mirror of
https://github.com/samba-team/samba.git
synced 2025-08-04 08:22:08 +03:00
r8660: Use templates for the initial provision of user and computer accounts.
This ensures the templating code is used, and also makes it clearer
what I need to duplicate in the vampire area.
Also fix a silly bug in the template application code (the samdb
module) that caused templates to be compleatly unused (my fault, from
my commit last night).
Andrew Bartlett
(This used to be commit 4a8ef7197f)
This commit is contained in:
Andrew Bartlett
committed by
Gerald (Jerry) Carter
Gerald (Jerry) Carter
parent
7a8ac75887
commit
6173fad231
@ -347,7 +347,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m
|
|||||||
if (strcasecmp(el->name, "cn") == 0 ||
|
if (strcasecmp(el->name, "cn") == 0 ||
|
||||||
strcasecmp(el->name, "name") == 0 ||
|
strcasecmp(el->name, "name") == 0 ||
|
||||||
strcasecmp(el->name, "sAMAccountName") == 0 ||
|
strcasecmp(el->name, "sAMAccountName") == 0 ||
|
||||||
strcasecmp(el->name, "objectGUID")) {
|
strcasecmp(el->name, "objectGUID") == 0) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
for (j = 0; j < el->num_values; j++) {
|
for (j = 0; j < el->num_values; j++) {
|
||||||
@ -395,7 +395,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) {
|
if (samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))") != 0) {
|
||||||
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n");
|
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -473,10 +473,17 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) {
|
if (samldb_find_attribute(msg, "objectclass", "computer") == NULL) {
|
||||||
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying template!\n");
|
if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) {
|
||||||
|
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if (samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))") != 0) {
|
||||||
|
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) {
|
if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) {
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
@ -246,6 +246,8 @@ function provision(subobj, message)
|
|||||||
setup_ldb("hklm.ldif", "hklm.ldb", subobj);
|
setup_ldb("hklm.ldif", "hklm.ldb", subobj);
|
||||||
message("Setting up sam.ldb attributes\n");
|
message("Setting up sam.ldb attributes\n");
|
||||||
setup_ldb("provision_init.ldif", "sam.ldb", subobj);
|
setup_ldb("provision_init.ldif", "sam.ldb", subobj);
|
||||||
|
message("Setting up sam.ldb templates\n");
|
||||||
|
setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
|
||||||
message("Setting up sam.ldb data\n");
|
message("Setting up sam.ldb data\n");
|
||||||
setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
|
setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
|
||||||
message("Setting up rootdse.ldb\n");
|
message("Setting up rootdse.ldb\n");
|
||||||
|
|||||||
@ -191,7 +191,6 @@ objectClass: organizationalPerson
|
|||||||
objectClass: user
|
objectClass: user
|
||||||
cn: Administrator
|
cn: Administrator
|
||||||
description: Built-in account for administering the computer/domain
|
description: Built-in account for administering the computer/domain
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
||||||
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
|
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
|
||||||
@ -201,21 +200,10 @@ memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
|||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Administrator
|
name: Administrator
|
||||||
userAccountControl: 0x10200
|
userAccountControl: 0x10200
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 0
|
|
||||||
pwdLastSet: 0
|
|
||||||
primaryGroupID: 513
|
|
||||||
objectSid: ${DOMAINSID}-500
|
objectSid: ${DOMAINSID}-500
|
||||||
adminCount: 1
|
adminCount: 1
|
||||||
accountExpires: -1
|
accountExpires: -1
|
||||||
logonCount: 0
|
|
||||||
sAMAccountName: Administrator
|
sAMAccountName: Administrator
|
||||||
sAMAccountType: 0x30000000
|
|
||||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unicodePwd: ${ADMINPASS}
|
unicodePwd: ${ADMINPASS}
|
||||||
unixName: ${ROOT}
|
unixName: ${ROOT}
|
||||||
@ -227,26 +215,14 @@ objectClass: organizationalPerson
|
|||||||
objectClass: user
|
objectClass: user
|
||||||
cn: Guest
|
cn: Guest
|
||||||
description: Built-in account for guest access to the computer/domain
|
description: Built-in account for guest access to the computer/domain
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Guest
|
name: Guest
|
||||||
userAccountControl: 0x10222
|
userAccountControl: 0x10222
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 0
|
|
||||||
pwdLastSet: 0
|
|
||||||
primaryGroupID: 514
|
primaryGroupID: 514
|
||||||
objectSid: ${DOMAINSID}-501
|
objectSid: ${DOMAINSID}-501
|
||||||
accountExpires: -1
|
|
||||||
logonCount: 0
|
|
||||||
sAMAccountName: Guest
|
sAMAccountName: Guest
|
||||||
sAMAccountType: 0x30000000
|
|
||||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
dn: CN=Administrators,CN=Builtin,${BASEDN}
|
dn: CN=Administrators,CN=Builtin,${BASEDN}
|
||||||
@ -257,7 +233,6 @@ description: Administrators have complete and unrestricted access to the compute
|
|||||||
member: CN=Domain Admins,CN=Users,${BASEDN}
|
member: CN=Domain Admins,CN=Users,${BASEDN}
|
||||||
member: CN=Enterprise Admins,CN=Users,${BASEDN}
|
member: CN=Enterprise Admins,CN=Users,${BASEDN}
|
||||||
member: CN=Administrator,CN=Users,${BASEDN}
|
member: CN=Administrator,CN=Users,${BASEDN}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Administrators
|
name: Administrators
|
||||||
@ -302,7 +277,6 @@ objectClass: group
|
|||||||
cn: Users
|
cn: Users
|
||||||
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
|
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
|
||||||
member: CN=Domain Users,CN=Users,${BASEDN}
|
member: CN=Domain Users,CN=Users,${BASEDN}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Users
|
name: Users
|
||||||
@ -321,7 +295,6 @@ cn: Guests
|
|||||||
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
|
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
|
||||||
member: CN=Domain Guests,CN=Users,${BASEDN}
|
member: CN=Domain Guests,CN=Users,${BASEDN}
|
||||||
member: CN=Guest,CN=Users,${BASEDN}
|
member: CN=Guest,CN=Users,${BASEDN}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Guests
|
name: Guests
|
||||||
@ -339,7 +312,6 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Print Operators
|
cn: Print Operators
|
||||||
description: Members can administer domain printers
|
description: Members can administer domain printers
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Print Operators
|
name: Print Operators
|
||||||
@ -360,7 +332,6 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Backup Operators
|
cn: Backup Operators
|
||||||
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
|
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Backup Operators
|
name: Backup Operators
|
||||||
@ -382,7 +353,6 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Replicator
|
cn: Replicator
|
||||||
description: Supports file replication in a domain
|
description: Supports file replication in a domain
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Replicator
|
name: Replicator
|
||||||
@ -400,7 +370,6 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Remote Desktop Users
|
cn: Remote Desktop Users
|
||||||
description: Members in this group are granted the right to logon remotely
|
description: Members in this group are granted the right to logon remotely
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Remote Desktop Users
|
name: Remote Desktop Users
|
||||||
@ -417,7 +386,6 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Network Configuration Operators
|
cn: Network Configuration Operators
|
||||||
description: Members in this group can have some administrative privileges to manage configuration of networking features
|
description: Members in this group can have some administrative privileges to manage configuration of networking features
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Network Configuration Operators
|
name: Network Configuration Operators
|
||||||
@ -434,7 +402,6 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Performance Monitor Users
|
cn: Performance Monitor Users
|
||||||
description: Members of this group have remote access to monitor this computer
|
description: Members of this group have remote access to monitor this computer
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Performance Monitor Users
|
name: Performance Monitor Users
|
||||||
@ -451,7 +418,6 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Performance Log Users
|
cn: Performance Log Users
|
||||||
description: Members of this group have remote access to schedule logging of performance counters on this computer
|
description: Members of this group have remote access to schedule logging of performance counters on this computer
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Performance Log Users
|
name: Performance Log Users
|
||||||
@ -467,33 +433,24 @@ dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
|
|||||||
objectClass: top
|
objectClass: top
|
||||||
objectClass: person
|
objectClass: person
|
||||||
objectClass: organizationalPerson
|
objectClass: organizationalPerson
|
||||||
objectClass: user
|
|
||||||
objectClass: computer
|
objectClass: computer
|
||||||
cn: ${NETBIOSNAME}
|
cn: ${NETBIOSNAME}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: ${NETBIOSNAME}
|
name: ${NETBIOSNAME}
|
||||||
objectGUID: ${HOSTGUID}
|
objectGUID: ${HOSTGUID}
|
||||||
userAccountControl: 532480
|
userAccountControl: 532480
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 127273269057298624
|
lastLogon: 127273269057298624
|
||||||
localPolicyFlags: 0
|
localPolicyFlags: 0
|
||||||
pwdLastSet: 127258826171655328
|
pwdLastSet: 127258826171655328
|
||||||
primaryGroupID: 516
|
primaryGroupID: 516
|
||||||
objectSid: ${DOMAINSID}-1000
|
objectSid: ${DOMAINSID}-1000
|
||||||
accountExpires: 9223372036854775807
|
accountExpires: 9223372036854775807
|
||||||
logonCount: 30
|
|
||||||
sAMAccountName: ${NETBIOSNAME}$
|
sAMAccountName: ${NETBIOSNAME}$
|
||||||
sAMAccountType: 805306369
|
sAMAccountType: 805306369
|
||||||
operatingSystem: Samba
|
operatingSystem: Samba
|
||||||
operatingSystemVersion: 4.0
|
operatingSystemVersion: 4.0
|
||||||
dNSHostName: ${DNSNAME}
|
dNSHostName: ${DNSNAME}
|
||||||
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unicodePwd: ${MACHINEPASS}
|
unicodePwd: ${MACHINEPASS}
|
||||||
servicePrincipalName: HOST/${DNSNAME}
|
servicePrincipalName: HOST/${DNSNAME}
|
||||||
@ -507,28 +464,18 @@ objectClass: organizationalPerson
|
|||||||
objectClass: user
|
objectClass: user
|
||||||
cn: krbtgt
|
cn: krbtgt
|
||||||
description: Key Distribution Center Service Account
|
description: Key Distribution Center Service Account
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
showInAdvancedViewOnly: TRUE
|
showInAdvancedViewOnly: TRUE
|
||||||
name: krbtgt
|
name: krbtgt
|
||||||
userAccountControl: 514
|
userAccountControl: 514
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 0
|
|
||||||
pwdLastSet: 127258826179466560
|
pwdLastSet: 127258826179466560
|
||||||
primaryGroupID: 513
|
|
||||||
objectSid: ${DOMAINSID}-502
|
objectSid: ${DOMAINSID}-502
|
||||||
adminCount: 1
|
adminCount: 1
|
||||||
accountExpires: 9223372036854775807
|
accountExpires: 9223372036854775807
|
||||||
logonCount: 0
|
|
||||||
sAMAccountName: krbtgt
|
sAMAccountName: krbtgt
|
||||||
sAMAccountType: 805306368
|
sAMAccountType: 805306368
|
||||||
servicePrincipalName: kadmin/changepw
|
servicePrincipalName: kadmin/changepw
|
||||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unicodePwd: ${KRBTGTPASS}
|
unicodePwd: ${KRBTGTPASS}
|
||||||
|
|
||||||
@ -537,14 +484,11 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Domain Computers
|
cn: Domain Computers
|
||||||
description: All workstations and servers joined to the domain
|
description: All workstations and servers joined to the domain
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Domain Computers
|
name: Domain Computers
|
||||||
objectSid: ${DOMAINSID}-515
|
objectSid: ${DOMAINSID}-515
|
||||||
sAMAccountName: Domain Computers
|
sAMAccountName: Domain Computers
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
@ -553,16 +497,12 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Domain Controllers
|
cn: Domain Controllers
|
||||||
description: All domain controllers in the domain
|
description: All domain controllers in the domain
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Domain Controllers
|
name: Domain Controllers
|
||||||
objectSid: ${DOMAINSID}-516
|
objectSid: ${DOMAINSID}-516
|
||||||
adminCount: 1
|
adminCount: 1
|
||||||
sAMAccountName: Domain Controllers
|
sAMAccountName: Domain Controllers
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
dn: CN=Schema Admins,CN=Users,${BASEDN}
|
dn: CN=Schema Admins,CN=Users,${BASEDN}
|
||||||
@ -571,16 +511,12 @@ objectClass: group
|
|||||||
cn: Schema Admins
|
cn: Schema Admins
|
||||||
description: Designated administrators of the schema
|
description: Designated administrators of the schema
|
||||||
member: CN=Administrator,CN=Users,${BASEDN}
|
member: CN=Administrator,CN=Users,${BASEDN}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Schema Admins
|
name: Schema Admins
|
||||||
objectSid: ${DOMAINSID}-518
|
objectSid: ${DOMAINSID}-518
|
||||||
adminCount: 1
|
adminCount: 1
|
||||||
sAMAccountName: Schema Admins
|
sAMAccountName: Schema Admins
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unixName: ${WHEEL}
|
unixName: ${WHEEL}
|
||||||
|
|
||||||
@ -590,7 +526,6 @@ objectClass: group
|
|||||||
cn: Enterprise Admins
|
cn: Enterprise Admins
|
||||||
description: Designated administrators of the enterprise
|
description: Designated administrators of the enterprise
|
||||||
member: CN=Administrator,CN=Users,${BASEDN}
|
member: CN=Administrator,CN=Users,${BASEDN}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
@ -598,9 +533,6 @@ name: Enterprise Admins
|
|||||||
objectSid: ${DOMAINSID}-519
|
objectSid: ${DOMAINSID}-519
|
||||||
adminCount: 1
|
adminCount: 1
|
||||||
sAMAccountName: Enterprise Admins
|
sAMAccountName: Enterprise Admins
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unixName: ${WHEEL}
|
unixName: ${WHEEL}
|
||||||
|
|
||||||
@ -609,14 +541,11 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Cert Publishers
|
cn: Cert Publishers
|
||||||
description: Members of this group are permitted to publish certificates to the Active Directory
|
description: Members of this group are permitted to publish certificates to the Active Directory
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Cert Publishers
|
name: Cert Publishers
|
||||||
objectSid: ${DOMAINSID}-517
|
objectSid: ${DOMAINSID}-517
|
||||||
sAMAccountName: Cert Publishers
|
sAMAccountName: Cert Publishers
|
||||||
sAMAccountType: 0x20000000
|
|
||||||
groupType: 0x80000004
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
@ -626,7 +555,6 @@ objectClass: group
|
|||||||
cn: Domain Admins
|
cn: Domain Admins
|
||||||
description: Designated administrators of the domain
|
description: Designated administrators of the domain
|
||||||
member: CN=Administrator,CN=Users,${BASEDN}
|
member: CN=Administrator,CN=Users,${BASEDN}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
@ -634,9 +562,6 @@ name: Domain Admins
|
|||||||
objectSid: ${DOMAINSID}-512
|
objectSid: ${DOMAINSID}-512
|
||||||
adminCount: 1
|
adminCount: 1
|
||||||
sAMAccountName: Domain Admins
|
sAMAccountName: Domain Admins
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unixName: ${WHEEL}
|
unixName: ${WHEEL}
|
||||||
|
|
||||||
@ -645,16 +570,12 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Domain Users
|
cn: Domain Users
|
||||||
description: All domain users
|
description: All domain users
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
memberOf: CN=Users,CN=Builtin,${BASEDN}
|
memberOf: CN=Users,CN=Builtin,${BASEDN}
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Domain Users
|
name: Domain Users
|
||||||
objectSid: ${DOMAINSID}-513
|
objectSid: ${DOMAINSID}-513
|
||||||
sAMAccountName: Domain Users
|
sAMAccountName: Domain Users
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unixName: ${USERS}
|
unixName: ${USERS}
|
||||||
|
|
||||||
@ -663,16 +584,12 @@ objectClass: top
|
|||||||
objectClass: group
|
objectClass: group
|
||||||
cn: Domain Guests
|
cn: Domain Guests
|
||||||
description: All domain guests
|
description: All domain guests
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Domain Guests
|
name: Domain Guests
|
||||||
objectSid: ${DOMAINSID}-514
|
objectSid: ${DOMAINSID}-514
|
||||||
sAMAccountName: Domain Guests
|
sAMAccountName: Domain Guests
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
||||||
@ -681,14 +598,11 @@ objectClass: group
|
|||||||
cn: Group Policy Creator Owners
|
cn: Group Policy Creator Owners
|
||||||
description: Members in this group can modify group policy for the domain
|
description: Members in this group can modify group policy for the domain
|
||||||
member: CN=Administrator,CN=Users,${BASEDN}
|
member: CN=Administrator,CN=Users,${BASEDN}
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
uSNCreated: 1
|
||||||
uSNChanged: 1
|
uSNChanged: 1
|
||||||
name: Group Policy Creator Owners
|
name: Group Policy Creator Owners
|
||||||
objectSid: ${DOMAINSID}-520
|
objectSid: ${DOMAINSID}-520
|
||||||
sAMAccountName: Group Policy Creator Owners
|
sAMAccountName: Group Policy Creator Owners
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
groupType: 0x80000002
|
|
||||||
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
unixName: ${WHEEL}
|
unixName: ${WHEEL}
|
||||||
@ -752,152 +666,6 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
privilege: SeInteractiveLogonRight
|
privilege: SeInteractiveLogonRight
|
||||||
|
|
||||||
dn: CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: container
|
|
||||||
cn: Templates
|
|
||||||
description: Container for SAM account templates
|
|
||||||
instanceType: 4
|
|
||||||
uSNCreated: 1
|
|
||||||
uSNChanged: 1
|
|
||||||
showInAdvancedViewOnly: TRUE
|
|
||||||
name: Templates
|
|
||||||
systemFlags: 0x8c000000
|
|
||||||
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
||||||
isCriticalSystemObject: TRUE
|
|
||||||
|
|
||||||
###
|
|
||||||
# note! the template users must not match normal searches. Be careful
|
|
||||||
# with what classes you put them in
|
|
||||||
###
|
|
||||||
|
|
||||||
dn: CN=TemplateUser,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: person
|
|
||||||
objectClass: organizationalPerson
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: userTemplate
|
|
||||||
cn: TemplateUser
|
|
||||||
name: TemplateUser
|
|
||||||
instanceType: 4
|
|
||||||
userAccountControl: 0x202
|
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 0
|
|
||||||
pwdLastSet: 0
|
|
||||||
primaryGroupID: 513
|
|
||||||
accountExpires: -1
|
|
||||||
logonCount: 0
|
|
||||||
sAMAccountType: 0x30000000
|
|
||||||
|
|
||||||
dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: userTemplate
|
|
||||||
cn: TemplateMemberServer
|
|
||||||
name: TemplateMemberServer
|
|
||||||
instanceType: 4
|
|
||||||
userAccountControl: 0x1002
|
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 0
|
|
||||||
pwdLastSet: 0
|
|
||||||
primaryGroupID: 513
|
|
||||||
accountExpires: -1
|
|
||||||
logonCount: 0
|
|
||||||
sAMAccountType: 0x30000001
|
|
||||||
|
|
||||||
dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: userTemplate
|
|
||||||
cn: TemplateDomainController
|
|
||||||
name: TemplateDomainController
|
|
||||||
instanceType: 4
|
|
||||||
userAccountControl: 0x2002
|
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 0
|
|
||||||
pwdLastSet: 0
|
|
||||||
primaryGroupID: 513
|
|
||||||
accountExpires: -1
|
|
||||||
logonCount: 0
|
|
||||||
sAMAccountType: 0x30000001
|
|
||||||
|
|
||||||
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: userTemplate
|
|
||||||
cn: TemplateTrustingDomain
|
|
||||||
name: TemplateTrustingDomain
|
|
||||||
instanceType: 4
|
|
||||||
userAccountControl: 0x820
|
|
||||||
badPwdCount: 0
|
|
||||||
codePage: 0
|
|
||||||
countryCode: 0
|
|
||||||
badPasswordTime: 0
|
|
||||||
lastLogoff: 0
|
|
||||||
lastLogon: 0
|
|
||||||
pwdLastSet: 0
|
|
||||||
primaryGroupID: 513
|
|
||||||
accountExpires: -1
|
|
||||||
logonCount: 0
|
|
||||||
sAMAccountType: 0x30000002
|
|
||||||
|
|
||||||
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: groupTemplate
|
|
||||||
cn: TemplateGroup
|
|
||||||
name: TemplateGroup
|
|
||||||
instanceType: 4
|
|
||||||
groupType: 0x80000002
|
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
|
|
||||||
dn: CN=TemplateAlias,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: aliasTemplate
|
|
||||||
cn: TemplateAlias
|
|
||||||
name: TemplateAlias
|
|
||||||
instanceType: 4
|
|
||||||
groupType: 0x80000004
|
|
||||||
sAMAccountType: 0x10000000
|
|
||||||
|
|
||||||
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: foreignSecurityPrincipalTemplate
|
|
||||||
cn: TemplateForeignSecurityPrincipal
|
|
||||||
name: TemplateForeignSecurityPrincipal
|
|
||||||
|
|
||||||
dn: CN=TemplateSecret,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: leaf
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: secretTemplate
|
|
||||||
cn: TemplateSecret
|
|
||||||
name: TemplateSecret
|
|
||||||
instanceType: 4
|
|
||||||
|
|
||||||
dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
|
|
||||||
objectClass: top
|
|
||||||
objectClass: leaf
|
|
||||||
objectClass: Template
|
|
||||||
objectClass: trustedDomainTemplate
|
|
||||||
cn: TemplateTrustedDomain
|
|
||||||
name: TemplateTrustedDomain
|
|
||||||
instanceType: 4
|
|
||||||
|
|
||||||
###############################
|
###############################
|
||||||
# Configuration Naming Context
|
# Configuration Naming Context
|
||||||
###############################
|
###############################
|
||||||
|
|||||||
150
source4/setup/provision_templates.ldif
Normal file
150
source4/setup/provision_templates.ldif
Normal file
@ -0,0 +1,150 @@
|
|||||||
|
dn: CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: container
|
||||||
|
cn: Templates
|
||||||
|
description: Container for SAM account templates
|
||||||
|
instanceType: 4
|
||||||
|
uSNCreated: 1
|
||||||
|
uSNChanged: 1
|
||||||
|
showInAdvancedViewOnly: TRUE
|
||||||
|
name: Templates
|
||||||
|
systemFlags: 0x8c000000
|
||||||
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
|
###
|
||||||
|
# note! the template users must not match normal searches. Be careful
|
||||||
|
# with what classes you put them in
|
||||||
|
###
|
||||||
|
|
||||||
|
dn: CN=TemplateUser,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: person
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: userTemplate
|
||||||
|
cn: TemplateUser
|
||||||
|
name: TemplateUser
|
||||||
|
instanceType: 4
|
||||||
|
userAccountControl: 0x202
|
||||||
|
badPwdCount: 0
|
||||||
|
codePage: 0
|
||||||
|
countryCode: 0
|
||||||
|
badPasswordTime: 0
|
||||||
|
lastLogoff: 0
|
||||||
|
lastLogon: 0
|
||||||
|
pwdLastSet: 0
|
||||||
|
primaryGroupID: 513
|
||||||
|
accountExpires: -1
|
||||||
|
logonCount: 0
|
||||||
|
sAMAccountType: 0x30000000
|
||||||
|
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
|
|
||||||
|
dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: userTemplate
|
||||||
|
cn: TemplateMemberServer
|
||||||
|
name: TemplateMemberServer
|
||||||
|
instanceType: 4
|
||||||
|
userAccountControl: 0x1002
|
||||||
|
badPwdCount: 0
|
||||||
|
codePage: 0
|
||||||
|
countryCode: 0
|
||||||
|
badPasswordTime: 0
|
||||||
|
lastLogoff: 0
|
||||||
|
lastLogon: 0
|
||||||
|
pwdLastSet: 0
|
||||||
|
primaryGroupID: 513
|
||||||
|
accountExpires: -1
|
||||||
|
logonCount: 0
|
||||||
|
sAMAccountType: 0x30000001
|
||||||
|
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
|
|
||||||
|
dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: userTemplate
|
||||||
|
cn: TemplateDomainController
|
||||||
|
name: TemplateDomainController
|
||||||
|
instanceType: 4
|
||||||
|
userAccountControl: 0x2002
|
||||||
|
badPwdCount: 0
|
||||||
|
codePage: 0
|
||||||
|
countryCode: 0
|
||||||
|
badPasswordTime: 0
|
||||||
|
lastLogoff: 0
|
||||||
|
lastLogon: 0
|
||||||
|
pwdLastSet: 0
|
||||||
|
primaryGroupID: 513
|
||||||
|
accountExpires: -1
|
||||||
|
logonCount: 0
|
||||||
|
sAMAccountType: 0x30000001
|
||||||
|
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
|
|
||||||
|
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: userTemplate
|
||||||
|
cn: TemplateTrustingDomain
|
||||||
|
name: TemplateTrustingDomain
|
||||||
|
instanceType: 4
|
||||||
|
userAccountControl: 0x820
|
||||||
|
badPwdCount: 0
|
||||||
|
codePage: 0
|
||||||
|
countryCode: 0
|
||||||
|
badPasswordTime: 0
|
||||||
|
lastLogoff: 0
|
||||||
|
lastLogon: 0
|
||||||
|
pwdLastSet: 0
|
||||||
|
primaryGroupID: 513
|
||||||
|
accountExpires: -1
|
||||||
|
logonCount: 0
|
||||||
|
sAMAccountType: 0x30000002
|
||||||
|
|
||||||
|
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: groupTemplate
|
||||||
|
cn: TemplateGroup
|
||||||
|
name: TemplateGroup
|
||||||
|
instanceType: 4
|
||||||
|
groupType: 0x80000002
|
||||||
|
sAMAccountType: 0x10000000
|
||||||
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
||||||
|
|
||||||
|
dn: CN=TemplateAlias,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: aliasTemplate
|
||||||
|
cn: TemplateAlias
|
||||||
|
name: TemplateAlias
|
||||||
|
instanceType: 4
|
||||||
|
groupType: 0x80000004
|
||||||
|
sAMAccountType: 0x10000000
|
||||||
|
|
||||||
|
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: foreignSecurityPrincipalTemplate
|
||||||
|
cn: TemplateForeignSecurityPrincipal
|
||||||
|
name: TemplateForeignSecurityPrincipal
|
||||||
|
|
||||||
|
dn: CN=TemplateSecret,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: leaf
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: secretTemplate
|
||||||
|
cn: TemplateSecret
|
||||||
|
name: TemplateSecret
|
||||||
|
instanceType: 4
|
||||||
|
|
||||||
|
dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: leaf
|
||||||
|
objectClass: Template
|
||||||
|
objectClass: trustedDomainTemplate
|
||||||
|
cn: TemplateTrustedDomain
|
||||||
|
name: TemplateTrustedDomain
|
||||||
|
instanceType: 4
|
||||||
|
|
||||||
Reference in New Issue
Block a user