[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-957-g159a33a

Matthias Dieter Wallnöfer mdw at samba.org
Wed Aug 12 03:30:31 MDT 2009


The branch, master has been updated
       via  159a33a7d4cb69b5487acb183cbf56a584048734 (commit)
       via  9126b75aaed91d79c5b5388613a9cdbb6d898894 (commit)
       via  b255a41dca63a68f404e37b7eb46b54070bea466 (commit)
       via  fe767d4b70665bf8cf825455cb2c1db3fc2a1217 (commit)
       via  7fc94932ad28880caed82155d65dcbfe8530e791 (commit)
       via  8fcf1b988ad5c2338a75631696c32a31116708f1 (commit)
       via  c73984a5c9966f9c90549e753764ae071670e15f (commit)
      from  5796da6948379ffc101e813a4d68676e4a661c61 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 159a33a7d4cb69b5487acb183cbf56a584048734
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Aug 11 12:25:13 2009 +0200

    s4:test for "primaryGroupToken"
    
    Tests for the right behaviour of this introduced constructed attribute.
    Since we don't support the read-only-ness of those attributes yet, I commented
    some lines out.
    Also I had to add a function for python which converts domain SIDs in RIDs.
    And a small fix for the "groupType" test.

commit 9126b75aaed91d79c5b5388613a9cdbb6d898894
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Mon Aug 10 13:19:18 2009 +0200

    s4:samldb module - Remove duplicate line

commit b255a41dca63a68f404e37b7eb46b54070bea466
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Mon Aug 10 13:16:41 2009 +0200

    s4:operational module - move and enhancements
    
    This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules"
    (suggested by abartlet) and enhances it for supporting dynamic generated
    "primaryGroupToken" for AD groups. This should fix bug #6466.

commit fe767d4b70665bf8cf825455cb2c1db3fc2a1217
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Mon Aug 10 11:06:33 2009 +0200

    s4:pwsettings script - Fix a small glitch
    
    This fixes the problem with the setting and getting of the "minPwdAge" and
    "maxPwdAge" attributes. I wanted to handle them in days but forgot to add
    conversions (from "ticks" (tenth of microsecond) -> "days" and backwards).

commit 7fc94932ad28880caed82155d65dcbfe8530e791
Author: Kouhei Sutou <kou at clear-code.com>
Date:   Mon Aug 10 12:18:58 2009 +0900

    Rename ASN1_BITFIELD to ASN1_BIT_STRING.
    
    X.690 uses "BIT STRING" not "BIT FIELD".

commit 8fcf1b988ad5c2338a75631696c32a31116708f1
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Mon Aug 10 10:12:51 2009 +0200

    torture/basic: in run_derefopen() the file could have been deleted before the last unlink
    
    Through a suggestion pointed out in bug #6622 the test file sometimes doesn't exist on
    the last turn anymore. So we haven't to fail here since it could have been deleted by
    a concurrent process (e.g. when the same test runs multiple times). Therefore also
    NT_STATUS_OBJECT_NAME_NOT_FOUND is an acceptable result.

commit c73984a5c9966f9c90549e753764ae071670e15f
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Sat Aug 8 13:50:10 2009 +0200

    s4:AD LDIFs - More refactoring
    
    This commit includes:
    - Additional static object data in SAMBA 4's AD to start supporting of
      - forest updates, - lost and found, - quotas on DS, - physical locations,
      - licensing of sites, - subnets, - policies for WMI, - DNS entries in AD
    - Reordering of provision*.ldif files to be able to find entries and make future
      additions easier
    - Add comments in provision*.ldif files to point out where subentries are located
      when they are based in other LDIFs
    - Removations of autogenerated "cn" attributes

-----------------------------------------------------------------------

Summary of changes:
 lib/util/asn1.h                                    |    2 +-
 source3/libsmb/clispnego.c                         |    2 +-
 source4/dsdb/samdb/ldb_modules/config.mk           |   11 +
 .../samdb/ldb_modules}/operational.c               |   63 ++++-
 source4/dsdb/samdb/ldb_modules/samldb.c            |    1 -
 source4/lib/ldb/config.mk                          |   12 -
 source4/lib/ldb/tests/python/ldap.py               |   68 ++++-
 source4/scripting/python/pyglue.c                  |   23 ++
 source4/setup/provision.ldif                       |   36 +++
 source4/setup/provision_configuration.ldif         |  285 +++++++++-----------
 source4/setup/provision_self_join.ldif             |    6 +-
 source4/setup/provision_users.ldif                 |   61 -----
 source4/setup/pwsettings                           |   15 +-
 source4/torture/basic/base.c                       |    8 +-
 14 files changed, 325 insertions(+), 268 deletions(-)
 rename source4/{lib/ldb/modules => dsdb/samdb/ldb_modules}/operational.c (86%)


Changeset truncated at 500 lines:

diff --git a/lib/util/asn1.h b/lib/util/asn1.h
index b147ccc..4c66240 100644
--- a/lib/util/asn1.h
+++ b/lib/util/asn1.h
@@ -46,7 +46,7 @@ typedef struct asn1_data ASN1_DATA;
 #define ASN1_OID 0x6
 #define ASN1_BOOLEAN 0x1
 #define ASN1_INTEGER 0x2
-#define ASN1_BITFIELD 0x3
+#define ASN1_BIT_STRING 0x3
 #define ASN1_ENUMERATED 0xa
 #define ASN1_SET 0x31
 
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index e586d97..74dba56 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -268,7 +268,7 @@ bool parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *se
 		uint8 flags;
 
 		asn1_start_tag(data, ASN1_CONTEXT(1));
-		asn1_start_tag(data, ASN1_BITFIELD);
+		asn1_start_tag(data, ASN1_BIT_STRING);
 		while (asn1_tag_remaining(data) > 0)
 			asn1_read_uint8(data, &flags);
 		asn1_end_tag(data);
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index c039dda..18144dd 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -323,3 +323,14 @@ SUBSYSTEM = LIBLDB
 
 ldb_instancetype_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/instancetype.o
 
+################################################
+# Start MODULE ldb_operational
+[MODULE::ldb_operational]
+SUBSYSTEM = LIBLDB
+CFLAGS = -Ilib/ldb/include
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBTEVENT
+INIT_FUNCTION = LDB_MODULE(operational)
+# End MODULE ldb_operational
+################################################
+
+ldb_operational_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/operational.o
diff --git a/source4/lib/ldb/modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
similarity index 86%
rename from source4/lib/ldb/modules/operational.c
rename to source4/dsdb/samdb/ldb_modules/operational.c
index 77b0014..9cbe1db 100644
--- a/source4/lib/ldb/modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -1,13 +1,14 @@
-/* 
+/*
    ldb database library
 
    Copyright (C) Andrew Tridgell 2005
    Copyright (C) Simo Sorce 2006-2008
+   Copyright (C) Matthias Dieter Wallnöfer 2009
 
      ** NOTE! The following LGPL license applies to the ldb
      ** library. This does NOT imply that all of Samba is released
      ** under the LGPL
-   
+
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License as published by the Free Software Foundation; either
@@ -21,6 +22,7 @@
    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */
+
 /*
   handle operational attributes
  */
@@ -48,22 +50,26 @@
      on modify we need to change whenChanged
 
 
-  subschemaSubentry: HIDDEN, not-searchable, 
+  subschemaSubentry: HIDDEN, not-searchable,
                      points at DN CN=Aggregate,$SCHEMADN
 
      for this one we do the search as normal, then add the static
      value if requested. How do we work out the $BASEDN from inside a
      module?
-     
 
   structuralObjectClass: HIDDEN, CONSTRUCTED, not-searchable. always same as objectclass?
 
      for this one we do the search as normal, then if requested ask
      for objectclass, change the attribute name, and add it
 
-  allowedAttributesEffective: HIDDEN, CONSTRUCTED, not-searchable, 
+  allowedAttributesEffective: HIDDEN, CONSTRUCTED, not-searchable,
+
      list of attributes that can be modified - requires schema lookup
 
+  primaryGroupToken: HIDDEN, CONSTRUCTED, SEARCHABLE
+
+     contains the RID of a certain group object
+    
 
   attributeTypes: in schema only
   objectClasses: in schema only
@@ -76,6 +82,9 @@
 #include "ldb_includes.h"
 #include "ldb_module.h"
 
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+
 #ifndef ARRAY_SIZE
 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
 #endif
@@ -83,7 +92,8 @@
 /*
   construct a canonical name from a message
 */
-static int construct_canonical_name(struct ldb_module *module, struct ldb_message *msg)
+static int construct_canonical_name(struct ldb_module *module,
+	struct ldb_message *msg)
 {
 	char *canonicalName;
 	canonicalName = ldb_dn_canonical_string(msg, msg->dn);
@@ -94,6 +104,28 @@ static int construct_canonical_name(struct ldb_module *module, struct ldb_messag
 }
 
 /*
+  construct a primary group token for groups from a message
+*/
+static int construct_primary_group_token(struct ldb_module *module,
+	struct ldb_message *msg)
+{
+	struct ldb_context *ldb;
+	uint32_t primary_group_token;
+
+	ldb = ldb_module_get_ctx(module);
+
+	if (samdb_search_count(ldb, ldb, msg->dn, "(objectclass=group)") == 1) {
+		primary_group_token
+			= samdb_result_rid_from_sid(ldb, msg, "objectSid", 0);
+		return samdb_msg_add_int(ldb, ldb, msg, "primaryGroupToken",
+			primary_group_token);
+	} else {
+		return LDB_SUCCESS;
+	}
+}
+
+
+/*
   a list of attribute names that should be substituted in the parse
   tree before the search is done
 */
@@ -118,17 +150,18 @@ static const struct {
 	{ "createTimestamp", "whenCreated", NULL },
 	{ "modifyTimestamp", "whenChanged", NULL },
 	{ "structuralObjectClass", "objectClass", NULL },
-	{ "canonicalName", "distinguishedName", construct_canonical_name }
+	{ "canonicalName", "distinguishedName", construct_canonical_name },
+	{ "primaryGroupToken", "objectSid", construct_primary_group_token }
 };
 
 /*
   post process a search result record. For any search_sub[] attributes that were
   asked for, we need to call the appropriate copy routine to copy the result
-  into the message, then remove any attributes that we added to the search but were
-  not asked for by the user
+  into the message, then remove any attributes that we added to the search but
+  were not asked for by the user
 */
 static int operational_search_post_process(struct ldb_module *module,
-					   struct ldb_message *msg, 
+					   struct ldb_message *msg,
 					   const char * const *attrs)
 {
 	struct ldb_context *ldb;
@@ -142,7 +175,7 @@ static int operational_search_post_process(struct ldb_module *module,
 				continue;
 			}
 
-			/* construct the new attribute, using either a supplied 
+			/* construct the new attribute, using either a supplied
 			   constructor or a simple copy */
 			if (search_sub[i].constructor) {
 				if (search_sub[i].constructor(module, msg) != 0) {
@@ -154,8 +187,8 @@ static int operational_search_post_process(struct ldb_module *module,
 				goto failed;
 			}
 
-			/* remove the added search attribute, unless it was asked for 
-			   by the user */
+			/* remove the added search attribute, unless it was
+ 			   asked for by the user */
 			if (search_sub[i].replace == NULL ||
 			    ldb_attr_in_list(attrs, search_sub[i].replace) ||
 			    ldb_attr_in_list(attrs, "*")) {
@@ -256,8 +289,8 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req
 	   searchable, but are stored using a different name in the
 	   backend */
 	for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
-		ldb_parse_tree_attr_replace(req->op.search.tree, 
-					    parse_tree_sub[i].attr, 
+		ldb_parse_tree_attr_replace(req->op.search.tree,
+					    parse_tree_sub[i].attr,
 					    parse_tree_sub[i].replace);
 	}
 
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 037d5c9..e022984 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -296,7 +296,6 @@ static int samldb_apply_template(struct samldb_ctx *ac)
 		    ldb_attr_cmp(el->name, "name") == 0 ||
 		    ldb_attr_cmp(el->name, "objectClass") == 0 ||
 		    ldb_attr_cmp(el->name, "sAMAccountName") == 0 ||
-		    ldb_attr_cmp(el->name, "sAMAccountName") == 0 ||
 		    ldb_attr_cmp(el->name, "distinguishedName") == 0 ||
 		    ldb_attr_cmp(el->name, "objectGUID") == 0) {
 			continue;
diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk
index 6fcf394..4a1f814 100644
--- a/source4/lib/ldb/config.mk
+++ b/source4/lib/ldb/config.mk
@@ -47,18 +47,6 @@ SUBSYSTEM = LIBLDB
 ldb_paged_searches_OBJ_FILES = $(ldbsrcdir)/modules/paged_searches.o
 
 ################################################
-# Start MODULE ldb_operational
-[MODULE::ldb_operational]
-SUBSYSTEM = LIBLDB
-CFLAGS = -I$(ldbsrcdir)/include
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBTEVENT
-INIT_FUNCTION = LDB_MODULE(operational)
-# End MODULE ldb_operational
-################################################
-
-ldb_operational_OBJ_FILES = $(ldbsrcdir)/modules/operational.o
-
-################################################
 # Start MODULE ldb_rdn_name
 [MODULE::ldb_rdn_name]
 SUBSYSTEM = LIBLDB
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index 7bc4b3f..00fb307 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -17,9 +17,11 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
 from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
 from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
 from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
+from ldb import Message, Dn
 from samba import Ldb
 from subunit import SubunitTestRunner
 from samba import param
+from samba import glue
 import unittest
 
 parser = optparse.OptionParser("ldap [options] <host>")
@@ -125,21 +127,67 @@ class BasicTests(unittest.TestCase):
         ldb.delete("cn=testotherusers," + self.base_dn)
 
     def test_groupType(self):
-        """Test groupType behaviour 
-        (should appear to be casted to a 32 bit signed integer before comparsion)"""
+        """Test groupType behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
         print "Testing groupType behaviour\n"
         
         res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
-                          attrs=["groupType"], expression="groupType=2147483650");
+                          attrs=["groupType"], expression="groupType=2147483653");
 
         res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
-                          attrs=["groupType"], expression="groupType=-2147483646");
+                          attrs=["groupType"], expression="groupType=-2147483643");
 
         self.assertEquals(len(res1), len(res2))
 
         self.assertTrue(res1.count > 0)
 
-        self.assertEquals(res1[0]["groupType"][0], "-2147483646")
+        self.assertEquals(res1[0]["groupType"][0], "-2147483643")
+
+    def test_primary_group_token(self):
+        """Test the primary group token behaviour (hidden-generated-readonly attribute on groups)"""
+        print "Testing primary group token behaviour\n"
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
+            "objectclass": ["user", "person"],
+            "cN": "LDAPtestUSER",
+            "givenname": "ldap",
+            "sn": "testy"})
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
+            "objectclass": "group",
+            "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
+
+        res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken"])
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+
+	res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE)
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
+        self.assertTrue(len(res1) == 1)
+        primary_group_token = int(res1[0]["primaryGroupToken"][0])
+
+	rid = glue.dom_sid_to_rid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0]))
+        self.assertEquals(primary_group_token, rid)
+
+# Has to wait until we support read-only generated attributes correctly
+#        m = Message()
+#        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+#        m["primaryGroupToken"] = "100"
+#        try:
+#                ldb.modify(m)
+#                self.fail()
+#        except LdbError, (num, msg):
+#                print msg
+
+        self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
 
     def test_all(self):
         """Basic tests"""
@@ -148,11 +196,11 @@ class BasicTests(unittest.TestCase):
 
         print "Testing user add"
         ldb.add({
-        "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
-        "objectclass": ["user", "person"],
-        "cN": "LDAPtestUSER",
-        "givenname": "ldap",
-        "sn": "testy"})
+            "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
+            "objectclass": ["user", "person"],
+            "cN": "LDAPtestUSER",
+            "givenname": "ldap",
+            "sn": "testy"})
 
         ldb.add({
             "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 0869d2f..95255dc 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -327,6 +327,27 @@ static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self, PyObject *ar
 	return ret;
 }
 
+static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
+{
+	PyObject *py_sid;
+	struct dom_sid *sid;
+	uint32_t rid;
+	NTSTATUS status;
+	
+	if(!PyArg_ParseTuple(args, "O", &py_sid))
+		return NULL;
+
+	sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
+
+	status = dom_sid_split_rid(NULL, sid, NULL, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
+		return NULL;
+	}
+
+	return PyInt_FromLong(rid);
+}
+
 static PyMethodDef py_misc_methods[] = {
 	{ "generate_random_str", (PyCFunction)py_generate_random_str, METH_VARARGS,
 		"random_password(len) -> string\n"
@@ -358,6 +379,8 @@ static PyMethodDef py_misc_methods[] = {
 		NULL },
 	{ "dsdb_convert_schema_to_openldap", (PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS,
 		NULL },
+	{ "dom_sid_to_rid", (PyCFunction)py_dom_sid_to_rid, METH_VARARGS,
+		NULL },
 	{ NULL }
 };
 
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 9f50b45..07f02f9 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -1,3 +1,7 @@
+###############################
+# Default Naming Context
+###############################
+
 dn: CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: builtinDomain
@@ -20,6 +24,9 @@ systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: FALSE
 
+# Computers located in "provision_computers*.ldif"
+# Users/Groups located in "provision_users*.ldif"
+
 dn: OU=Domain Controllers,${DOMAINDN}
 objectClass: top
 objectClass: organizationalUnit
@@ -28,6 +35,8 @@ systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: FALSE
 
+# Joined DC located in "provision_self_join.ldif"
+
 dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
 objectClass: top
 objectClass: container
@@ -160,12 +169,19 @@ objectClass: top
 objectClass: container
 isCriticalSystemObject: TRUE
 
+dn: CN=MicrosoftDNS,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+displayName: DNS Servers
+
 dn: CN=Policies,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
 systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 
+# Group policies located in "provision_group_policy.ldif"
+
 dn: CN=RAS and IAS Servers Access Check,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
@@ -199,3 +215,23 @@ dn: CN=WinsockServices,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
 isCriticalSystemObject: TRUE
+
+dn: CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=PolicyTemplate,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=PolicyType,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=SOM,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=WMIGPO,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 4109c22..4e0cc71 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -1,108 +1,17 @@
 ###############################
 # Configuration Naming Context
 ###############################
-dn: CN=Partitions,${CONFIGDN}
-objectClass: top
-objectClass: crossRefContainer
-cn: Partitions
-systemFlags: -2147483648
-msDS-Behavior-Version: ${FOREST_FUNCTIONALALITY}
-fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
-showInAdvancedViewOnly: TRUE
-
-dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
-objectClass: top
-objectClass: crossRef
-cn: Enterprise Configuration
-systemFlags: 1
-nCName: ${CONFIGDN}
-dnsRoot: ${DNSDOMAIN}
-
-dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN}
-objectClass: top
-objectClass: crossRef
-cn: Enterprise Schema
-systemFlags: 1
-nCName: ${SCHEMADN}
-dnsRoot: ${DNSDOMAIN}
-


-- 
Samba Shared Repository


More information about the samba-cvs mailing list