From 0c882402360a10b19a038bce9f87e241051c9ba8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 11:36:58 +1100 Subject: Rework to have member server 'domains' be CN=NETBIOSNAME This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402) --- source4/dsdb/common/util.c | 2 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 2 +- source4/scripting/python/samba/provision.py | 6 ++++ source4/selftest/target/Samba4.pm | 2 +- source4/setup/provision_basedn.ldif | 3 +- source4/setup/schema_samba4.ldif | 38 ++++++++++++++++++++++++++ 7 files changed, 49 insertions(+), 6 deletions(-) diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 88c8afd6cc..3be60ac452 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1464,7 +1464,7 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, while ((sdn = ldb_dn_get_parent(local_ctx, sdn))) { ret = ldb_search(ldb, sdn, LDB_SCOPE_BASE, - "(|(objectClass=domain)(objectClass=builtinDomain))", attrs, &res); + "(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain))", attrs, &res); if (ret == LDB_SUCCESS) { talloc_steal(local_ctx, res); if (res->count == 1) { diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index aa64700f2f..ec19e0d49e 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1220,7 +1220,7 @@ static int build_domain_data_request(struct ph_context *ac) ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(objectClass=domain)(objectClass=builtinDomain)))", + filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid)); if (filter == NULL) { ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 8193e0a882..da03d83dbc 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -425,7 +425,7 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL, &dom_msgs, dom_attrs, - "(&(objectSid=%s)(&(|(objectclass=domain)(objectClass=builtinDomain))))", + "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (ret == 0) { return NT_STATUS_NO_SUCH_DOMAIN; diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index f9604a84b2..25316e888a 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -763,9 +763,15 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, try: message("Adding DomainDN: %s (permitted to fail)" % names.domaindn) + if serverrole == "domain controller": + domain_oc = "domainDNS" + else: + domain_oc = "samba4LocalDomain" + setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), { "DOMAINDN": names.domaindn, "ACI": aci, + "DOMAIN_OC": domain_oc }) message("Modifying DomainDN: " + names.domaindn + "") diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm index 2b94135355..416a376f68 100644 --- a/source4/selftest/target/Samba4.pm +++ b/source4/selftest/target/Samba4.pm @@ -544,7 +544,7 @@ sub provision($$$$$$) my $localbasedn = $basedn; - $localbasedn = "DC=$netbiosname" if $server_role eq "member server"; + $localbasedn = "CN=$netbiosname" if $server_role eq "member server"; open(CONFFILE, ">$conffile"); print CONFFILE " diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 11eb0593e8..7fdecfa3c0 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -3,7 +3,6 @@ ################################ dn: ${DOMAINDN} objectClass: top -objectClass: domain -objectClass: domainDNS +objectClass: ${DOMAIN_OC} ${ACI} diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 8bd1705468..7146091c8e 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -194,3 +194,41 @@ attributeID: 1.3.6.1.4.1.7165.4.1.11 attributeSyntax: 2.5.5.4 oMSyntax: 20 +# +# Based on domainDNS, but without the DNS bits. +# + +dn: CN=Samba4-Local-Domain,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.3.6.1.4.1.7165.4.2.2 +possibleInferiors: group +possibleInferiors: lostAndFound +possibleInferiors: builtinDomain +possibleInferiors: computer +possibleInferiors: user +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: organization +possibleInferiors: domainDNS +possibleInferiors: locality +possibleInferiors: msDS-AzAdminManager +possibleInferiors: country +possibleInferiors: organizationalUnit +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Samba4-Local-Domain +adminDescription: Samba4-Local-Domain +systemMayContain: msDS-Behavior-Version +systemMayContain: managedBy +objectClassCategory: 1 +lDAPDisplayName: samba4LocalDomain +schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293 +systemOnly: FALSE +systemAuxiliaryClass: samDomainBase +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE +defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN} + -- cgit