summaryrefslogtreecommitdiff
path: root/source3/include/smbldap.h
AgeCommit message (Collapse)AuthorFilesLines
2011-03-06s3: Move EXOP definitions to smbldap.hVolker Lendecke1-0/+25
This attempts to fix the build on Solaris Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Mar 6 10:45:16 CET 2011 on sn-devel-104
2011-02-16s3-build: move priv2ld proto to smbldap.h (in order to fix non-ldap builds).Günther Deschner1-1/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Feb 16 15:20:14 CET 2011 on sn-devel-104
2011-02-16s3-ipasam: add IPA specific attributesSumit Bose1-0/+3
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16s3-ipasam: implement {get,set,del}_trusted_domainSumit Bose1-0/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16s3-passdb: Add minimal stub for IPA passdb backendSumit Bose1-0/+3
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20s3-build: only include smbldap.h where needed.Günther Deschner1-0/+37
Guenther
2010-09-08s3/ldap: use monotonic clock for timeouts in smbldapBjörn Jacke1-3/+3
tevent would need monotonic clock features to make also smbldap's idle handling aware of backward clock jumps. Other areas in smbldap are clock jump save now.
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+6
Guenther
2010-07-05s4:include/smbldap.h - introduce a placeholder for "LDAPMessage" if we don't ↵Matthias Dieter Wallnöfer1-0/+1
link against a LDAP library
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-1/+1
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-0/+5
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-01-14s3:smbldap: add smbldap_talloc_first_attribute()Stefan Metzmacher1-0/+3
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c992127f8a96c37940a6d298c7c6859c47f83d9b)
2009-05-31Fix some nonempty blank linesVolker Lendecke1-4/+4
2009-05-29Add smbldap_talloc_single_blob()Volker Lendecke1-0/+3
2009-05-28Add smbldap_pull_sidVolker Lendecke1-0/+2
2009-05-12Fix bug 6157Volker Lendecke1-0/+3
This patch picks the alphabetically smallest one of the multi-value attribute "uid". This fixes a regression against 3.0 and also becomes deterministic.
2009-04-06s3:smbldap Remove smbldap_get_dnAndrew Bartlett1-2/+1
This removes one more caller to pull_utf8_allocate() Signed-off-by: Günther Deschner <gd@samba.org>
2008-06-26Fix the non-LDAP, non-krb5 build, fix gcc -O3 warnings.Jeremy Allison1-0/+7
Jeremy. (This used to be commit 9e2ab30d3cf6950fc79152b2169e7aeae8d6a366)
2008-06-03Add ldap connection timeout for OpenLDAP and Netscape LDAP libs. This can be ↵Björn Jacke1-1/+2
controlled via the ldap connection timeout parameter. This fixes fallbacks to secondary LDAP servers in multi LDAP server setups like in #4544 (This used to be commit 8e59a2fedc940b081222b0e8f90fe0c5a0981c06)
2007-11-27Remove unused prototype for smbldap_get_single_pstring().Jeremy Allison1-2/+0
Don't use pstr_sprintf() on an fstring - change to talloc. Jeremy. (This used to be commit 6cae4b5fa1bcb848cb2a28daaafeefd6bcd08274)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-4/+4
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25092: Add support for storing trusted domain passwords in LDAP forMichael Adam1-0/+1
passdb backend = ldapsam. Along with reproducing the functionality of the secrets.tdb code, I have prepared the handling of the previous trust password (in case we are contacting a dc which does not yet know of a recent password change). This information has still to be propagated to the outside, but this requires a change of the api and also a change of the secrets.tdb code. Michael (This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes ↵Volker Lendecke1-1/+3
winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997)
2007-10-10r20215: Next step trying to fix the Solaris build.Volker Lendecke1-1/+1
I think "anonimous" is correctly spelled "anonymous". The Solaris compile is referring to this as "anonymous" in line 814 of smbldap.c. Simo, please check. Thanks, Volker (This used to be commit a77d8fa08e5a7c9c0c7c415ce3b7848b265b4b95)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-0/+4
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r16122: As we use 'inetOrgPerson' as structural objectclass for new accounts forGünther Deschner1-0/+1
eDir, we already add 'sn' as required attribute on LDAP add operations. When we modify an entry, we need to request 'sn' as well in our attribute lists, so that we don't try to add it a second time. Guenther (This used to be commit e018ea3d1d70e68e6802843f88b3245dc09244c9)
2007-10-10r13460: by popular demand....Gerald Carter1-7/+2
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-3/+12
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-4/+9
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9303: Clobber compiler warnings. Patch from Jason Mader ↵James Peach1-2/+24
<jason@ncac.gwu.edu> plus some extra function declarations. Bugzilla bug #2523. (This used to be commit 98d364459daa48aca3d239926cf40a0655e27e97)
2007-10-10r6351: This is quite a large and intrusive patch, but there are not many ↵Volker Lendecke1-0/+1
pieces that can be taken out of it, so I decided to commit this in one lump. It changes the passdb enumerating functions to use ldap paged results where possible. In particular the samr calls querydispinfo, enumdomusers and friends have undergone significant internal changes. I have tested this extensively with rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will follow later. The code is based on a first implementation by Günther Deschner, but has evolved quite a bit since then. Volker (This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
2007-10-10r5655: Added support for Novell NDS universal password. Code donated byJeremy Allison1-0/+25
Vince Brimhall <vbrimhall@novell.com> - slight tidyup by me to use Samba conventions. Vince - thanks a *lot* for this code - please test to make sure I haven't messed anything up. Jeremy. (This used to be commit 6f5ea963abe8e19d17a1803d4bedd9d87a317e58)
2007-10-10r5428: Apply some const. LDAP attribs should now be declared const char ↵Volker Lendecke1-2/+2
*attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker (This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-4/+0
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-0/+4
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner1-0/+1
controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-1/+1
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r3563: During a typical logon a modern workstation makes a lot of anonymous ↵Volker Lendecke1-0/+1
session setups on its way to open a pipe. This gets rid of many round-trips to the LDAP server during logon by setting up the server_info_guest once and not asking the LDAP server and nss every time. Make sure that the ldap connection is reopened in the child. (I did not look at the sql backends.) Volker (This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046)
2007-10-10r2444: Based on jmcd's patch, implement special lists for the ldap user ↵Volker Lendecke1-0/+2
attributes to delete. Richard, IMHO this is the better solution to the problem you currently have. Please review. Thanks, Volker (This used to be commit 6957d6a8921fbd97747258249d99b505a79cfcb4)
2007-10-10r1810: Patch from Richard Renard <rrenard@idealx.com> to storeJeremy Allison1-0/+1
logon hours attributes in an LDAP database. Jeremy. (This used to be commit dac72638fb3a05e805136698e0ad0612620ac8af)
2007-10-10r1588: This is one of the more pathetic patches I ever checked in. Many hours ofVolker Lendecke1-1/+1
coding have passed, but I could not find a way to get the OpenLDAP libraries to reliably time out on any of the queries we make, *and* get correct error returns. No, async calls and ldap_result does NOT work, or I was simply too stupid to correctly interpret the OpenLDAP manpage and source. We can not allow to hang indefinitely in an ldap query, especially not for winbindd. "ldap timeout" now specifies the overall timeout for the complete operation, that's why I increased that to 15 seconds. Volker (This used to be commit 269f0750872e5f8757e0a9667e007a0410319fcd)
2007-10-10r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison1-2/+3
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
2007-10-10r1317: Patch from Joe Meadows "Joe Meadows" <jameadows@webopolis.com> toJeremy Allison1-1/+2
add a timeout to the ldap open calls. New parameter, ldap timeout added. Jeremy. (This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+3
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2007-10-10r53: Remove modifyTimestamp from list of our attributes. We just check it forJim McDonough1-1/+0
cache entry time comparisons in password lockout. Fixes problems where pdb_ldap tries to delete the operational attribute modifyTimestamp when deleting a user account. (This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f)
2004-03-18Password lockout for LDAP backend. Caches autolock flag, bad count, andJim McDonough1-0/+1
bad time locally, updating the directory only for hitting the policy limit or resetting. This needed to be done at the passdb level rather than auth, because some of the functions need to be supported from tools such as pdbedit. It was done at the LDAP backend level instead of generically after discussion, because of the complexity of inserting it at a higher level. The login cache read/write/delete is outside of the ldap backend, so it could easily be called by other backends. tdbsam won't call it for obvious reasons, and authors of other backends need to decide if they want to implement it. (This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
2004-03-11Get MungedDial actually working with full TS strings in it for pdb_ldap.Jim McDonough1-1/+4
I know this isn't pretty, but neither was our assumption that all strings from the directory fit inside a pstring. There was no way this worked before will all versions of usrmgr (for example, the only version of mine that has the TS Confic button). (This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
2004-02-23Add bad password count/time attributesJim McDonough1-0/+1
(This used to be commit 003318939f7e476f5f2a5f345e8a81a228fc89a7)