The branch, master has been updated
via 05d7524 s4:setup/spn_update_list - the DNS SPN is only used in DNS
mode
via 02547de s4:ldap.py/sam.py - simplify the objectclass specifications
via 6f2001e s4:sam.py - test "objectSid" modification lockdown
via 7da84bc s4:samldb LDB module - unify objectSid assignment error
messages
via 7ca6b3e s4:samldb LDB module - deny "objectSid" modifications
via 7578e04 s4:provision - adapt the "provision" so that SIDs are only
set on entry creation
via 2a25f75 s4:torture - suppress printf "%llu" on uint64_t variables
warnings
via c8bcf82 ldb:tools/ldbtest.c - fix build warning
from e59a8a5 s4-ldb: fixed build of paged searches
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 05d752473615404ab81d28423f6c78cf3de49777
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Oct 31 22:42:38 2010 +0100
s4:setup/spn_update_list - the DNS SPN is only used in DNS mode
Not all DCs are automatically DNS servers.
Autobuild-User: Matthias Dieter Wallnöfer <[email protected]>
Autobuild-Date: Mon Nov 1 12:20:36 UTC 2010 on sn-devel-104
commit 02547de5f9a055723d388b3790ac9cd82d8e1895
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Oct 31 22:39:49 2010 +0100
s4:ldap.py/sam.py - simplify the objectclass specifications
- For user accounts we only need to specify "user" ("person" is an inherited
objectclass)
- Don't use the brackets when we have only one objectclass specified
commit 6f2001efa53fa3a46966bde8ed0e3307bbdcf0c4
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Oct 31 22:34:22 2010 +0100
s4:sam.py - test "objectSid" modification lockdown
commit 7da84bc7b6428b5b262f177b848c199d0fcd143a
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Nov 1 12:33:00 2010 +0100
s4:samldb LDB module - unify objectSid assignment error messages
commit 7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Oct 31 22:31:53 2010 +0100
s4:samldb LDB module - deny "objectSid" modifications
The same as with Windows
commit 7578e04fb8022ba13fa07fb88eb3d00474337ea1
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Nov 1 11:30:19 2010 +0100
s4:provision - adapt the "provision" so that SIDs are only set on entry
creation
SID modifications are denied.
commit 2a25f7515a68938249beef47546465889ca1c734
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Nov 1 11:17:37 2010 +0100
s4:torture - suppress printf "%llu" on uint64_t variables warnings
The signed/unsignedness does match (always unsigned). The bitlength (64
bit) on
all regular platforms does also. Therefore simply add a cast to
"unsigned long long".
commit c8bcf821191ab88a82954fd485087522d3c2ef05
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Nov 1 11:03:38 2010 +0100
ldb:tools/ldbtest.c - fix build warning
Cause was an incomplete declaration.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/samldb.c | 12 +++-
source4/dsdb/tests/python/ldap.py | 12 ++--
source4/dsdb/tests/python/sam.py | 94 +++++++++++++++++---------
source4/lib/ldb/tools/cmdline.h | 3 +-
source4/lib/ldb/tools/ldbtest.c | 2 +-
source4/scripting/python/samba/provision.py | 12 +--
source4/setup/provision_basedn.ldif | 1 +
source4/setup/provision_basedn_modify.ldif | 3 -
source4/setup/spn_update_list | 4 +-
source4/torture/drs/rpc/dssync.c | 16 ++--
source4/torture/raw/lock.c | 8 +-
source4/torture/smb2/lock.c | 36 ++++++-----
source4/torture/smb2/oplock.c | 3 +-
13 files changed, 121 insertions(+), 85 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 2b3129c..c97b570 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -835,9 +835,8 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
sid = samdb_result_dom_sid(ac, ac->msg, "objectSid");
if ((sid != NULL) && (!dsdb_module_am_system(ac->module)) &&
(ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) == NULL)) {
- ldb_asprintf_errstring(ldb,
- "samldb: no SID may be specified in
user/group modifications for %s",
- ldb_dn_get_linearized(ac->msg->dn));
+ ldb_set_errstring(ldb,
+ "samldb: objectSid must not be specified!");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@@ -1768,6 +1767,13 @@ static int samldb_modify(struct ldb_module *module,
struct ldb_request *req)
ldb = ldb_module_get_ctx(module);
+ /* make sure that "objectSid" is not specified */
+ el = ldb_msg_find_element(req->op.mod.message, "objectSid");
+ if (el != NULL) {
+ ldb_set_errstring(ldb,
+ "samldb: objectSid must not be specified!");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
/* make sure that "sAMAccountType" is not specified */
el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");
if (el != NULL) {
diff --git a/source4/dsdb/tests/python/ldap.py
b/source4/dsdb/tests/python/ldap.py
index d713056..d698243 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -1087,7 +1087,7 @@ objectClass: container
self.ldb.add({
"dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
- "objectclass": ["user", "person"] })
+ "objectclass": "user" })
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn,
"cn=ldaptestuser2,cn=users," + self.base_dn)
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn,
"cn=ldaptestuser3,cn=users," + self.base_dn)
@@ -1184,13 +1184,13 @@ objectClass: container
self.ldb.add({
"dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": ["user", "person"] })
+ "objectclass": "user" })
ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn,
"cn=ldaptestUSER5,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," +
self.base_dn)
self.ldb.add({
"dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": ["user", "person"] })
+ "objectclass": "user" })
ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn,
"cn=ldaptestUSER5,cn=users," + self.base_dn)
res = ldb.search(expression="cn=ldaptestuser5")
print "Found %u records" % len(res)
@@ -1304,14 +1304,14 @@ objectClass: container
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"memberOf": "cn=ldaptestgroup,cn=users," + self.base_dn})
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
@@ -1417,7 +1417,7 @@ objectClass: container
ldb.add({
"dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"cN": "LDAPtestUSER",
"givenname": "ldap",
"sn": "testy"})
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index cb68ca9..cc27894 100755
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -129,7 +129,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"sAMAccountName": "administrator"})
self.fail()
except LdbError, (num, _):
@@ -140,7 +140,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"primaryGroupID": "0"})
self.fail()
except LdbError, (num, _):
@@ -151,7 +151,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"primaryGroupID": str(group_rid_1)})
self.fail()
except LdbError, (num, _):
@@ -185,7 +185,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE, attrs=["primaryGroupID"])
@@ -196,7 +196,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD) })
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
@@ -211,7 +211,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT |
UF_PASSWD_NOTREQD) })
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
@@ -223,7 +223,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": str(UF_SERVER_TRUST_ACCOUNT |
UF_PASSWD_NOTREQD) })
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
@@ -238,7 +238,7 @@ class SamTests(unittest.TestCase):
# we have a fallback in the assertion)
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": str(UF_PARTIAL_SECRETS_ACCOUNT |
UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD) })
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
@@ -253,7 +253,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
@@ -273,7 +273,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["computer"]})
+ "objectclass": "computer"})
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE, attrs=["primaryGroupID"])
@@ -323,7 +323,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
# Try to set an invalid account name
m = Message()
@@ -490,7 +490,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"primaryGroupID": "0"})
self.fail()
except LdbError, (num, _):
@@ -502,11 +502,11 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
ldb.add({
"dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
@@ -579,7 +579,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group"})
@@ -646,6 +646,34 @@ class SamTests(unittest.TestCase):
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectSid"] = MessageElement("xxxxxxxxxxxxxxxx", FLAG_MOD_ADD,
+ "objectSid")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectSid"] = MessageElement([], FLAG_MOD_REPLACE, "objectSid")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectSid"] = MessageElement([], FLAG_MOD_DELETE, "objectSid")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["sAMAccountType"] = MessageElement("0", FLAG_MOD_ADD,
"sAMAccountType")
try:
@@ -713,7 +741,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
@@ -790,7 +818,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
# This testuser should contain at least two "tokenGroups" entries
# (exactly two on an unmodified "Domain Users" and "Users" group)
@@ -1419,7 +1447,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"userAccountControl": "0"})
self.fail()
except LdbError, (num, _):
@@ -1430,7 +1458,7 @@ class SamTests(unittest.TestCase):
# try:
# ldb.add({
# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
-# "objectclass": ["user", "person"],
+# "objectclass": "user",
# "userAccountControl": str(UF_NORMAL_ACCOUNT)})
# self.fail()
# except LdbError, (num, _):
@@ -1439,7 +1467,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD)})
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
@@ -1452,7 +1480,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"userAccountControl": str(UF_TEMP_DUPLICATE_ACCOUNT)})
self.fail()
except LdbError, (num, _):
@@ -1463,7 +1491,7 @@ class SamTests(unittest.TestCase):
# try:
# ldb.add({
# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
-# "objectclass": ["user", "person"],
+# "objectclass": "user",
# "userAccountControl": str(UF_SERVER_TRUST_ACCOUNT)})
# self.fail()
# except LdbError, (num, _):
@@ -1473,7 +1501,7 @@ class SamTests(unittest.TestCase):
# try:
# ldb.add({
# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
-# "objectclass": ["user", "person"],
+# "objectclass": "user",
# "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT)})
# except LdbError, (num, _):
# self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
@@ -1483,7 +1511,7 @@ class SamTests(unittest.TestCase):
# try:
# ldb.add({
# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
-# "objectclass": ["user", "person"],
+# "objectclass": "user",
# "userAccountControl": str(UF_INTERDOMAIN_TRUST_ACCOUNT)})
# self.fail()
# except LdbError, (num, _):
@@ -1494,7 +1522,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ "objectclass": "user"})
# After creation we should have a normal account
res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
@@ -1617,7 +1645,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": "0"})
self.fail()
except LdbError, (num, _):
@@ -1628,7 +1656,7 @@ class SamTests(unittest.TestCase):
# try:
# ldb.add({
# "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
-# "objectclass": ["computer"],
+# "objectclass": "computer",
# "userAccountControl": str(UF_NORMAL_ACCOUNT)})
# self.fail()
# except LdbError, (num, _):
@@ -1637,7 +1665,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD)})
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
@@ -1650,7 +1678,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": str(UF_TEMP_DUPLICATE_ACCOUNT)})
self.fail()
except LdbError, (num, _):
@@ -1659,7 +1687,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": str(UF_SERVER_TRUST_ACCOUNT)})
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
@@ -1672,7 +1700,7 @@ class SamTests(unittest.TestCase):
try:
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
- "objectclass": ["computer"],
+ "objectclass": "computer",
"userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT)})
except LdbError, (num, _):
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
@@ -1682,7 +1710,7 @@ class SamTests(unittest.TestCase):
# try:
# ldb.add({
# "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
-# "objectclass": ["computer"],
+# "objectclass": "computer",
# "userAccountControl": str(UF_INTERDOMAIN_TRUST_ACCOUNT)})
# self.fail()
# except LdbError, (num, _):
@@ -1693,7 +1721,7 @@ class SamTests(unittest.TestCase):
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
- "objectclass": ["computer"]})
+ "objectclass": "computer"})
# After creation we should have a normal account
res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
diff --git a/source4/lib/ldb/tools/cmdline.h b/source4/lib/ldb/tools/cmdline.h
index 0bc5761..416bf51 100644
--- a/source4/lib/ldb/tools/cmdline.h
+++ b/source4/lib/ldb/tools/cmdline.h
@@ -46,7 +46,8 @@ struct ldb_cmdline {
int tracing;
};
-struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc,
const char **argv,
+struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc,
+ const char **argv,
void (*usage)(struct ldb_context *));
diff --git a/source4/lib/ldb/tools/ldbtest.c b/source4/lib/ldb/tools/ldbtest.c
index c8d3573..3159bcc 100644
--- a/source4/lib/ldb/tools/ldbtest.c
+++ b/source4/lib/ldb/tools/ldbtest.c
@@ -385,7 +385,7 @@ static void start_test_index(struct ldb_context **ldb)
}
-static void usage(void)
+static void usage(struct ldb_context *ldb)
{
printf("Usage: ldbtest <options>\n");
printf("Options:\n");
diff --git a/source4/scripting/python/samba/provision.py
b/source4/scripting/python/samba/provision.py
index 441c2b5..7c38197 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1127,22 +1127,18 @@ def setup_samdb(path, setup_path, session_info,
provision_backend, lp, names,
descr = b64encode(get_domain_descriptor(domainsid))
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
- "DOMAINGUID": domainguid_line,
- "DESCRIPTOR": descr
+ "DOMAINSID": str(domainsid),
+ "DESCRIPTOR": descr,
+ "DOMAINGUID": domainguid_line
})
-
setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
+ "DOMAINDN": names.domaindn,
"CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
- "DOMAINSID": str(domainsid),
"NEXTRID": str(next_rid),
- "SCHEMADN": names.schemadn,
- "NETBIOSNAME": names.netbiosname,
"DEFAULTSITE": names.sitename,
"CONFIGDN": names.configdn,
- "SERVERDN": names.serverdn,
"POLICYGUID": policyguid,
- "DOMAINDN": names.domaindn,
"DOMAIN_FUNCTIONALITY": str(domainFunctionality),
"SAMBA_VERSION_STRING": version
})
diff --git a/source4/setup/provision_basedn.ldif
b/source4/setup/provision_basedn.ldif
index b82f414..cb91738 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -5,5 +5,6 @@ dn: ${DOMAINDN}
objectClass: top
objectClass: domaindns
instanceType: 5
+objectSid: ${DOMAINSID}
nTSecurityDescriptor:: ${DESCRIPTOR}
${DOMAINGUID}
diff --git a/source4/setup/provision_basedn_modify.ldif
b/source4/setup/provision_basedn_modify.ldif
index 53845f7..d67d674 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -72,9 +72,6 @@ nextRid: ${NEXTRID}
replace: nTMixedDomain
nTMixedDomain: 0
-
-replace: objectSid
-objectSid: ${DOMAINSID}
--
# This does only exist in SAMBA
replace: oEMInformation
oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}
--
Samba Shared Repository
