s4-provision: the DC object itself needs a fixed objectSID

We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d7d0a790ca3e4e9e8b0fa17a70b24d4838c58002..62ca9282d152c2c67290300b617f9cb88b42d2a5 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -796,6 +796,7 @@ def setup_self_join(samdb, names,
               "DNSPASS_B64": b64encode(dnspass),
               "REALM": names.realm,
               "DOMAIN": names.domain,
+              "DOMAINSID": str(domainsid),
               "DNSDOMAIN": names.dnsdomain,
               "SAMBA_VERSION_STRING": version,
               "NTDSGUID": ntdsguid_line,

diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index f110902316a55db63e7d7e1c297b1296ba3e42b1..0ad1b90fdbb9282928f6865dd25edc9ae3a08c02 100644 (file)
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -33,6 +33,7 @@ servicePrincipalName: ldap/${DNSNAME}
 servicePrincipalName: ldap/${DNSNAME}/${REALM}
 userAccountControl: 532480
 userPassword:: ${MACHINEPASS_B64}
+objectSID: ${DOMAINSID}-1001
 
 dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
 objectClass: top
@@ -40,7 +41,7 @@ objectClass: rIDSet
 rIDAllocationPool: 1000-1499
 rIDPreviousAllocationPool: 1000-1499
 rIDUsedPool: 0
-rIDNextRID: 1000
+rIDNextRID: 1001
 
 
 # Here are missing the objects for the NTFRS subscription and the RID set since