summaryrefslogtreecommitdiff
path: root/source3/libads/ads_struct.c
AgeCommit message (Collapse)AuthorFilesLines
2002-09-28Add the beginings of sam_ads to the tree.Andrew Bartlett1-0/+1
This module, primarilly the work of "Stefan (metze) Metzmacher" <metze@metzemix.de>, uses the Active Directory schema to store the user/group/other information. I've been testing it against a real AD server, and it is intended to work with OpenLDAP as well. I've moved a few functions around in our other libads code, which has made it easier to tap into that existing code. Also, I've made some changes to the SAM interface, I hope there are not too many objections... To ensure we don't get silly bugs in the skel module, it is now in the default compile. This way you should not forget to update it :-) Andrew Bartlett (This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-94/+25
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell1-0/+6
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-07-30a couple more minor tweaks. This now allows us to operate in ADS modeAndrew Tridgell1-0/+6
without any 'realm =' or 'ads server =' options at all, as long as DNS is working right. (This used to be commit d3fecdd04241ed7b9248e52415693cd54a1faecf)
2002-04-19fixed trust relationships in ADS winbindd after breaking them with my BDC ↵Andrew Tridgell1-3/+6
changes ... (This used to be commit 8096032663690eafb6bb8b4f405d6231389d4f80)
2002-04-18fixed the fallback to a BDC for ADS connectionsAndrew Tridgell1-1/+18
(This used to be commit 3e58a1ee83ea0b4347ce24e566445cc6cb67bb3a)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-16much better support for organisational units in ADS joinAndrew Tridgell1-11/+25
(This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
2001-12-19much better ADS error handling systemAndrew Tridgell1-30/+4
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
2001-12-19we only have gss_ fns on a krb5 capable boxAndrew Tridgell1-3/+6
(This used to be commit 344b786efe00f72ed81f0eeb4d422c655d866557)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-0/+26
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-13try the PDC for our workgroup if we can't find the ldap serverAndrew Tridgell1-3/+8
(This used to be commit fc9fd2ca19899e757a6d3ccbba3d4a10f27d7a3f)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-44/+5
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-05fix link errorAndrew Tridgell1-0/+2
(This used to be commit 58e93a8b7de10f60a1e68570f1bdd6e3d8fa44a5)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+4
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-12-05more memory leak fixesAndrew Tridgell1-4/+4
(This used to be commit eb6f0e91ddd2a97a907a569bc60beca99b494884)
2001-11-29ads->realm must not be NULLAndrew Tridgell1-0/+3
perhaps we should just fail ads_init() in this case? (This used to be commit 2a4ce3de6ae8fb833370d1f9d6e5e7193fafa979)
2001-11-29define LDAP_PORT when not availableAndrew Tridgell1-0/+3
(This used to be commit 5a5f140f84f4dd377d141e352f4cb7f9bea4fe64)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett1-0/+182
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)