Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
tevent would need monotonic clock features to make also smbldap's idle handling
aware of backward clock jumps. Other areas in smbldap are clock jump save now.
|
|
Guenther
|
|
link against a LDAP library
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
ldapsam_alias_memberships() does the same LDAP search twice, triggered
via add_aliases() from create_local_nt_token().
This happens when no domain aliases are used.
metze
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c992127f8a96c37940a6d298c7c6859c47f83d9b)
|
|
|
|
|
|
|
|
This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.
|
|
This removes one more caller to pull_utf8_allocate()
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Jeremy.
(This used to be commit 9e2ab30d3cf6950fc79152b2169e7aeae8d6a366)
|
|
controlled via the ldap connection timeout parameter. This fixes fallbacks to secondary LDAP servers in multi LDAP server setups like in #4544
(This used to be commit 8e59a2fedc940b081222b0e8f90fe0c5a0981c06)
|
|
Don't use pstr_sprintf() on an fstring - change to talloc.
Jeremy.
(This used to be commit 6cae4b5fa1bcb848cb2a28daaafeefd6bcd08274)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
passdb backend = ldapsam.
Along with reproducing the functionality of the secrets.tdb
code, I have prepared the handling of the previous trust password
(in case we are contacting a dc which does not yet know of a recent
password change). This information has still to be propagated
to the outside, but this requires a change of the api and also
a change of the secrets.tdb code.
Michael
(This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
winbind
who did not run the idle events to drop ldap connections.
Volker
(This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997)
|
|
I think "anonimous" is correctly spelled "anonymous". The Solaris compile is
referring to this as "anonymous" in line 814 of smbldap.c. Simo, please check.
Thanks,
Volker
(This used to be commit a77d8fa08e5a7c9c0c7c415ce3b7848b265b4b95)
|
|
Simo.
(This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
|
|
eDir, we already add 'sn' as required attribute on LDAP add
operations.
When we modify an entry, we need to request 'sn' as well in our
attribute lists, so that we don't try to add it a second time.
Guenther
(This used to be commit e018ea3d1d70e68e6802843f88b3245dc09244c9)
|
|
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
previous 2 changes
(This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
<jason@ncac.gwu.edu> plus
some extra function declarations. Bugzilla bug #2523.
(This used to be commit 98d364459daa48aca3d239926cf40a0655e27e97)
|
|
pieces that
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.
The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.
Volker
(This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
|
|
Vince Brimhall <vbrimhall@novell.com> - slight tidyup by me to
use Samba conventions.
Vince - thanks a *lot* for this code - please test to make sure
I haven't messed anything up.
Jeremy.
(This used to be commit 6f5ea963abe8e19d17a1803d4bedd9d87a317e58)
|
|
*attr[]. This
gives some new warnings in smbldap.c, but a the callers are cleaned up.
Volker
(This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
|
|
passdb in 3_0 (they are still in trunk).
Guenther
(This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
|
|
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
(This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
|
|
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).
Guenther
(This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
|
|
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
|
|
session
setups on its way to open a pipe. This gets rid of many round-trips to the
LDAP server during logon by setting up the server_info_guest once and not
asking the LDAP server and nss every time. Make sure that the ldap connection
is reopened in the child. (I did not look at the sql backends.)
Volker
(This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046)
|
|
attributes to
delete.
Richard, IMHO this is the better solution to the problem you currently
have. Please review.
Thanks,
Volker
(This used to be commit 6957d6a8921fbd97747258249d99b505a79cfcb4)
|
|
logon hours attributes in an LDAP database.
Jeremy.
(This used to be commit dac72638fb3a05e805136698e0ad0612620ac8af)
|
|
coding have passed, but I could not find a way to get the OpenLDAP libraries
to reliably time out on any of the queries we make, *and* get correct error
returns. No, async calls and ldap_result does NOT work, or I was simply too
stupid to correctly interpret the OpenLDAP manpage and source.
We can not allow to hang indefinitely in an ldap query, especially not for
winbindd. "ldap timeout" now specifies the overall timeout for the complete
operation, that's why I increased that to 15 seconds.
Volker
(This used to be commit 269f0750872e5f8757e0a9667e007a0410319fcd)
|
|
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
(This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
|
|
add a timeout to the ldap open calls. New parameter, ldap timeout
added.
Jeremy.
(This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
cache entry time comparisons in password lockout. Fixes problems where
pdb_ldap tries to delete the operational attribute modifyTimestamp when
deleting a user account.
(This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f)
|
|
bad time locally, updating the directory only for hitting the policy limit
or resetting.
This needed to be done at the passdb level rather than auth, because some
of the functions need to be supported from tools such as pdbedit. It was
done at the LDAP backend level instead of generically after discussion,
because of the complexity of inserting it at a higher level.
The login cache read/write/delete is outside of the ldap backend, so it could
easily be called by other backends. tdbsam won't call it for obvious
reasons, and authors of other backends need to decide if they want to
implement it.
(This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
|
|
I know this isn't pretty, but neither was our assumption that all strings
from the directory fit inside a pstring. There was no way this worked
before will all versions of usrmgr (for example, the only version of
mine that has the TS Confic button).
(This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
|
|
(This used to be commit 003318939f7e476f5f2a5f345e8a81a228fc89a7)
|
|
When smb.conf tells us to write to a read-only LDAP replica and we are
redirected by the LDAP server, the replication might take some seconds,
especially over slow links. This patch delays the next read after a rebind for
'ldap rebind sleep' milliseconds.
Metze, thanks for your patience.
Volker
(This used to be commit 63ffa770b67d700f138d19b4982da152f57674fc)
|
|
(This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322)
|