| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Vista and upper version use this value to check wether they should ask the DC
to change the msDS-SupportedEncryptionTypes attribute or not.
Declare the different value as a bitmap in Netlogon idl
|
|
|
|
|
|
|
|
|
|
print replUpToDateVector and replPropertyMetaData using NDR format if
--show-binary is given.
|
|
|
|
print security descriptors in NDR format if --show-binary is
given. This is easier to read than sddl format.
|
|
In normal usage this makes no difference, but if you add --show-binary
then you can see the NDR printed out in the usual ndr_print_*() format
|
|
|
|
|
|
This add --show-binary to ldbsearch. When this flag is set, binary
blobs will be shown as-is, instead of base64 encoded. This is useful
for some XML encoded attributes, and will also be used as part of some
NDR print formatting for attributes like repsTo.
|
|
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.
Guenther
|
|
administrator not the user
|
|
|
|
|
|
Outputs shouldn't clash with metadata characters (|,()), special characters
should be escaped, "NULL" values should be reported as "(null)" string.
For the full explaination look at bug #6076.
|
|
Jeremy.
|
|
|
|
This structure is stored in NDR format in the repsTo attribute of each
partition. It is updated by the DSUpdateRefs DSRUAPI call
|
|
|
|
This call is made by DCs to tell us we should notify them of directory
changes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The problem here was that tridge's changes to ensure that test results
were always propogated didn't merge well with the addition of extra
environment variables for the 'make valgrindtest' and similar
environments. By splitting out the macro further, we keep the build
farm reporting accurate, but allow these other test modes to work.
Andrew Bartlett
|
|
|
|
The tick conversion math was off by a factor of 10 due to the incorrect usage of
the "e" notation. The expression "XeY" means "X * (10^Y)", so the correct
expression is 1e7 to get the correct adjustment for ticks.
|
|
|
|
The "setpassword" script should use the "samdb_set_password" call to change
the NT user password. Windows Server tests show that "userPassword" is not the
right place to save the NT password and does not inherit the password complexity.
|
|
Here we just need to map the oid string in the ldb value to
the ATTRTYP id.
metze
|
|
metze
|
|
This check is specified in Windows Server after release 2003.
The parameter "hostname" should match as prefix of the dns hostname given as
parameter in the "workstation" structure.
|
|
Guenther
|
|
Should fix bug #6660.
|
|
This looks much nicer than "normal" string exceptions - and fits better in the OO
programming style.
|
|
Previous patch was incomplete regarding the "primaryGroupId" attribute. Complete it.
|
|
|
|
I fixed them up to match with Windows Server 2003. I don't think that the
creation of them in the provision script is needed so I put them in the
"provision_users.ldif" file.
|
|
|
|
This passes the Windows Server behaviour. Also SAMBA 4 should match it.
Also some small enhancement.
|
|
Tests show that Windows Server seems to do the access checks on the very last moment.
|
|
We have not only to expand the additional groups but *also* the primary group to
gain all rights of a user account.
Also, remove an unneeded context (tmp_ctx) and "talloc_steal".
|
|
the right way
When doing some tests with the NT User Manager for Domains on s4 I noticed that the
handling of the primary group for a user wasn't correct. So I fixed this.
Also some cosmetic changes (tab indent corrections).
|
|
This fixes up the change of the primary group of a user when using the ADUC
console:
- When the "primaryGroupId" attribute changes, we have to delete the
"member"/"memberOf" attribute reference of the new primary group and add one
for the old primary group.
- Deny deletion of primary groups according to Windows Server (so we cannot
have invalid "primaryGroupID" attributes in our AD).
- We cannot add a primary group directly before it isn't a secondary one of a
user account.
- We cannot add a secondary reference ("member" attribute) when the group has
been chosen as primary one.
This also removes the LDB templates which are basically overhead now.
This should also fix bug #6599.
|
|
We need this new function to delete users and computers before other objects
on reprovisioning. Otherwise primary groups could be deleted before user/computer
accounts (which isn't allowed anymore by the reworked "samldb" module).
|
|
"samldb" changes
The "provision_users.ldif" file needs some rework to pass against the changed
and improved "samldb" module (see next commit).
|
