# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
if fill == FILL_FULL:
setup_modify_ldif(samdb,
- setup_path("provision_basedn_references.ldif"),
- {"DOMAINDN": names.domaindn})
+ setup_path("provision_configuration_references.ldif"), {
+ "CONFIGDN": names.configdn,
+ "SCHEMADN": names.schemadn})
- setup_modify_ldif(samdb,
- setup_path("provision_configuration_references.ldif"), {
+ logger.info("Setting up well known security principals")
+ setup_add_ldif(samdb, setup_path("provision_well_known_sec_princ.ldif"), {
"CONFIGDN": names.configdn,
- "SCHEMADN": names.schemadn})
+ })
+
if fill == FILL_FULL or fill == FILL_SUBDOMAIN:
+ setup_modify_ldif(samdb,
+ setup_path("provision_basedn_references.ldif"),
+ {"DOMAINDN": names.domaindn})
+
logger.info("Setting up sam.ldb users and groups")
setup_add_ldif(samdb, setup_path("provision_users.ldif"), {
"DOMAINDN": names.domaindn,
"DOMAINSID": str(domainsid),
- "CONFIGDN": names.configdn,
"ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')),
"KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
})
groupType: -2147483643
isCriticalSystemObject: TRUE
-# Add well known security principals
-
-dn: CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: container
-systemFlags: -2147483648
-
-dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-7
-
-dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-11
-
-dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-3
-
-dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-3-1
-
-dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-3-0
-
-dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-1
-
-dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-64-21
-
-dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-9
-
-dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-1-0
-
-dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-4
-
-dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-17
-
-dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-19
-
-dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-2
-
-dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-20
-
-dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-64-10
-
-dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-1000
-
-dn: CN=Owner Rights,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-3-4
-
-dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-8
-
-dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-14
-
-dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-12
-
-dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-64-14
-
-dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-10
-
-dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-6
-
-dn: CN=System,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-18
-
-dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-13
-
-dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-15
--- /dev/null
+# Add well known security principals
+
+dn: CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: container
+systemFlags: -2147483648
+
+dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-7
+
+dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-11
+
+dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-3
+
+dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-3-1
+
+dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-3-0
+
+dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-1
+
+dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-64-21
+
+dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-9
+
+dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-1-0
+
+dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-4
+
+dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-17
+
+dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-19
+
+dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-2
+
+dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-20
+
+dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-64-10
+
+dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-1000
+
+dn: CN=Owner Rights,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-3-4
+
+dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-8
+
+dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-14
+
+dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-12
+
+dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-64-14
+
+dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-10
+
+dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-6
+
+dn: CN=System,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-18
+
+dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-13
+
+dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-15