paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
+
+ paths.sysvol = lp.get("sysvol", "path");
+
+ if (paths.sysvol == undefined) {
+ paths.sysvol = lp.get("lock dir") + "/sysvol";
+ }
+
+ paths.netlogon = lp.get("netlogon", "path");
+
+ if (paths.netlogon == undefined) {
+ paths.netlogon = paths.sysvol + "/" + subobj.DNSDOMAIN + "/scripts";
+ }
+
return paths;
}
subobj.DNSNAME = sprintf("%s.%s",
strlower(subobj.HOSTNAME),
subobj.DNSDOMAIN);
- rdn_list = split(".", subobj.DNSDOMAIN);
+ var rdn_list = split(".", subobj.DNSDOMAIN);
subobj.DOMAINDN = "DC=" + join(",DC=", rdn_list);
- subobj.DOMAINDN_LDB = "users.ldb";
subobj.ROOTDN = subobj.DOMAINDN;
subobj.CONFIGDN = "CN=Configuration," + subobj.ROOTDN;
- subobj.CONFIGDN_LDB = "configuration.ldb";
subobj.SCHEMADN = "CN=Schema," + subobj.CONFIGDN;
- subobj.SCHEMADN_LDB = "schema.ldb";
var rdns = split(",", subobj.DOMAINDN);
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
subobj.SECRETS_KEYTAB = paths.keytab;
subobj.LDAPDIR = paths.ldapdir;
+ var ldap_path_list = split("/", paths.ldapdir);
+ subobj.LDAPI_URI = "ldapi://" + join("%2F", ldap_path_list) + "%2Fldapi";
+
+ subobj.LDAPMANAGERDN = "cn=Manager," + subobj.DOMAINDN;
+
+ subobj.NETLOGONPATH = paths.netlogon;
+ subobj.SYSVOLPATH = paths.sysvol;
return true;
}
var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
+ message("%s", "Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
};
assert(modify_ok);
var modify_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify configuration dn: " + samdb.errstring() + "\n");
+ message("%s", "Failed to both add and modify " + subobj.CONFIGDN + " in target " + subobj.CONFIGDN_LDB + ": " + samdb.errstring() + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
assert(modify_ok);
}
var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify schema dn:" + samdb.errstring() + "\n");
+ message("%s", "Failed to both add and modify " + subobj.SCHEMADN + " in target " + subobj.SCHEMADN_LDB + ": " + samdb.errstring() + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
assert(modify_ok);
}
message("Setting up sam.ldb users and groups\n");
setup_add_ldif("provision_users.ldif", info, samdb, false);
+ if (lp.get("server role") == "domain controller") {
+ message("Setting up self join\n");
+ setup_add_ldif("provision_self_join.ldif", info, samdb, false);
+ setup_add_ldif("provision_group_policy.ldif", info, samdb, false);
+
+ sys.mkdir(paths.sysvol, 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN, 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/Machine", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/User", 0755);
+
+ sys.mkdir(paths.netlogon, 0755);
+ }
+
if (setup_name_mappings(info, samdb) == false) {
return false;
}
/* Write out a DNS zone file, from the info in the current database */
function provision_dns(subobj, message, paths, session_info, credentials)
{
+ var lp = loadparm_init();
+ if (lp.get("server role") != "domain controller") {
+ message("No DNS zone required for role %s\n", lp.get("server role"));
+ return;
+ }
message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
var ldb = ldb_init();
ldb.session_info = session_info;
"show_deleted",
"partition");
subobj.MODULES_LIST = join(",", modules_list);
+ subobj.DOMAINDN_LDB = "users.ldb";
+ subobj.CONFIGDN_LDB = "configuration.ldb";
+ subobj.SCHEMADN_LDB = "schema.ldb";
subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash";
subobj.CONFIGDN_MOD = "naming_fsmo";
subobj.SCHEMADN_MOD = "schema_fsmo";