summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2010-03-16s3: Make login_cache_write take a pointerVolker Lendecke1-1/+1
2010-03-16s3: Make login_cache_read take a pointer, avoid a mallocVolker Lendecke1-9/+8
2010-03-16s3: Remove a typedefVolker Lendecke1-2/+2
2010-02-10s3: change ldap filter to what really was intendedBjörn Jacke1-1/+1
2010-02-08s3:pdb_ldap: don't search for the users primary group, if we already know itStefan Metzmacher1-31/+35
metze
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-7/+29
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-02-08s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted ↵Stefan Metzmacher1-5/+85
support And also store the gid_to_sid mappings in the idmap_cache. metze
2010-02-08s3: shortcut gid_to_sid when "ldapsam:trusted = yes"Stefan Metzmacher1-0/+71
The normal gid_to_sid behaviour is to call sys_getgrgid() to get the name for the given gid and then call the getsamgrnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the gid_to_sid operation to one simple search for the gidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. metze
2010-02-05s3: Hide some uses of pdb_get_init_flags (which I would love to remove...)Volker Lendecke1-1/+1
2010-01-23s3: Remove some pointless uses of string_sid_tallocVolker Lendecke1-8/+6
2010-01-21s3:pdb_ldap: Fix large paged search.Volker Lendecke1-0/+1
Fix bug #6981 (Paged Search with DirX LDAP server broken). (cherry picked from commit 0a3b576c0a4298cbe600ad8943e401e3a0639359)
2010-01-14s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value.Stefan Metzmacher1-1/+1
See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1)
2010-01-12s3: Remove a pointless if-statementVolker Lendecke1-3/+2
2010-01-07s3:pdb_ldap:init_sam_from_ldap: untangle an assignment from the checkMichael Adam1-3/+3
to enhance readability and denbuggability. Michael
2009-11-19s3:pdb_ldap: fix a comment typoMichael Adam1-1/+1
Michael
2009-11-19s3: shortcut uid_to_sid when "ldapsam:trusted = yes"Michael Adam1-0/+75
The normal uid_to_sid behaviour is to call sys_getpwuid() to get the name for the given uid and then call the getsampwnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the uid_to_sid operation to one simple search for the uidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. Michael
2009-11-13s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()Michael Adam1-0/+2
not only the persistent idmap cache. Michael
2009-11-13s3:smbd: make idmap cache persistent for "ldapsam:trusted".Michael Adam1-0/+4
This stores the mappings found in the idmap cache (which lives inside gencache). This cache is already read in sid_to_Xid() and Xid_to_sid() for ldapsam:trusted, this fills the opposite direction, massively reducing the number of ldap roundtrips across smbd restarts. Michael
2009-11-13Fix large paged searchVolker Lendecke1-0/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2009-11-02s3:ldap: don't search when no values where foundBjörn Jacke1-1/+1
2009-10-31ѕ3:ldap: search for account policies in objectclass sambaDomain, not *Björn Jacke1-1/+6
2009-10-20s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw().Günther Deschner1-2/+2
Thanks Volker for the hint. Guenther
2009-09-02s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.Günther Deschner1-0/+46
Note that this only is tried with editposix=yes. Guenther
2009-08-03s3-pdb_ldap: Make ldapsam_alias_memberships behave like the tdbsam equivalent.Günther Deschner1-0/+7
This lets samr_GetAliasMembership return with NT_STATUS_OK when called with 0 sids (just what w2k3 does). Guenther
2009-07-14Fix bug 5886Volker Lendecke1-8/+26
Ok, that's a very long-standing one. I finally got around to install a recent OpenLDAP and test the different variants of setting a NULL password etc. Thanks all for your patience! Volker
2009-07-14s3-account_policy: add pdb_policy_type enum.Günther Deschner1-19/+21
Guenther
2009-07-09Make escape_ldap_string take a talloc contextVolker Lendecke1-23/+22
2009-06-30Fix bug #6431 - local groups from 3.0 setups no longer found.Volker Lendecke1-8/+8
Search for groups without group suffix, group suffix is only used for new entries.
2009-06-28Turn the pdb_rid_algorithm into a capabilities call that returns flagsVolker Lendecke1-3/+3
2009-06-08Pass a talloc_ctx to pdb_enum_aliasmemVolker Lendecke1-1/+2
2009-06-07s3-samr: fix return code of _samr_LookupRids when run with pdb_ldap.Günther Deschner1-0/+5
when _samr_LookupRids is called with no rids, it needs to return NT_STATUS_NONE_MAPPED (not NT_STATUS_NO_MEMORY). Found by RPC-SAMR torture test. Guenther
2009-05-31Fix some nonempty blank linesVolker Lendecke1-52/+52
2009-05-12Fix the last few format arg missmatches I missed.Jeremy Allison1-4/+4
Jeremy.
2009-05-12Fix bug 6157Volker Lendecke1-1/+1
This patch picks the alphabetically smallest one of the multi-value attribute "uid". This fixes a regression against 3.0 and also becomes deterministic.
2009-05-11Fix a bunch of compiler warnings about wrong format types.Jeremy Allison1-7/+7
Should make Solaris 10 builds look cleaner. Jeremy.
2009-05-08s3/ldap: also handle DirX return codesBjörn Jacke1-0/+2
2009-05-05s3-ldap: fix more callers of smbldap_dn_talloc() that were passing a NULL ↵Günther Deschner1-1/+1
context. Guenther
2009-05-05s3-ldapsam: Fix Bug #6313: ldapsam_update_sam_account() crashes while doing ↵Günther Deschner1-1/+1
talloc_free on malloced memory. Guenther
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-0/+1
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-14Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett1-11/+11
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
2009-04-06s3:smbldap Remove smbldap_get_dnAndrew Bartlett1-28/+15
This removes one more caller to pull_utf8_allocate() Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-07Shape up pdb_search a bit by making it a talloc ctx with a destructorVolker Lendecke1-10/+10
2009-02-19Fix printf warnings found on systems where time_t <> long int.Jeremy Allison1-8/+8
Jeremy.
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher1-0/+1
2008-12-23Fix more ‘asprintf’, declared with attribute warn_unused_result.Jeremy Allison1-3/+4
Jeremy.
2008-12-09s3-ldapsam: Fix Bug 5957: do not abort rename process on valid rename script.Günther Deschner1-1/+1
Guenther (cherry picked from commit 26139344fd0fac4fdd2a6752628b252fbd9b7450) (cherry picked from commit 866efa63a26f75bbf17cd4bebf639594e2feafba)
2008-07-24pdb_ldap: Raise level for debug message to avoid log file flooding.John H Terpstra1-1/+1
(This used to be commit 9b863a10da8762f715c16f147d6cd1e79422d248)
2008-07-18Use LDAP macros instead of attribute names.Karolin Seeger1-20/+19
Karolin (This used to be commit 7dae8b04f126d0ac86a452dcf373a690ee687ead)
2008-07-14Fix typo.Karolin Seeger1-1/+1
retieve -> retrieve Karolin (This used to be commit 37c64130701ab13b6f34998ac17fec2d128c2e08)
2008-07-10Fix some memleaks regarding trustdom passwordsVolker Lendecke1-3/+15
(This used to be commit 3d2913d599a4cd773614110ec7b7493aa7adb547)