These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
#define SEARCH_FLAG_NEVERVALUEAUDIT 0x0000100
#define SEARCH_FLAG_RODC_ATTRIBUTE 0x0000200
-/* "domainFunctionality", "forestFunctionality" in the rootDSE */
+/* "domainFunctionality", "forestFunctionality" and "domainControllerFunctionality" in the rootDSE */
#define DS_DOMAIN_FUNCTION_2000 0
-#define DS_DOMAIN_FUNCTION_2003_MIXED 1
+#define DS_DOMAIN_FUNCTION_2003_MIXED 1 /* Not a valid/meaningfulxs
+ * domainControllerFunctionality
+ * Level */
#define DS_DOMAIN_FUNCTION_2003 2
#define DS_DOMAIN_FUNCTION_2008 3
#define DS_DOMAIN_FUNCTION_2008_R2 4
-/* "domainControllerFunctionality" in the rootDSE */
-#define DS_DC_FUNCTION_2000 0
-#define DS_DC_FUNCTION_2003 2
-#define DS_DC_FUNCTION_2008 3
-#define DS_DC_FUNCTION_2008_R2 4
-
/* sa->systemFlags on attributes */
#define DS_FLAG_ATTR_NOT_REPLICATED 0x00000001
#define DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER 0x00000002
PyInt_FromLong(DS_DOMAIN_FUNCTION_2008));
PyModule_AddObject(m, "DS_DOMAIN_FUNCTION_2008_R2",
PyInt_FromLong(DS_DOMAIN_FUNCTION_2008_R2));
-
- /* "domainControllerFunctionality" flags in the rootDSE */
- PyModule_AddObject(m, "DS_DC_FUNCTION_2000",
- PyInt_FromLong(DS_DC_FUNCTION_2000));
- PyModule_AddObject(m, "DS_DC_FUNCTION_2003",
- PyInt_FromLong(DS_DC_FUNCTION_2003));
- PyModule_AddObject(m, "DS_DC_FUNCTION_2008",
- PyInt_FromLong(DS_DC_FUNCTION_2008));
- PyModule_AddObject(m, "DS_DC_FUNCTION_2008_R2",
- PyInt_FromLong(DS_DC_FUNCTION_2008_R2));
}
from ldb import Message, MessageElement, Dn
from ldb import FLAG_MOD_REPLACE
from samba import Ldb
-from samba.dsdb import DS_DC_FUNCTION_2003
+from samba.dsdb import DS_DOMAIN_FUNCTION_2003
from subunit.run import SubunitTestRunner
import unittest
# 1. Create attribute without systemFlags
# msDS-IntId should be created if forest functional
- # level is >= DS_DC_FUNCTION_2003
+ # level is >= DS_DOMAIN_FUNCTION_2003
# and missing otherwise
(attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("msDS-IntId-Attr-1-")
ldif = self._make_attr_ldif(attr_name, attr_dn)
res = self.ldb.search(attr_dn, scope=SCOPE_BASE, attrs=["*"])
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["lDAPDisplayName"][0], attr_ldap_name)
- if self.forest_level >= DS_DC_FUNCTION_2003:
+ if self.forest_level >= DS_DOMAIN_FUNCTION_2003:
if self._is_schema_base_object(res[0]):
self.assertTrue("msDS-IntId" not in res[0])
else:
# 2. Create attribute with systemFlags = FLAG_SCHEMA_BASE_OBJECT
# msDS-IntId should be created if forest functional
- # level is >= DS_DC_FUNCTION_2003
+ # level is >= DS_DOMAIN_FUNCTION_2003
# and missing otherwise
(attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("msDS-IntId-Attr-2-")
ldif = self._make_attr_ldif(attr_name, attr_dn)
res = self.ldb.search(attr_dn, scope=SCOPE_BASE, attrs=["*"])
self.assertEquals(len(res), 1)
self.assertEquals(res[0]["lDAPDisplayName"][0], attr_ldap_name)
- if self.forest_level >= DS_DC_FUNCTION_2003:
+ if self.forest_level >= DS_DOMAIN_FUNCTION_2003:
if self._is_schema_base_object(res[0]):
self.assertTrue("msDS-IntId" not in res[0])
else:
# 1. Create Class without systemFlags
# msDS-IntId should be created if forest functional
- # level is >= DS_DC_FUNCTION_2003
+ # level is >= DS_DOMAIN_FUNCTION_2003
# and missing otherwise
(class_name, class_ldap_name, class_dn) = self._make_obj_names("msDS-IntId-Class-1-")
ldif = self._make_class_ldif(class_dn, class_name)
# 2. Create Class with systemFlags = FLAG_SCHEMA_BASE_OBJECT
# msDS-IntId should be created if forest functional
- # level is >= DS_DC_FUNCTION_2003
+ # level is >= DS_DOMAIN_FUNCTION_2003
# and missing otherwise
(class_name, class_ldap_name, class_dn) = self._make_obj_names("msDS-IntId-Class-3-")
ldif = self._make_class_ldif(class_dn, class_name)
attrs=["systemFlags", "msDS-IntId", "attributeID", "cn"])
self.assertTrue(len(res) > 1)
for ldb_msg in res:
- if self.forest_level >= DS_DC_FUNCTION_2003:
+ if self.forest_level >= DS_DOMAIN_FUNCTION_2003:
if self._is_schema_base_object(ldb_msg):
self.assertTrue("msDS-IntId" not in ldb_msg)
else:
{
/* per default we are (Windows) 2008 compatible */
return lp_parm_int(lp_ctx, NULL, "ads", "dc function level",
- DS_DC_FUNCTION_2008);
+ DS_DOMAIN_FUNCTION_2008);
}
static void becomeDC_recv_cldap(struct tevent_req *req);
DS_DOMAIN_FUNCTION_2003_MIXED,
DS_DOMAIN_FUNCTION_2008,
DS_DOMAIN_FUNCTION_2008_R2,
- DS_DC_FUNCTION_2000,
- DS_DC_FUNCTION_2003,
- DS_DC_FUNCTION_2008,
- DS_DC_FUNCTION_2008_R2,
)
class cmd_domainlevel(Command):
self.message("\nATTENTION: You run SAMBA 4 on a forest function level lower than Windows 2003 (Native). This isn't supported! Please raise!")
if level_domain < DS_DOMAIN_FUNCTION_2003:
self.message("\nATTENTION: You run SAMBA 4 on a domain function level lower than Windows 2003 (Native). This isn't supported! Please raise!")
- if min_level_dc < DS_DC_FUNCTION_2003:
+ if min_level_dc < DS_DOMAIN_FUNCTION_2003:
self.message("\nATTENTION: You run SAMBA 4 on a lowest function level of a DC lower than Windows 2003. This isn't supported! Please step-up or upgrade the concerning DC(s)!")
self.message("")
outstr = "higher than 2008 R2"
self.message("Domain function level: (Windows) " + outstr)
- if min_level_dc == DS_DC_FUNCTION_2000:
+ if min_level_dc == DS_DOMAIN_FUNCTION_2000:
outstr = "2000"
- elif min_level_dc == DS_DC_FUNCTION_2003:
+ elif min_level_dc == DS_DOMAIN_FUNCTION_2003:
outstr = "2003"
- elif min_level_dc == DS_DC_FUNCTION_2008:
+ elif min_level_dc == DS_DOMAIN_FUNCTION_2008:
outstr = "2008"
- elif min_level_dc == DS_DC_FUNCTION_2008_R2:
+ elif min_level_dc == DS_DOMAIN_FUNCTION_2008_R2:
outstr = "2008 R2"
else:
outstr = "higher than 2008 R2"
import samba
from samba import version, Ldb, substitute_var, valid_netbios_name
from samba import check_all_substituted, read_and_sub_file, setup_file
-from samba.dsdb import DS_DOMAIN_FUNCTION_2003, DS_DC_FUNCTION_2008
+from samba.dsdb import DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008
from samba.dcerpc import security
from samba.dcerpc.misc import SEC_CHAN_BDC, SEC_CHAN_WKSTA
from samba.idmap import IDmapDB
# ATTENTION: Do NOT change these default values without discussion with the
# team and/or release manager. They have a big impact on the whole program!
- domainControllerFunctionality = DS_DC_FUNCTION_2008
+ domainControllerFunctionality = DS_DOMAIN_FUNCTION_2008
if dom_for_fun_level is None:
dom_for_fun_level = DS_DOMAIN_FUNCTION_2003