summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-08-17s4:libcli/ldap Explain why we set a hostname for ldapi:// connectionsAndrew Bartlett1-1/+3
It is a pretty odd thing to do, and it's only because of the restrictions of DIGEST-MD5 in Cyrus SASL that we do it. Andrew Bartlett
2009-08-17s4:provision Fix existing ldapi:// backend detection exceptionAndrew Bartlett1-1/+1
Found by Oliver Liebel <oliver@itc.li> Andrew Bartlett
2009-08-17s4:install Remove provision-backend script from 'make install'Andrew Bartlett1-1/+1
Spotted by MICHAEL BROWN <mbrown@mesainc.com> Andrew Bartlett
2009-08-17s4:provision Make sure that we don't use Kerberos to our LDAP backendAndrew Bartlett1-1/+3
This makes no sense, and just causes trouble - we are aiming for DIGEST-MD5 or NTLM. Andrew Bartlett
2009-08-17s4:provison Print the LDAP backend admin username/passwordAndrew Bartlett1-6/+14
2009-08-17s4:selftest Confirm that there isn't a listener on the ldapi:// socketAndrew Bartlett1-1/+5
This should help debug problems with 'make test' of the LDAP backend, if a stray listener is still around. Andrew Bartlett
2009-08-17s4: Re-add --ldapadminpass as an option to provisionAndrew Bartlett2-5/+12
This should make setting up LDAP servers more predictable. When not specified, it is random Andrew Bartlett
2009-08-17s4:python Allow 'no such object' on the delete of the DNAndrew Bartlett1-1/+5
This fixes the recursive delete in erase_partitions() For reasons I cannot understand, it is possible to get 'no such object' trying to delete a DN I just search for without error. Oh well... Andrew Bartlett
2009-08-17s4:provision Keep a single transaction for the erase and rebuildAndrew Bartlett1-15/+6
Using a single transaction to both erase the bulk of the data and the rebuild of that data means that the in-memory index list is maintained, and not written out to disk until it is all compleated. All the writes then occour at the end. Andrew Bartlett
2009-08-17s4:provision A crude update of the OpenLDAP backend HOWTOAndrew Bartlett1-59/+11
2009-08-17s4:provision Fixes for Fedora DS schema mapping with full AD schemaEndi Sukma Dewata1-0/+8
2009-08-17s4:provision Rework provision-backend into provisionAndrew Bartlett9-811/+608
This removes a *lot* of duplicated code and the cause of much administrator frustration. We now handle starting and stopping the slapd (at least for the provision), and ensure that there is only one 'right' way to configure the OpenLDAP and Fedora DS backend We now run OpenLDAP in 'cn=config' mode for online configuration. To test what was the provision-backend code, a new --ldap-dryrun-mode option has been added to provision. It quits the provision just before it would start the LDAP binaries Andrew Bartlett
2009-08-17s4:provision Move helper functions back to provisionAndrew Bartlett1-21/+0
(These will be added back in a future commit)
2009-08-17s4:setup Don't manually set @ATTRIBUTES any moreAndrew Bartlett1-32/+0
We now set these as part of the schema load, and we now load the schema before the provision loads the DB, so setting them here is pointless Andrew Bartlett
2009-08-17s4:python Push some helper functions from SamDB into samba.LdbAndrew Bartlett2-64/+57
This makes it possible to do a bit more of the provision with Samba helpers, but without some of the otherwise useful things (such as loading in the global schema) that SamDB does. Rewrite provision_erase to use a recursive search, rather than a looping subtree search. This is much more efficient, particularly now we have one-level indexes enabled. Delete the @INDEX and similar records *after* deleting all other visible records, this hopefully also assists performance. Andrew Bartlett
2009-08-17s4:schema Allow a schema load on an unconnected databaseAndrew Bartlett2-6/+7
This helps ensure we don't load the schema too often in the provision (allowing a reference in of the schema before the modules load). Andrew Bartlett
2009-08-17s4:provision Remove the ACI element from the provision templatesAndrew Bartlett4-17/+14
We need to find a better way to apply this (used in the Fedora DS LDAP backend), not by trying to tunnel this down the module stack. Andrew Bartlett
2009-08-17s4:schema Provide a way to reference a loaded schema between ldbsAndrew Bartlett3-16/+56
This allows us to load the schema against one ldb context, but apply it to another. This will be useful in the provision script, as we need the schema before we start the LDAP server backend. Adnrew Bartlett
2009-08-16s3:winbind: The get[gr|pw]end functions need access to the client stateVolker Lendecke18-3/+36
2009-08-16s3:winbind: Convert WINBINDD_GETGRNAM to the new APIVolker Lendecke5-253/+199
2009-08-16s3:winbind: Convert WINBINDD_GETGRGID to the new APIVolker Lendecke5-52/+143
2009-08-16s3:winbind: Add winbindd_print_groupmemVolker Lendecke2-0/+75
This converts a talloc_dict retrieved from wb_group_members to the string that the pipe protocol expects
2009-08-16s3:winbind: Make fill_grent publically availableVolker Lendecke2-3/+4
2009-08-16s3:winbind: Add const to normalize_name_mapVolker Lendecke2-4/+4
2009-08-16s3:winbind: Add async wb_getgrsidVolker Lendecke3-0/+160
2009-08-16s3:winbind: Add async wb_group_membersVolker Lendecke12-2/+1091
2009-08-16s3:winbind: Make wcache_lookup_groupmem available publicallyVolker Lendecke2-24/+60
2009-08-16s3: Add talloc_dict.[ch]Volker Lendecke5-0/+258
2009-08-16s3:winbind: Fix a potential segfault in libwbclientVolker Lendecke1-1/+1
2009-08-16s3:winbind: Convert winbindd_show_sequence to the new APIVolker Lendecke5-112/+178
2009-08-16s3:winbind: Add async wb_seqnumsVolker Lendecke3-0/+139
This is something that would have been very difficult with the old style of async requests: Send the request to all children simultaneously.
2009-08-16s3:winbind: Add async wb_seqnumVolker Lendecke12-2/+447
2009-08-16s3:winbind: WINBIND_USERINFO -> wbint_userinfoVolker Lendecke12-87/+49
2009-08-16s3:winbind: Simplify _wbint_[GU]id2SidVolker Lendecke1-16/+4
2009-08-15tevent: add some more doxygen comments for tevent_req functionsStefan Metzmacher1-0/+38
metze
2009-08-15s3:Makefile: build ../libcli/smb/smb2_create_blob.o as part of smbdStefan Metzmacher1-0/+1
metze
2009-08-15libcli/smb: add smb2_create_blob_find()Stefan Metzmacher2-0/+23
metze
2009-08-14Use defined names rather than numeric constants to make codeJeremy Allison1-2/+2
clearer. Jeremy.
2009-08-14gpfs.so: map the file_inherit and dir_inherit flags away for filesMichael Adam1-1/+15
GPFS sets inherits dir_inhert and file_inherit flags to files, too, which confuses windows, and seems to be wrong anyways. So when mapping a nfs4 acl to a windows acl, we map these flags away for files. Michael
2009-08-14cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimitersJeff Layton1-4/+29
Current kernels don't send IPv6 addresses with the colon delimiters, add a routine to add them when they're not present. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: use ip address passed by kernel to get server's hostnameJeff Layton1-12/+56
Instead of using the hostname given by the upcall to get the server's principal, take the IP address given in the upcall and reverse resolve it to a hostname. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: clean up flag handlingJeff Layton1-10/+10
Add a new stack var to hold the flags returned by the decoder routine so that we don't need to worry so much about preserving "rc". With this, we can drop privs before trying to find the location of the credcache. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: try getting a "cifs/" principal and fall back to "host/"Jeff Layton2-14/+18
cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: declare a structure for holding decoded argsJeff Layton1-30/+33
The argument list for the decoder is becoming rather long. Declare an args structure and use that for holding the args. This also simplifies pointer handling a bit. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: formatting cleanupJeff Layton1-47/+37
Clean up some unneeded curly braces, and fix some indentation. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: clean up logging and add debug messagesJeff Layton1-32/+47
Change the log levels to be more appropriate to the messages being logged. Error messages should be LOG_ERR and not LOG_WARNING, for instance. Add some LOG_DEBUG messages that we can use to diagnose problems with krb5 upcalls. With these, someone can set up syslog to log daemon.debug and should be able to get more info when things aren't working. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14s3:smbd: allow SMB2 Cancel to have the async flag setStefan Metzmacher1-6/+8
metze
2009-08-14s3:smbd: fix parsing of the SMB2 bodyStefan Metzmacher1-5/+7
Maybe there's no dynamic part on the wire. metze
2009-08-14s4:samdb python bindings - we don't need the attributes hereMatthias Dieter Wallnöfer1-2/+1
2009-08-14s4:ldb - Free the asynchronous resultMatthias Dieter Wallnöfer1-0/+2