summaryrefslogtreecommitdiff
path: root/source3/sam/idmap_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5428: Apply some const. LDAP attribs should now be declared const char ↵Volker Lendecke1-5/+5
*attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker (This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
2007-10-10r5272: BUG 2132, 2134: patch from Jason Mader <jason@ncac.gwu.edu> to remove ↵Gerald Carter1-4/+2
unused variables (This used to be commit 82c4e2f37f1f4c581cd7c792808c9a81ef80db94)
2007-10-10r3758: Increase a debug level. This error condition can actually happen in ↵Volker Lendecke1-1/+1
real life if you have several competing winbinds that might get a lag due to replication. Volker (This used to be commit 1c3f194ab7ab63aeb2284d7e5c7e183340740ceb)
2007-10-10r916: Memory leak fix from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-2/+6
Jeremy. (This used to be commit c336ccf4e8a6340f8d786219fbc7e4e5a7877e4e)
2004-03-11Get MungedDial actually working with full TS strings in it for pdb_ldap.Jim McDonough1-8/+8
I know this isn't pretty, but neither was our assumption that all strings from the directory fit inside a pstring. There was no way this worked before will all versions of usrmgr (for example, the only version of mine that has the TS Confic button). (This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
2004-02-23Janitor for tpot...bugzilla #1098, msleep already exists on aixJim McDonough1-1/+1
(This used to be commit 4319df7fdc2d878c509381923cc1db4d731620ba)
2004-01-06isolate ldap debug messages to the common smbldap_XXX() functionsGerald Carter1-5/+0
(This used to be commit 7d7a262f45182e67daecdca49df85445c2b9700a)
2003-11-14fix more memory leaks in the LDAP backend code; patches from metzeGerald Carter1-4/+14
(This used to be commit e079c8842a24ff4f50483bea8ca6b11db4b2dc99)
2003-11-07fix for bug 680 (heads up). This gist is to map theGerald Carter1-355/+129
UNIX entity foo to DOMAIN\foo instead of SERVER\foo on members of a Samba domain when all UNIX accounts are shared via NIS, et. al. * allow winbindd to match local accounts to domain SID when 'winbind trusted domains only = yes' * remove code in idmap_ldap that searches the user suffix and group suffix. It's not needed and provides inconsistent functionality from the tdb backend. This has been tested. I'm still waiting on some more feedback but This needs to be in 3.0.1pre2 for widespread use. (This used to be commit ee272414e9965d7d550ba91d4e83997134dd51e6)
2003-09-10Ensure we consistantly translate to/from utf8 for talking to LDAP.Jeremy Allison1-33/+31
Jeremy. (This used to be commit b5d953bc26de5c4e0e1a15f70ae56ea2dd2843f2)
2003-08-132 fixesGerald Carter1-123/+164
* bug #280 (my fault) - initialize sambaNextUserRid and sambaNextGroupRid * Unix users shared vis LDAP or NIS between a samba domain member of a Samba domain are not seen as domain users on the member servers. not as local users. (This used to be commit a030fa373aefde8628def54ca8152f237a0467dc)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough1-1/+1
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-24Some more [ug]id_t printf fixes.Tim Potter1-4/+4
(This used to be commit 165d1ae55622ca1e89c94fc5e40bdf5cddbcab45)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter1-26/+19
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-15/+23
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-11moving more code around.Gerald Carter1-1/+282
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-0/+1
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-06This changes our Unix primary GID behaviour back to what most people expect:Andrew Bartlett1-3/+4
Samba will now use the user's UNIX primary group, as the primary group when dealing with the filesystem. The NT primary group is ignored in unix. For the NT_TOKEN, the primary group is the NT priamry group, and the unix primary group is added to the NT_TOKEN as a supplementary group. This should fix bug #109, but will need to be revisited when we get a full NT group database. Also in this commit: - Fix debug statements in service.c - Make idmap_ldap show if it's adding, or modifying an existing DN - Make idmap_ldap show both the error message and error string (This used to be commit 32e455a714b2090fcfd1f6d73daccf600c15d51b)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett1-2/+4
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
2003-07-05Allow modification of an existing entry.Andrew Bartlett1-15/+36
We still have a lot of work to do to allow this in quite the same way as we have in the TDB, but it certainly is getting closer. Andrew Bartlett (This used to be commit b9ef4e138843e3a9d1157e197de0964daf29f0dd)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-591/+264
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-06-21This patch works towards to goal of common code shared between idmap_ldapAndrew Bartlett1-12/+12
and pdb_ldap. So far, it's just a function rename, so that the next patch can be a very simple matter of copying functions, without worrying about what changed in the process. Also removes the 'static' pointers for the rebind procedures, replacing them with a linked list of value/key lookups. (Only needed on older LDAP client libs) Andrew Bartlett (This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff)
2003-06-06* break out more common code used between pdb_ldap and idmap_ldapGerald Carter1-80/+173
* remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
2003-06-05working draft of the idmap_ldap code.Gerald Carter1-192/+254
Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350)
2003-06-03added idmap_ldap to wrong branch.Gerald Carter1-1/+0
(This used to be commit eafd53a7e7b54ccf2089dc5841ea4291a891ea91)
2003-06-03initial version of idmap_ldap.c; lots of updates to comeGerald Carter1-0/+838
(This used to be commit 69c84ad06b759da2246b3c00155a43e90f45a7f6)