1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00

r23720: Allow the member server to work against an LDAP Backend. Another case

where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal.  (Easier to just skip the useless self-join).

Andrew Bartlett
(This used to be commit 49ff929be6)
This commit is contained in:
Andrew Bartlett 2007-07-05 06:15:40 +00:00 committed by Gerald (Jerry) Carter
parent cc0756c302
commit 967866f170
4 changed files with 37 additions and 25 deletions

View File

@ -700,6 +700,11 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
message("Setting up sam.ldb users and groups\n");
setup_add_ldif("provision_users.ldif", info, samdb, false);
if (lp.get("server role") == "domain controller") {
message("Setting up self join\n");
setup_add_ldif("provision_self_join.ldif", info, samdb, false);
}
if (setup_name_mappings(info, samdb) == false) {
return false;
}
@ -769,6 +774,11 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
/* Write out a DNS zone file, from the info in the current database */
function provision_dns(subobj, message, paths, session_info, credentials)
{
var lp = loadparm_init();
if (lp.get("server role") != "domain controller") {
message("No DNS zone required for role %s\n", lp.get("server role"));
return;
}
message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
var ldb = ldb_init();
ldb.session_info = session_info;

View File

@ -281,6 +281,8 @@ sub provision($$$$$$)
$localdomain = $netbiosname if $server_role eq "member server";
my $localrealm = $realm;
$localrealm = $netbiosname if $server_role eq "member server";
my $localbasedn = $basedn;
$localbasedn = "DC=$netbiosname" if $server_role eq "member server";
open(CONFFILE, ">$conffile");
print CONFFILE "
@ -400,7 +402,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi
push (@provision_options, "--krbtgtpass=krbtgt$password");
push (@provision_options, "--machinepass=machine$password");
push (@provision_options, "--root=$root");
push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn");
push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn");
push (@provision_options, "--password=$password");
push (@provision_options, "--root=$root");
@ -430,7 +432,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi
if (defined($self->{ldap})) {
push (@provision_options, "--ldap-backend=$ldap_uri");
system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$localrealm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
if ($self->{ldap} eq "openldap") {
($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");

View File

@ -0,0 +1,23 @@
#Join the DC to itself by default
dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
objectClass: computer
cn: ${NETBIOSNAME}
userAccountControl: 532480
localPolicyFlags: 0
primaryGroupID: 516
accountExpires: 9223372036854775807
sAMAccountName: ${NETBIOSNAME}$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0
dNSHostName: ${DNSNAME}
isCriticalSystemObject: TRUE
sambaPassword: ${MACHINEPASS}
servicePrincipalName: HOST/${DNSNAME}
servicePrincipalName: HOST/${NETBIOSNAME}
servicePrincipalName: HOST/${DNSNAME}/${REALM}
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
${HOSTGUID_ADD}

View File

@ -67,29 +67,6 @@ privilege: SeInteractiveLogonRight
privilege: SeNetworkLogonRight
privilege: SeRemoteInteractiveLogonRight
dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
objectClass: computer
cn: ${NETBIOSNAME}
userAccountControl: 532480
localPolicyFlags: 0
primaryGroupID: 516
accountExpires: 9223372036854775807
sAMAccountName: ${NETBIOSNAME}$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0
dNSHostName: ${DNSNAME}
isCriticalSystemObject: TRUE
sambaPassword: ${MACHINEPASS}
servicePrincipalName: HOST/${DNSNAME}
servicePrincipalName: HOST/${NETBIOSNAME}
servicePrincipalName: HOST/${DNSNAME}/${REALM}
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
${HOSTGUID_ADD}
dn: CN=Users,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group