objectClass: foreignSecurityPrincipal
description: %s
",
- sid, subobj.BASEDN, desc);
+ sid, subobj.DOMAINDN, desc);
/* deliberately ignore errors from this, as the records may
already exist */
ldb.add(add);
{
var attrs = new Array("dn");
var res = ldb.search(sprintf("objectSid=%s", sid),
- info.subobj.BASEDN, ldb.SCOPE_SUBTREE, attrs);
+ info.subobj.DOMAINDN, ldb.SCOPE_SUBTREE, attrs);
if (res.length != 1) {
info.message("Failed to find record for objectSid %s\n", sid);
return false;
var previous_remaining = 1;
var current_remaining = 0;
- if (ldapbackend && (basedn == info.subobj.BASEDN)) {
+ if (ldapbackend && (basedn == info.subobj.DOMAINDN)) {
/* Only delete objects that were created by provision */
anything = "(objectcategory=*)";
}
var attrs = new Array("objectSid");
var subobj = info.subobj;
- res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
+ res = ldb.search("objectSid=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
assert(res.length == 1 && res[0].objectSid != undefined);
var sid = res[0].objectSid;
return true;
}
+function provision_fix_subobj(subobj, message)
+{
+ subobj.REALM = strupper(subobj.REALM);
+ subobj.HOSTNAME = strlower(subobj.HOSTNAME);
+ subobj.DOMAIN = strupper(subobj.DOMAIN);
+ assert(valid_netbios_name(subobj.DOMAIN));
+ subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+ assert(valid_netbios_name(subobj.NETBIOSNAME));
+ var rdns = split(",", subobj.DOMAINDN);
+ subobj.RDN_DC = substr(rdns[0], strlen("DC="));
+
+ return true;
+}
+
+function provision_become_dc(subobj, message, paths, session_info)
+{
+ var lp = loadparm_init();
+ var sys = sys_init();
+ var info = new Object();
+
+ var ok = provision_fix_subobj(subobj, message);
+ assert(ok);
+
+ info.subobj = subobj;
+ info.message = message;
+ info.session_info = session_info;
+
+ /* Also wipes the database */
+ message("Setting up " + paths.samdb + " partitions\n");
+ setup_ldb("provision_partitions.ldif", info, paths.samdb);
+
+ var samdb = open_ldb(info, paths.samdb, false);
+
+ message("Setting up " + paths.samdb + " attributes\n");
+ setup_add_ldif("provision_init.ldif", info, samdb, false);
+
+ message("Setting up " + paths.samdb + " rootDSE\n");
+ setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
+
+ message("Erasing data from partitions\n");
+ ldb_erase_partitions(info, samdb, undefined);
+
+ ok = samdb.transaction_commit();
+ assert(ok);
+
+ return true;
+}
/*
provision samba4 - caution, this wipes all existing data!
var sys = sys_init();
var info = new Object();
- /*
- some options need to be upper/lower case
- */
- subobj.REALM = strupper(subobj.REALM);
- subobj.HOSTNAME = strlower(subobj.HOSTNAME);
- subobj.DOMAIN = strupper(subobj.DOMAIN);
- assert(valid_netbios_name(subobj.DOMAIN));
- subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
- assert(valid_netbios_name(subobj.NETBIOSNAME));
- var rdns = split(",", subobj.BASEDN);
- subobj.RDN_DC = substr(rdns[0], strlen("DC="));
-
+ var ok = provision_fix_subobj(subobj, message);
+ assert(ok);
+
if (subobj.DOMAINGUID != undefined) {
subobj.DOMAINGUID_MOD = sprintf("replace: objectGUID\nobjectGUID: %s\n-", subobj.DOMAINGUID);
} else {
message("Setting up sam.ldb attributes\n");
setup_add_ldif("provision_init.ldif", info, samdb, false);
+
+ message("Setting up sam.ldb rootDSE\n");
+ setup_add_ldif("provision_rootdse_add.ldif", info, samdb, false);
+
message("Erasing data from partitions\n");
ldb_erase_partitions(info, samdb, ldapbackend);
- message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
+ message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
- message("Modifying baseDN: " + subobj.BASEDN + "\n");
+ message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify " + subobj.BASEDN + " in target " + subobj.LDAPBACKEND + "\n");
+ message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
};
assert(modify_ok);
message("Setting up sam.ldb index\n");
setup_add_ldif("provision_index.ldif", info, samdb, false);
+ message("Setting up sam.ldb rootDSE marking as syncronized\n");
+ setup_modify_ldif("provision_rootdse_modify.ldif", info, samdb, false);
+
var commit_ok = samdb.transaction_commit();
if (!commit_ok) {
info.message("ldb commit failed: " + samdb.errstring() + "\n");
message("Setting up sam.ldb index\n");
setup_add_ldif("provision_index.ldif", info, samdb, false);
+ message("Setting up sam.ldb rootDSE marking as syncronized\n");
+ setup_modify_ldif("provision_rootdse_modify.ldif", info, samdb, false);
+
var commit_ok = samdb.transaction_commit();
if (!commit_ok) {
info.message("samdb commit failed: " + samdb.errstring() + "\n");
or may not have been specified, so fetch them from the database */
var attrs = new Array("objectGUID");
- res = ldb.search("objectGUID=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
+ res = ldb.search("objectGUID=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
assert(res.length == 1);
assert(res[0].objectGUID != undefined);
subobj.DOMAINGUID = res[0].objectGUID;
- subobj.HOSTGUID = searchone(ldb, subobj.BASEDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
+ subobj.HOSTGUID = searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
assert(subobj.HOSTGUID != undefined);
setup_file("provision.zone",
/* Write out a DNS zone file, from the info in the current database */
function provision_ldapbase(subobj, message, paths)
{
- message("Setting up LDAP base entry: " + subobj.BASEDN + " \n");
- var rdns = split(",", subobj.BASEDN);
+ message("Setting up LDAP base entry: " + subobj.DOMAINDN + " \n");
+ var rdns = split(",", subobj.DOMAINDN);
subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root", "staff", "adm");
subobj.BACKUP = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other", "unknown", "usr");
+
subobj.DNSDOMAIN = strlower(subobj.REALM);
subobj.DNSNAME = sprintf("%s.%s",
strlower(subobj.HOSTNAME),
subobj.DNSDOMAIN);
rdn_list = split(".", subobj.DNSDOMAIN);
- subobj.BASEDN = "DC=" + join(",DC=", rdn_list);
- subobj.ROOTDN = subobj.BASEDN;
+ subobj.DOMAINDN = "DC=" + join(",DC=", rdn_list);
+ subobj.DOMAINDN_LDB = "users.ldb";
+ subobj.ROOTDN = subobj.DOMAINDN;
subobj.CONFIGDN = "CN=Configuration," + subobj.ROOTDN;
+ subobj.CONFIGDN_LDB = "configuration.ldb";
subobj.SCHEMADN = "CN=Schema," + subobj.CONFIGDN;
- subobj.LDAPBACKEND = "users.ldb";
- subobj.LDAPMODULE = "entryUUID";
- subobj.LDAPMODULES = "objectguid";
+ subobj.SCHEMADN_LDB = "schema.ldb";
+
+ //Add modules to the list to activate them by default
+ //beware often order is important
+ //
+ // Some Known ordering constraints:
+ // - rootdse must be first, as it makes redirects from "" -> cn=rootdse
+ // - samldb must be before password_hash, because password_hash checks
+ // that the objectclass is of type person (filled in by samldb)
+ // - partition must be last
+ // - each partition has its own module list then
+ modules_list = new Array("rootdse",
+ "kludge_acl",
+ "paged_results",
+ "server_sort",
+ "extended_dn",
+ "asq",
+ "samldb",
+ "password_hash",
+ "operational",
+ "objectclass",
+ "rdn_name",
+ "partition");
+ subobj.MODULES_LIST = join(",", modules_list);
+ subobj.DOMAINDN_MOD = "objectguid";
+ subobj.CONFIGDN_MOD = "objectguid";
+ subobj.SCHEMADN_MOD = "objectguid";
+
subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
- subobj.ACI = "# no aci for local ldb";
+ subobj.ACI = "# no aci for local ldb";
return subobj;
}