help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2008_R2 Native.",
default="2008_R2"),
Option("--base-schema", type="choice", metavar="BASE-SCHEMA",
- choices=["2008_R2", "2012", "2012_R2"],
+ choices=["2008_R2", "2008_R2_old", "2012", "2012_R2"],
help="The base schema files to use. Default is (Windows) 2008_R2.",
default="2008_R2"),
Option("--next-rid", type="int", metavar="NEXTRID", default=1000,
# the schema files (and corresponding object version) that we know about
base_schemas = {
- "2008_R2" : ("MS-AD_Schema_2K8_R2_Attributes.txt",
- "MS-AD_Schema_2K8_R2_Classes.txt",
+ "2008_R2_old" : ("MS-AD_Schema_2K8_R2_Attributes.txt",
+ "MS-AD_Schema_2K8_R2_Classes.txt",
+ 47),
+ "2008_R2" : ("Attributes_for_AD_DS__Windows_Server_2008_R2.ldf",
+ "Classes_for_AD_DS__Windows_Server_2008_R2.ldf",
47),
"2012" : ("AD_DS_Attributes__Windows_Server_2012.ldf",
"AD_DS_Classes__Windows_Server_2012.ldf",
$PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2008r2.samba.corp --targetdir=$PREFIX_ABS/2008R2_schema --base-schema=2008_R2
}
-ldapcmp() {
+provision_2008r2_old() {
+ $PYTHON $BINDIR/samba-tool domain provision $PROVISION_OPTS --domain=SAMBA --realm=w2008r2.samba.corp --targetdir=$PREFIX_ABS/2008R2_old_schema --base-schema=2008_R2_old
+}
- # the original 2008 schema we received from Microsoft was missing
- # descriptions and display names. This has been fixed up in the current
- # Microsoft schemas
- IGNORE_ATTRS="adminDescription,description,adminDisplayName,displayName"
+ldapcmp_ignore() {
- # we didn't get showInAdvancedViewOnly right on Samba
- IGNORE_ATTRS="$IGNORE_ATTRS,showInAdvancedViewOnly"
+ IGNORE_ATTRS=$1
# there's discrepancies between the SDDL strings in the adprep LDIF files
# vs the 2012 schema, where one source will have ACE rights repeated, e.g.
# objects, but we don't have the 2012 DisplaySpecifiers documentation...
IGNORE_ATTRS="$IGNORE_ATTRS,adminContextMenu,adminPropertyPages"
- $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/2008R2_schema/private/sam.ldb tdb://$PREFIX_ABS/2012R2_schema/private/sam.ldb --two --filter=$IGNORE_ATTRS
+ $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/$2_schema/private/sam.ldb tdb://$PREFIX_ABS/$3_schema/private/sam.ldb --two --filter=$IGNORE_ATTRS
+}
+
+ldapcmp_old() {
+ # the original 2008 schema we received from Microsoft was missing
+ # descriptions and display names. This has been fixed up in the current
+ # Microsoft schemas
+ IGNORE_ATTRS="adminDescription,description,adminDisplayName,displayName"
+
+ # we didn't get showInAdvancedViewOnly right on Samba
+ IGNORE_ATTRS="$IGNORE_ATTRS,showInAdvancedViewOnly"
+
+ ldapcmp_ignore "$IGNORE_ATTRS" "2008R2_old" "2012R2"
+}
+
+ldapcmp() {
+ # The adminDescription and adminDisplayName have been editorially
+ # corrected in the 2012R2 schema but not in the adprep files.
+ ldapcmp_ignore "adminDescription,adminDisplayName" "2008R2" "2012R2"
+}
+
+ldapcmp_2008R2_2008R2_old() {
+ # the original 2008 schema we received from Microsoft was missing
+ # descriptions and display names. This has been fixed up in the current
+ # Microsoft schemas
+ IGNORE_ATTRS="adminDescription,description,adminDisplayName,displayName"
+
+ # we didn't get showInAdvancedViewOnly right on Samba
+ IGNORE_ATTRS="$IGNORE_ATTRS,showInAdvancedViewOnly"
+
+ ldapcmp_ignore $IGNORE_ATTRS "2008R2" "2008R2_old"
}
schema_upgrade() {
$BINDIR/samba-tool domain schemaupgrade -H tdb://$PREFIX_ABS/2008R2_schema/private/sam.ldb --schema=2012_R2
}
+schema_upgrade_old() {
+ $BINDIR/samba-tool domain schemaupgrade -H tdb://$PREFIX_ABS/2008R2_old_schema/private/sam.ldb --schema=2012_R2
+}
+
# double-check we cleaned up from the last test run
cleanup_output_directories
# Provision 2 DCs, one based on the 2008R2 schema and one using 2012R2
testit "provision_2008R2_schema" provision_2008r2
+testit "provision_2008R2_old_schema" provision_2008r2_old
testit "provision_2012R2_schema" provision_2012r2
# we expect the 2 schemas to be different
testit_expect_failure "expect_schema_differences" ldapcmp
+# check that the 2 schemas are now the same, ignoring Samba bugs
+testit "check_2008R2_2008R2_schemas_same" ldapcmp_2008R2_2008R2_old
+
# upgrade the 2008 schema to 2012
testit "schema_upgrade" schema_upgrade
# check that the 2 schemas are now the same
testit "check_schemas_same" ldapcmp
+# upgrade the 2008 schema to 2012
+testit "schema_upgrade_old" schema_upgrade_old
+
+# check that the 2 schemas are now the same, ignoring Samba bugs
+testit "check_schemas_same_old" ldapcmp_old
+
cleanup_output_directories
exit $failed