mirror of
https://github.com/samba-team/samba.git
synced 2024-12-31 17:18:04 +03:00
s4-provision Perform 'modify' operations as system
We need this so that we can modify the cn=configuration partition when we are setting up a new subdomain. The serverReference on our ${SERVERDN} is in that partition, and without this change creating a new subdomain fails due to ACLs. Andrew Bartlett
This commit is contained in:
parent
840448eae8
commit
c271b71420
@ -1065,7 +1065,7 @@ def setup_samdb_rootdse(samdb, names):
|
||||
})
|
||||
|
||||
|
||||
def setup_self_join(samdb, names, fill, machinepass, dnspass,
|
||||
def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass,
|
||||
domainsid, next_rid, invocationid,
|
||||
policyguid, policyguid_dc, domainControllerFunctionality,
|
||||
ntdsguid, dc_rid=None):
|
||||
@ -1093,7 +1093,9 @@ def setup_self_join(samdb, names, fill, machinepass, dnspass,
|
||||
"SAMBA_VERSION_STRING": version,
|
||||
"NTDSGUID": ntdsguid_line,
|
||||
"DOMAIN_CONTROLLER_FUNCTIONALITY": str(
|
||||
domainControllerFunctionality)})
|
||||
domainControllerFunctionality),
|
||||
"RIDALLOCATIONSTART": str(next_rid + 100),
|
||||
"RIDALLOCATIONEND": str(next_rid + 100 + 499)})
|
||||
|
||||
setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
|
||||
"POLICYGUID": policyguid,
|
||||
@ -1124,18 +1126,24 @@ def setup_self_join(samdb, names, fill, machinepass, dnspass,
|
||||
"CONFIGDN": names.configdn,
|
||||
"SCHEMADN": names.schemadn,
|
||||
"DEFAULTSITE": names.sitename,
|
||||
"NETBIOSNAME": names.netbiosname,
|
||||
"SERVERDN": names.serverdn,
|
||||
})
|
||||
|
||||
system_session_info = system_session()
|
||||
samdb.set_session_info(system_session_info)
|
||||
# Setup fSMORoleOwner entries to point at the newly created DC entry
|
||||
|
||||
# to modify a serverReference under cn=config when we are a subdomain, we must
|
||||
# be system due to ACLs
|
||||
setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
|
||||
"DOMAINDN": names.domaindn,
|
||||
"SERVERDN": names.serverdn,
|
||||
"NETBIOSNAME": names.netbiosname,
|
||||
"RIDALLOCATIONSTART": str(next_rid + 100),
|
||||
"RIDALLOCATIONEND": str(next_rid + 100 + 499),
|
||||
})
|
||||
|
||||
samdb.set_session_info(admin_session_info)
|
||||
|
||||
# This is Samba4 specific and should be replaced by the correct
|
||||
# DNS AD-style setup
|
||||
setup_add_ldif(samdb, setup_path("provision_dns_add_samba.ldif"), {
|
||||
@ -1425,7 +1433,7 @@ def fill_samdb(samdb, lp, names,
|
||||
})
|
||||
|
||||
logger.info("Setting up self join")
|
||||
setup_self_join(samdb, names=names, fill=fill, invocationid=invocationid,
|
||||
setup_self_join(samdb, admin_session_info, names=names, fill=fill, invocationid=invocationid,
|
||||
dnspass=dnspass,
|
||||
machinepass=machinepass,
|
||||
domainsid=domainsid,
|
||||
|
@ -20,3 +20,10 @@ sAMAccountName: ${NETBIOSNAME}$
|
||||
userAccountControl: 532480
|
||||
clearTextPassword:: ${MACHINEPASS_B64}
|
||||
objectSid: ${DOMAINSID}-${DCRID}
|
||||
|
||||
dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
||||
objectClass: rIDSet
|
||||
rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
|
||||
rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
|
||||
rIDUsedPool: 0
|
||||
rIDNextRID: ${RIDALLOCATIONSTART}
|
||||
|
@ -15,14 +15,6 @@ changetype: modify
|
||||
replace: fSMORoleOwner
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
|
||||
dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
||||
changetype: add
|
||||
objectClass: rIDSet
|
||||
rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
|
||||
rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
|
||||
rIDUsedPool: 0
|
||||
rIDNextRID: ${RIDALLOCATIONSTART}
|
||||
|
||||
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
||||
changetype: modify
|
||||
add: rIDSetReferences
|
||||
|
Loading…
Reference in New Issue
Block a user