summaryrefslogtreecommitdiff
path: root/examples/LDAP/samba.schema
AgeCommit message (Collapse)AuthorFilesLines
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-4/+21
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-06-13fix typo in descriptionGerald Carter1-1/+1
(This used to be commit be82b3d9dfef938030731e1021076df4dcfdb443)
2003-06-05working draft of the idmap_ldap code.Gerald Carter1-0/+10
Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350)
2003-05-22moving the sambaAccount objectclass to 'historical' to prevent confusion on ↵Gerald Carter1-150/+142
which one should be used for new servers. I'll add a note about uncommenting the older items for ldapsam_compat in the release notes (This used to be commit 469c5ad1acfb452617b10653e06ce3b34ec9e146)
2003-05-14fix group mapping in LDAP under new schemaGerald Carter1-1/+1
(This used to be commit 0714dda7cc4a1df73e1b9d11daae80a1f46583de)
2003-05-14*****LDAP schema changes*****Gerald Carter1-25/+134
New objectclass named sambaSamAccount which uses attribute prefaced with the phrase 'samba' to prevent future name clashes. Change in functionality of the 'ldap filter' parameter. This always defaults to "(uid=%u)" now and is and'd with the approriate objectclass depending on whether you are using ldapsam_compat or ldapsam conversion script for migrating from sambaAccount to sambaSamAccount will come next. (This used to be commit 998586e65271daa919e47e1206c0007454cbca66)
2003-05-11As discussed on samba-technical - move to 'primaryGroupSid' insted ofAndrew Bartlett1-1/+11
primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid for the primary user identifier. Also cope with legacy installations where primaryGroupID might have been stored as 0. Andrew Bartlett (This used to be commit 0e432817cb927b41af7b49fb0b5081ffdb46f85e)
2003-04-28A new pdb_ldap!Andrew Bartlett1-5/+34
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
2003-04-18uidPool and gidPool don't use cn anymore (but we don't use thsi anyways)Gerald Carter1-2/+2
(This used to be commit 7f0fd03f699f24094e32a92dbb0ec55d9a602c36)
2003-03-27Fix schema error not detected by OpenLDAP 2.0.23 but by 2.1.16.Volker Lendecke1-1/+1
Volker (This used to be commit 5acb9f421c149126370e79d66d3d9ace6be9a695)
2003-03-19Put group mapping into LDAP.Volker Lendecke1-0/+25
Volker (This used to be commit da83d97eb50c3c3a67985e22410842100207431f)
2003-01-06removed idpool from schema file (experimental) to remove the dependencyGerald Carter1-6/+6
on nis.schema. add $(LDFLAGS) to libsmbclient build (This used to be commit cd16064784a5e5fd9d2a67d4dfba605f7d8046ac)
2002-08-17sync 3_0 branch with HEADJelmer Vernooij1-2/+14
(This used to be commit 19ab776bf9c91cf4e56887fd7a63d3253b7e36ef)
2002-02-11merge from 2.2Gerald Carter1-2/+2
(This used to be commit bb574aab8f3f4ac2f7ae919790481a419f8173cb)
2002-02-11fixes from 2,2Gerald Carter1-27/+59
(This used to be commit 46bd77a02a47c26c4981472c8cea09e64c2ef4d2)
2002-01-06 sync up comments with 2.2Gerald Carter1-1/+1
(This used to be commit 3d4adad1501fc02ee0c60c69c01a92bdb16a1711)
2002-01-04sync with 2.2Gerald Carter1-3/+3
(This used to be commit 9e3b432c57747e6fd876c53a576858ef1227ba8e)
2001-12-28merge from 2.2Gerald Carter1-0/+1
(This used to be commit 241b5218ea5ad83ecb02a0f838e84abee0672371)
2001-12-26sync with 2.2Gerald Carter1-0/+107
(This used to be commit aca58b0b72d2eb5024b4d5103fde5b281212d714)