mirror of
https://github.com/samba-team/samba.git
synced 2025-02-26 21:57:41 +03:00
r8660: Use templates for the initial provision of user and computer accounts.
This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)
This commit is contained in:
Andrew Bartlett
Gerald (Jerry) Carter
parent
7a8ac75887
commit
6173fad231
@ -347,7 +347,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m
|
||||
if (strcasecmp(el->name, "cn") == 0 ||
|
||||
strcasecmp(el->name, "name") == 0 ||
|
||||
strcasecmp(el->name, "sAMAccountName") == 0 ||
|
||||
strcasecmp(el->name, "objectGUID")) {
|
||||
strcasecmp(el->name, "objectGUID") == 0) {
|
||||
continue;
|
||||
}
|
||||
for (j = 0; j < el->num_values; j++) {
|
||||
@ -395,7 +395,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) {
|
||||
if (samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))") != 0) {
|
||||
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n");
|
||||
return NULL;
|
||||
}
|
||||
@ -473,9 +473,16 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) {
|
||||
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying template!\n");
|
||||
return NULL;
|
||||
if (samldb_find_attribute(msg, "objectclass", "computer") == NULL) {
|
||||
if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) {
|
||||
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n");
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
if (samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))") != 0) {
|
||||
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n");
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) {
|
||||
|
||||
@ -246,6 +246,8 @@ function provision(subobj, message)
|
||||
setup_ldb("hklm.ldif", "hklm.ldb", subobj);
|
||||
message("Setting up sam.ldb attributes\n");
|
||||
setup_ldb("provision_init.ldif", "sam.ldb", subobj);
|
||||
message("Setting up sam.ldb templates\n");
|
||||
setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
|
||||
message("Setting up sam.ldb data\n");
|
||||
setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
|
||||
message("Setting up rootdse.ldb\n");
|
||||
|
||||
@ -191,7 +191,6 @@ objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
cn: Administrator
|
||||
description: Built-in account for administering the computer/domain
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
||||
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
|
||||
@ -201,21 +200,10 @@ memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
uSNChanged: 1
|
||||
name: Administrator
|
||||
userAccountControl: 0x10200
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
objectSid: ${DOMAINSID}-500
|
||||
adminCount: 1
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountName: Administrator
|
||||
sAMAccountType: 0x30000000
|
||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unicodePwd: ${ADMINPASS}
|
||||
unixName: ${ROOT}
|
||||
@ -227,26 +215,14 @@ objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
cn: Guest
|
||||
description: Built-in account for guest access to the computer/domain
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
||||
uSNChanged: 1
|
||||
name: Guest
|
||||
userAccountControl: 0x10222
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 514
|
||||
objectSid: ${DOMAINSID}-501
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountName: Guest
|
||||
sAMAccountType: 0x30000000
|
||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
@ -257,7 +233,6 @@ description: Administrators have complete and unrestricted access to the compute
|
||||
member: CN=Domain Admins,CN=Users,${BASEDN}
|
||||
member: CN=Enterprise Admins,CN=Users,${BASEDN}
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Administrators
|
||||
@ -302,7 +277,6 @@ objectClass: group
|
||||
cn: Users
|
||||
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
|
||||
member: CN=Domain Users,CN=Users,${BASEDN}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Users
|
||||
@ -321,7 +295,6 @@ cn: Guests
|
||||
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
|
||||
member: CN=Domain Guests,CN=Users,${BASEDN}
|
||||
member: CN=Guest,CN=Users,${BASEDN}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Guests
|
||||
@ -339,7 +312,6 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Print Operators
|
||||
description: Members can administer domain printers
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Print Operators
|
||||
@ -360,7 +332,6 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Backup Operators
|
||||
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Backup Operators
|
||||
@ -382,7 +353,6 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Replicator
|
||||
description: Supports file replication in a domain
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Replicator
|
||||
@ -400,7 +370,6 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Remote Desktop Users
|
||||
description: Members in this group are granted the right to logon remotely
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Remote Desktop Users
|
||||
@ -417,7 +386,6 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Network Configuration Operators
|
||||
description: Members in this group can have some administrative privileges to manage configuration of networking features
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Network Configuration Operators
|
||||
@ -434,7 +402,6 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Performance Monitor Users
|
||||
description: Members of this group have remote access to monitor this computer
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Performance Monitor Users
|
||||
@ -451,7 +418,6 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Performance Log Users
|
||||
description: Members of this group have remote access to schedule logging of performance counters on this computer
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Performance Log Users
|
||||
@ -467,33 +433,24 @@ dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
objectClass: computer
|
||||
cn: ${NETBIOSNAME}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: ${NETBIOSNAME}
|
||||
objectGUID: ${HOSTGUID}
|
||||
userAccountControl: 532480
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 127273269057298624
|
||||
localPolicyFlags: 0
|
||||
pwdLastSet: 127258826171655328
|
||||
primaryGroupID: 516
|
||||
objectSid: ${DOMAINSID}-1000
|
||||
accountExpires: 9223372036854775807
|
||||
logonCount: 30
|
||||
sAMAccountName: ${NETBIOSNAME}$
|
||||
sAMAccountType: 805306369
|
||||
operatingSystem: Samba
|
||||
operatingSystemVersion: 4.0
|
||||
dNSHostName: ${DNSNAME}
|
||||
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unicodePwd: ${MACHINEPASS}
|
||||
servicePrincipalName: HOST/${DNSNAME}
|
||||
@ -507,28 +464,18 @@ objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
cn: krbtgt
|
||||
description: Key Distribution Center Service Account
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
showInAdvancedViewOnly: TRUE
|
||||
name: krbtgt
|
||||
userAccountControl: 514
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 127258826179466560
|
||||
primaryGroupID: 513
|
||||
objectSid: ${DOMAINSID}-502
|
||||
adminCount: 1
|
||||
accountExpires: 9223372036854775807
|
||||
logonCount: 0
|
||||
sAMAccountName: krbtgt
|
||||
sAMAccountType: 805306368
|
||||
servicePrincipalName: kadmin/changepw
|
||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unicodePwd: ${KRBTGTPASS}
|
||||
|
||||
@ -537,14 +484,11 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Computers
|
||||
description: All workstations and servers joined to the domain
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Domain Computers
|
||||
objectSid: ${DOMAINSID}-515
|
||||
sAMAccountName: Domain Computers
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -553,16 +497,12 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Controllers
|
||||
description: All domain controllers in the domain
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Domain Controllers
|
||||
objectSid: ${DOMAINSID}-516
|
||||
adminCount: 1
|
||||
sAMAccountName: Domain Controllers
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Schema Admins,CN=Users,${BASEDN}
|
||||
@ -571,16 +511,12 @@ objectClass: group
|
||||
cn: Schema Admins
|
||||
description: Designated administrators of the schema
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Schema Admins
|
||||
objectSid: ${DOMAINSID}-518
|
||||
adminCount: 1
|
||||
sAMAccountName: Schema Admins
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unixName: ${WHEEL}
|
||||
|
||||
@ -590,7 +526,6 @@ objectClass: group
|
||||
cn: Enterprise Admins
|
||||
description: Designated administrators of the enterprise
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
uSNChanged: 1
|
||||
@ -598,9 +533,6 @@ name: Enterprise Admins
|
||||
objectSid: ${DOMAINSID}-519
|
||||
adminCount: 1
|
||||
sAMAccountName: Enterprise Admins
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unixName: ${WHEEL}
|
||||
|
||||
@ -609,14 +541,11 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Cert Publishers
|
||||
description: Members of this group are permitted to publish certificates to the Active Directory
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Cert Publishers
|
||||
objectSid: ${DOMAINSID}-517
|
||||
sAMAccountName: Cert Publishers
|
||||
sAMAccountType: 0x20000000
|
||||
groupType: 0x80000004
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
@ -626,7 +555,6 @@ objectClass: group
|
||||
cn: Domain Admins
|
||||
description: Designated administrators of the domain
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
uSNChanged: 1
|
||||
@ -634,9 +562,6 @@ name: Domain Admins
|
||||
objectSid: ${DOMAINSID}-512
|
||||
adminCount: 1
|
||||
sAMAccountName: Domain Admins
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unixName: ${WHEEL}
|
||||
|
||||
@ -645,16 +570,12 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Users
|
||||
description: All domain users
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
memberOf: CN=Users,CN=Builtin,${BASEDN}
|
||||
uSNChanged: 1
|
||||
name: Domain Users
|
||||
objectSid: ${DOMAINSID}-513
|
||||
sAMAccountName: Domain Users
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unixName: ${USERS}
|
||||
|
||||
@ -663,16 +584,12 @@ objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Guests
|
||||
description: All domain guests
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
||||
uSNChanged: 1
|
||||
name: Domain Guests
|
||||
objectSid: ${DOMAINSID}-514
|
||||
sAMAccountName: Domain Guests
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
||||
@ -681,14 +598,11 @@ objectClass: group
|
||||
cn: Group Policy Creator Owners
|
||||
description: Members in this group can modify group policy for the domain
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
name: Group Policy Creator Owners
|
||||
objectSid: ${DOMAINSID}-520
|
||||
sAMAccountName: Group Policy Creator Owners
|
||||
sAMAccountType: 0x10000000
|
||||
groupType: 0x80000002
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unixName: ${WHEEL}
|
||||
@ -752,152 +666,6 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: Templates
|
||||
description: Container for SAM account templates
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
showInAdvancedViewOnly: TRUE
|
||||
name: Templates
|
||||
systemFlags: 0x8c000000
|
||||
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
###
|
||||
# note! the template users must not match normal searches. Be careful
|
||||
# with what classes you put them in
|
||||
###
|
||||
|
||||
dn: CN=TemplateUser,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateUser
|
||||
name: TemplateUser
|
||||
instanceType: 4
|
||||
userAccountControl: 0x202
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000000
|
||||
|
||||
dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateMemberServer
|
||||
name: TemplateMemberServer
|
||||
instanceType: 4
|
||||
userAccountControl: 0x1002
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000001
|
||||
|
||||
dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateDomainController
|
||||
name: TemplateDomainController
|
||||
instanceType: 4
|
||||
userAccountControl: 0x2002
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000001
|
||||
|
||||
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateTrustingDomain
|
||||
name: TemplateTrustingDomain
|
||||
instanceType: 4
|
||||
userAccountControl: 0x820
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000002
|
||||
|
||||
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: groupTemplate
|
||||
cn: TemplateGroup
|
||||
name: TemplateGroup
|
||||
instanceType: 4
|
||||
groupType: 0x80000002
|
||||
sAMAccountType: 0x10000000
|
||||
|
||||
dn: CN=TemplateAlias,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: aliasTemplate
|
||||
cn: TemplateAlias
|
||||
name: TemplateAlias
|
||||
instanceType: 4
|
||||
groupType: 0x80000004
|
||||
sAMAccountType: 0x10000000
|
||||
|
||||
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: foreignSecurityPrincipalTemplate
|
||||
cn: TemplateForeignSecurityPrincipal
|
||||
name: TemplateForeignSecurityPrincipal
|
||||
|
||||
dn: CN=TemplateSecret,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: leaf
|
||||
objectClass: Template
|
||||
objectClass: secretTemplate
|
||||
cn: TemplateSecret
|
||||
name: TemplateSecret
|
||||
instanceType: 4
|
||||
|
||||
dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: leaf
|
||||
objectClass: Template
|
||||
objectClass: trustedDomainTemplate
|
||||
cn: TemplateTrustedDomain
|
||||
name: TemplateTrustedDomain
|
||||
instanceType: 4
|
||||
|
||||
###############################
|
||||
# Configuration Naming Context
|
||||
###############################
|
||||
|
||||
150
source4/setup/provision_templates.ldif
Normal file
150
source4/setup/provision_templates.ldif
Normal file
@ -0,0 +1,150 @@
|
||||
dn: CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: Templates
|
||||
description: Container for SAM account templates
|
||||
instanceType: 4
|
||||
uSNCreated: 1
|
||||
uSNChanged: 1
|
||||
showInAdvancedViewOnly: TRUE
|
||||
name: Templates
|
||||
systemFlags: 0x8c000000
|
||||
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
###
|
||||
# note! the template users must not match normal searches. Be careful
|
||||
# with what classes you put them in
|
||||
###
|
||||
|
||||
dn: CN=TemplateUser,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateUser
|
||||
name: TemplateUser
|
||||
instanceType: 4
|
||||
userAccountControl: 0x202
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000000
|
||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
||||
|
||||
dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateMemberServer
|
||||
name: TemplateMemberServer
|
||||
instanceType: 4
|
||||
userAccountControl: 0x1002
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000001
|
||||
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
||||
|
||||
dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateDomainController
|
||||
name: TemplateDomainController
|
||||
instanceType: 4
|
||||
userAccountControl: 0x2002
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000001
|
||||
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
||||
|
||||
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: userTemplate
|
||||
cn: TemplateTrustingDomain
|
||||
name: TemplateTrustingDomain
|
||||
instanceType: 4
|
||||
userAccountControl: 0x820
|
||||
badPwdCount: 0
|
||||
codePage: 0
|
||||
countryCode: 0
|
||||
badPasswordTime: 0
|
||||
lastLogoff: 0
|
||||
lastLogon: 0
|
||||
pwdLastSet: 0
|
||||
primaryGroupID: 513
|
||||
accountExpires: -1
|
||||
logonCount: 0
|
||||
sAMAccountType: 0x30000002
|
||||
|
||||
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: groupTemplate
|
||||
cn: TemplateGroup
|
||||
name: TemplateGroup
|
||||
instanceType: 4
|
||||
groupType: 0x80000002
|
||||
sAMAccountType: 0x10000000
|
||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||
|
||||
dn: CN=TemplateAlias,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: aliasTemplate
|
||||
cn: TemplateAlias
|
||||
name: TemplateAlias
|
||||
instanceType: 4
|
||||
groupType: 0x80000004
|
||||
sAMAccountType: 0x10000000
|
||||
|
||||
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: Template
|
||||
objectClass: foreignSecurityPrincipalTemplate
|
||||
cn: TemplateForeignSecurityPrincipal
|
||||
name: TemplateForeignSecurityPrincipal
|
||||
|
||||
dn: CN=TemplateSecret,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: leaf
|
||||
objectClass: Template
|
||||
objectClass: secretTemplate
|
||||
cn: TemplateSecret
|
||||
name: TemplateSecret
|
||||
instanceType: 4
|
||||
|
||||
dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
|
||||
objectClass: top
|
||||
objectClass: leaf
|
||||
objectClass: Template
|
||||
objectClass: trustedDomainTemplate
|
||||
cn: TemplateTrustedDomain
|
||||
name: TemplateTrustedDomain
|
||||
instanceType: 4
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user