" filled in later +replace: gPLink +gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0] +- +replace: isCriticalSystemObject +isCriticalSystemObject: TRUE +- replace: lockoutDuration lockoutDuration: -18000000000 - @@ -16,69 +29,84 @@ lockOutObservationWindow: -18000000000 replace: lockoutThreshold lockoutThreshold: 0 - +# "masteredBy" filled in later replace: maxPwdAge maxPwdAge: -37108517437440 - +# FIXME: This should be "-864000000000" when we fully comply with passwords pol. replace: minPwdAge minPwdAge: 0 - replace: minPwdLength minPwdLength: 7 - +replace: modifiedCount +modifiedCount: 1 +- replace: modifiedCountAtLastProm modifiedCountAtLastProm: 0 - -replace: nextRid -nextRid: 1000 +replace: msDS-AllUsersTrustQuota +msDS-AllUsersTrustQuota: 1000 - -replace: pwdProperties -pwdProperties: 1 +replace: msDS-Behavior-Version +msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY} - -replace: pwdHistoryLength -pwdHistoryLength: 24 +replace: ms-DS-MachineAccountQuota +ms-DS-MachineAccountQuota: 10 - -replace: objectSid -objectSid: ${DOMAINSID} +# "msDs-masteredBy" filled in later +replace: msDS-PerUserTrustQuota +msDS-PerUserTrustQuota: 1 - -replace: oEMInformation -oEMInformation: Provisioned by Samba4: ${LDAPTIME} +replace: msDS-PerUserTrustTombstonesQuota +msDS-PerUserTrustTombstonesQuota: 10 - -replace: serverState -serverState: 1 +replace: nextRid +nextRid: 1000 - replace: nTMixedDomain nTMixedDomain: 0 - -replace: msDS-Behavior-Version -msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY} +replace: objectSid +objectSid: ${DOMAINSID} - -replace: ridManagerReference -ridManagerReference: CN=RID Manager$,CN=System,${DOMAINDN} +# This exists only in SAMBA +replace: oEMInformation +oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING} - -replace: uASCompat -uASCompat: 1 +replace: pwdProperties +pwdProperties: 1 - -replace: modifiedCount -modifiedCount: 1 +replace: pwdHistoryLength +pwdHistoryLength: 24 - -replace: systemFlags -systemFlags: -1946157056 +replace: rIDManagerReference +rIDManagerReference: CN=RID Manager$,CN=System,${DOMAINDN} +- +replace: serverState +serverState: 1 - replace: subRefs subRefs: ${CONFIGDN} - -replace: gPLink -gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0] +replace: systemFlags +systemFlags: -1946157056 +- +replace: uASCompat +uASCompat: 1 - replace: wellKnownObjects +wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${DOMAINDN} +wellKnownObjects: B:32:f4be92a4c777485e878e9421d53087db:CN=Microsoft,CN=Program Data,${DOMAINDN} +wellKnownObjects: B:32:09460c08ae1e4a4ea0f64aee7daa1e5a:CN=Program Data,${DOMAINDN} wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN} +wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${DOMAINDN} wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN} +wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${DOMAINDN} wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN} wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN} wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN} wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN} - -replace: isCriticalSystemObject -isCriticalSystemObject: TRUE -- ${DOMAINGUID_MOD} -- cgit