summaryrefslogtreecommitdiff
path: root/source3/libads/ldap_utils.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15704: Prefer LDAP error codes in ads_search_retry_sid().Günther Deschner1-2/+2
Guenther (This used to be commit 6cfc65ea20793a72ff1666759bd4e8e446247071)
2007-10-10r15698: An attempt to make the winbind lookup_usergroups() call in security=adsGünther Deschner1-5/+34
more scalable: The most efficient way is to use the "tokenGroups" attribute which gives the nested group membership. As this attribute can not always be retrieved when binding with the machine account (the only garanteed way to get the tokenGroups I could find is when the machine account is a member of the "Pre Win2k Access" builtin group). Our current fallback when "tokenGroups" failed is looking for all groups where the userdn was in the "member" attribute. This behaves not very well in very large AD domains. The patch first tries the "memberOf" attribute on the user's dn in that case and directly retrieves the group's sids by using the LDAP Extended DN control from the user's object. The way to pass down the control to the ldap search call is rather painfull and probably will be rearranged later on. Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2. Guenther (This used to be commit 7d766b5505e4099ef7dd4e88bb000ebe38d71bd0)
2007-10-10r15492: Without this patch, the LDAP client libs will call abort() inAndrew Bartlett1-9/+19
ldap_get_values_len, because they were handed a NULL msgs pointer, for example in ads_pull_sid(). This occurs when the AD server fails at the connect stage. (The toubled AD server is actually Samba4 in my example). Andrew Bartlett (This used to be commit 221a6de7d028f5c9bb9da038650868582d44e7e5)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-0/+25
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r11451: Fix -O1 "might be using uninitialized" errors.Jeremy Allison1-1/+1
Jeremy. (This used to be commit cab76c3c33883aad444eefb6562ab1b27d9ca88a)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2004-01-05There is some memory corruption hidden somewhere in our winbind code. If IAndrew Bartlett1-4/+8
could reproduce it, I would fix it, but for now just make sure we always SAFE_FREE() and set our starting pointers to NULL. Andrew Bartlett (This used to be commit c279e178bc122e1e2aa519f7a373a3d93672a3ac)
2003-10-03don't call ads_destroy() twice; fixes segfault in winbindd when DC goes ↵Gerald Carter1-1/+6
down; bug 437 (This used to be commit 1cfbd92404270e0c67a3b295fc9cf461b29d3503)
2003-08-15Don't print out error in ads_do_search_retry() when it suceeds.Tim Potter1-1/+4
(This used to be commit 617feab4223f5ba3cc5e090de5e63da72fce49df)
2003-04-15Change variable name to get this working on gcc 3.2 (Merge from HEAD)Jelmer Vernooij1-5/+5
(This used to be commit d49113caef6057905f0f5233ea3085ca5722e742)
2002-09-28Add the beginings of sam_ads to the tree.Andrew Bartlett1-0/+3
This module, primarilly the work of "Stefan (metze) Metzmacher" <metze@metzemix.de>, uses the Active Directory schema to store the user/group/other information. I've been testing it against a real AD server, and it is intended to work with OpenLDAP as well. I've moved a few functions around in our other libads code, which has made it easier to tap into that existing code. Also, I've made some changes to the SAM interface, I hope there are not too many objections... To ensure we don't get silly bugs in the skel module, it is now in the default compile. This way you should not forget to update it :-) Andrew Bartlett (This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
2002-09-28This needs to be #ifdef HAVE_LDAP.Andrew Bartlett1-0/+3
(This used to be commit 2b54a2fc2c85ea139e2acdbbc2f14b969c0c6315)
2002-09-27Move a number of ADS related functions out into utility libs, so that thingsAndrew Bartlett1-0/+90
like metze's sam_ads can also use them. Also add error checking etc to a few more functions. Andrew Bartlett (This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)