:param users_gid: gid of the UNIX users group.
:param wheel_gid: gid of the UNIX wheel group."""
- def add_foreign(self, domaindn, sid, desc):
- """Add a foreign security principle."""
- add = """
-dn: CN=%s,CN=ForeignSecurityPrincipals,%s
-objectClass: top
-objectClass: foreignSecurityPrincipal
-description: %s
-""" % (sid, domaindn, desc)
- # deliberately ignore errors from this, as the records may
- # already exist
- for msg in self.parse_ldif(add):
- self.add(msg[1])
-
- add_foreign(samdb, domaindn, "S-1-5-7", "Anonymous")
- add_foreign(samdb, domaindn, "S-1-1-0", "World")
- add_foreign(samdb, domaindn, "S-1-5-2", "Network")
- add_foreign(samdb, domaindn, "S-1-5-18", "System")
- add_foreign(samdb, domaindn, "S-1-5-11", "Authenticated Users")
-
idmap.setup_name_mapping("S-1-5-7", idmap.TYPE_UID, nobody_uid)
idmap.setup_name_mapping("S-1-5-32-544", idmap.TYPE_GID, wheel_gid)
groupType: -2147483644
isCriticalSystemObject: TRUE
+# Add foreign security principals
+
+dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-4
+
+dn: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-9
+
+dn: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-11
+
+dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-20
+
+# Add builtin objects
+
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
objectClass: group
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
member: CN=Domain Users,CN=Users,${DOMAINDN}
+member: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN}
+member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectSid: S-1-5-32-545
sAMAccountName: Users
systemFlags: -1946157056
objectClass: top
objectClass: group
description: Members of this group have remote access to schedule logging of performance counters on this computer
+member: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectSid: S-1-5-32-559
sAMAccountName: Performance Log Users
systemFlags: -1946157056
objectClass: top
objectClass: group
description: A backward compatibility group which allows read access on all users and groups in the domain
+member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
systemFlags: -1946157056
objectClass: top
objectClass: group
description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
+member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectSid: S-1-5-32-560
sAMAccountName: Windows Authorization Access Group
systemFlags: -1946157056
git.samba.org / samba.git / commitdiff