summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2003-04-28The caller must always set the RID on the SAM_ACCOUNT, so don't try and guessAndrew Bartlett1-3/+1
it from the UID. Andrew Bartlett (This used to be commit cdc1d0505107d05d784693d321b24208a386d4f0)
2003-04-28Guenther Deschner <gd@suse.de> notes that I missed out setting the defaultAndrew Bartlett1-1/+3
for the 'normal' case (not --with-ldapsam). Andrew Bartlett (This used to be commit ebe5c618189391e6adf27e565a5821f8d47c8c7d)
2003-04-28A new pdb_ldap!Andrew Bartlett1-272/+718
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
2003-04-26After a quick run with the 'weird' charset, squash a few bugs in our newAndrew Bartlett1-5/+12
'UF8-safe' LDAP code. I hope I've caught all the places where we were pushing strings into or out of LDAP now. Andrew Bartlett (This used to be commit 70bf7a5f71f71aeb5338723d1f5b32a89d5c4f91)
2003-04-25Based on a patch by Alex Deiter <tiamat@komi.mts.ru>, make sure that we convertAndrew Bartlett1-20/+69
to and from UTF8 when talking to our LDAP server in pdb_ldap. Andrew Bartlett (This used to be commit 759ba40b12a28caea87c0d8b3baea8bb69c92c89)
2003-04-23This define does not always seem to be present, so define it if need be.Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit 007143e2435904d941a62934986ac54e343f4936)
2003-04-23- Merge a memory leak fix from HEADAndrew Bartlett1-11/+16
- change update behaviour for new RIDs: - store the new RID into the SAM_ACCOUNT, so that the caller get's it back automaticly - use this to make the code paths simpiler for the normal 'need_update' code. We must always store a RID if we intend to use the sambaAccount objectClass Andrew Bartlett (This used to be commit 5edeee5116b9c775a1bded1d53cb2b22c7a2765f)
2003-04-22Remove ldapsam_search_one_user_by_uid from pdb_ldap.Andrew Bartlett1-65/+20
sambaAccount requires the rid to be present, and doing this fallback is quite dangerous, becouse it assumes that alorithmic RIDs are in use - which is quite often not the case. Also finish of vl's work on 'use a function pointer, not embedded logic' to tell lower levels that they should/should not attempt to set the user's password into LDAP with the extended operation. Andrew Bartlett (This used to be commit 715d0bd804b6bff4c0b365f98ca196d41ed9c5c4)
2003-04-22This is meant to be initialised to the size of the buffer.Andrew Bartlett1-1/+1
(This used to be commit ca489db7d3d4713401da3627b563af3cbef82c58)
2003-04-22Make pdb_ldap use a random factor in deciding how long we need to sleep.Andrew Bartlett1-7/+22
This might help avoid killing the ldap server when all 100 smbd processes reconnect in pulses... Also, reduces the maximum wait time, as SMB clients will time out after 30 seconds anyway... Andrew Bartlett (This used to be commit 08c5aaae6a92d6ee14f9bf8e3330191718e84edf)
2003-04-19Address gcc warnings.Volker Lendecke1-1/+5
I could not fix the "passing arg 5 of `ldap_search_s'" completely with gcc -Wall. A non-developer compile does not complain though. Volker (This used to be commit cf923d713305620278e3759599247d3cf7aa0e2f)
2003-04-15Use the new modules system for passdb (merge from HEAD)Jelmer Vernooij1-16/+4
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
2003-04-09Fix double free on error and typoJelmer Vernooij1-2/+1
(This used to be commit c131c128e396a944e979992d9a5ac76e8b6e653b)
2003-04-05Ensure we don't segfault if ldap doesn't fill in the ld_error string (merge ↵Andrew Bartlett1-18/+18
from HEAD). Andrew Bartlett (This used to be commit be27fa2986767fca1876ea5f886d9fb4c7000660)
2003-03-30This fixes group updates in LDAP the same way as user updatesVolker Lendecke1-77/+98
are handled, though we assume that always everything needs to be updated in LDAP. PDB_IS_* is not done yet for groups. Do we need it? Volker (This used to be commit 091f8f94486057b33f0409887ba09000a8415f4c)
2003-03-28Try to get meaningful errors out of ldap more often - get the error stringAndrew Bartlett1-11/+38
from the server, not just the error code translation. Andrew Bartlett (This used to be commit 92415441fdc0f7d7c8b338d4cd4bbbba5418f88e)
2003-03-27This is no functional change. It just makes pdb_ldap.c a bitVolker Lendecke1-24/+50
easier to understand by moving the logic for init_ldap_from_sam and friends around. Volker (This used to be commit 09a92984baaee94521d0cacf16daaf0291242b42)
2003-03-25Must have been somewhere else last sunday...Volker Lendecke1-3/+4
Apply metzes patch (hopefully) correctly this time Volker (This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
2003-03-23Implement abartlet's suggestion to add attribs to ldap if theyVolker Lendecke1-24/+30
are 'SET' when adding the account. I really don't like passing flags down to inner routines and complicated if/else conditions, but this time he might be right. ;-) Volker (This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
2003-03-23Merge from HEAD:Volker Lendecke1-2/+2
This adds 'ldap delete dn' as the recommended parameter for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
2003-03-23Metzes change:Volker Lendecke1-4/+9
> Hi Volker, > > if 'displayName' is not available we should fallback to 'cn' for map->nt_name > 'cn' is used as unix group name by nss_ldap. > > and if nt_name is not available we should fail (so does this patch) Volker (This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
2003-03-22Never touch complicated if/else/elsif structures :-)Volker Lendecke1-23/+27
This repairs domain join with fully existing wks-account which I broke with my last patch... Volker (This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)
2003-03-22This changes the way we do LDAP updates. We don't use LDAP_MOD_MODIFYVolker Lendecke1-121/+175
anymore, but instead look at what is currently stored in the database. Then we explicitly delete the existing attribute and add the new value if it is not NULL or "". This way we can handle appearing and disappearing attributes quite nicely. This currently breaks pdbedit -o, as this does not set the CHANGED flag on the SAM_ACCOUNT. Jelmer suggested that we set all the fields on CHANGED in context_add_sam_account. This sounds not too unreasonable. Volker (This used to be commit a75015c9ce8246670ee7c7d73df585390696fe95)
2003-03-19void function cannot return a value (besides the function called wasHerb Lewis1-1/+1
a void) (This used to be commit 55681422e97ede0ff9446925c7678d6254b13878)
2003-03-19Merge from HEAD.Volker Lendecke1-59/+97
Volker (This used to be commit f42032060812e9bf409042c790e71fefb40ff17a)
2003-03-19merge from HEADVolker Lendecke1-0/+1
(This used to be commit 12110a263b5ac65d6b965ccbe19b7be3025f0373)
2003-03-19Put group mapping into LDAP.Volker Lendecke1-30/+471
Volker (This used to be commit da83d97eb50c3c3a67985e22410842100207431f)
2003-03-17Fix memory leak.Volker Lendecke1-0/+2
Volker (This used to be commit 115cd4b27f84343c7f98622717edda6da4866a6b)
2003-02-01Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and someAndrew Bartlett1-17/+59
misc libads fixes. Andrew Bartlett (This used to be commit 9c3a1710efba9fa4160004a554687d4b85927bb1)
2003-01-15initialize acct_ctrl variable before it is usedHerb Lewis1-2/+1
remove ldap_msgfree(result); as result is unitialized at this point (This used to be commit 1102a6f8cdf295d564df5447a223b354be72895d)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-20Merge some more FUNCTION_MACRO stuff.Tim Potter1-5/+5
(This used to be commit adb34ee5b183d17ec0c26ec2cf4f591822c59900)
2002-11-26Merge tridge's fixes to pdb_ldap (don't look for number of results in aAndrew Bartlett1-17/+34
failed query) and my fixes to those fixes to use better NT_STATUS codes. Andrew Bartlett (This used to be commit 6040171cabe3ca215149708a6244e24bc9c2c4fa)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-4/+4
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-09Back out some of my sync changesJelmer Vernooij1-7/+7
(This used to be commit b1ad91101d10d1fa635cfbb1684f8b598280cee0)
2002-11-09Sync with HEADJelmer Vernooij1-7/+7
(This used to be commit 1a25dc776ddc36de9a214e023becff1ceb10290c)
2002-11-08Merge from HEAD:Andrew Bartlett1-14/+14
- change auth_sam to use the initialisation flags to determine if the password attributes are set - add const to secrets.c, cliconnect.c - passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd - SAMR: add debugs to show what fails for group enum. Andrew Bartlett (This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
2002-11-02Merge of my 'ldap trust ids' patch from HEAD.Andrew Bartlett1-36/+96
This hopefully provides a peformance boost by not hitting getpwnam() for every entry in an enumeration, instead reteriving entries directly (if available). idra has reviewed this patch. Andrew Bartlett (This used to be commit 8abe71c4d7a796001c5765f4dd88c2e6f5637802)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-384/+618
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-10-26Try to catch up on the code I've put into HEAD that should be in 3.0:Andrew Bartlett1-7/+0
- vorlan's hosts allow with DNS names patch - use x_fileno() in debug.c, not the struct directly. - check for server timeout on password change (was reporting success) - better error/status loggin in both the pam_winbind client and winbindd_pam server code. - (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway. (This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
2002-10-01Updates from Samba HEAD:Andrew Bartlett1-4/+19
- Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett (This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
2002-09-26sync with HEADGerald Carter1-63/+70
(This used to be commit ee9cbf58071adb627a49a94c6340aaba330486b5)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-115/+175
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-41/+138
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-96/+183
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-08Fix up major logic reversal flaws in pdb_ldap.Andrew Bartlett1-36/+70
WARNING: if you relied on these logic flaws, you will need to manually edit your ldap backend (for things like account expries etc). Now correctly retunes the information needed for 'must change at next login' support. (This used to be commit 26842f1ac051b030c1295b68244a1f9007d4eefb)
2002-03-23Minor fixes:Andrew Bartlett1-8/+13
- Fix warnings in loadparm.c - Remove the unused 'passdb modules path' paramater - Make pdb_ldap use $ termination rather than the workstation trust account flag becouse some 'machine' accounts appear as normal accounts at creation time. Also covers domains etc. Andrew Bartlett (This used to be commit 8c82a3daf777bcd4cd4388d30222e370fe800819)
2002-03-20Make ldapsam compile again.Andrew Bartlett1-20/+0
(This used to be commit 520c8626dc238a1e338635981d1b41950f2219b6)
2002-03-19second step to gain free uid<->rid mappingSimo Sorce1-1/+18
we still need to free gid<->rid mapping and few other stuff (This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
2002-03-18Start to switch away from the alghorithmic uid->rid mapping modelSimo Sorce1-0/+20
(This used to be commit 724390a8daabbecd236960562e0a50f62c6904f1)