s4:provision: move Samba4 specific DNS stuff to its own file

metze

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index bb8b93e26822762f9cce911b1faafba4f3ea5832..84045da19f4ced36b1f802be22ead11b183d5bb8 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -920,11 +920,18 @@ def setup_self_join(samdb, names,
               "SERVERDN": names.serverdn,
               "NETBIOSNAME": names.netbiosname,
               "NTDSGUID": names.ntdsguid,
-              "DNSPASS_B64": b64encode(dnspass),
               "RIDALLOCATIONSTART": str(next_rid + 100),
               "RIDALLOCATIONEND": str(next_rid + 100 + 499),
               })
 
+    # This is Samba4 specific and should be replacted by the correct
+    # DNS AD-style setup
+    setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), {
+              "DNSDOMAIN": names.dnsdomain,
+              "DOMAINDN": names.domaindn,
+              "DNSPASS_B64": b64encode(dnspass),
+              })
+
 def getpolicypath(sysvolpath, dnsdomain, guid):
     if guid[0] != "{":
         guid = "{%s}" % guid

diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 2159aeff982c1785663ce277e7a2b8a92cdf5616..2db01f9bb944bb589c8ba1fb5bbdfb6bf806fa6a 100644 (file)
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -780,11 +780,6 @@ objectClass: top
 objectClass: container
 isCriticalSystemObject: TRUE
 
-dn: CN=MicrosoftDNS,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-displayName: DNS Servers
-
 dn: CN=Password Settings Container,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: msDS-PasswordSettingsContainer

diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif
new file mode 100644 (file)
index 0000000..abae85b
--- /dev/null
+++ b/source4/setup/provision_dns_add.ldif
@@ -0,0 +1,31 @@
+dn: CN=DnsAdmins,CN=Users,${DOMAINDN}
+objectClass: group
+description: DNS Administrators Group
+sAMAccountName: DnsAdmins
+groupType: -2147483644
+
+dn: CN=DnsUpdateProxy,CN=Users,${DOMAINDN}
+objectClass: group
+description: DNS clients who are permitted to perform dynamic updates on behal
+ f of some other clients (such as DHCP servers).
+sAMAccountName: DnsUpdateProxy
+groupType: -2147483646
+
+dn: CN=MicrosoftDNS,CN=System,${DOMAINDN}
+objectClass: container
+displayName: DNS Servers
+
+# NOTE: This account is SAMBA4 specific!
+dn: CN=dns,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+servicePrincipalName: DNS/${DNSDOMAIN}
+userPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE
+

diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index c2bba888b7edad81b5ea24e2e0d3288d5ea99173..b667e5c40d5f8c99fc70e7b3e12430b26b384326 100644 (file)
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -43,18 +43,3 @@ servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMA
 servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
 add: rIDSetReferences
 rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
-
-# NOTE: This account is SAMBA4 specific!
-dn: CN=dns,CN=Users,${DOMAINDN}
-changetype: add
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account
-userAccountControl: 514
-accountExpires: 9223372036854775807
-sAMAccountName: dns
-servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE