summaryrefslogtreecommitdiff
path: root/source3/libads/ldap_utils.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22797: We are only interested in the DACL of the security descriptor, so ↵Günther Deschner1-0/+16
search with the SD_FLAGS control. Guenther (This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
2007-10-10r22460: Adding a generic ads_ranged_search() function.Günther Deschner1-1/+173
Guenther (This used to be commit b8828ea2516876fe5dd76083864418db2f042be0)
2007-10-10r21240: Fix longstanding Bug #4009.Günther Deschner1-2/+2
For the winbind cached ADS LDAP connection handling (ads_cached_connection()) we were (incorrectly) assuming that the service ticket lifetime equaled the tgt lifetime. For setups where the service ticket just lives 10 minutes, we were leaving hundreds of LDAP connections in CLOSE_WAIT state, until we fail to service entirely with "Too many open files". Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP connection after the ads_do_search_retry() has failed to submit the search request (although the bind succeeded (returning an expired service ticket that we cannot delete from the memory cred cache - this will get fixed later)). Guenther (This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
2007-10-10r21003: Display LDAP base in debug statement.Günther Deschner1-2/+2
Guenther (This used to be commit fb5830f87a16dbec16893348080bcdfc61e27ab0)
2007-10-10r18620: Fallback to non-paging LDAP searches in ads_do_search_retry_internal()Günther Deschner1-2/+19
for anonymous bound connections. When doing anonymous bind you can never use paged LDAP control for RootDSE searches on AD. Guenther (This used to be commit dc1d92faabd4b291f607eb481349ba37e52ef11e)
2007-10-10r18172: Just a little more verbosity in this debug statement.Günther Deschner1-2/+2
Guenther (This used to be commit e852bc46464fe6dbdf8530f43fcb88fd2eafae67)
2007-10-10r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.Volker Lendecke1-20/+21
Compiled it on systems with and without LDAP, I hope it does not break the build farm too badly. If it does, I'll fix it tomorrow. Volker (This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)
2007-10-10r15704: Prefer LDAP error codes in ads_search_retry_sid().Günther Deschner1-2/+2
Guenther (This used to be commit 6cfc65ea20793a72ff1666759bd4e8e446247071)
2007-10-10r15698: An attempt to make the winbind lookup_usergroups() call in security=adsGünther Deschner1-5/+34
more scalable: The most efficient way is to use the "tokenGroups" attribute which gives the nested group membership. As this attribute can not always be retrieved when binding with the machine account (the only garanteed way to get the tokenGroups I could find is when the machine account is a member of the "Pre Win2k Access" builtin group). Our current fallback when "tokenGroups" failed is looking for all groups where the userdn was in the "member" attribute. This behaves not very well in very large AD domains. The patch first tries the "memberOf" attribute on the user's dn in that case and directly retrieves the group's sids by using the LDAP Extended DN control from the user's object. The way to pass down the control to the ldap search call is rather painfull and probably will be rearranged later on. Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2. Guenther (This used to be commit 7d766b5505e4099ef7dd4e88bb000ebe38d71bd0)
2007-10-10r15492: Without this patch, the LDAP client libs will call abort() inAndrew Bartlett1-9/+19
ldap_get_values_len, because they were handed a NULL msgs pointer, for example in ads_pull_sid(). This occurs when the AD server fails at the connect stage. (The toubled AD server is actually Samba4 in my example). Andrew Bartlett (This used to be commit 221a6de7d028f5c9bb9da038650868582d44e7e5)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-0/+25
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r11451: Fix -O1 "might be using uninitialized" errors.Jeremy Allison1-1/+1
Jeremy. (This used to be commit cab76c3c33883aad444eefb6562ab1b27d9ca88a)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2004-01-05There is some memory corruption hidden somewhere in our winbind code. If IAndrew Bartlett1-4/+8
could reproduce it, I would fix it, but for now just make sure we always SAFE_FREE() and set our starting pointers to NULL. Andrew Bartlett (This used to be commit c279e178bc122e1e2aa519f7a373a3d93672a3ac)
2003-10-03don't call ads_destroy() twice; fixes segfault in winbindd when DC goes ↵Gerald Carter1-1/+6
down; bug 437 (This used to be commit 1cfbd92404270e0c67a3b295fc9cf461b29d3503)
2003-08-15Don't print out error in ads_do_search_retry() when it suceeds.Tim Potter1-1/+4
(This used to be commit 617feab4223f5ba3cc5e090de5e63da72fce49df)
2003-04-15Change variable name to get this working on gcc 3.2 (Merge from HEAD)Jelmer Vernooij1-5/+5
(This used to be commit d49113caef6057905f0f5233ea3085ca5722e742)
2002-09-28Add the beginings of sam_ads to the tree.Andrew Bartlett1-0/+3
This module, primarilly the work of "Stefan (metze) Metzmacher" <metze@metzemix.de>, uses the Active Directory schema to store the user/group/other information. I've been testing it against a real AD server, and it is intended to work with OpenLDAP as well. I've moved a few functions around in our other libads code, which has made it easier to tap into that existing code. Also, I've made some changes to the SAM interface, I hope there are not too many objections... To ensure we don't get silly bugs in the skel module, it is now in the default compile. This way you should not forget to update it :-) Andrew Bartlett (This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
2002-09-28This needs to be #ifdef HAVE_LDAP.Andrew Bartlett1-0/+3
(This used to be commit 2b54a2fc2c85ea139e2acdbbc2f14b969c0c6315)
2002-09-27Move a number of ADS related functions out into utility libs, so that thingsAndrew Bartlett1-0/+90
like metze's sam_ads can also use them. Also add error checking etc to a few more functions. Andrew Bartlett (This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)