summaryrefslogtreecommitdiff
path: root/source3/sam/idmap_ad.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17122: remove unused global var from idmap_adGerald Carter1-1/+0
(This used to be commit c8b7952843adb75d0b9bb42cfbcfb80e070e8f45)
2007-10-10r17111: cleanup the idmap_ad initialization after review by gdGerald Carter1-5/+1
(This used to be commit 6c0a690f0a8ec4539b06ad75da0fd91abeb15fa4)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-7/+7
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r15697: I take no comments as no objections :)Günther Deschner1-26/+37
Expand the "winbind nss info" to also take "rfc2307" to support the plain posix attributes LDAP schema from win2k3-r2. This work is based on patches from Howard Wilkinson and Bob Gautier (and closes bug #3345). Guenther (This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-32/+6
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-7/+0
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r8145: When inventing a new parameter for SFU-support, be aware of Volker'sGünther Deschner1-1/+1
upcoming changes for "unixinfo"-pipe. Therefor (after speaking with Volker) replace "winbind sfu support" with the list-parameter "winbind nss info" which defaults to "template". For SFU-support set it to "winbind nss info = template sfu". Note that nss_info_use() is just a dummy function at the moment. Guenther (This used to be commit 91596330ea3c4ba0fb9ddc52ad9d4a7c8e5b2d3f)
2007-10-10r8133: Got approval from Luke Howard (PADL) to change the company copyright toGünther Deschner1-7/+1
to a personal one. Thanks Luke! Guenther (This used to be commit 892ef0bbc100e05ba3e683f4e08946f36627cc1a)
2007-10-10r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner1-7/+40
POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
2007-10-10r7992: Adding PADL's idmap_ad plugin (taken from the latestGünther Deschner1-0/+380
xad_oss_plugins-tarball). Guenther (This used to be commit 1d59841c9901b6a3aff72b6da1037495aa75f389)