| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This is an initial implementation of the idmap_autorid module.
It works similar to the idmap_rid module but requires less
configuration. It will automatically pick ranges for each domain,
so you do not have to bother any more about adding an idmap
configuration for all of the domains in the forest.
This is very easy to use and to configure and much more
deterministic and faster than idmap_tdb, the typical choice
of Samba users up to now.
|
|
add a function to lookup a domain in the winbind cache by domain SID
|
|
|
|
|
|
This adds a timeout value to cache entries and the NDR records
in the winbind cache.
The previous approach of just comparing the sequence number has some issues,
e.g. when retrying a wbinfo -n operation for a user in a not yet trusted
domain was always failing even after the trusted domain was added.
The new approach compares sequence number and timeout value to
determine if a cache entry is still valid or not.
I increased the cache version number so an old cache will be wiped
automatically after upgrade.
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 8 12:09:56 UTC 2010 on sn-devel-104
|
|
complicated
|
|
- don't crash when no values where specified
- return ERR_CONSTRAINT_VIOLATION on malformed messages
- only check for flags when we are involved in a LDB modify operation
|
|
attributes isn't possible
|
|
|
|
|
|
int" for the element reference
We don't make use of "Py_List*" calls
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 8 11:21:27 UTC 2010 on sn-devel-104
|
|
error
|
|
Therefore use a signed long int for conversions.
http://stackoverflow.com/questions/471248/what-is-ultimately-a-time-t-typedef-to
|
|
|
|
This seems to be the most appopriate type
|
|
|
|
Seems to be the most appropriate type
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 8 10:36:50 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
this allows accounts (and in particular RODCs) to make SPN updates on
their own account if they take the form SERVICE/hostname
we may be able to remove this in the future after some changes in our
ACL checking for userPrincipalName
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
|
|
The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
|
|
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't
helped our users to debug problems effectivly, and so we now return
more errors and try and give a more useful debug message when then
happen.
Andrew Bartlett
|
|
|
|
This delicate balance caused us a bit of a puzzle when we could not work
out why an DC join failed with the new python scripts.
Andrew Bartlett
|
|
|
|
We need a separate source dsa list for RODCs, as they are not in the
repsFrom for our partitions, but are in the repsTo. This adds a new
'notifies' list, which contains all the source dsas for the DCs that
we should send notifies to, but which we don't replicate from
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 06:57:43 UTC 2010 on sn-devel-104
|
|
|
|
|
|
this can happen when both the build and install paths are used to load
ldb modules
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 05:28:14 UTC 2010 on sn-devel-104
|
|
the change broke the library linkages for some library, as spotted by
Brad
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 02:31:18 UTC 2010 on sn-devel-104
|
|
it may be 'Administrator' in the database, and bind match rules are
case sensitive
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 01:41:43 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 00:55:13 UTC 2010 on sn-devel-104
|
|
we need to ensure that 'make install' does not change any of our build
libraries, and only changes the .inst.so libraries, otherwise doing a
make test in the build directory directly after a make install could
use the installed libraries, which would mean using the wrong
LDB_MODULES_PATH
this could cause the "unknown error" loading ldb modules when running
some commands directly after a make install
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
check that object_count matches up with first_object
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Nov 7 23:32:16 UTC 2010 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 21:12:03 UTC 2010 on sn-devel-104
|
|
|
|
|
|
We need "recalculate_sd" only when no external "nTSecurityDescriptor" change
is performed. Otherwise the recalculation is performed automatically.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 18:52:42 UTC 2010 on sn-devel-104
|
|
behave as in AD
- fix crash when provided "nTSecurityDescriptor" attribute is empty
- print out the correct error codes if it's provided multi-valued
- simplify the "recalculate_sd" control handling
|
|
attribute fetch also on LDB add operations
We've to completely ignore the flags in that case.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 11:10:23 UTC 2010 on sn-devel-104
|
|
the "distinguishedName" one
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 10:11:02 UTC 2010 on sn-devel-104
|
