From 3f2ca10d2d86f0cd64822f9e5f95633f41263237 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Nov 2007 22:38:55 +0100 Subject: r25940: Rework the samldb and templates handling. Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5) --- source4/setup/provision_templates.ldif | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index fa0718a0b7..8797efaf98 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -1,15 +1,21 @@ +### +# Templates to be put in templates.ldb. Not part of main samdb any more. +### + +dn: @OPTIONS +checkBaseOnSearch: TRUE + +dn: @INDEXLIST +@IDXATTR: cn + +dn: @ATTRIBUTES +cn: CASE_INSENSITIVE +dn: CASE_INSENSITIVE + dn: CN=Templates objectClass: top objectClass: container description: Container for SAM account templates -showInAdvancedViewOnly: TRUE -systemFlags: 2348810240 -isCriticalSystemObject: TRUE - -### -# note! the template users must not match normal searches. Be careful -# with what classes you put them in -### dn: CN=TemplateUser,CN=Templates userAccountControl: 514 -- cgit