1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/setup/provision_init.ldif
Andrew Bartlett c82c9fe7bb r12599: This new LDB module (and associated changes) allows Samba4 to operate
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).

The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code.  We also update the msDS-KeyVersionNumber, and the password
history.  This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.

By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic.  (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB.  This simplfies the KDC code.).

It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e902274321)
2007-10-10 13:49:01 -05:00

75 lines
2.0 KiB
Plaintext

dn: @INDEXLIST
@IDXATTR: name
@IDXATTR: sAMAccountName
@IDXATTR: objectSid
@IDXATTR: objectClass
@IDXATTR: member
@IDXATTR: unixID
@IDXATTR: unixName
@IDXATTR: privilege
@IDXATTR: nCName
dn: @ATTRIBUTES
userPrincipalName: CASE_INSENSITIVE
servicePrincipalName: CASE_INSENSITIVE
dnsDomain: CASE_INSENSITIVE
dnsRoot: CASE_INSENSITIVE
nETBIOSName: CASE_INSENSITIVE
cn: CASE_INSENSITIVE
dc: CASE_INSENSITIVE
name: CASE_INSENSITIVE
dn: CASE_INSENSITIVE
sAMAccountName: CASE_INSENSITIVE
objectClass: CASE_INSENSITIVE
unicodePwd: HIDDEN
krb5Key: HIDDEN
ntPwdHash: HIDDEN
ntPwdHistory: HIDDEN
lmPwdHash: HIDDEN
lmPwdHistory: HIDDEN
createTimestamp: HIDDEN
modifyTimestamp: HIDDEN
groupType: INTEGER
sAMAccountType: INTEGER
systemFlags: INTEGER
userAccountControl: INTEGER
dn: @SUBCLASSES
top: domain
top: person
top: group
domain: domainDNS
domain: builtinDomain
person: organizationalPerson
organizationalPerson: user
user: computer
template: userTemplate
template: groupTemplate
# the rootDSE module looks in this record for its base data
dn: cn=ROOTDSE
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN}
dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN}
namingContexts: ${BASEDN}
namingContexts: CN=Configuration,${BASEDN}
namingContexts: CN=Schema,CN=Configuration,${BASEDN}
defaultNamingContext: ${BASEDN}
rootDomainNamingContext: ${BASEDN}
configurationNamingContext: CN=Configuration,${BASEDN}
schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN}
supportedLDAPVersion: 3
supportedSASLMechanisms: GSS-SPNEGO
dnsHostName: ${DNSNAME}
ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN}
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
isSynchronized: TRUE
#Add modules to the list to activate them by default
#beware often order is important
dn: @MODULES
@LIST: rootdse,samldb,password_hash,operational,objectguid,rdn_name