Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
|
|
* bug #280 (my fault) - initialize sambaNextUserRid and
sambaNextGroupRid
* Unix users shared vis LDAP or NIS between a samba domain member
of a Samba domain are not seen as domain users on the member servers.
not as local users.
(This used to be commit a030fa373aefde8628def54ca8152f237a0467dc)
|
|
(This used to be commit d98a68e0ebaf2fbd360b826f5df472bc3f94285b)
|
|
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
|
|
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
|
|
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
|
|
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
|
|
to winbindd. See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
|
|
idmap backend is specified cause smbd to ask winbindd (use winbindd if
you want a consistant remote backend solution).
Should work well enough for next beta now...
Jeremy.
(This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
|
|
and ID_CACHE to ID_CACHE_SAVE. Added locking around tdb writes & deletes
for multi-process access.
Jeremy.
(This used to be commit 5b998cdc1d552234236862f6a2bbae703b0c146e)
|
|
not being present (and so allocate another) and an entry that is present but
of the wrong type. This code still has major problems...
Jeremy.
(This used to be commit a304bc5ff134df118754d9e8d2b2680b4101e438)
|
|
things at the *front* of the list). Add more debug. Still broken.. :-(.
Jeremy.
(This used to be commit dd9251e6f51f229ca1fab23d9b06f5bb68644fab)
|
|
Clean up the init a little bit, less nested if-statements.
Agreed upon with Simo.
Volker
(This used to be commit fdcfefd7f1be55307ccd59290efd249981198e1e)
|
|
Set back 3.0 to use only winbindd_idmap.tdb as idmap database as told on
samba-technical.
Tested and working so far.
(This used to be commit e154e50fed8968567f75fcd581de2b41914ea2c1)
|
|
Jeremy.
(This used to be commit a118648d9505d54850ffad1e9ce7a2c3d279df9f)
|
|
Jeremy.
(This used to be commit 705915d9f71504f8ae04444352c80811c5a6f1ac)
|
|
causes mapping to dissapear...
Jeremy.
(This used to be commit bdffc81c9d1eeab26e4dba017a99bb9cc9131493)
|
|
The idea here is to eliminate the need to *set* the 'HWM' (High Water
Mark) in the tdb. Instead, each caller wanting to add an item to the
TDB uses the fact that an insert will *fail* if entry already exists.
More importantly, this means that we don't need to know the value of the
idmap uid/gid values when setting arbitrary entries, which can occur on
an smb.conf without such values specified.
Then all we need to do is loop until we get an id that will insert.
This means that the HWM does not need to be accurate, and we can have
IDs allocates safely above the HWM.
Setting the HWM to an arbitrary value was racy in the past - now we
don't even do it.
This patch also adds paranoia in reading the tdb - both the entry, and
it's reverse entry must be present. This means that we don't need to
'clean up' after an abnormal failure (which would probably fail too),
instead we rely on readers to ignore the half-completed entry. The way
this is done will allow SIDs to then allocated an ID when things are
normal again.
Andrew Bartlett
(This used to be commit 74709e159cdcd4dbcf138428a85067b38c4ebe64)
|
|
0644 as the other databases.
Volker
(This used to be commit 5849053930474b1e735f3232995813ef5126ad00)
|
|
Volker
(This used to be commit dcdb6683a7c9d675c23cc2c0295cefec81f469a7)
|
|
from the output of 'net idmap dump'.
'net idmap dump' now also prints the USER/GROUP HWM.
Volker
(This used to be commit c0575be936572bb091a77c58361bd3a4fe9549ff)
|
|
tested.
Incrementing HWW_USER while allocating a GROUPID looked somewhat wrong.
Volker
(This used to be commit d1eac2c75856f8f1dec8d429feb24a5f05fa6ca8)
|
|
(This used to be commit df0df941d84386a7de5c97149c6c06d01a8720d0)
|
|
* remove 'winbind uid' and 'winbind gid' parameters (replaced
by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
(parameters are passed to idmap init() function
(This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
|
|
The correct prototype in C is function(void).
Please remember this !
Jeremy.
(This used to be commit b6b844a1a23532927b1177b652191ddfa92437e0)
|
|
(This used to be commit 7e352f5c62c4889bdf2662dded1e74a354890dc7)
|
|
New objectclass named sambaSamAccount which uses attribute
prefaced with the phrase 'samba' to prevent future name clashes.
Change in functionality of the 'ldap filter' parameter. This always
defaults to "(uid=%u)" now and is and'd with the approriate objectclass
depending on whether you are using ldapsam_compat or ldapsam
conversion script for migrating from sambaAccount to
sambaSamAccount will come next.
(This used to be commit 998586e65271daa919e47e1206c0007454cbca66)
|
|
plus internal fixes
1st stage
(This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
|
|
few fixes to *id_to_*id functions, we don't set the mapping for algoritmic
RIDs, they are resolved in the classic way
eliminate getpw* calls from tdbsam
(This used to be commit 6a7689cf74cd4d5f29e0b12f4bf8ac3051d49157)
|
|
SAM_ACCOUNT does not have anymore uid and gid fields
all the code that used them has been fixed to use the proper idmap calls
fix to idmap_tdb for first time idmap.tdb initialization.
auth_serversupplied_info structure has now an uid and gid field
few other fixes to make the system behave correctly with idmap
tested only with tdbsam, but smbpasswd and nisplus should be ok
have not tested ldap !
(This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
|
|
(This used to be commit ff051e9cf4b468aa9fe7e3f84483571d3d2de556)
|
|
fix debug, add "idmap" string to the list of classes
fix idmap, check init failures, and enhance debugging
fix idmap_tdb, _do_ init uid and gid low,high states (too bad I missed that
before)
fix smbd/uid.c, use gid_t for gids and uid_t for uids
(This used to be commit bc95de4ebb014080bc70173e7df94c672cea8df6)
|
|
places where it was used, this caused me segfaults in the last week :(
add more debugging in idmap to chase down a problem
(This used to be commit 6393105bda12fb3f6211e4f0128aabf588431b49)
|
|
(This used to be commit 9374f8692f6587b5f773c72b7847b64edeee9614)
|
|
first run if idmap.tdb is not found, and then eventually convert it to the
new format.
This is done to unify winbind and idmap databases and to make a backup of
winbindd_idmap.tdb in case you want to downgrade (of course it will not be
updated).
This is needed because idmap.tdb contains also local mappings, not only
foreign domains mappings.
Added some other fixes/improvements
Simo.
(This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
|
|
(This used to be commit 9c706be7b4417a1dc36866c3bad7a156f30b8af6)
|
|
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
|
|
two layers structure with
- local tdb cache
- remote idmap repository
compiles
(This used to be commit 8fb4e210bc7564ed491d121c20d598ba0bfbddff)
|
|
(not tested yet)
(This used to be commit 0d6cec90c13731827abcbc61974efc993e794003)
|