diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index 09bd2197901..5de986463a5 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -1355,6 +1355,12 @@ def fill_samdb(samdb, lp, names, logger, policyguid, protected1wd_descr = b64encode(get_config_delete_protected1wd_descriptor(names.domainsid)) protected2_descr = b64encode(get_config_delete_protected2_descriptor(names.domainsid)) + if "2008" in schema.base_schema: + # exclude 2012-specific changes if we're using a 2008 schema + incl_2012 = "#" + else: + incl_2012 = "" + setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), { "CONFIGDN": names.configdn, "NETBIOSNAME": names.netbiosname, @@ -1378,7 +1384,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid, setup_add_ldif(samdb, setup_path("extended-rights.ldif"), { "CONFIGDN": names.configdn, - "INC2012" : "#", + "INC2012" : incl_2012, }) logger.info("Setting up display specifiers") @@ -1968,7 +1974,8 @@ def provision(logger, session_info, smbconf=None, sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path=None, useeadb=False, am_rodc=False, lp=None, use_ntvfs=False, use_rfc2307=False, maxuid=None, maxgid=None, skip_sysvolacl=True, - ldap_backend_forced_uri=None, nosync=False, ldap_dryrun_mode=False, ldap_backend_extra_port=None): + ldap_backend_forced_uri=None, nosync=False, ldap_dryrun_mode=False, + ldap_backend_extra_port=None, base_schema=None): """Provision samba4 :note: caution, this wipes all existing data! @@ -2101,7 +2108,7 @@ def provision(logger, session_info, smbconf=None, ldapi_url = "ldapi://%s" % urllib.quote(paths.s4_ldapi_path, safe="") schema = Schema(domainsid, invocationid=invocationid, - schemadn=names.schemadn) + schemadn=names.schemadn, base_schema=base_schema) if backend_type == "ldb": provision_backend = LDBBackend(backend_type, paths=paths, diff --git a/python/samba/schema.py b/python/samba/schema.py index eaa01640c64..bc3ae057484 100644 --- a/python/samba/schema.py +++ b/python/samba/schema.py @@ -76,7 +76,8 @@ class Schema(object): } def __init__(self, domain_sid, invocationid=None, schemadn=None, - files=None, override_prefixmap=None, additional_prefixmap=None): + files=None, override_prefixmap=None, additional_prefixmap=None, + base_schema=None): from samba.provision import setup_path """Load schema for the SamDB from the AD schema files and @@ -89,6 +90,11 @@ class Schema(object): needing to add it to the db """ + if base_schema is None: + base_schema = Schema.default_base_schema() + + self.base_schema = base_schema + self.schemadn = schemadn # We need to have the am_rodc=False just to keep some warnings quiet - # this isn't a real SAM, so it's meaningless. @@ -97,8 +103,8 @@ class Schema(object): self.ldb.set_invocation_id(invocationid) self.schema_data = read_ms_schema( - setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'), - setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt')) + setup_path('ad-schema/%s' % Schema.base_schemas[base_schema][0]), + setup_path('ad-schema/%s' % Schema.base_schemas[base_schema][1])) if files is not None: for file in files: @@ -108,9 +114,10 @@ class Schema(object): {"SCHEMADN": schemadn}) check_all_substituted(self.schema_data) + schema_version = str(Schema.get_version(base_schema)) self.schema_dn_modify = read_and_sub_file( setup_path("provision_schema_basedn_modify.ldif"), - {"SCHEMADN": schemadn}) + {"SCHEMADN": schemadn, "OBJVERSION" : schema_version}) descr = b64encode(get_schema_descriptor(domain_sid)) self.schema_dn_add = read_and_sub_file( diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 93266db6249..e4057c3caf3 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -6,5 +6,5 @@ changetype: modify - # "masteredBy", "msDs-masteredBy" filled in later replace: objectVersion -objectVersion: 47 +objectVersion: ${OBJVERSION}