mirror of
https://github.com/samba-team/samba.git
synced 2025-01-13 13:18:06 +03:00
f77c410084
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
125 lines
2.8 KiB
Plaintext
125 lines
2.8 KiB
Plaintext
dn: CN=Templates
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Templates
|
|
description: Container for SAM account templates
|
|
instanceType: 4
|
|
showInAdvancedViewOnly: TRUE
|
|
systemFlags: 2348810240
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
###
|
|
# note! the template users must not match normal searches. Be careful
|
|
# with what classes you put them in
|
|
###
|
|
|
|
dn: CN=TemplateUser,CN=Templates
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateUser
|
|
instanceType: 4
|
|
userAccountControl: 514
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 805306368
|
|
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateComputer,CN=Templates
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateComputer
|
|
instanceType: 4
|
|
userAccountControl: 4098
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 805306369
|
|
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateTrustingDomain,CN=Templates
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateTrustingDomain
|
|
instanceType: 4
|
|
userAccountControl: 2080
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 805306370
|
|
|
|
dn: CN=TemplateGroup,CN=Templates
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: groupTemplate
|
|
cn: TemplateGroup
|
|
instanceType: 4
|
|
groupType: -2147483646
|
|
sAMAccountType: 268435456
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
# Currently this isn't used, we don't have a way to detect it different from an incoming alias
|
|
#
|
|
# dn: CN=TemplateAlias,CN=Templates
|
|
# objectClass: top
|
|
# objectClass: Template
|
|
# objectClass: aliasTemplate
|
|
# cn: TemplateAlias
|
|
# instanceType: 4
|
|
# groupType: -2147483644
|
|
# sAMAccountType: 268435456
|
|
|
|
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: foreignSecurityPrincipalTemplate
|
|
cn: TemplateForeignSecurityPrincipal
|
|
instanceType: 4
|
|
showInAdvancedViewOnly: TRUE
|
|
objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateSecret,CN=Templates
|
|
objectClass: top
|
|
objectClass: leaf
|
|
objectClass: Template
|
|
objectClass: secretTemplate
|
|
cn: TemplateSecret
|
|
instanceType: 4
|
|
|
|
dn: CN=TemplateTrustedDomain,CN=Templates
|
|
objectClass: top
|
|
objectClass: leaf
|
|
objectClass: Template
|
|
objectClass: trustedDomainTemplate
|
|
cn: TemplateTrustedDomain
|
|
instanceType: 4
|
|
|