1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

[SAMBA 4 directory] Refactoring and clean up of directory structure

- Adds more system objects which make sense to have them in SAMBA 4 also to
  have them when we add more and more services related to the directory (volume
  support, DFS, replication service, COM...)
- Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes
  are set correctly on each object
This commit is contained in:
Matthias Dieter Wallnöfer 2009-07-10 12:48:18 +02:00 committed by Andrew Bartlett
parent 7889823783
commit 2fc5331e5c
9 changed files with 188 additions and 102 deletions

View File

@ -1,61 +1,6 @@
dn: OU=Domain Controllers,${DOMAINDN}
objectClass: top
objectClass: organizationalUnit
cn: Domain Controllers
description: Default container for domain controllers
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
objectClass: top
objectClass: container
cn: ForeignSecurityPrincipals
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
dn: CN=System,${DOMAINDN}
objectClass: top
objectClass: container
cn: System
description: Builtin system settings
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=RID Manager$,CN=System,${DOMAINDN}
objectclass: top
objectclass: rIDManager
cn: RID Manager$
systemFlags: -1946157056
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
rIDAvailablePool: 4611686014132423217
dn: CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
cn: DomainUpdates
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
cn: Windows2003Update
revision: 8
dn: CN=Infrastructure,${DOMAINDN}
objectclass: top
objectclass: infrastructureUpdate
cn: Infrastructure
systemFlags: -1946157056
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
dn: CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: builtinDomain
cn: Builtin
forceLogoff: -9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
@ -71,21 +16,186 @@ objectSid: S-1-5-32
serverState: 1
uASCompat: 1
modifiedCount: 1
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
systemFlags: -1946157056
dn: CN=Policies,CN=System,${DOMAINDN}
dn: OU=Domain Controllers,${DOMAINDN}
objectClass: top
objectClass: organizationalUnit
description: Default container for domain controllers
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
objectClass: top
objectClass: container
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
dn: CN=Infrastructure,${DOMAINDN}
objectClass: top
objectClass: infrastructureUpdate
systemFlags: -1946157056
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
isCriticalSystemObject: TRUE
dn: CN=LostAndFound,${DOMAINDN}
objectClass: top
objectClass: lostAndFound
description: Default container for orphaned objects
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=NTDS Quotas,${DOMAINDN}
objectClass: top
objectClass: msDS-QuotaContainer
description: Quota specifications container
msDS-TombstoneQuotaFactor: 100
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=Program Data,${DOMAINDN}
objectClass: top
objectClass: container
description: Default location for storage of application data.
dn: CN=Microsoft,CN=Program Data,${DOMAINDN}
objectClass: top
objectClass: container
description: Default location for storage of Microsoft application data.
dn: CN=System,${DOMAINDN}
objectClass: top
objectClass: container
description: Builtin system settings
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=AdminSDHolder,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=IP Security,CN=System,${DOMAINDN}
dn: CN=ComPartitions,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=ComPartitionSets,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
objectClass: top
objectClass: leaf
objectClass: domainPolicy
isCriticalSystemObject: TRUE
dn: CN=AppCategories,CN=Default Domain Policy,CN=System,${DOMAINDN}
objectClass: top
objectClass: classStore
isCriticalSystemObject: TRUE
dn: CN=Dfs-Configuration,CN=System,${DOMAINDN}
objectClass: top
objectClass: dfsConfiguration
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
dn: CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
dn: CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
revision: 8
dn: CN=File Replication Service,CN=System,${DOMAINDN}
objectClass: top
objectClass: applicationSettings
objectClass: nTFRSSettings
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=FileLinks,CN=System,${DOMAINDN}
objectClass: top
objectClass: fileLinkTracking
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,${DOMAINDN}
objectClass: top
objectClass: fileLinkTracking
objectClass: linkTrackObjectMoveTable
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=VolumeTable,CN=FileLinks,CN=System,${DOMAINDN}
objectClass: top
objectClass: fileLinkTracking
objectClass: linkTrackVolumeTable
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=IP Security,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
isCriticalSystemObject: TRUE
dn: CN=Meetings,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
isCriticalSystemObject: TRUE
dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=RAS and IAS Servers Access Check,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=RID Manager$,CN=System,${DOMAINDN}
objectClass: top
objectClass: rIDManager
systemFlags: -1946157056
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
rIDAvailablePool: 4611686014132423217
isCriticalSystemObject: TRUE
dn: CN=RpcServices,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
objectClass: rpcContainer
systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=Server,CN=System,${DOMAINDN}
objectClass: top
objectClass: securityObject
objectClass: samServer
systemFlags: -1946157056
revision: 65543
isCriticalSystemObject: TRUE
dn: CN=WinsockServices,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
isCriticalSystemObject: TRUE

View File

@ -67,9 +67,6 @@ fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
replace: systemFlags
systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
-
replace: subRefs
subRefs: ${CONFIGDN}
-
@ -84,4 +81,7 @@ wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
-
${DOMAINGUID_MOD}

View File

@ -3,11 +3,11 @@ changetype: modify
replace: description
description: Default container for upgraded computer accounts
-
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE
-
replace: systemFlags
systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
-
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE

View File

@ -8,6 +8,7 @@ cn: Partitions
systemFlags: -2147483648
msDS-Behavior-Version: ${FOREST_FUNCTIONALALITY}
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
showInAdvancedViewOnly: TRUE
dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
objectClass: top

View File

@ -1,14 +1,3 @@
dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
objectClass: top
objectClass: leaf
objectClass: domainPolicy
isCriticalSystemObject: TRUE
dn: CN=AppCategories,CN=Default Domain Policy,CN=System,${DOMAINDN}
objectClass: top
objectClass: classStore
isCriticalSystemObject: TRUE
dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container

View File

@ -15,7 +15,6 @@ sAMAccountName: ${NETBIOSNAME}$
operatingSystem: Samba
operatingSystemVersion: ${SAMBA_VERSION_STRING}
dNSHostName: ${DNSNAME}
isCriticalSystemObject: TRUE
userPassword:: ${MACHINEPASS_B64}
servicePrincipalName: HOST/${DNSNAME}
servicePrincipalName: HOST/${NETBIOSNAME}
@ -23,6 +22,7 @@ servicePrincipalName: HOST/${DNSNAME}/${REALM}
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
isCriticalSystemObject: TRUE
#Provide a account for DNS keytab export
dn: CN=dns,CN=Users,${DOMAINDN}
@ -36,9 +36,8 @@ userAccountControl: 514
accountExpires: 9223372036854775807
sAMAccountName: dns
servicePrincipalName: DNS/${DNSDOMAIN}
isCriticalSystemObject: TRUE
userPassword:: ${DNSPASS_B64}
showInAdvancedViewOnly: TRUE
isCriticalSystemObject: TRUE
dn: ${SERVERDN}
objectClass: top

View File

@ -7,8 +7,8 @@ objectSid: ${DOMAINSID}-500
adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: Administrator
isCriticalSystemObject: TRUE
userPassword:: ${ADMINPASS_B64}
isCriticalSystemObject: TRUE
dn: CN=Guest,CN=Users,${DOMAINDN}
objectClass: user
@ -45,8 +45,8 @@ adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: krbtgt
servicePrincipalName: kadmin/changepw
isCriticalSystemObject: TRUE
userPassword:: ${KRBTGTPASS_B64}
isCriticalSystemObject: TRUE
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
objectClass: top
@ -187,16 +187,6 @@ sAMAccountName: Event Log Readers
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
cn: IIS_IUSRS
description: IIS_IUSRS
objectSid: ${DOMAINSID}-568
sAMAccountName: IIS_IUSRS
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@ -210,7 +200,6 @@ adminCount: 1
sAMAccountName: Administrators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeSecurityPrivilege
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
@ -235,6 +224,7 @@ privilege: SeEnableDelegationPrivilege
privilege: SeInteractiveLogonRight
privilege: SeNetworkLogonRight
privilege: SeRemoteInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Users,CN=Builtin,${DOMAINDN}
objectClass: top
@ -271,10 +261,10 @@ adminCount: 1
sAMAccountName: Print Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeLoadDriverPrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
objectClass: top
@ -286,11 +276,11 @@ adminCount: 1
sAMAccountName: Backup Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Replicator,CN=Builtin,${DOMAINDN}
objectClass: top
@ -358,13 +348,13 @@ adminCount: 1
sAMAccountName: Server Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
privilege: SeSystemtimePrivilege
privilege: SeRemoteShutdownPrivilege
privilege: SeRestorePrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
objectClass: top
@ -376,8 +366,8 @@ adminCount: 1
sAMAccountName: Account Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
objectClass: top
@ -388,9 +378,9 @@ objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeRemoteInteractiveLogonRight
privilege: SeChangeNotifyPrivilege
isCriticalSystemObject: TRUE
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
objectClass: top

View File

@ -3,11 +3,11 @@ changetype: modify
replace: description
description: Default container for upgraded user accounts
-
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE
-
replace: systemFlags
systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
-
replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE

View File

@ -220,7 +220,6 @@ objectClass: classSchema
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.2
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: Samba4-Local-Domain
adminDescription: Samba4-Local-Domain
systemMayContain: msDS-Behavior-Version
@ -243,7 +242,6 @@ subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.1
mayContain: msDS-ObjectReferenceBL
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: Samba4TopTop
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
objectClassCategory: 3
@ -344,7 +342,6 @@ objectClass: classSchema
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.3
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: Samba4TopExtra
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
objectClassCategory: 2