s4:provision - adapt the "provision" so that SIDs are only set on entry creation

SID modifications are denied.

source4/scripting/python/samba/provision.py

@@ -1127,22 +1127,18 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
         descr = b64encode(get_domain_descriptor(domainsid))
         setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
                 "DOMAINDN": names.domaindn,
-                "DOMAINGUID": domainguid_line,
-                "DESCRIPTOR": descr
+                "DOMAINSID": str(domainsid),
+                "DESCRIPTOR": descr,
+                "DOMAINGUID": domainguid_line
                 })
 
-
         setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
+            "DOMAINDN": names.domaindn,
             "CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
-            "DOMAINSID": str(domainsid),
             "NEXTRID": str(next_rid),
-            "SCHEMADN": names.schemadn, 
-            "NETBIOSNAME": names.netbiosname,
             "DEFAULTSITE": names.sitename,
             "CONFIGDN": names.configdn,
-            "SERVERDN": names.serverdn,
             "POLICYGUID": policyguid,
-            "DOMAINDN": names.domaindn,
             "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
             "SAMBA_VERSION_STRING": version
             })

source4/setup/provision_basedn.ldif

@@ -5,5 +5,6 @@ dn: ${DOMAINDN}
 objectClass: top
 objectClass: domaindns
 instanceType: 5
+objectSid: ${DOMAINSID}
 nTSecurityDescriptor:: ${DESCRIPTOR}
 ${DOMAINGUID}

source4/setup/provision_basedn_modify.ldif

@@ -72,9 +72,6 @@ nextRid: ${NEXTRID}
 replace: nTMixedDomain
 nTMixedDomain: 0
 -
-replace: objectSid
-objectSid: ${DOMAINSID}
--
 # This does only exist in SAMBA
 replace: oEMInformation
 oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}