summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2003-04-28The caller must always set the RID on the SAM_ACCOUNT, so don't try and guessAndrew Bartlett1-3/+1
it from the UID. Andrew Bartlett (This used to be commit cdc1d0505107d05d784693d321b24208a386d4f0)
2003-04-28The RID must be 'SET', not 'DEFAULT' or we won't set it into LDAP, and tryAndrew Bartlett1-2/+2
to make it up from the algorithm... Andrew Bartlett (This used to be commit 0d8e4066a3bfbe89b464a90fc9f16a7dd1539573)
2003-04-28Guenther Deschner <gd@suse.de> notes that I missed out setting the defaultAndrew Bartlett1-1/+3
for the 'normal' case (not --with-ldapsam). Andrew Bartlett (This used to be commit ebe5c618189391e6adf27e565a5821f8d47c8c7d)
2003-04-28A new pdb_ldap!Andrew Bartlett3-276/+722
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
2003-04-28Merge of a debuglevel downgrade from HEAD.Tim Potter1-2/+2
(This used to be commit d17e04e82b77256f10f4bdf4442dac6d30e197b5)
2003-04-28Fix number of arguments to asprintf()Jelmer Vernooij1-1/+1
(This used to be commit 42e76c312333c6e5b8feb2d687e3355235b0d4a0)
2003-04-28Make some more functions staticJelmer Vernooij1-3/+3
(This used to be commit ddd2e65586ff47daf4f63e9928413cc05bf5db85)
2003-04-26Remove the unpopular pdb_unix, which has served it's time well.Andrew Bartlett1-131/+0
Also get charset 'werid' for both --enable-developer options in configure. Andrew Bartlett (This used to be commit 2a99e77e91cd214296f12b0aaf30c3c51d5a2c0a)
2003-04-26After a quick run with the 'weird' charset, squash a few bugs in our newAndrew Bartlett1-5/+12
'UF8-safe' LDAP code. I hope I've caught all the places where we were pushing strings into or out of LDAP now. Andrew Bartlett (This used to be commit 70bf7a5f71f71aeb5338723d1f5b32a89d5c4f91)
2003-04-25Based on a patch by Alex Deiter <tiamat@komi.mts.ru>, make sure that we convertAndrew Bartlett1-20/+69
to and from UTF8 when talking to our LDAP server in pdb_ldap. Andrew Bartlett (This used to be commit 759ba40b12a28caea87c0d8b3baea8bb69c92c89)
2003-04-24Don't store UID or GIDJelmer Vernooij2-48/+13
(This used to be commit a986076a743fad31efac664fc16337e2d1165917)
2003-04-24- Get rid of module_path_get_name()Jelmer Vernooij1-11/+6
- Use find backend function to find duplicates - declare static function before using it (This used to be commit ad5ebd4f2065425a9edffc753c0f0414fd6f98d4)
2003-04-24Patch from Stephan Metzmacher to add default arguments to lp_parm() smb.confJelmer Vernooij2-96/+34
parameters. Does not break binary compatibility with older modules. (This used to be commit 147c4d56d873a20a49194c5b036a3694299b1b48)
2003-04-23This define does not always seem to be present, so define it if need be.Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit 007143e2435904d941a62934986ac54e343f4936)
2003-04-23- Merge a memory leak fix from HEADAndrew Bartlett1-11/+16
- change update behaviour for new RIDs: - store the new RID into the SAM_ACCOUNT, so that the caller get's it back automaticly - use this to make the code paths simpiler for the normal 'need_update' code. We must always store a RID if we intend to use the sambaAccount objectClass Andrew Bartlett (This used to be commit 5edeee5116b9c775a1bded1d53cb2b22c7a2765f)
2003-04-23Merge idra's fix for pdb_tdb segfaults from HEAD to 3.0 - sombody changedAndrew Bartlett1-3/+7
unix_strlower semantics. Andrew Bartlett (This used to be commit 93bdd1a2925edb9dea3e85d8b025a65460896c05)
2003-04-22Remove ldapsam_search_one_user_by_uid from pdb_ldap.Andrew Bartlett2-68/+22
sambaAccount requires the rid to be present, and doing this fallback is quite dangerous, becouse it assumes that alorithmic RIDs are in use - which is quite often not the case. Also finish of vl's work on 'use a function pointer, not embedded logic' to tell lower levels that they should/should not attempt to set the user's password into LDAP with the extended operation. Andrew Bartlett (This used to be commit 715d0bd804b6bff4c0b365f98ca196d41ed9c5c4)
2003-04-22This is meant to be initialised to the size of the buffer.Andrew Bartlett1-1/+1
(This used to be commit ca489db7d3d4713401da3627b563af3cbef82c58)
2003-04-22Make pdb_ldap use a random factor in deciding how long we need to sleep.Andrew Bartlett1-7/+22
This might help avoid killing the ldap server when all 100 smbd processes reconnect in pulses... Also, reduces the maximum wait time, as SMB clients will time out after 30 seconds anyway... Andrew Bartlett (This used to be commit 08c5aaae6a92d6ee14f9bf8e3330191718e84edf)
2003-04-22Merge mimir's trusted domain code from HEAD -> 3.0, plus some memoryAndrew Bartlett1-37/+55
leak fixes. (secrets.c portion) Andrew Bartlett (This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett2-16/+101
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-21Default to "passdb.xml" as default output filename instead of "-"Jelmer Vernooij1-1/+1
(This used to be commit dfbd2a2e7a5f0f2713bc48daa24d43b07f187d14)
2003-04-21- Fix modules build of pdb_mysql and pdb_xmlJelmer Vernooij2-9/+3
- Fix typo in script/installswat.sh (This used to be commit 8d2aec7a73d41a9d32c10abd1c8833ebfd41dd77)
2003-04-21Pdb modules are in $libdir/pdb not $libdir/passdbJelmer Vernooij1-1/+1
(This used to be commit 9c9d969c93400d91a12e78635d54e1c5f90efab8)
2003-04-19Address gcc warnings.Volker Lendecke1-1/+5
I could not fix the "passing arg 5 of `ldap_search_s'" completely with gcc -Wall. A non-developer compile does not complain though. Volker (This used to be commit cf923d713305620278e3759599247d3cf7aa0e2f)
2003-04-15Use the new modules system for passdb (merge from HEAD)Jelmer Vernooij9-79/+127
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
2003-04-09Fix double free on error and typoJelmer Vernooij1-2/+1
(This used to be commit c131c128e396a944e979992d9a5ac76e8b6e653b)
2003-04-07Merge from HEAD - restore previous behaviour of pdb_unix (auto upgrade toAndrew Bartlett1-0/+1
add on update) (This used to be commit 3ebecc662e0ace4a87153aabe644dcf18969435b)
2003-04-05Ensure we don't segfault if ldap doesn't fill in the ld_error string (merge ↵Andrew Bartlett1-18/+18
from HEAD). Andrew Bartlett (This used to be commit be27fa2986767fca1876ea5f886d9fb4c7000660)
2003-03-30This fixes group updates in LDAP the same way as user updatesVolker Lendecke1-77/+98
are handled, though we assume that always everything needs to be updated in LDAP. PDB_IS_* is not done yet for groups. Do we need it? Volker (This used to be commit 091f8f94486057b33f0409887ba09000a8415f4c)
2003-03-28Try to get meaningful errors out of ldap more often - get the error stringAndrew Bartlett1-11/+38
from the server, not just the error code translation. Andrew Bartlett (This used to be commit 92415441fdc0f7d7c8b338d4cd4bbbba5418f88e)
2003-03-27This is no functional change. It just makes pdb_ldap.c a bitVolker Lendecke1-24/+50
easier to understand by moving the logic for init_ldap_from_sam and friends around. Volker (This used to be commit 09a92984baaee94521d0cacf16daaf0291242b42)
2003-03-25Must have been somewhere else last sunday...Volker Lendecke1-3/+4
Apply metzes patch (hopefully) correctly this time Volker (This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
2003-03-23Implement abartlet's suggestion to add attribs to ldap if theyVolker Lendecke1-24/+30
are 'SET' when adding the account. I really don't like passing flags down to inner routines and complicated if/else conditions, but this time he might be right. ;-) Volker (This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
2003-03-23Merge from HEAD:Volker Lendecke1-2/+2
This adds 'ldap delete dn' as the recommended parameter for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
2003-03-23Metzes change:Volker Lendecke1-4/+9
> Hi Volker, > > if 'displayName' is not available we should fallback to 'cn' for map->nt_name > 'cn' is used as unix group name by nss_ldap. > > and if nt_name is not available we should fail (so does this patch) Volker (This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
2003-03-22Never touch complicated if/else/elsif structures :-)Volker Lendecke1-23/+27
This repairs domain join with fully existing wks-account which I broke with my last patch... Volker (This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)
2003-03-22This changes the way we do LDAP updates. We don't use LDAP_MOD_MODIFYVolker Lendecke1-121/+175
anymore, but instead look at what is currently stored in the database. Then we explicitly delete the existing attribute and add the new value if it is not NULL or "". This way we can handle appearing and disappearing attributes quite nicely. This currently breaks pdbedit -o, as this does not set the CHANGED flag on the SAM_ACCOUNT. Jelmer suggested that we set all the fields on CHANGED in context_add_sam_account. This sounds not too unreasonable. Volker (This used to be commit a75015c9ce8246670ee7c7d73df585390696fe95)
2003-03-22Thanks to volker, merge passdb changes from HEAD:Andrew Bartlett5-222/+78
- pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
2003-03-22Merge from HEAD - patch from Jianliang Lu <j.lu@tiesse.com> to set theAndrew Bartlett1-0/+11
'minimum password age' during a password SET. Andrew Bartlett (This used to be commit dd6516e2e87cbe6bcbc371756d99ebb3b5617c2b)
2003-03-20Merge from HEADVolker Lendecke1-8/+8
(This used to be commit 62d5a78b024898485f610b5d9db1a6d9a5c68c21)
2003-03-19void function cannot return a value (besides the function called wasHerb Lewis1-1/+1
a void) (This used to be commit 55681422e97ede0ff9446925c7678d6254b13878)
2003-03-19This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+129
used to be commit 6f94672d3da070aae0b17f4dcdc6cd119b68d84c)
2003-03-19Put in the new modules system. It's now used by passdb and rpc. I willJelmer Vernooij7-75/+42
put a doc about it in dev-doc later today. (This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a)
2003-03-19Merge from HEAD.Volker Lendecke1-59/+97
Volker (This used to be commit f42032060812e9bf409042c790e71fefb40ff17a)
2003-03-19Add paramter 'ldap del only sam attr'.Volker Lendecke1-59/+97
This patch is heavily based on a patch by SuSE. Thanks to Guenther Deschner <gd@suse.de> for providing it. Volker (This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454)
2003-03-19merge from HEADVolker Lendecke1-0/+1
(This used to be commit 12110a263b5ac65d6b965ccbe19b7be3025f0373)
2003-03-19Hey -- there is an error code NT_STATUS_CANNOT_DELETE :-)Volker Lendecke1-1/+1
(This used to be commit aa9b8382d38346cb3e94ddf2e7caf6d663034579)
2003-03-19If we fail, return an error code :-)Volker Lendecke1-0/+1
Volker (This used to be commit a5218499eb3f0a62cd663a06157591fbb0dfcbef)
2003-03-19Put group mapping into LDAP.Volker Lendecke1-30/+471
Volker (This used to be commit da83d97eb50c3c3a67985e22410842100207431f)