summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-2/+3
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26s3-idmap: only include idmap headers where needed.Günther Deschner1-0/+1
Guenther
2010-08-14s3:pdb_ldap: move some code in ldapsam_create_dom_group()Michael Adam1-22/+25
to make the flow more similar to ldapsam_create_user(). This prepares for calling winbind_sid_to_gid() instead of winbind_allocate_gid(): we need the group_sid for this... Michael
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-07-06s3:pdb_ldap: change LDAP password before samba password hashesBjörn Jacke1-33/+34
this way we can catch up with password change refuses from ldap password policy overlays and abort the password change early. Thanks to Andy Hanton <andyhanton@gmail.com> for the initial patch.
2010-07-06s3: Fix another aspect of bug 7262 and make paged results work againVolker Lendecke1-4/+4
2010-07-05s3: Make talloc_attrs() staticVolker Lendecke1-1/+1
2010-06-10s3: Fix EnumDomainAliases when no aliases are in LDAPVolker Lendecke1-6/+4
We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just like W2k8 does. usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED
2010-06-10s3:pdb_ldap: fix bug 7505 - init_sam_from_ldap stores group in sid2uid cacheMichael Adam1-1/+1
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-51/+51
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 typesAndrew Bartlett1-60/+60
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner1-1/+1
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
2010-04-29s3-pdb_ldap: fix memleak.Günther Deschner1-2/+2
Guenther
2010-03-16s3: Make login_cache_write take a pointerVolker Lendecke1-1/+1
2010-03-16s3: Make login_cache_read take a pointer, avoid a mallocVolker Lendecke1-9/+8
2010-03-16s3: Remove a typedefVolker Lendecke1-2/+2
2010-02-10s3: change ldap filter to what really was intendedBjörn Jacke1-1/+1
2010-02-08s3:pdb_ldap: don't search for the users primary group, if we already know itStefan Metzmacher1-31/+35
metze
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-7/+29
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-02-08s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted ↵Stefan Metzmacher1-5/+85
support And also store the gid_to_sid mappings in the idmap_cache. metze
2010-02-08s3: shortcut gid_to_sid when "ldapsam:trusted = yes"Stefan Metzmacher1-0/+71
The normal gid_to_sid behaviour is to call sys_getgrgid() to get the name for the given gid and then call the getsamgrnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the gid_to_sid operation to one simple search for the gidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. metze
2010-02-05s3: Hide some uses of pdb_get_init_flags (which I would love to remove...)Volker Lendecke1-1/+1
2010-01-23s3: Remove some pointless uses of string_sid_tallocVolker Lendecke1-8/+6
2010-01-21s3:pdb_ldap: Fix large paged search.Volker Lendecke1-0/+1
Fix bug #6981 (Paged Search with DirX LDAP server broken). (cherry picked from commit 0a3b576c0a4298cbe600ad8943e401e3a0639359)
2010-01-14s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value.Stefan Metzmacher1-1/+1
See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1)
2010-01-12s3: Remove a pointless if-statementVolker Lendecke1-3/+2
2010-01-07s3:pdb_ldap:init_sam_from_ldap: untangle an assignment from the checkMichael Adam1-3/+3
to enhance readability and denbuggability. Michael
2009-11-19s3:pdb_ldap: fix a comment typoMichael Adam1-1/+1
Michael
2009-11-19s3: shortcut uid_to_sid when "ldapsam:trusted = yes"Michael Adam1-0/+75
The normal uid_to_sid behaviour is to call sys_getpwuid() to get the name for the given uid and then call the getsampwnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the uid_to_sid operation to one simple search for the uidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. Michael
2009-11-13s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()Michael Adam1-0/+2
not only the persistent idmap cache. Michael
2009-11-13s3:smbd: make idmap cache persistent for "ldapsam:trusted".Michael Adam1-0/+4
This stores the mappings found in the idmap cache (which lives inside gencache). This cache is already read in sid_to_Xid() and Xid_to_sid() for ldapsam:trusted, this fills the opposite direction, massively reducing the number of ldap roundtrips across smbd restarts. Michael
2009-11-13Fix large paged searchVolker Lendecke1-0/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2009-11-02s3:ldap: don't search when no values where foundBjörn Jacke1-1/+1
2009-10-31ѕ3:ldap: search for account policies in objectclass sambaDomain, not *Björn Jacke1-1/+6
2009-10-20s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw().Günther Deschner1-2/+2
Thanks Volker for the hint. Guenther
2009-09-02s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.Günther Deschner1-0/+46
Note that this only is tried with editposix=yes. Guenther
2009-08-03s3-pdb_ldap: Make ldapsam_alias_memberships behave like the tdbsam equivalent.Günther Deschner1-0/+7
This lets samr_GetAliasMembership return with NT_STATUS_OK when called with 0 sids (just what w2k3 does). Guenther
2009-07-14Fix bug 5886Volker Lendecke1-8/+26
Ok, that's a very long-standing one. I finally got around to install a recent OpenLDAP and test the different variants of setting a NULL password etc. Thanks all for your patience! Volker
2009-07-14s3-account_policy: add pdb_policy_type enum.Günther Deschner1-19/+21
Guenther
2009-07-09Make escape_ldap_string take a talloc contextVolker Lendecke1-23/+22
2009-06-30Fix bug #6431 - local groups from 3.0 setups no longer found.Volker Lendecke1-8/+8
Search for groups without group suffix, group suffix is only used for new entries.
2009-06-28Turn the pdb_rid_algorithm into a capabilities call that returns flagsVolker Lendecke1-3/+3
2009-06-08Pass a talloc_ctx to pdb_enum_aliasmemVolker Lendecke1-1/+2
2009-06-07s3-samr: fix return code of _samr_LookupRids when run with pdb_ldap.Günther Deschner1-0/+5
when _samr_LookupRids is called with no rids, it needs to return NT_STATUS_NONE_MAPPED (not NT_STATUS_NO_MEMORY). Found by RPC-SAMR torture test. Guenther
2009-05-31Fix some nonempty blank linesVolker Lendecke1-52/+52
2009-05-12Fix the last few format arg missmatches I missed.Jeremy Allison1-4/+4
Jeremy.
2009-05-12Fix bug 6157Volker Lendecke1-1/+1
This patch picks the alphabetically smallest one of the multi-value attribute "uid". This fixes a regression against 3.0 and also becomes deterministic.
2009-05-11Fix a bunch of compiler warnings about wrong format types.Jeremy Allison1-7/+7
Should make Solaris 10 builds look cleaner. Jeremy.
2009-05-08s3/ldap: also handle DirX return codesBjörn Jacke1-0/+2
2009-05-05s3-ldap: fix more callers of smbldap_dn_talloc() that were passing a NULL ↵Günther Deschner1-1/+1
context. Guenther