Age | Commit message (Collapse) | Author | Files | Lines |
|
(by allowing to store more then 1 password history entry in LDAP...)
Thanks to Bernhard Borgmann @ Novell for showing me how to debug
eDirecory.
Guenther
(This used to be commit a6e8de5c3c44d39724c81d371339e67bb0c4f416)
|
|
schema.
Jeremy.
(This used to be commit 0d3075b2c06709b05513d4be1530ef6df2471480)
|
|
Server.
(This used to be commit dafdd8d0741311ed0f0b35d30062f0052446f8c4)
|
|
(This used to be commit 639de6afc09709774fbcce1a8149bde172bd542e)
|
|
(This used to be commit 33ac88c6a7bfe4e6d391b841bd4461086af27e4e)
|
|
(This used to be commit e2ce048654fdb98a50622ac60abae18c6b6ba4d2)
|
|
(This used to be commit d95c9c4d74ea2fb7e5aac4a58888ab6fbc571dfb)
|
|
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
(This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
|
|
the latest version in the actual release tarballs.
Have spoken to the idealx developers about this.
Updated README to reflect the changte for people using svn.
Removed ldapsync.pl since it is no longer needed when using
the smbldap-tools (only keep things you support).
(This used to be commit f745e5119f420d4826ac395037880666761e05e8)
|
|
(This used to be commit 3e28c576951051439e6b5e1022ab76a44e30ff9d)
|
|
(This used to be commit 1438c2960f1213ddf98e7e874e1d060f2d57089c)
|
|
(This used to be commit 49fba32217d9a9a186a28805011bdb567ac968de)
|
|
happening again
(This used to be commit f1a0fae13fa2e6baf66c4c5a51bef87d442d9ba6)
|
|
bump up the attribute number to 52 to avoid conflicts
(This used to be commit 9368f0c1d2cb9942293cf2429474a1a100339572)
|
|
logon hours attributes in an LDAP database.
Jeremy.
(This used to be commit ac0fdf9503b34a70eaae5e7cf0764dbaec0263ee)
|
|
sambaIdmapEntry
(This used to be commit 6e4c58b26d19f56162de961ae8338071aeeedde7)
|
|
Jeremy.
(This used to be commit ff7236a5f20d16069b31383105604a694236ec65)
|
|
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
(This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
|
|
lines
removed (modifiersName and modifyTimestamp) lead to warnings upon startup of
the netscape directory server. I can't check this, but it sounds logical.
Thanks,
Volker
(This used to be commit 770b85c32fdd7addd7becf6a42cace91f411b363)
|
|
(This used to be commit bccee79653a6f5c368bf8d39fccc65fd0e5b7417)
|
|
(This used to be commit 184bef8413b17a0e42d1c5bce3d08ae1533818ca)
|
|
(This used to be commit eba512ee1c723392ce553a6b04a7de6c57dd7b1d)
|
|
(This used to be commit 3b1d922ab4fdf3d2d5d8b56b7c5d2882b91000b9)
|
|
Chew <darrenc@vicscouts.asn.au>
(This used to be commit 86e0015b06eb9590a6a3e64cb4fe5a88a9f156c2)
|
|
Jeremy.
(This used to be commit 6ce7932520c0e5417e3b8a214a97244d10bdf4ad)
|
|
(This used to be commit 9a7774306dfa29f0b343343844a2c08650d5ba1a)
|
|
* updating version in Makefile
(This used to be commit 3249e69274c00922c6d8710019c19d8c8add8255)
|
|
(This used to be commit b798f30f0a83ba00ebbe1b82983ca6690642ad02)
|
|
(This used to be commit d463abb035a19dce84902039623275cd72e16edc)
|
|
(This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322)
|
|
(This used to be commit 3f67b2bbfdbedc76d7265fc5333d5f71577d9c7b)
|
|
(This used to be commit c1546a5311a4e9ad2d6566e71e11c6d5f8f120a9)
|
|
(This used to be commit 5c45b799d1b87fed8afa4665e075f2c8ccb6da84)
|
|
(This used to be commit bd9b90a391e3346ff22888bbc589e65ccdddd482)
|
|
(This used to be commit 64fa24dbabd8d211d276e19745561a11b7465158)
|
|
Keeps with IBM convention of separate attributetype and objectclass definitions.
(This used to be commit 5dcf974c22b4bd54193dff876020bacd5b1691b2)
|
|
(This used to be commit 88725350d248fe017b77c7609544888ba40b7995)
|
|
(This used to be commit 3f97a5ce47bbdd3010dd8e234a7aa5838b524b46)
|
|
(This used to be commit c9c7150a627abe93a5d3c866605f2300a3cc5ec9)
|
|
(This used to be commit 90133558073deb96a0e5baf26e44cf1af1acd538)
|
|
(This used to be commit 7105f4bcabb29126999b5494f6d60d6f766ab5cc)
|
|
(This used to be commit 29885eae591bdbb899d18ac2e7ae355751cd4be6)
|
|
(This used to be commit 5b20494aff3da9414ac0100220de96750c3f06a3)
|
|
sambaSamAccount schema
(This used to be commit 5f41cd76b793305e1e9e4da76d58daa2d8438c63)
|
|
addition to add
(This used to be commit 49457669f32ed1d8122633e2d0abdebaf05790da)
|
|
(This used to be commit 25753e2a336a72dc2275a0046003c3a659a0f880)
|
|
(This used to be commit 766a5070d58ada7a871a7fab45b5f7e203264952)
|
|
(This used to be commit f72f51d39ff3e6d22dbda8b9c115ca10e93e7022)
|
|
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
(This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
|
|
(This used to be commit 6237fae9b8407ee04226b984a932150799191d29)
|