summaryrefslogtreecommitdiff
path: root/source3/include/smbldap.h
AgeCommit message (Collapse)AuthorFilesLines
2003-07-17Disconnect an idle LDAP connection after 150 seconds.Volker Lendecke1-0/+3
Not strictly a bugfix, but it should considerably reduce the load we put on LDAP servers given that at least nss_ldap on Linux keeps a connection open. And it should also stress our reconnect-code a bit more ;-) Thanks to metze for this! Volker (This used to be commit e68d8eabeb9c64dc45d057619f9b3dd0cd507444)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-1/+5
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-06-25Patch to move functions directly from pdb_ldap.c into lib/smbldap.cAndrew Bartlett1-15/+25
The functions are unchanged. Next step is to make idmap_ldap use them. Andrew Bartlett (This used to be commit 57617a0f8c84f9ced4df2901811ce5a5a5ae005e)
2003-06-21This patch works towards to goal of common code shared between idmap_ldapAndrew Bartlett1-2/+13
and pdb_ldap. So far, it's just a function rename, so that the next patch can be a very simple matter of copying functions, without worrying about what changed in the process. Also removes the 'static' pointers for the rebind procedures, replacing them with a linked list of value/key lookups. (Only needed on older LDAP client libs) Andrew Bartlett (This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff)
2003-06-06fix build on systems w/o LDAP libsGerald Carter1-0/+14
(This used to be commit f33aeaa039d49b4eef884b27dc81d3418a051f1a)
2003-06-06* break out more common code used between pdb_ldap and idmap_ldapGerald Carter1-0/+2
* remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
2003-06-05working draft of the idmap_ldap code.Gerald Carter1-0/+101
Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350)