Age | Commit message (Collapse) | Author | Files | Lines |
|
membership from an ADS server. We now use a 'member' query on the
group and do a separate call to convert the resulting distinguished
name to a name, rid etc. This is *much* faster for very large numbers
of groups (on a quantum test system with 10000 groups it drops the
time from an hour to about 35 seconds).
strangely enough, this actually *increases* the amount of ldap
traffic, its just that the MS LDAP server answers these queries much
faster.
(This used to be commit 5538048e4f6dd224b2990f3c6a3e99fd07065f77)
|
|
a char** isn't quite the same thing as a struct berval** :)
(This used to be commit a92834ea9460bc49be99d6d5b0d41a817e6f0824)
|
|
broken
(This used to be commit 022073d140bae960613127a6d9422e443a8098c6)
|
|
Also remove unused line which incremented pointer by the wrong length anyway.
Provided by Anthony Liguori (aliguori@us.ibm.com).
(This used to be commit 47b7a3e0f3d101a3bcffd33db6ef4c0672b57ae0)
|
|
(This used to be commit 1de04ec4735c19ec21cdef6e679cea17c734c5f6)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
this fixes the huge number of struct berval warnings on non-ads
compiles
(This used to be commit e7f588d8156856109623b5f5a3841c5d096b1185)
|
|
str_list_copy(). Perhaps its proto should be fixed.
(This used to be commit b81bc2b34b620c24a148435d9913bd1a1528c983)
|
|
(This used to be commit b361089360068b91e9f4d221abdc3c8351596a7f)
|
|
Now smbclient, net, and swat use their own proto files - now the global
proto.h
The change to libads/kerberos.c was to break up the dependency on secrets.c -
we want to be able to write an ADS client that doesn't need local secrets.
I have other breakups in the works - I will remove the dependency of
rpc_parse on passdb (and therefore secrets.c) shortly.
(NOTE: This patch does *not* break up includes.h, or other such forbidden
actions).
Andrew Bartlett
(This used to be commit edb41dad2df0ae3db364dbc3896cc75956262edf)
|
|
though it is up to the calling function to decide whether values are
strings or not. Attributes are not converted at this point, though support
for it would be simple.
I have tested it with users and groups using non-ascii chars, and if the
check for alphanumeric user/domain names is removed form sesssetup.c, even
a user with accented chars can connect, or even login (via winbind).
I have also simplified the interfaces to ads_mod_*, though we will probably
want to expand this by a few functions in the near future. We just had
too many ways to do the same thing...
(This used to be commit f924cb53580bc081ff34e45abba57629018c68d6)
|
|
(This used to be commit 5a04ea1f0c41965bc735f38f4892dc37571734d6)
|
|
(This used to be commit b84882a628b3f2f0890322f25694c1932aa3e5ec)
|
|
(This used to be commit 180311a48cfa808ea9edc9f32558554b243b10eb)
|
|
changes ...
(This used to be commit 8096032663690eafb6bb8b4f405d6231389d4f80)
|
|
(This used to be commit 3e58a1ee83ea0b4347ce24e566445cc6cb67bb3a)
|
|
libraries with handling blank passwords.
(This used to be commit 59d755ffb57c322a104ff8f52819956cafff1bac)
|
|
- Add doxygen comments
- remove server sort control (ms implementation was not reliable)
- rename ads_do_search_all2() to ads_do_search_all_fn()
(This used to be commit 7aa5fa617221019de0f4565d07842df72673e154)
|
|
- Added sort control to ads_do_paged_search. It allows a char * to be passed
as the sort key. If NULL, no sort is done.
- fixed a bug in the processing of controls (loop wasn't incremented properly)
- Added ads_do_search_all2, which funs a function that is passed in against
each entry. No ldapmessage structures are returned. Allows results to
be processed as the come in on each page.
I'd like ads_do_search_all2 to replace ads_do_search_all, but there's some
work to be done in winbindd_ads.c first.
Also, perhaps now we can do async ldap searches? Allow us to process a
page while the server retrieves the next one?
(This used to be commit 95bec4c8bae0e29f816ec0751bf66404e1f2098e)
|
|
out since it's already in ads_errstr() in ads_status.c
(This used to be commit 0475126ffb69f0485fd31511cb13d98df74a8d5b)
|
|
to find and add a user.
(This used to be commit 773303a284825af89d70ea633004fc30225e7a85)
|
|
I've got the cases besides gssapi...anyone know how to get those?
(This used to be commit c937e1352207ad90e8257ad6c9f8b7c9cf92030d)
|
|
entry returned from a search, and applies it to the results. Re-structured
ads_dump to use this, plus changed the ber_free in ads_dump from (b,1) to
(b,0), in accordance with openldap manpages. Also allows proper free of
result using ldap_msgfree afterwards, so you can do something with the
results after an ads_dump.
(This used to be commit f01f02fc569b4f5101a37d3b493f2fe2d2b2677a)
|
|
defeats the purpose.
(This used to be commit 71806c49b366faf2466eee7352c71fcdfefd8cc1)
|
|
the scope limited to the domain at hand, and also keeps the openldap
libs happy, since they don't currently chase referrals and return
server controls properly at the same time.
(This used to be commit 2bebc8a391bd80bd0e5adbedb3757fb4279ec414)
|
|
(This used to be commit e66bdf1229ba84f64c19e817e2c4081dbbf0bee8)
|
|
to paged searches. This makes updating winbindd to used paged searches
trivial.
(This used to be commit 514c11b4e3fcc765a8087405333bd351c05c9e36)
|
|
referrals parsing in the openldap libs. By disabling referrals we get
valid controls back and the cookies work.
(This used to be commit 8bf487ddff240150d7a92aaa0f978dd30062c331)
|
|
ads_do_paged_search, is the same as ads_do_search, but it also contains a count of records returned in this page, and a cookie for resuming, to be passed back. The cookie must start off NULL, and when it returns as NULL, the search is done.
(This used to be commit 9afba67f9a56699e34735e1e425f97b2464f2402)
|
|
the problem is, how the heck do we properly handle these? Jerry?
It seems that the Win2000 ADS server only returns a max of 1000 records!
(This used to be commit 93389647203395da0e894c2e57348081e755884a)
|
|
(This used to be commit 3396a671c59e6afe70a22ce64e4a9381b1d6fef8)
|
|
(This used to be commit 98196e79b733e029341578b382bdfabf3f9a0bdc)
|
|
<a.kotovich@sam-solutions.net> that adds the security decsriptor code
for ADS workstation accounts
thanks for your patience Cat, and thanks to Andrew Bartlett for
extensive reviews and suggestions about this code.
(This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
|
|
(This used to be commit 2d620909f9def17dacf2af997a32d596f4dbd827)
|
|
should be LDAP_MOD_REPLACE. Caught by Alexey Kotovich.
(This used to be commit be48a05ed95f0f4ed02ffb996cb1ecc10811d9a0)
|
|
(This used to be commit e097666499564ffe28836876a7a191149c14f199)
|
|
(This used to be commit 1f186c60ad957c0e8157a6fd903857121c65a2e0)
|
|
(This used to be commit 6169b668fe955f298c7323c5d64f6c7b303aaac0)
|
|
malloc checks and return ADS_ERROR(LDAP_NO_MEMORY) if they fail.
(This used to be commit 81d76f05d8b886a86eb421d1bd8737ec7d05cbde)
|
|
get trusted domains query but leave the domain SID blank - we need to
fail the add of the trusted domain in winbindd in that case
(This used to be commit 24c7e7a3849df3a3378f7e7f20099de048f0b7bd)
|
|
control for permissive modify.
(This used to be commit 01e7f7c3d9006883b71e43d917d32e325cff7a15)
|
|
printer modify, now that the ldap control is working.
(This used to be commit 76afc886a89e8c0d5a169435dde42b00db522060)
|
|
BOOLs. Add support for bervals in mod lists. Also put undocumented AD ldap control in to allow modifications when an attribute does not yet exist.
(This used to be commit 1a2d27b21e61be5a314f7d6c4ea0dff06a5307be)
|
|
attributes until a method for checking for their existence is done.
(This used to be commit 538c19a6983e0423b94f743184263cd8ef9c701e)
|
|
to void **
(This used to be commit 9467792843fdd9bc55e92bfaa2f2205279074297)
|
|
(This used to be commit 146c731c35beecd3ae8e093e52d94af0e2efcd69)
|
|
it creates and modifies a printQueue object in the directory
(This used to be commit b14e638aeb80bad80cfd12ed60f5e77f24addfd5)
|
|
(This used to be commit 3d8d8cef64c674f9f1240759a05766db95bfde4e)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
(This used to be commit 7e5d7dfa834c0161460bde8a2f0d4824c0a0d1fe)
|