paths.hkpt = "hkpt.ldb";
paths.samdb = lp.get("sam database");
paths.secrets = "secrets.ldb";
+ paths.keytab = "secrets.keytab";
paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
paths.winsdb = "wins.ldb";
paths.ldap_basedn_ldif = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".ldif";
return true;
}
-function provision_fix_subobj(subobj, message)
+function provision_fix_subobj(subobj, message, paths)
{
subobj.REALM = strupper(subobj.REALM);
subobj.HOSTNAME = strlower(subobj.HOSTNAME);
var rdns = split(",", subobj.DOMAINDN);
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
+ subobj.SAM_LDB = paths.samdb;
+ subobj.SECRETS_LDB = paths.secrets;
+ subobj.SECRETS_KEYTAB = paths.keytab;
+
return true;
}
var sys = sys_init();
var info = new Object();
- var ok = provision_fix_subobj(subobj, message);
+ var ok = provision_fix_subobj(subobj, message, paths);
assert(ok);
info.subobj = subobj;
var sys = sys_init();
var info = new Object();
- var ok = provision_fix_subobj(subobj, message);
+ var ok = provision_fix_subobj(subobj, message, paths);
assert(ok);
if (subobj.DOMAINGUID != undefined) {
whenChanged: ${LDAPTIME}
msDS-KeyVersionNumber: 1
objectSid: ${DOMAINSID}
-privateKeytab: secrets.keytab
+privateKeytab: ${SECRETS_KEYTAB}
# A hook from our credentials system into HDB, as we must be on a KDC,
# we can look directly into the database.
whenChanged: ${LDAPTIME}
objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
-krb5Keytab: HDB:ldb:sam.ldb:
+krb5Keytab: HDB:ldb:${SAM_LDB}:
#The trailing : here is a HACK, but it matches the Heimdal format.