1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Rework to have member server 'domains' be CN=NETBIOSNAME

This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.

This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).

Andrew Bartlett
(This used to be commit bda6a38b05)
This commit is contained in:
Andrew Bartlett 2008-03-13 11:36:58 +11:00
parent 58edd6d179
commit 0c88240236
7 changed files with 49 additions and 6 deletions

View File

@ -1464,7 +1464,7 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
while ((sdn = ldb_dn_get_parent(local_ctx, sdn))) {
ret = ldb_search(ldb, sdn, LDB_SCOPE_BASE,
"(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res);
"(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain))", attrs, &res);
if (ret == LDB_SUCCESS) {
talloc_steal(local_ctx, res);
if (res->count == 1) {

View File

@ -1220,7 +1220,7 @@ static int build_domain_data_request(struct ph_context *ac)
ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb);
ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE;
filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))",
filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))",
ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid));
if (filter == NULL) {
ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n");

View File

@ -425,7 +425,7 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &dom_msgs, dom_attrs,
"(&(objectSid=%s)(&(|(objectclass=domain)(objectClass=builtinDomain))))",
"(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (ret == 0) {
return NT_STATUS_NO_SUCH_DOMAIN;

View File

@ -763,9 +763,15 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
try:
message("Adding DomainDN: %s (permitted to fail)" % names.domaindn)
if serverrole == "domain controller":
domain_oc = "domainDNS"
else:
domain_oc = "samba4LocalDomain"
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
"ACI": aci,
"DOMAIN_OC": domain_oc
})
message("Modifying DomainDN: " + names.domaindn + "")

View File

@ -544,7 +544,7 @@ sub provision($$$$$$)
my $localbasedn = $basedn;
$localbasedn = "DC=$netbiosname" if $server_role eq "member server";
$localbasedn = "CN=$netbiosname" if $server_role eq "member server";
open(CONFFILE, ">$conffile");
print CONFFILE "

View File

@ -3,7 +3,6 @@
################################
dn: ${DOMAINDN}
objectClass: top
objectClass: domain
objectClass: domainDNS
objectClass: ${DOMAIN_OC}
${ACI}

View File

@ -194,3 +194,41 @@ attributeID: 1.3.6.1.4.1.7165.4.1.11
attributeSyntax: 2.5.5.4
oMSyntax: 20
#
# Based on domainDNS, but without the DNS bits.
#
dn: CN=Samba4-Local-Domain,${SCHEMADN}
objectClass: top
objectClass: classSchema
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.2
possibleInferiors: group
possibleInferiors: lostAndFound
possibleInferiors: builtinDomain
possibleInferiors: computer
possibleInferiors: user
possibleInferiors: container
possibleInferiors: groupPolicyContainer
possibleInferiors: organization
possibleInferiors: domainDNS
possibleInferiors: locality
possibleInferiors: msDS-AzAdminManager
possibleInferiors: country
possibleInferiors: organizationalUnit
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: Samba4-Local-Domain
adminDescription: Samba4-Local-Domain
systemMayContain: msDS-Behavior-Version
systemMayContain: managedBy
objectClassCategory: 1
lDAPDisplayName: samba4LocalDomain
schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293
systemOnly: FALSE
systemAuxiliaryClass: samDomainBase
defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
systemFlags: 16
defaultHidingValue: TRUE
defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN}