Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
metze
|
|
metze
|
|
metze
|
|
This reverts commit c2cdb4ad5c9398ef0d3310613107999f8d33c7ce.
It's not needed anymore.
metze
|
|
relative pointers
metze
|
|
ndr_*_pull_blob_all() will now work if relative pointers are used.
metze
|
|
When idmap backend is specified as
idmap backend = ldap:"ldap://server1 ldap://server2"
then currently "ldap://server1 ldap://server2" was passed to
ldap_initialize including the quotes, leading to an ldap error.
Michael
|
|
idmap_ldap_alloc_init
When idmap alloc backend is specified as
idmap alloc backend = ldap:"ldap://server1 ldap://server2"
then currently "ldap://server1 ldap://server2" was passed to
ldap_initialize including the quotes, leading to an ldap error.
Michael
|
|
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
|
|
metze
|
|
We need to keep TDB_ALLOW_NESTING as default behavior,
so that existing code continues to work.
However we may change the default together with a major version
number change in future.
metze
|
|
Make the default be that transaction is not allowed and any attempt to create a nested transaction will fail with TDB_ERR_NESTING.
If an application can cope with transaction nesting and the implicit
semantics of tdb_transaction_commit(), it can enable transaction nesting
by using the TDB_ALLOW_NESTING flag.
(cherry picked from ctdb commit 3e49e41c21eb8c53084aa8cc7fd3557bdd8eb7b6)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
|
|
ntSecurityDescriptor is no longer included by default
|
|
ldb_msg_add_dn does not copy the dn linearized string
|
|
a helper function to a DN element to an ldb_msg using ldb_msg_add_string.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Some attributes (like ntSecurityDescriptor) are stored in our db, but
should only be displayed if asked for. This also applied to parentGUID
from old installs, which is now generated.
|
|
parentGUID is now created on demand in operational.c
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This generated parentGUID on demand, rather than getting it from the
database
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
dsdb_find_parentguid_by_dn() returns the parentGUID for a given DN
dsdb_msg_add_guid() adds a GUID value to a given message (either
objectGUID or parentGUID).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- The outside API contains "DN" string arguments: Bad. Since in this way we
fully rely on the outside calls regarding the right DN format. Solution: Use
always a "struct ldb_dn" entry. Since this one is interchangeable and we can
handle it in our preferred way.
|
|
- DN comparison: The function doesn't seem that efficient. I "upgraded" it a bit
to be more powerful (added a second length check and do both before the string
comparison)
|
|
|
|
This tests the fix for double rename/add and indexing
|
|
This is useful for speed tests with large numbers of records.
|
|
this prevents output being buffered when redirected to a file. Useful
for larger ldb command line operations
|
|
When we rename or modify a record, we need to update the indexes at
the same time. It is important that we use the DN of the actual
message that is stored in the database to do this, not the DN that was
passed in by the user. If the two differ in case then the index
records needs to use the 'real' record DN, as index handling is
currently case sensitive.
|
|
This makes it much easier to debug (as you can break in the ldb
modules by running gdb on /usr/bin/python)
|
|
|
|
The machine password handler has code to deal with every node in the cluster
trying to change the machine password at the same time. However, it is not very
nice to the DC if everyone tries this simultaneously. This adds a random 0-255
second offset to our timed event. When this fires a bit later than strictly
calculated, someone else might have stepped in and have already changed it. The
timed event handler will handle this gracefully, it won't even try to do it
again.
|
|
When there is a temporary problem changing passwords we flooded the DC with
pwchange requests. This gives the DC a 60-second break to recover.
|
|
Someone else might have come in between and changed the password since we
created that timed request
|
|
|
|
|
|
|
|
Michael
|
|
The normal uid_to_sid behaviour is to call sys_getpwuid()
to get the name for the given uid and then call the
getsampwnam passdb method for the resulting name.
In the ldapsam:trusted case we can reduce the uid_to_sid
operation to one simple search for the uidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.
Michael
|
|
Guenther
|
|
Guenther
|
|
|
|
In very hot codepaths like the statcache copy_smb_filename and the subsequent
recursive talloc_free is noticable in the CPU load.
|
|
This is a hot codepath (called from the stat cache)
|
|
To reduce code duplication.
Michael
|
|
When ildap created a new message to forward, it only copied controls for ldb_search
requests. This caused controls for add and modify to be lost in transition
and tests for them could not be implemented.
|
|
Karolin
|
|
|