summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-24s3-ldapsam: fix ldapsam_create_user() with existing posix accounts.Günther Deschner1-1/+1
We were not taking into account the existing posix attributes and thus failed while trying to add a 2nd uid attribute. Found by Sumit. Guenther
2011-03-06s3: Move EXOP definitions to smbldap.hVolker Lendecke1-25/+0
This attempts to fix the build on Solaris Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Mar 6 10:45:16 CET 2011 on sn-devel-104
2011-02-28Fix some typesJelmer Vernooij1-2/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-22s3:auth: change num_groups to from size_t to uint32_tStefan Metzmacher1-4/+4
This will help with the change from UNIX_USER_TOKEN to security_unix_token metze
2011-02-19s3: Add "len" to pdb_set_hoursVolker Lendecke1-1/+1
2011-02-16s3-passdb: make priv2ld() publicSumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16s3-passdb: Add minimal stub for IPA passdb backendSumit Bose1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-4/+5
Guenther
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-2/+3
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26s3-idmap: only include idmap headers where needed.Günther Deschner1-0/+1
Guenther
2010-08-14s3:pdb_ldap: move some code in ldapsam_create_dom_group()Michael Adam1-22/+25
to make the flow more similar to ldapsam_create_user(). This prepares for calling winbind_sid_to_gid() instead of winbind_allocate_gid(): we need the group_sid for this... Michael
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-07-06s3:pdb_ldap: change LDAP password before samba password hashesBjörn Jacke1-33/+34
this way we can catch up with password change refuses from ldap password policy overlays and abort the password change early. Thanks to Andy Hanton <andyhanton@gmail.com> for the initial patch.
2010-07-06s3: Fix another aspect of bug 7262 and make paged results work againVolker Lendecke1-4/+4
2010-07-05s3: Make talloc_attrs() staticVolker Lendecke1-1/+1
2010-06-10s3: Fix EnumDomainAliases when no aliases are in LDAPVolker Lendecke1-6/+4
We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just like W2k8 does. usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED
2010-06-10s3:pdb_ldap: fix bug 7505 - init_sam_from_ldap stores group in sid2uid cacheMichael Adam1-1/+1
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-51/+51
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 typesAndrew Bartlett1-60/+60
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner1-1/+1
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
2010-04-29s3-pdb_ldap: fix memleak.Günther Deschner1-2/+2
Guenther
2010-03-16s3: Make login_cache_write take a pointerVolker Lendecke1-1/+1
2010-03-16s3: Make login_cache_read take a pointer, avoid a mallocVolker Lendecke1-9/+8
2010-03-16s3: Remove a typedefVolker Lendecke1-2/+2
2010-02-10s3: change ldap filter to what really was intendedBjörn Jacke1-1/+1
2010-02-08s3:pdb_ldap: don't search for the users primary group, if we already know itStefan Metzmacher1-31/+35
metze
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-7/+29
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-02-08s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted ↵Stefan Metzmacher1-5/+85
support And also store the gid_to_sid mappings in the idmap_cache. metze
2010-02-08s3: shortcut gid_to_sid when "ldapsam:trusted = yes"Stefan Metzmacher1-0/+71
The normal gid_to_sid behaviour is to call sys_getgrgid() to get the name for the given gid and then call the getsamgrnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the gid_to_sid operation to one simple search for the gidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. metze
2010-02-05s3: Hide some uses of pdb_get_init_flags (which I would love to remove...)Volker Lendecke1-1/+1
2010-01-23s3: Remove some pointless uses of string_sid_tallocVolker Lendecke1-8/+6
2010-01-21s3:pdb_ldap: Fix large paged search.Volker Lendecke1-0/+1
Fix bug #6981 (Paged Search with DirX LDAP server broken). (cherry picked from commit 0a3b576c0a4298cbe600ad8943e401e3a0639359)
2010-01-14s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value.Stefan Metzmacher1-1/+1
See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1)
2010-01-12s3: Remove a pointless if-statementVolker Lendecke1-3/+2
2010-01-07s3:pdb_ldap:init_sam_from_ldap: untangle an assignment from the checkMichael Adam1-3/+3
to enhance readability and denbuggability. Michael
2009-11-19s3:pdb_ldap: fix a comment typoMichael Adam1-1/+1
Michael
2009-11-19s3: shortcut uid_to_sid when "ldapsam:trusted = yes"Michael Adam1-0/+75
The normal uid_to_sid behaviour is to call sys_getpwuid() to get the name for the given uid and then call the getsampwnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the uid_to_sid operation to one simple search for the uidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. Michael
2009-11-13s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()Michael Adam1-0/+2
not only the persistent idmap cache. Michael
2009-11-13s3:smbd: make idmap cache persistent for "ldapsam:trusted".Michael Adam1-0/+4
This stores the mappings found in the idmap cache (which lives inside gencache). This cache is already read in sid_to_Xid() and Xid_to_sid() for ldapsam:trusted, this fills the opposite direction, massively reducing the number of ldap roundtrips across smbd restarts. Michael
2009-11-13Fix large paged searchVolker Lendecke1-0/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2009-11-02s3:ldap: don't search when no values where foundBjörn Jacke1-1/+1
2009-10-31ѕ3:ldap: search for account policies in objectclass sambaDomain, not *Björn Jacke1-1/+6
2009-10-20s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw().Günther Deschner1-2/+2
Thanks Volker for the hint. Guenther
2009-09-02s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.Günther Deschner1-0/+46
Note that this only is tried with editposix=yes. Guenther
2009-08-03s3-pdb_ldap: Make ldapsam_alias_memberships behave like the tdbsam equivalent.Günther Deschner1-0/+7
This lets samr_GetAliasMembership return with NT_STATUS_OK when called with 0 sids (just what w2k3 does). Guenther
2009-07-14Fix bug 5886Volker Lendecke1-8/+26
Ok, that's a very long-standing one. I finally got around to install a recent OpenLDAP and test the different variants of setting a NULL password etc. Thanks all for your patience! Volker
2009-07-14s3-account_policy: add pdb_policy_type enum.Günther Deschner1-19/+21
Guenther
2009-07-09Make escape_ldap_string take a talloc contextVolker Lendecke1-23/+22
2009-06-30Fix bug #6431 - local groups from 3.0 setups no longer found.Volker Lendecke1-8/+8
Search for groups without group suffix, group suffix is only used for new entries.