mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
Rework to have member server 'domains' be CN=NETBIOSNAME
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b05
)
This commit is contained in:
parent
58edd6d179
commit
0c88240236
@ -1464,7 +1464,7 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
|
||||
|
||||
while ((sdn = ldb_dn_get_parent(local_ctx, sdn))) {
|
||||
ret = ldb_search(ldb, sdn, LDB_SCOPE_BASE,
|
||||
"(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res);
|
||||
"(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain))", attrs, &res);
|
||||
if (ret == LDB_SUCCESS) {
|
||||
talloc_steal(local_ctx, res);
|
||||
if (res->count == 1) {
|
||||
|
@ -1220,7 +1220,7 @@ static int build_domain_data_request(struct ph_context *ac)
|
||||
ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb);
|
||||
ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE;
|
||||
|
||||
filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))",
|
||||
filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))",
|
||||
ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid));
|
||||
if (filter == NULL) {
|
||||
ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n");
|
||||
|
@ -425,7 +425,7 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO
|
||||
|
||||
ret = gendb_search(c_state->sam_ctx,
|
||||
mem_ctx, NULL, &dom_msgs, dom_attrs,
|
||||
"(&(objectSid=%s)(&(|(objectclass=domain)(objectClass=builtinDomain))))",
|
||||
"(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))",
|
||||
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
|
||||
if (ret == 0) {
|
||||
return NT_STATUS_NO_SUCH_DOMAIN;
|
||||
|
@ -763,9 +763,15 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
|
||||
|
||||
try:
|
||||
message("Adding DomainDN: %s (permitted to fail)" % names.domaindn)
|
||||
if serverrole == "domain controller":
|
||||
domain_oc = "domainDNS"
|
||||
else:
|
||||
domain_oc = "samba4LocalDomain"
|
||||
|
||||
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
|
||||
"DOMAINDN": names.domaindn,
|
||||
"ACI": aci,
|
||||
"DOMAIN_OC": domain_oc
|
||||
})
|
||||
|
||||
message("Modifying DomainDN: " + names.domaindn + "")
|
||||
|
@ -544,7 +544,7 @@ sub provision($$$$$$)
|
||||
|
||||
|
||||
my $localbasedn = $basedn;
|
||||
$localbasedn = "DC=$netbiosname" if $server_role eq "member server";
|
||||
$localbasedn = "CN=$netbiosname" if $server_role eq "member server";
|
||||
|
||||
open(CONFFILE, ">$conffile");
|
||||
print CONFFILE "
|
||||
|
@ -3,7 +3,6 @@
|
||||
################################
|
||||
dn: ${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: domain
|
||||
objectClass: domainDNS
|
||||
objectClass: ${DOMAIN_OC}
|
||||
${ACI}
|
||||
|
||||
|
@ -194,3 +194,41 @@ attributeID: 1.3.6.1.4.1.7165.4.1.11
|
||||
attributeSyntax: 2.5.5.4
|
||||
oMSyntax: 20
|
||||
|
||||
#
|
||||
# Based on domainDNS, but without the DNS bits.
|
||||
#
|
||||
|
||||
dn: CN=Samba4-Local-Domain,${SCHEMADN}
|
||||
objectClass: top
|
||||
objectClass: classSchema
|
||||
subClassOf: top
|
||||
governsID: 1.3.6.1.4.1.7165.4.2.2
|
||||
possibleInferiors: group
|
||||
possibleInferiors: lostAndFound
|
||||
possibleInferiors: builtinDomain
|
||||
possibleInferiors: computer
|
||||
possibleInferiors: user
|
||||
possibleInferiors: container
|
||||
possibleInferiors: groupPolicyContainer
|
||||
possibleInferiors: organization
|
||||
possibleInferiors: domainDNS
|
||||
possibleInferiors: locality
|
||||
possibleInferiors: msDS-AzAdminManager
|
||||
possibleInferiors: country
|
||||
possibleInferiors: organizationalUnit
|
||||
rDNAttID: cn
|
||||
showInAdvancedViewOnly: TRUE
|
||||
adminDisplayName: Samba4-Local-Domain
|
||||
adminDescription: Samba4-Local-Domain
|
||||
systemMayContain: msDS-Behavior-Version
|
||||
systemMayContain: managedBy
|
||||
objectClassCategory: 1
|
||||
lDAPDisplayName: samba4LocalDomain
|
||||
schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293
|
||||
systemOnly: FALSE
|
||||
systemAuxiliaryClass: samDomainBase
|
||||
defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
|
||||
systemFlags: 16
|
||||
defaultHidingValue: TRUE
|
||||
defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user