From b44f322f5d5940cb61b2f9c9e44fc25ed00e81be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2008 10:35:08 +1100 Subject: OpenLDAP backend: Place the refint overlay after the memberof overlay This still doesn't work for me, but is the recommended order. Andrew Bartlett (This used to be commit 4c869c54c2b8125fc88e58bbfddf1975476978a5) --- source4/setup/provision-backend | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index ba9e67f229..6582587624 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -169,9 +169,10 @@ memberof-dangling-error 32 } } - memberof_config = "overlay refint + memberof_config = memberof_config + " +overlay refint refint_attributes" + refint_attributes + " -" + memberof_config; +"; ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); if (!ok) { -- cgit From f1e177a7b8e660b245d5fb9b11a66b43c9b69784 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2008 12:00:27 +1100 Subject: provision: simplfy by removing old code to manually create baseDNs. Previously, we would create the first record in the DB as an LDIF file, with the expectation that the administrator would use slapadd to create the database. We now do everything over LDAP, which is far simpler, and allows the LDB module chain to do its work, without special cases. Also fix naming of the output schema when suggesting the comamnd line to run ad2oLschema in provision-backend. Andrew Bartlett (This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f) --- source4/setup/provision | 6 +----- source4/setup/provision-backend | 5 ++--- source4/setup/provision_basedn.ldif | 1 - source4/setup/provision_configuration_basedn.ldif | 1 - source4/setup/provision_schema_basedn.ldif | 1 - 5 files changed, 3 insertions(+), 11 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index ce1e8a6b4f..8b24c51040 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -123,7 +123,6 @@ for (r in options) { } var blank = (options["blank"] != undefined); -var ldapbase = (options["ldap-base"] != undefined); var ldapbackend = (options["ldap-backend"] != undefined); var ldapmodule = (options["ldap-module"] != undefined); var partitions_only = (options["partitions-only"] != undefined); @@ -161,10 +160,7 @@ var system_session = system_session(); var creds = options.get_credentials(); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -if (ldapbase) { - provision_ldapbase(subobj, message, paths); - message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n"); -} else if (partitions_only) { +if (partitions_only) { provision_become_dc(subobj, message, false, paths, system_session); } else { provision(subobj, message, blank, paths, system_session, creds, ldapbackend); diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 6582587624..abd1b9a875 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -101,7 +101,7 @@ var backend_schema; var slapd_command; if (options["ldap-backend-type"] == "fedora-ds") { mapping = "schema-map-fedora-ds-1.0"; - backend_schema = "backend-schema.ldif"; + backend_schema = "99_ad.ldif"; if (options["ldap-backend-port"] != undefined) { message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; @@ -114,9 +114,8 @@ if (options["ldap-backend-type"] == "fedora-ds") { slapd_command = "(see documentation)"; } else if (options["ldap-backend-type"] == "openldap") { - provision_ldapbase(subobj, message, paths); mapping = "schema-map-openldap-2.3"; - backend_schema = "99_ad.ldif"; + backend_schema = "backend-schema.schema"; setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); sys.mkdir(subobj.LDAPDIR + "/db", 0700); diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 234c1f9e8f..3c7537f013 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -5,7 +5,6 @@ dn: ${DOMAINDN} objectClass: top objectClass: domain objectClass: domainDNS -${EXTENSIBLEOBJECT} ${ACI} dc: ${RDN_DC} diff --git a/source4/setup/provision_configuration_basedn.ldif b/source4/setup/provision_configuration_basedn.ldif index df1e1b19ba..575f8faa0a 100644 --- a/source4/setup/provision_configuration_basedn.ldif +++ b/source4/setup/provision_configuration_basedn.ldif @@ -4,6 +4,5 @@ dn: ${CONFIGDN} objectClass: top objectClass: configuration -${EXTENSIBLEOBJECT} ${ACI} cn: Configuration diff --git a/source4/setup/provision_schema_basedn.ldif b/source4/setup/provision_schema_basedn.ldif index 7b4f599072..fbfd4c09d6 100644 --- a/source4/setup/provision_schema_basedn.ldif +++ b/source4/setup/provision_schema_basedn.ldif @@ -4,6 +4,5 @@ dn: ${SCHEMADN} objectClass: top objectClass: dMD -${EXTENSIBLEOBJECT} ${ACI} cn: Schema -- cgit From 064eb82870596e72373c290dfaf0e6b8289303de Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:25:01 +1100 Subject: Remove --ldap-base from the python provision script (This is a merge from the ejs script) Andrew Bartlett (This used to be commit d822dfa017b84895222ace8c44935fb872930548) --- source4/setup/provision.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index e166d5f3dd..88015ce0a3 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -34,7 +34,7 @@ from auth import system_session import samba.getopt as options import param from samba.provision import (provision, - provision_paths_from_lp, provision_ldapbase) + provision_paths_from_lp) parser = optparse.OptionParser("provision [options]") parser.add_option_group(options.SambaOptions(parser)) @@ -81,9 +81,6 @@ parser.add_option("--users", type="string", metavar="GROUPNAME", parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") -parser.add_option("--ldap-base", - help="output only an LDIF file, suitable for creating an LDAP baseDN", - action="store_true") parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", help="LDAP server to use for this provision") parser.add_option("--ldap-module=", type="string", metavar="MODULE", @@ -152,10 +149,7 @@ creds = credopts.get_credentials() setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -if opts.ldap_base: - provision_ldapbase(setup_dir, message, paths) - message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) -elif opts.partitions_only: +if opts.partitions_only: provision_become_dc(setup_dir, message, False, paths, lp, system_session(), creds) else: -- cgit From 958b0e8ad1eb85881a2f7c3d193d121c21e7a258 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:28:52 +1100 Subject: Use syncrepl on all OpenLDAP databases (creates contextCSN attribute) This module needs to be loaded on each database, not just the main partition. We use it to create the usn for the entries. Andrew Bartlett (This used to be commit ffb12aad8a80bb90d66dc66baba81b856622a6bb) --- source4/setup/slapd.conf | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index e4e86eece9..83f4da3359 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -34,6 +34,12 @@ index lDAPDisplayName eq index subClassOf eq index cn eq +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 + database hdb suffix ${CONFIGDN} directory ${LDAPDIR}/db/config @@ -48,6 +54,12 @@ index dnsRoot eq index nETBIOSName eq index cn eq +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 + database hdb suffix ${DOMAINDN} rootdn ${LDAPMANAGERDN} -- cgit From 873c7457c61584aec8c051849863151af79e2894 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:30:20 +1100 Subject: Don't manually specify instanceID in the template files. The instanceid module creates this automaticlly, so we don't need this any more. Andrew Bartlett (This used to be commit f6dbdf34e8a790f460b705100e45ee3928b6b1b3) --- source4/setup/display_specifiers.ldif | 2 -- source4/setup/provision.ldif | 8 -------- source4/setup/provision_computers_modify.ldif | 3 --- source4/setup/provision_configuration.ldif | 12 ------------ source4/setup/provision_configuration_basedn_modify.ldif | 6 ------ source4/setup/provision_schema_basedn_modify.ldif | 3 --- source4/setup/provision_self_join.ldif | 2 -- source4/setup/provision_templates.ldif | 1 - source4/setup/provision_users.ldif | 3 --- source4/setup/provision_users_modify.ldif | 3 --- 10 files changed, 43 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index b76955a0cb..574912b3e8 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -2,14 +2,12 @@ dn: CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container showInAdvancedViewOnly: TRUE -instanceType: 4 dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 name: 409 -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c6b07c5751..5e15bf347a 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -3,7 +3,6 @@ objectClass: top objectClass: organizationalUnit cn: Domain Controllers description: Default container for domain controllers -instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -13,7 +12,6 @@ objectClass: top objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains -instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -23,7 +21,6 @@ objectClass: top objectClass: container cn: System description: Builtin system settings -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -32,7 +29,6 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectclass: top objectclass: rIDManager cn: RID Manager$ -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -43,14 +39,12 @@ dn: CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: DomainUpdates -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: Windows2003Update -instanceType: 4 showInAdvancedViewOnly: TRUE revision: 8 @@ -58,7 +52,6 @@ dn: CN=Infrastructure,${DOMAINDN} objectclass: top objectclass: infrastructureUpdate cn: Infrastructure -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -68,7 +61,6 @@ dn: CN=Builtin,${DOMAINDN} objectClass: top objectClass: builtinDomain cn: Builtin -instanceType: 4 showInAdvancedViewOnly: FALSE forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif index b7502e5107..3bb4074d42 100644 --- a/source4/setup/provision_computers_modify.ldif +++ b/source4/setup/provision_computers_modify.ldif @@ -3,9 +3,6 @@ changetype: modify replace: description description: Default container for upgraded computer accounts - -replace: instanceType -instanceType: 4 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 050f110d9a..750fa1326a 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -5,7 +5,6 @@ dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer cn: Partitions -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 msDS-Behavior-Version: 0 @@ -15,7 +14,6 @@ dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Configuration -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${CONFIGDN} @@ -25,7 +23,6 @@ dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Schema -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${SCHEMADN} @@ -35,7 +32,6 @@ dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: ${DOMAIN} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 3 nCName: ${DOMAINDN} @@ -46,7 +42,6 @@ dn: CN=Sites,${CONFIGDN} objectClass: top objectClass: sitesContainer cn: Sites -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -54,7 +49,6 @@ dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: site cn: ${DEFAULTSITE} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -62,7 +56,6 @@ dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: serversContainer cn: Servers -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -70,7 +63,6 @@ dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Services -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 @@ -78,14 +70,12 @@ dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Windows NT -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: nTDSService cn: Directory Service -instanceType: 4 showInAdvancedViewOnly: TRUE sPNMappings: host=ldap,dns,cifs,http @@ -93,14 +83,12 @@ dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Query-Policies -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: queryPolicy cn: Default Query Policy -instanceType: 4 showInAdvancedViewOnly: TRUE lDAPAdminLimits: MaxValRange=1500 lDAPAdminLimits: MaxReceiveBuffer=10485760 diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif index 46ba4e9649..a72f2c8eca 100644 --- a/source4/setup/provision_configuration_basedn_modify.ldif +++ b/source4/setup/provision_configuration_basedn_modify.ldif @@ -3,14 +3,8 @@ ############################### dn: ${CONFIGDN} changetype: modify -replace: instanceType -instanceType: 13 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - -replace: objectCategory -objectCategory: CN=Configuration,${SCHEMADN} -- replace: subRefs subRefs: ${SCHEMADN} diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 92c5cf1ace..986f0d632c 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -3,9 +3,6 @@ ############################### dn: ${SCHEMADN} changetype: modify -replace: instanceType -instanceType: 13 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 06230e8d00..1caa62163e 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -43,7 +43,6 @@ dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: server cn: ${NETBIOSNAME} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1375731712 dNSHostName: ${DNSNAME} @@ -55,7 +54,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings options: 1 -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 33554432 dMDLocation: ${SCHEMADN} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 8797efaf98..04eaabcab7 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -66,7 +66,6 @@ sAMAccountType: 268435456 # # dn: CN=TemplateAlias,CN=Templates # cn: TemplateAlias -# instanceType: 4 # groupType: -2147483644 # sAMAccountType: 268435456 diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 7c1a438d8e..3e6f717f15 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -134,7 +134,6 @@ objectClass: top objectClass: group cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users -instanceType: 4 objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 536870912 @@ -307,7 +306,6 @@ objectClass: top objectClass: group cn: Server Operators description: Members can administer domain servers -instanceType: 4 objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -327,7 +325,6 @@ objectClass: top objectClass: group cn: Account Operators description: Members can administer domain user and group accounts -instanceType: 4 objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif index 42dff07080..06954c44f0 100644 --- a/source4/setup/provision_users_modify.ldif +++ b/source4/setup/provision_users_modify.ldif @@ -3,9 +3,6 @@ changetype: modify replace: description description: Default container for upgraded user accounts - -replace: instanceType -instanceType: 4 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - -- cgit From 53c1cdd11ad56723cd7bada2df0cc2faa88227df Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 17:08:34 +1100 Subject: Don't set 'name' in the LDIF, this is handled by the rdn_name module. Andrew Bartlett (This used to be commit e9003feb1b9eb3d5b82e82910b63306e5ecc2908) --- source4/setup/display_specifiers.ldif | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index 574912b3e8..b06d89778c 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -7,14 +7,12 @@ dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 -name: 409 showInAdvancedViewOnly: TRUE dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: user-Display -name: user-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93} adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813} @@ -33,7 +31,6 @@ dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: group-Display -name: group-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB} adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} @@ -61,7 +58,6 @@ dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: computer-Display -name: computer-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3} adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3} @@ -79,7 +75,6 @@ dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: organizationalUnit-Display -name: organizationalUnit-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93} adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB} @@ -95,7 +90,6 @@ dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: container-Display -name: container-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB} adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} @@ -110,7 +104,6 @@ dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: default-Display -name: default-Display adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB} adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6} -- cgit From b39676089e8a4b0f2cca96c15ed21e054a78e8e2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 18:10:18 +1100 Subject: Remove default 'showInAdvancedViewOnly' values. This means we only show and set the values when they are not the values the schema and objectclass module would impose. Andrew Bartlett (This used to be commit c2f2e01357c1b087aa1261fb2cac8687426d5a78) --- source4/setup/display_specifiers.ldif | 2 -- source4/setup/provision.ldif | 11 +++------- source4/setup/provision_configuration.ldif | 12 ----------- .../provision_configuration_basedn_modify.ldif | 3 --- source4/setup/provision_schema_basedn_modify.ldif | 3 --- source4/setup/provision_self_join.ldif | 4 +--- source4/setup/provision_templates.ldif | 1 - source4/setup/provision_users.ldif | 25 ---------------------- 8 files changed, 4 insertions(+), 57 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index b06d89778c..7d6633244d 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -1,13 +1,11 @@ dn: CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container -showInAdvancedViewOnly: TRUE dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 -showInAdvancedViewOnly: TRUE dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 5e15bf347a..3fb9361d0b 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -3,25 +3,24 @@ objectClass: top objectClass: organizationalUnit cn: Domain Controllers description: Default container for domain controllers -showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE +showInAdvancedViewOnly: FALSE dn: CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains -showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE +showInAdvancedViewOnly: FALSE dn: CN=System,${DOMAINDN} objectClass: top objectClass: container cn: System description: Builtin system settings -showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -29,7 +28,6 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectclass: top objectclass: rIDManager cn: RID Manager$ -showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -39,20 +37,17 @@ dn: CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: DomainUpdates -showInAdvancedViewOnly: TRUE dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: Windows2003Update -showInAdvancedViewOnly: TRUE revision: 8 dn: CN=Infrastructure,${DOMAINDN} objectclass: top objectclass: infrastructureUpdate cn: Infrastructure -showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -61,7 +56,6 @@ dn: CN=Builtin,${DOMAINDN} objectClass: top objectClass: builtinDomain cn: Builtin -showInAdvancedViewOnly: FALSE forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 @@ -78,6 +72,7 @@ serverState: 1 uASCompat: 1 modifiedCount: 1 isCriticalSystemObject: TRUE +showInAdvancedViewOnly: FALSE dn: CN=Policies,CN=System,${DOMAINDN} objectClass: top diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 750fa1326a..0fe90b0739 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -5,7 +5,6 @@ dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer cn: Partitions -showInAdvancedViewOnly: TRUE systemFlags: 2147483648 msDS-Behavior-Version: 0 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -14,7 +13,6 @@ dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Configuration -showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${CONFIGDN} dnsRoot: ${DNSDOMAIN} @@ -23,7 +21,6 @@ dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Schema -showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${SCHEMADN} dnsRoot: ${DNSDOMAIN} @@ -32,7 +29,6 @@ dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: ${DOMAIN} -showInAdvancedViewOnly: TRUE systemFlags: 3 nCName: ${DOMAINDN} nETBIOSName: ${DOMAIN} @@ -42,54 +38,46 @@ dn: CN=Sites,${CONFIGDN} objectClass: top objectClass: sitesContainer cn: Sites -showInAdvancedViewOnly: TRUE systemFlags: 2181038080 dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: site cn: ${DEFAULTSITE} -showInAdvancedViewOnly: TRUE systemFlags: 2181038080 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: serversContainer cn: Servers -showInAdvancedViewOnly: TRUE systemFlags: 2181038080 dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Services -showInAdvancedViewOnly: TRUE systemFlags: 2147483648 dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Windows NT -showInAdvancedViewOnly: TRUE dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: nTDSService cn: Directory Service -showInAdvancedViewOnly: TRUE sPNMappings: host=ldap,dns,cifs,http dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Query-Policies -showInAdvancedViewOnly: TRUE dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: queryPolicy cn: Default Query Policy -showInAdvancedViewOnly: TRUE lDAPAdminLimits: MaxValRange=1500 lDAPAdminLimits: MaxReceiveBuffer=10485760 lDAPAdminLimits: MaxDatagramRecv=4096 diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif index a72f2c8eca..9b87e1cead 100644 --- a/source4/setup/provision_configuration_basedn_modify.ldif +++ b/source4/setup/provision_configuration_basedn_modify.ldif @@ -3,8 +3,5 @@ ############################### dn: ${CONFIGDN} changetype: modify -replace: showInAdvancedViewOnly -showInAdvancedViewOnly: TRUE -- replace: subRefs subRefs: ${SCHEMADN} diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 986f0d632c..4e690376d7 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -3,9 +3,6 @@ ############################### dn: ${SCHEMADN} changetype: modify -replace: showInAdvancedViewOnly -showInAdvancedViewOnly: TRUE -- replace: fSMORoleOwner fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 1caa62163e..58669660f4 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -30,7 +30,6 @@ objectClass: organizationalPerson objectClass: user cn: dns description: DNS Service Account -showInAdvancedViewOnly: TRUE userAccountControl: 514 accountExpires: 9223372036854775807 sAMAccountName: dns @@ -38,12 +37,12 @@ sAMAccountType: 805306368 servicePrincipalName: DNS/${DNSDOMAIN} isCriticalSystemObject: TRUE sambaPassword:: ${DNSPASS_B64} +showInAdvancedViewOnly: TRUE dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: server cn: ${NETBIOSNAME} -showInAdvancedViewOnly: TRUE systemFlags: 1375731712 dNSHostName: ${DNSNAME} serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} @@ -54,7 +53,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings options: 1 -showInAdvancedViewOnly: TRUE systemFlags: 33554432 dMDLocation: ${SCHEMADN} invocationId: ${INVOCATIONID} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 04eaabcab7..fafedc6966 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -70,7 +70,6 @@ sAMAccountType: 268435456 # sAMAccountType: 268435456 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates -showInAdvancedViewOnly: TRUE dn: CN=TemplateSecret,CN=Templates diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 3e6f717f15..05fde15974 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -401,173 +401,148 @@ objectClass: top objectClass: container cn: WellKnown Security Principals systemFlags: 2147483648 -showInAdvancedViewOnly: TRUE dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Anonymous Logon objectSid: S-1-5-7 -showInAdvancedViewOnly: TRUE dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Authenticated Users objectSid: S-1-5-11 -showInAdvancedViewOnly: TRUE dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Batch objectSid: S-1-5-3 -showInAdvancedViewOnly: TRUE dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Creator Group objectSid: S-1-3-1 -showInAdvancedViewOnly: TRUE dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Creator Owner objectSid: S-1-3-0 -showInAdvancedViewOnly: TRUE dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Dialup objectSid: S-1-5-1 -showInAdvancedViewOnly: TRUE dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Digest Authentication objectSid: S-1-5-64-21 -showInAdvancedViewOnly: TRUE dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Enterprise Domain Controllers objectSid: S-1-5-9 -showInAdvancedViewOnly: TRUE dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Everyone objectSid: S-1-1-0 -showInAdvancedViewOnly: TRUE dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Interactive objectSid: S-1-5-4 -showInAdvancedViewOnly: TRUE dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Local Service objectSid: S-1-5-19 -showInAdvancedViewOnly: TRUE dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Network objectSid: S-1-5-2 -showInAdvancedViewOnly: TRUE dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Network Service objectSid: S-1-5-20 -showInAdvancedViewOnly: TRUE dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: NTLM Authentication objectSid: S-1-5-64-10 -showInAdvancedViewOnly: TRUE dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Other Organization objectSid: S-1-5-1000 -showInAdvancedViewOnly: TRUE dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Proxy objectSid: S-1-5-8 -showInAdvancedViewOnly: TRUE dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Remote Interactive Logon objectSid: S-1-5-14 -showInAdvancedViewOnly: TRUE dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Restricted objectSid: S-1-5-12 -showInAdvancedViewOnly: TRUE dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: SChannel Authentication objectSid: S-1-5-64-14 -showInAdvancedViewOnly: TRUE dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Self objectSid: S-1-5-10 -showInAdvancedViewOnly: TRUE dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Service objectSid: S-1-5-6 -showInAdvancedViewOnly: TRUE dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Terminal Server User objectSid: S-1-5-13 -showInAdvancedViewOnly: TRUE dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: This Organization objectSid: S-1-5-15 -showInAdvancedViewOnly: TRUE dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Well-Known-Security-Id-System objectSid: S-1-5-18 -showInAdvancedViewOnly: TRUE -- cgit