Age | Commit message (Collapse) | Author | Files | Lines |
|
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
|
|
(This used to be commit f59bcb51cfe4e268ba43245d401d212aefdf2b72)
|
|
primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid
for the primary user identifier.
Also cope with legacy installations where primaryGroupID might have been
stored as 0.
Andrew Bartlett
(This used to be commit 0e432817cb927b41af7b49fb0b5081ffdb46f85e)
|
|
entropy - use sys_random() instead.
Andrew Bartlett
(This used to be commit 640462a365235aa7ce6f817778f022530a25d909)
|
|
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
|
|
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
|
|
(This used to be commit 7bec28f23c5bef8516e798a0808585ed1a30517e)
|
|
Jeremy.
(This used to be commit 395dfd196cf4bcd432a4895d3dd09fefd46cd6d8)
|
|
lp_workgroup(), for all other server this is global_myname().
This is the name of the domain for accounts on *this* system, and getting
this wrong caused interesting bugs with 'take ownership' on member servers
and standalone servers at Snap.
(They lookup the username that they got, then convert that to a SID - but
becouse the domain out of the smbpasswd entry was wrong, we would fail the
lookup).
Andrew Bartlett
(This used to be commit 5fc78eba20411f3f5a8ccadfcba5c4ab73180dba)
|
|
(This used to be commit dbe36b4c43dceddea9f14161c6cf7b34709287c8)
|
|
to the system. This means that we always run Get_Pwnam(), and can never add
FOO when foo exists on the system (the idea is to instead add foo into
the passdb, using it's full name, RID etc).
Andrew Bartlett
(This used to be commit bb79b127e02cefae13c822fd0fd165f1f214b740)
|
|
(This used to be commit a354bf4b7eadec3e6aa5f5547b58c7856fda3471)
|
|
function. Patch by metze with some minor modifications.
(This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
|
|
it from the UID.
Andrew Bartlett
(This used to be commit cdc1d0505107d05d784693d321b24208a386d4f0)
|
|
to make it up from the algorithm...
Andrew Bartlett
(This used to be commit 0d8e4066a3bfbe89b464a90fc9f16a7dd1539573)
|
|
for the 'normal' case (not --with-ldapsam).
Andrew Bartlett
(This used to be commit ebe5c618189391e6adf27e565a5821f8d47c8c7d)
|
|
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.
More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute. This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.
Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.
More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes. The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.
Andrew Bartlett
(This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
|
|
(This used to be commit d17e04e82b77256f10f4bdf4442dac6d30e197b5)
|
|
(This used to be commit 42e76c312333c6e5b8feb2d687e3355235b0d4a0)
|
|
(This used to be commit ddd2e65586ff47daf4f63e9928413cc05bf5db85)
|
|
Also get charset 'werid' for both --enable-developer options in configure.
Andrew Bartlett
(This used to be commit 2a99e77e91cd214296f12b0aaf30c3c51d5a2c0a)
|
|
'UF8-safe' LDAP code.
I hope I've caught all the places where we were pushing strings into or
out of LDAP now.
Andrew Bartlett
(This used to be commit 70bf7a5f71f71aeb5338723d1f5b32a89d5c4f91)
|
|
to and from UTF8 when talking to our LDAP server in pdb_ldap.
Andrew Bartlett
(This used to be commit 759ba40b12a28caea87c0d8b3baea8bb69c92c89)
|
|
(This used to be commit a986076a743fad31efac664fc16337e2d1165917)
|
|
- Use find backend function to find duplicates
- declare static function before using it
(This used to be commit ad5ebd4f2065425a9edffc753c0f0414fd6f98d4)
|
|
parameters. Does not break binary compatibility with older modules.
(This used to be commit 147c4d56d873a20a49194c5b036a3694299b1b48)
|
|
Andrew Bartlett
(This used to be commit 007143e2435904d941a62934986ac54e343f4936)
|
|
- change update behaviour for new RIDs:
- store the new RID into the SAM_ACCOUNT, so that the caller get's it back
automaticly
- use this to make the code paths simpiler for the normal 'need_update' code.
We must always store a RID if we intend to use the sambaAccount objectClass
Andrew Bartlett
(This used to be commit 5edeee5116b9c775a1bded1d53cb2b22c7a2765f)
|
|
unix_strlower semantics.
Andrew Bartlett
(This used to be commit 93bdd1a2925edb9dea3e85d8b025a65460896c05)
|
|
sambaAccount requires the rid to be present, and doing this fallback is quite
dangerous, becouse it assumes that alorithmic RIDs are in use - which is quite
often not the case.
Also finish of vl's work on 'use a function pointer, not embedded logic' to
tell lower levels that they should/should not attempt to set the user's password
into LDAP with the extended operation.
Andrew Bartlett
(This used to be commit 715d0bd804b6bff4c0b365f98ca196d41ed9c5c4)
|
|
(This used to be commit ca489db7d3d4713401da3627b563af3cbef82c58)
|
|
This might help avoid killing the ldap server when all 100 smbd processes
reconnect in pulses...
Also, reduces the maximum wait time, as SMB clients will time out after 30
seconds anyway...
Andrew Bartlett
(This used to be commit 08c5aaae6a92d6ee14f9bf8e3330191718e84edf)
|
|
leak fixes. (secrets.c portion)
Andrew Bartlett
(This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
(This used to be commit dfbd2a2e7a5f0f2713bc48daa24d43b07f187d14)
|
|
- Fix typo in script/installswat.sh
(This used to be commit 8d2aec7a73d41a9d32c10abd1c8833ebfd41dd77)
|
|
(This used to be commit 9c9d969c93400d91a12e78635d54e1c5f90efab8)
|
|
I could not fix the "passing arg 5 of `ldap_search_s'" completely with
gcc -Wall. A non-developer compile does not complain though.
Volker
(This used to be commit cf923d713305620278e3759599247d3cf7aa0e2f)
|
|
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
|
|
(This used to be commit c131c128e396a944e979992d9a5ac76e8b6e653b)
|
|
add on update)
(This used to be commit 3ebecc662e0ace4a87153aabe644dcf18969435b)
|
|
from HEAD).
Andrew Bartlett
(This used to be commit be27fa2986767fca1876ea5f886d9fb4c7000660)
|
|
are handled, though we assume that always everything needs to
be updated in LDAP. PDB_IS_* is not done yet for groups.
Do we need it?
Volker
(This used to be commit 091f8f94486057b33f0409887ba09000a8415f4c)
|
|
from the server, not just the error code translation.
Andrew Bartlett
(This used to be commit 92415441fdc0f7d7c8b338d4cd4bbbba5418f88e)
|
|
easier to understand by moving the logic for init_ldap_from_sam
and friends around.
Volker
(This used to be commit 09a92984baaee94521d0cacf16daaf0291242b42)
|
|
Apply metzes patch (hopefully) correctly this time
Volker
(This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
|
|
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
|
|
This adds 'ldap delete dn' as the recommended parameter
for the 'ldap del only sam attr' functionality. So
we are compatiple to the current SuSE patches as well
as to TNG... ;-)
Volker
(This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
|
|
> Hi Volker,
>
> if 'displayName' is not available we should fallback to 'cn' for map->nt_name
> 'cn' is used as unix group name by nss_ldap.
>
> and if nt_name is not available we should fail (so does this patch)
Volker
(This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
|
|
This repairs domain join with fully existing wks-account which I broke
with my last patch...
Volker
(This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)
|