summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2003-04-23- Merge a memory leak fix from HEADAndrew Bartlett1-11/+16
- change update behaviour for new RIDs: - store the new RID into the SAM_ACCOUNT, so that the caller get's it back automaticly - use this to make the code paths simpiler for the normal 'need_update' code. We must always store a RID if we intend to use the sambaAccount objectClass Andrew Bartlett (This used to be commit 5edeee5116b9c775a1bded1d53cb2b22c7a2765f)
2003-04-22Remove ldapsam_search_one_user_by_uid from pdb_ldap.Andrew Bartlett1-65/+20
sambaAccount requires the rid to be present, and doing this fallback is quite dangerous, becouse it assumes that alorithmic RIDs are in use - which is quite often not the case. Also finish of vl's work on 'use a function pointer, not embedded logic' to tell lower levels that they should/should not attempt to set the user's password into LDAP with the extended operation. Andrew Bartlett (This used to be commit 715d0bd804b6bff4c0b365f98ca196d41ed9c5c4)
2003-04-22This is meant to be initialised to the size of the buffer.Andrew Bartlett1-1/+1
(This used to be commit ca489db7d3d4713401da3627b563af3cbef82c58)
2003-04-22Make pdb_ldap use a random factor in deciding how long we need to sleep.Andrew Bartlett1-7/+22
This might help avoid killing the ldap server when all 100 smbd processes reconnect in pulses... Also, reduces the maximum wait time, as SMB clients will time out after 30 seconds anyway... Andrew Bartlett (This used to be commit 08c5aaae6a92d6ee14f9bf8e3330191718e84edf)
2003-04-19Address gcc warnings.Volker Lendecke1-1/+5
I could not fix the "passing arg 5 of `ldap_search_s'" completely with gcc -Wall. A non-developer compile does not complain though. Volker (This used to be commit cf923d713305620278e3759599247d3cf7aa0e2f)
2003-04-15Use the new modules system for passdb (merge from HEAD)Jelmer Vernooij1-16/+4
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
2003-04-09Fix double free on error and typoJelmer Vernooij1-2/+1
(This used to be commit c131c128e396a944e979992d9a5ac76e8b6e653b)
2003-04-05Ensure we don't segfault if ldap doesn't fill in the ld_error string (merge ↵Andrew Bartlett1-18/+18
from HEAD). Andrew Bartlett (This used to be commit be27fa2986767fca1876ea5f886d9fb4c7000660)
2003-03-30This fixes group updates in LDAP the same way as user updatesVolker Lendecke1-77/+98
are handled, though we assume that always everything needs to be updated in LDAP. PDB_IS_* is not done yet for groups. Do we need it? Volker (This used to be commit 091f8f94486057b33f0409887ba09000a8415f4c)
2003-03-28Try to get meaningful errors out of ldap more often - get the error stringAndrew Bartlett1-11/+38
from the server, not just the error code translation. Andrew Bartlett (This used to be commit 92415441fdc0f7d7c8b338d4cd4bbbba5418f88e)
2003-03-27This is no functional change. It just makes pdb_ldap.c a bitVolker Lendecke1-24/+50
easier to understand by moving the logic for init_ldap_from_sam and friends around. Volker (This used to be commit 09a92984baaee94521d0cacf16daaf0291242b42)
2003-03-25Must have been somewhere else last sunday...Volker Lendecke1-3/+4
Apply metzes patch (hopefully) correctly this time Volker (This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
2003-03-23Implement abartlet's suggestion to add attribs to ldap if theyVolker Lendecke1-24/+30
are 'SET' when adding the account. I really don't like passing flags down to inner routines and complicated if/else conditions, but this time he might be right. ;-) Volker (This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
2003-03-23Merge from HEAD:Volker Lendecke1-2/+2
This adds 'ldap delete dn' as the recommended parameter for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
2003-03-23Metzes change:Volker Lendecke1-4/+9
> Hi Volker, > > if 'displayName' is not available we should fallback to 'cn' for map->nt_name > 'cn' is used as unix group name by nss_ldap. > > and if nt_name is not available we should fail (so does this patch) Volker (This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
2003-03-22Never touch complicated if/else/elsif structures :-)Volker Lendecke1-23/+27
This repairs domain join with fully existing wks-account which I broke with my last patch... Volker (This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)
2003-03-22This changes the way we do LDAP updates. We don't use LDAP_MOD_MODIFYVolker Lendecke1-121/+175
anymore, but instead look at what is currently stored in the database. Then we explicitly delete the existing attribute and add the new value if it is not NULL or "". This way we can handle appearing and disappearing attributes quite nicely. This currently breaks pdbedit -o, as this does not set the CHANGED flag on the SAM_ACCOUNT. Jelmer suggested that we set all the fields on CHANGED in context_add_sam_account. This sounds not too unreasonable. Volker (This used to be commit a75015c9ce8246670ee7c7d73df585390696fe95)
2003-03-19void function cannot return a value (besides the function called wasHerb Lewis1-1/+1
a void) (This used to be commit 55681422e97ede0ff9446925c7678d6254b13878)
2003-03-19Merge from HEAD.Volker Lendecke1-59/+97
Volker (This used to be commit f42032060812e9bf409042c790e71fefb40ff17a)
2003-03-19merge from HEADVolker Lendecke1-0/+1
(This used to be commit 12110a263b5ac65d6b965ccbe19b7be3025f0373)
2003-03-19Put group mapping into LDAP.Volker Lendecke1-30/+471
Volker (This used to be commit da83d97eb50c3c3a67985e22410842100207431f)
2003-03-17Fix memory leak.Volker Lendecke1-0/+2
Volker (This used to be commit 115cd4b27f84343c7f98622717edda6da4866a6b)
2003-02-01Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and someAndrew Bartlett1-17/+59
misc libads fixes. Andrew Bartlett (This used to be commit 9c3a1710efba9fa4160004a554687d4b85927bb1)
2003-01-15initialize acct_ctrl variable before it is usedHerb Lewis1-2/+1
remove ldap_msgfree(result); as result is unitialized at this point (This used to be commit 1102a6f8cdf295d564df5447a223b354be72895d)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-20Merge some more FUNCTION_MACRO stuff.Tim Potter1-5/+5
(This used to be commit adb34ee5b183d17ec0c26ec2cf4f591822c59900)
2002-11-26Merge tridge's fixes to pdb_ldap (don't look for number of results in aAndrew Bartlett1-17/+34
failed query) and my fixes to those fixes to use better NT_STATUS codes. Andrew Bartlett (This used to be commit 6040171cabe3ca215149708a6244e24bc9c2c4fa)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-4/+4
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-09Back out some of my sync changesJelmer Vernooij1-7/+7
(This used to be commit b1ad91101d10d1fa635cfbb1684f8b598280cee0)
2002-11-09Sync with HEADJelmer Vernooij1-7/+7
(This used to be commit 1a25dc776ddc36de9a214e023becff1ceb10290c)
2002-11-08Merge from HEAD:Andrew Bartlett1-14/+14
- change auth_sam to use the initialisation flags to determine if the password attributes are set - add const to secrets.c, cliconnect.c - passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd - SAMR: add debugs to show what fails for group enum. Andrew Bartlett (This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
2002-11-02Merge of my 'ldap trust ids' patch from HEAD.Andrew Bartlett1-36/+96
This hopefully provides a peformance boost by not hitting getpwnam() for every entry in an enumeration, instead reteriving entries directly (if available). idra has reviewed this patch. Andrew Bartlett (This used to be commit 8abe71c4d7a796001c5765f4dd88c2e6f5637802)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-384/+618
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-10-26Try to catch up on the code I've put into HEAD that should be in 3.0:Andrew Bartlett1-7/+0
- vorlan's hosts allow with DNS names patch - use x_fileno() in debug.c, not the struct directly. - check for server timeout on password change (was reporting success) - better error/status loggin in both the pam_winbind client and winbindd_pam server code. - (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway. (This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
2002-10-01Updates from Samba HEAD:Andrew Bartlett1-4/+19
- Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett (This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
2002-09-26sync with HEADGerald Carter1-63/+70
(This used to be commit ee9cbf58071adb627a49a94c6340aaba330486b5)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-115/+175
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-41/+138
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-96/+183
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-08Fix up major logic reversal flaws in pdb_ldap.Andrew Bartlett1-36/+70
WARNING: if you relied on these logic flaws, you will need to manually edit your ldap backend (for things like account expries etc). Now correctly retunes the information needed for 'must change at next login' support. (This used to be commit 26842f1ac051b030c1295b68244a1f9007d4eefb)
2002-03-23Minor fixes:Andrew Bartlett1-8/+13
- Fix warnings in loadparm.c - Remove the unused 'passdb modules path' paramater - Make pdb_ldap use $ termination rather than the workstation trust account flag becouse some 'machine' accounts appear as normal accounts at creation time. Also covers domains etc. Andrew Bartlett (This used to be commit 8c82a3daf777bcd4cd4388d30222e370fe800819)
2002-03-20Make ldapsam compile again.Andrew Bartlett1-20/+0
(This used to be commit 520c8626dc238a1e338635981d1b41950f2219b6)
2002-03-19second step to gain free uid<->rid mappingSimo Sorce1-1/+18
we still need to free gid<->rid mapping and few other stuff (This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
2002-03-18Start to switch away from the alghorithmic uid->rid mapping modelSimo Sorce1-0/+20
(This used to be commit 724390a8daabbecd236960562e0a50f62c6904f1)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-227/+642
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-03-01merge from 2.2Gerald Carter1-2/+7
(This used to be commit 5b28a7c59c392c6352cb8915a13806ca772d8cac)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-23getpwnam -> getpwnam_alloc.Andrew Bartlett1-1/+3
idra has promised not to revert these this time :-) (This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
2002-01-21getpwnam_alloc -> getpwnamSimo Sorce1-9/+8
same reason as per pdb_tdb.c there isn't (and will never be probably) another call to any getpw* fn, let's use getpwnam_alloc only when needed. (This used to be commit f12361b1327306e6a3fcf8ff138413ad9a6c69a3)
2002-01-20This is another *BIG* change...Andrew Bartlett1-3/+11
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)