Age | Commit message (Collapse) | Author | Files | Lines |
|
It is a pretty odd thing to do, and it's only because of the
restrictions of DIGEST-MD5 in Cyrus SASL that we do it.
Andrew Bartlett
|
|
Found by Oliver Liebel <oliver@itc.li>
Andrew Bartlett
|
|
Spotted by MICHAEL BROWN <mbrown@mesainc.com>
Andrew Bartlett
|
|
This makes no sense, and just causes trouble - we are aiming for
DIGEST-MD5 or NTLM.
Andrew Bartlett
|
|
|
|
This should help debug problems with 'make test' of the LDAP backend,
if a stray listener is still around.
Andrew Bartlett
|
|
This should make setting up LDAP servers more predictable.
When not specified, it is random
Andrew Bartlett
|
|
This fixes the recursive delete in erase_partitions()
For reasons I cannot understand, it is possible to get 'no such
object' trying to delete a DN I just search for without error. Oh
well...
Andrew Bartlett
|
|
Using a single transaction to both erase the bulk of the data and the
rebuild of that data means that the in-memory index list is
maintained, and not written out to disk until it is all compleated.
All the writes then occour at the end.
Andrew Bartlett
|
|
|
|
|
|
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
|
|
(These will be added back in a future commit)
|
|
We now set these as part of the schema load, and we now load the
schema before the provision loads the DB, so setting them here is
pointless
Andrew Bartlett
|
|
This makes it possible to do a bit more of the provision with Samba
helpers, but without some of the otherwise useful things (such as
loading in the global schema) that SamDB does.
Rewrite provision_erase to use a recursive search, rather than a
looping subtree search. This is much more efficient, particularly now
we have one-level indexes enabled.
Delete the @INDEX and similar records *after* deleting all other
visible records, this hopefully also assists performance.
Andrew Bartlett
|
|
This helps ensure we don't load the schema too often in the provision
(allowing a reference in of the schema before the modules load).
Andrew Bartlett
|
|
We need to find a better way to apply this (used in the Fedora DS LDAP
backend), not by trying to tunnel this down the module stack.
Andrew Bartlett
|
|
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
|
|
|
|
|
|
|
|
This converts a talloc_dict retrieved from wb_group_members to the string
that the pipe protocol expects
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is something that would have been very difficult with the old style of
async requests: Send the request to all children simultaneously.
|
|
|
|
|
|
|
|
metze
|
|
metze
|
|
metze
|
|
clearer.
Jeremy.
|
|
GPFS sets inherits dir_inhert and file_inherit flags
to files, too, which confuses windows, and seems to
be wrong anyways.
So when mapping a nfs4 acl to a windows acl, we map these
flags away for files.
Michael
|
|
Current kernels don't send IPv6 addresses with the colon delimiters, add
a routine to add them when they're not present.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Instead of using the hostname given by the upcall to get the server's
principal, take the IP address given in the upcall and reverse resolve
it to a hostname.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Add a new stack var to hold the flags returned by the decoder routine
so that we don't need to worry so much about preserving "rc".
With this, we can drop privs before trying to find the location of
the credcache.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
The argument list for the decoder is becoming rather long. Declare an
args structure and use that for holding the args. This also simplifies
pointer handling a bit.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Clean up some unneeded curly braces, and fix some indentation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Change the log levels to be more appropriate to the messages being
logged. Error messages should be LOG_ERR and not LOG_WARNING, for
instance.
Add some LOG_DEBUG messages that we can use to diagnose problems with
krb5 upcalls. With these, someone can set up syslog to log daemon.debug
and should be able to get more info when things aren't working.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
metze
|
|
Maybe there's no dynamic part on the wire.
metze
|
|
|
|
|