@@ -, +, @@ 
    Bug #50626: enable MS policies
--- ucs-school-metapackage/debian/ucs-school-master.postinst	
+++ ucs-school-metapackage/debian/ucs-school-master.postinst	
@@ -42,6 +42,9 @@ univention-config-registry set \
 	samba4/sysvol/sync/cron?"*/5 * * * *" \
 	connector/s4/mapping/wmifilter?yes \
 	connector/s4/mapping/msprintconnectionpolicy?yes \
+	connector/s4/mapping/msgpwl?yes \
+	connector/s4/mapping/msgpipsec?yes \
+	connector/s4/mapping/msgpsi?yes \
 	connector/s4/mapping/gpo/ntsd?yes \
 	connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Replicators,Printer-Admins,System Operators,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \
 	ucsschool/import/generate/policy/dhcp/dns/set_per_ou?true
--- ucs-school-metapackage/debian/ucs-school-nonedu-slave.postinst	
+++ ucs-school-metapackage/debian/ucs-school-nonedu-slave.postinst	
@@ -46,6 +46,9 @@ univention-config-registry set \
 	samba4/sysvol/sync/setfacl/AU?false \
 	connector/s4/mapping/wmifilter?yes \
 	connector/s4/mapping/msprintconnectionpolicy?yes \
+	connector/s4/mapping/msgpwl?yes \
+	connector/s4/mapping/msgpipsec?yes \
+	connector/s4/mapping/msgpsi?yes \
 	connector/s4/mapping/gpo/ntsd?yes \
 	connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Replicators,Printer-Admins,System Operators,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \
 	dns/nameserver/registration/forward_zone?no \
--- ucs-school-metapackage/debian/ucs-school-singlemaster.postinst	
+++ ucs-school-metapackage/debian/ucs-school-singlemaster.postinst	
@@ -42,6 +42,9 @@ univention-config-registry set \
 	samba/script/addmachine?'/usr/share/univention-samba/addmachine.sh "%u"' \
 	connector/s4/mapping/wmifilter?yes \
 	connector/s4/mapping/msprintconnectionpolicy?yes \
+	connector/s4/mapping/msgpwl?yes \
+	connector/s4/mapping/msgpipsec?yes \
+	connector/s4/mapping/msgpsi?yes \
 	connector/s4/mapping/gpo/ntsd?yes \
 	connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Replicators,Printer-Admins,System Operators,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \
 	ucsschool/import/generate/policy/dhcp/dns/set_per_ou?true \
--- ucs-school-metapackage/debian/ucs-school-slave.postinst	
+++ ucs-school-metapackage/debian/ucs-school-slave.postinst	
@@ -59,6 +59,9 @@ univention-config-registry set \
 	samba4/sysvol/sync/setfacl/AU?false \
 	connector/s4/mapping/wmifilter?yes \
 	connector/s4/mapping/msprintconnectionpolicy?yes \
+	connector/s4/mapping/msgpwl?yes \
+	connector/s4/mapping/msgpipsec?yes \
+	connector/s4/mapping/msgpsi?yes \
 	connector/s4/mapping/gpo/ntsd?yes \
 	connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Replicators,Printer-Admins,System Operators,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \
 	ucsschool/import/generate/policy/dhcp/dns/set_per_ou?true \
--- ucs-test-ucsschool/00_checks/50_ucsschool_config	
+++ ucs-test-ucsschool/00_checks/50_ucsschool_config	
@@ -23,6 +23,9 @@ settings_connector = {
 	'connector/s4/mapping/sid_to_ucs': 'no',
 	'connector/s4/mapping/syncmode': 'sync',
 	'connector/s4/mapping/msprintconnectionpolicy': 'yes',
+	'connector/s4/mapping/msgpwl': 'yes',
+	'connector/s4/mapping/msgpipsec': 'yes',
+	'connector/s4/mapping/msgpsi': 'yes',
 	'connector/s4/mapping/wmifilter': 'yes',
 	'connector/s4/mapping/gpo': 'true',
 	'connector/s4/mapping/dns/ignorelist': '_ldap._tcp.Default-First-Site-Name._site',
@@ -41,9 +44,9 @@ settings_school_slave = {
 if utils.package_installed('univention-samba4'):
 	for setting, value in iteritems(settings_samba):
 		if setting == 'samba4/ldb/sam/module/prepend' and not any((
-				utils.package_installed('ucs-school-singlemaster'),
-				utils.package_installed('ucs-school-slave'),
-				utils.package_installed('ucs-school-nonedu-slave'),
+			utils.package_installed('ucs-school-singlemaster'),
+			utils.package_installed('ucs-school-slave'),
+			utils.package_installed('ucs-school-nonedu-slave'),
 		)):
 			# Bug #49726: test only on slave / singlemaster
 			continue