s4:provision - Change the "provision_users.ldif" file to support the "samldb" changes

The "provision_users.ldif" file needs some rework to pass against the changed
and improved "samldb" module (see next commit).

diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 041262de14ca55151340ce6de685dafb422f8a50..8669d8a4e66079a49991bbd447a0ac64ae0e48a4 100644 (file)
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -1,3 +1,24 @@
+# Add default primary groups (domain users, domain guests) - needed for
+# the users to find valid primary groups (samldb module)
+
+dn: CN=Domain Users,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain users
+objectSid: ${DOMAINSID}-513
+sAMAccountName: Domain Users
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Guests,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain guests
+objectSid: ${DOMAINSID}-514
+sAMAccountName: Domain Guests
+isCriticalSystemObject: TRUE
+
+# Add users
+

 dn: CN=Administrator,CN=Users,${DOMAINDN}
 objectClass: user
 description: Built-in account for administering the computer/domain
 dn: CN=Administrator,CN=Users,${DOMAINDN}
 objectClass: user
 description: Built-in account for administering the computer/domain


@@ -18,16 +39,6 @@ objectSid: ${DOMAINSID}-501
 sAMAccountName: Guest
 isCriticalSystemObject: TRUE
 
 sAMAccountName: Guest
 isCriticalSystemObject: TRUE
 

-dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Designated administrators of the enterprise
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-519
-adminCount: 1
-sAMAccountName: Enterprise Admins
-isCriticalSystemObject: TRUE
-

 dn: CN=krbtgt,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: person
 dn: CN=krbtgt,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: person


@@ -44,6 +55,18 @@ servicePrincipalName: kadmin/changepw
 userPassword:: ${KRBTGTPASS_B64}
 isCriticalSystemObject: TRUE
 
 userPassword:: ${KRBTGTPASS_B64}
 isCriticalSystemObject: TRUE
 

+# Add other groups
+
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins
+isCriticalSystemObject: TRUE
+

 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group
 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group


@@ -90,22 +113,6 @@ adminCount: 1
 sAMAccountName: Domain Admins
 isCriticalSystemObject: TRUE
 
 sAMAccountName: Domain Admins
 isCriticalSystemObject: TRUE
 

-dn: CN=Domain Users,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: All domain users
-objectSid: ${DOMAINSID}-513
-sAMAccountName: Domain Users
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Guests,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: All domain guests
-objectSid: ${DOMAINSID}-514
-sAMAccountName: Domain Guests
-isCriticalSystemObject: TRUE
-

 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group
 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group


@@ -391,6 +398,8 @@ systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

+# Add well known security principals
+

 dn: CN=WellKnown Security Principals,${CONFIGDN}
 objectClass: top
 objectClass: container
 dn: CN=WellKnown Security Principals,${CONFIGDN}
 objectClass: top
 objectClass: container