summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2003-06-25Patch to move functions directly from pdb_ldap.c into lib/smbldap.cAndrew Bartlett1-718/+8
The functions are unchanged. Next step is to make idmap_ldap use them. Andrew Bartlett (This used to be commit 57617a0f8c84f9ced4df2901811ce5a5a5ae005e)
2003-06-24Fix pdb_ldap segfaults, and wrong default values for ldapsam_compat.Andrew Bartlett1-4/+3
Reviewed by vl, metze. Andrew Bartlett (This used to be commit 9804ad458ad35c9ea7de3e2e86bf8b2f85ae6533)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-1/+1
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-21This patch works towards to goal of common code shared between idmap_ldapAndrew Bartlett1-261/+359
and pdb_ldap. So far, it's just a function rename, so that the next patch can be a very simple matter of copying functions, without worrying about what changed in the process. Also removes the 'static' pointers for the rebind procedures, replacing them with a linked list of value/key lookups. (Only needed on older LDAP client libs) Andrew Bartlett (This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-9/+6
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-07Try to fix memory leaks found by valgrind in pdb_ldap code.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit decadfcc8205ed5611d74141e301569ef8b1d9f4)
2003-06-06support LDAP_EXOP_MODIFY_PASSWORD (not experiemental in OpenLDAP 2.1)Gerald Carter1-9/+21
(This used to be commit 50fdc938222112b5470d05d8cd15386bd0a112df)
2003-06-06* break out more common code used between pdb_ldap and idmap_ldapGerald Carter1-128/+36
* remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
2003-06-05working draft of the idmap_ldap code.Gerald Carter1-282/+3
Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350)
2003-05-27cut-n-paste errorGerald Carter1-1/+1
(This used to be commit eb567e803e2da3ce11174812a5162642d8ef342b)
2003-05-27fix bug 118; replace hard coded 'next[User|Group]Rid' attribute namesGerald Carter1-6/+8
(This used to be commit f7ebb3c9e5d38d86d48459b7962a3da6d4900285)
2003-05-22fix bug #108; sambaSambaAccount string attributes are case insensitive; ↵Gerald Carter1-2/+5
don't try to change a string that only differs in case (This used to be commit 01ef08352007487040edefcc0b99ca79823cbddf)
2003-05-16Well spotted typo by Marco Berger <MARCOB@voelcker.com>Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit f16b0e025ea3112b4c231b67bc95f63418599f2e)
2003-05-16Fix from Alex Deiter <tiamat@komi.mts.ru>Simo Sorce1-1/+1
Reversed check. (This used to be commit 542ee1d3d6401c4d03770f07cfc907d016e166b4)
2003-05-14readding reverted changes during idmap merge (noticed by Andrew b.)Gerald Carter1-16/+33
(This used to be commit c6d836c61cb3e122dcc41b874ed5a03a130b6a4c)
2003-05-14fix group mapping in LDAP under new schemaGerald Carter1-35/+61
(This used to be commit 0714dda7cc4a1df73e1b9d11daae80a1f46583de)
2003-05-14*****LDAP schema changes*****Gerald Carter1-292/+802
New objectclass named sambaSamAccount which uses attribute prefaced with the phrase 'samba' to prevent future name clashes. Change in functionality of the 'ldap filter' parameter. This always defaults to "(uid=%u)" now and is and'd with the approriate objectclass depending on whether you are using ldapsam_compat or ldapsam conversion script for migrating from sambaAccount to sambaSamAccount will come next. (This used to be commit 998586e65271daa919e47e1206c0007454cbca66)
2003-05-14Fix pointer return bug in get_unix_attributes()Tim Potter1-1/+1
(This used to be commit 7aa54f0a7f3bcfb5d9560ca3bb88e1549b7ce421)
2003-05-14spellingTim Potter1-2/+2
(This used to be commit 1b4f904277b5e9331cdf4491163f856aa78d0453)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-114/+54
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-12fixing typos in debug statementsGerald Carter1-1/+1
(This used to be commit f59bcb51cfe4e268ba43245d401d212aefdf2b72)
2003-05-11As discussed on samba-technical - move to 'primaryGroupSid' insted ofAndrew Bartlett1-17/+45
primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid for the primary user identifier. Also cope with legacy installations where primaryGroupID might have been stored as 0. Andrew Bartlett (This used to be commit 0e432817cb927b41af7b49fb0b5081ffdb46f85e)
2003-05-11Using /dev/urandom for determining an ldap server backoff is a waste of systemAndrew Bartlett1-2/+6
entropy - use sys_random() instead. Andrew Bartlett (This used to be commit 640462a365235aa7ce6f817778f022530a25d909)
2003-05-10Fix typo.John Terpstra1-1/+1
(This used to be commit 7bec28f23c5bef8516e798a0808585ed1a30517e)
2003-05-07Set our 'global sam name' in one place. For domain controllers, this isAndrew Bartlett1-1/+1
lp_workgroup(), for all other server this is global_myname(). This is the name of the domain for accounts on *this* system, and getting this wrong caused interesting bugs with 'take ownership' on member servers and standalone servers at Snap. (They lookup the username that they got, then convert that to a SID - but becouse the domain out of the smbpasswd entry was wrong, we would fail the lookup). Andrew Bartlett (This used to be commit 5fc78eba20411f3f5a8ccadfcba5c4ab73180dba)
2003-04-30Make the version numbers ints (patch from metze)Jelmer Vernooij1-2/+2
(This used to be commit dbe36b4c43dceddea9f14161c6cf7b34709287c8)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-3/+3
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-28The caller must always set the RID on the SAM_ACCOUNT, so don't try and guessAndrew Bartlett1-3/+1
it from the UID. Andrew Bartlett (This used to be commit cdc1d0505107d05d784693d321b24208a386d4f0)
2003-04-28Guenther Deschner <gd@suse.de> notes that I missed out setting the defaultAndrew Bartlett1-1/+3
for the 'normal' case (not --with-ldapsam). Andrew Bartlett (This used to be commit ebe5c618189391e6adf27e565a5821f8d47c8c7d)
2003-04-28A new pdb_ldap!Andrew Bartlett1-272/+718
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
2003-04-26After a quick run with the 'weird' charset, squash a few bugs in our newAndrew Bartlett1-5/+12
'UF8-safe' LDAP code. I hope I've caught all the places where we were pushing strings into or out of LDAP now. Andrew Bartlett (This used to be commit 70bf7a5f71f71aeb5338723d1f5b32a89d5c4f91)
2003-04-25Based on a patch by Alex Deiter <tiamat@komi.mts.ru>, make sure that we convertAndrew Bartlett1-20/+69
to and from UTF8 when talking to our LDAP server in pdb_ldap. Andrew Bartlett (This used to be commit 759ba40b12a28caea87c0d8b3baea8bb69c92c89)
2003-04-23This define does not always seem to be present, so define it if need be.Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit 007143e2435904d941a62934986ac54e343f4936)
2003-04-23- Merge a memory leak fix from HEADAndrew Bartlett1-11/+16
- change update behaviour for new RIDs: - store the new RID into the SAM_ACCOUNT, so that the caller get's it back automaticly - use this to make the code paths simpiler for the normal 'need_update' code. We must always store a RID if we intend to use the sambaAccount objectClass Andrew Bartlett (This used to be commit 5edeee5116b9c775a1bded1d53cb2b22c7a2765f)
2003-04-22Remove ldapsam_search_one_user_by_uid from pdb_ldap.Andrew Bartlett1-65/+20
sambaAccount requires the rid to be present, and doing this fallback is quite dangerous, becouse it assumes that alorithmic RIDs are in use - which is quite often not the case. Also finish of vl's work on 'use a function pointer, not embedded logic' to tell lower levels that they should/should not attempt to set the user's password into LDAP with the extended operation. Andrew Bartlett (This used to be commit 715d0bd804b6bff4c0b365f98ca196d41ed9c5c4)
2003-04-22This is meant to be initialised to the size of the buffer.Andrew Bartlett1-1/+1
(This used to be commit ca489db7d3d4713401da3627b563af3cbef82c58)
2003-04-22Make pdb_ldap use a random factor in deciding how long we need to sleep.Andrew Bartlett1-7/+22
This might help avoid killing the ldap server when all 100 smbd processes reconnect in pulses... Also, reduces the maximum wait time, as SMB clients will time out after 30 seconds anyway... Andrew Bartlett (This used to be commit 08c5aaae6a92d6ee14f9bf8e3330191718e84edf)
2003-04-19Address gcc warnings.Volker Lendecke1-1/+5
I could not fix the "passing arg 5 of `ldap_search_s'" completely with gcc -Wall. A non-developer compile does not complain though. Volker (This used to be commit cf923d713305620278e3759599247d3cf7aa0e2f)
2003-04-15Use the new modules system for passdb (merge from HEAD)Jelmer Vernooij1-16/+4
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
2003-04-09Fix double free on error and typoJelmer Vernooij1-2/+1
(This used to be commit c131c128e396a944e979992d9a5ac76e8b6e653b)
2003-04-05Ensure we don't segfault if ldap doesn't fill in the ld_error string (merge ↵Andrew Bartlett1-18/+18
from HEAD). Andrew Bartlett (This used to be commit be27fa2986767fca1876ea5f886d9fb4c7000660)
2003-03-30This fixes group updates in LDAP the same way as user updatesVolker Lendecke1-77/+98
are handled, though we assume that always everything needs to be updated in LDAP. PDB_IS_* is not done yet for groups. Do we need it? Volker (This used to be commit 091f8f94486057b33f0409887ba09000a8415f4c)
2003-03-28Try to get meaningful errors out of ldap more often - get the error stringAndrew Bartlett1-11/+38
from the server, not just the error code translation. Andrew Bartlett (This used to be commit 92415441fdc0f7d7c8b338d4cd4bbbba5418f88e)
2003-03-27This is no functional change. It just makes pdb_ldap.c a bitVolker Lendecke1-24/+50
easier to understand by moving the logic for init_ldap_from_sam and friends around. Volker (This used to be commit 09a92984baaee94521d0cacf16daaf0291242b42)
2003-03-25Must have been somewhere else last sunday...Volker Lendecke1-3/+4
Apply metzes patch (hopefully) correctly this time Volker (This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
2003-03-23Implement abartlet's suggestion to add attribs to ldap if theyVolker Lendecke1-24/+30
are 'SET' when adding the account. I really don't like passing flags down to inner routines and complicated if/else conditions, but this time he might be right. ;-) Volker (This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
2003-03-23Merge from HEAD:Volker Lendecke1-2/+2
This adds 'ldap delete dn' as the recommended parameter for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
2003-03-23Metzes change:Volker Lendecke1-4/+9
> Hi Volker, > > if 'displayName' is not available we should fallback to 'cn' for map->nt_name > 'cn' is used as unix group name by nss_ldap. > > and if nt_name is not available we should fail (so does this patch) Volker (This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
2003-03-22Never touch complicated if/else/elsif structures :-)Volker Lendecke1-23/+27
This repairs domain join with fully existing wks-account which I broke with my last patch... Volker (This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)