r8660: Use templates for the initial provision of user and computer accounts.

[kai/samba.git] / source / dsdb / samdb / ldb_modules / samldb.c

diff --git a/source/dsdb/samdb/ldb_modules/samldb.c b/source/dsdb/samdb/ldb_modules/samldb.c
index 0c43b8dc0620fc2502e086d5b582aa96727f131d..40b6b72713392a267c9eb6a22e514a00d23b2e69 100644 (file)
--- a/source/dsdb/samdb/ldb_modules/samldb.c
+++ b/source/dsdb/samdb/ldb_modules/samldb.c
@@ -336,7 +336,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m
        /* pull the template record */
        ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res);
        if (ret != 1) {
-               ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb: ERROR: template '%s' matched %d records\n", filter, ret);
+               ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb: ERROR: template '%s' matched %d records\n", filter, ret);
                return -1;
        }
        t = res[0];
@@ -346,7 +346,8 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m
                /* some elements should not be copied from the template */
                if (strcasecmp(el->name, "cn") == 0 ||
                    strcasecmp(el->name, "name") == 0 ||
-                   strcasecmp(el->name, "sAMAccountName") == 0) {
+                   strcasecmp(el->name, "sAMAccountName") == 0 ||
+                   strcasecmp(el->name, "objectGUID") == 0) {
                        continue;
                }
                for (j = 0; j < el->num_values; j++) {
@@ -394,8 +395,8 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
                return NULL;
        }
 
-       if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) {
-               ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Error copying template!\n");
+       if (samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))") != 0) {
+               ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n");
                return NULL;
        }
 
@@ -447,8 +448,6 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
                return NULL;
        }
 
-       /* TODO: objectGUID */
-
        talloc_steal(msg, msg2);
 
        return msg2;
@@ -474,9 +473,16 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
                return NULL;
        }
 
-       if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) {
-               ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Error copying template!\n");
-               return NULL;
+       if (samldb_find_attribute(msg, "objectclass", "computer") == NULL) {
+               if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) {
+                       ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n");
+                       return NULL;
+               }
+       } else {
+               if (samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))") != 0) {
+                       ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n");
+                       return NULL;
+               }
        }
 
        if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) {
@@ -533,9 +539,7 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
                return NULL;
        }
 
-       /* TODO: objectGUID, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */
-
-       talloc_steal(msg, msg2);
+       /* TODO: objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */
 
        return msg2;
 }