summaryrefslogtreecommitdiff
path: root/source3/winbindd/idmap_ad.c
AgeCommit message (Collapse)AuthorFilesLines
2013-03-09s3-winbindd: Move connection to AD server from idmap_adChristof Schmitt1-45/+4
Having this in a common place allows reuse by other idmap modules. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Use common helper function for connecting to ADSChristof Schmitt1-36/+5
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move code for verifying ADS connection to common helper functionChristof Schmitt1-24/+2
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move common code for LDAP id mapping to idmap_utilsChristof Schmitt1-39/+4
idmap_ad and idmap_ldap use the same helper functions and the same maximum query size. Move the code to idmap_utils so that it can be shared by every module issuing LDAP queries. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-02-06s3-winbind: Remove unused bool "local"Christof Schmitt1-5/+2
"local" is always False, so simply remove it and the if statement checking its value. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 6 23:27:48 CET 2012 on sn-devel-104
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij1-1/+1
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-11-14s3-modules: remove the last "init_module" traces.Günther Deschner1-2/+0
Guenther
2011-10-28lib/util Rename samba_init_module -> samba_module_initAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-21s3:winbindd/idmap make idmap modules loadable againChristian Ambach1-1/+1
commit 355b5e3a831415d9bef97 changed the module system to expect 'samba_init_module' as fixed initializer function
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-3/+3
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-03-22s3:idmap: remove the params argument from the init functionMichael Adam1-2/+1
2011-03-06s3: Remove close_fn from idmap_methodsVolker Lendecke1-23/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Mar 6 13:37:13 CET 2011 on sn-devel-104
2011-03-06s3: Replace idmap_ad_close by a destructorVolker Lendecke1-11/+12
2011-03-06s3-idmap-ad: Make ad_schema properly tallocedVolker Lendecke1-4/+2
2011-03-06s3: Remove some unused codeVolker Lendecke1-21/+0
2011-03-06s3: Remove unused args from get_nss_infoVolker Lendecke1-2/+0
2011-02-27s3: Fix a typoVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 27 20:14:20 CET 2011 on sn-devel-104
2011-02-27s3: Fix some nonempty blank linesVolker Lendecke1-8/+8
2011-02-27s3: Fix a debug messageVolker Lendecke1-2/+3
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 27 16:59:19 CET 2011 on sn-devel-104
2011-01-03s3:winbindd/idmap_ad.c: update my CMichael Adam1-1/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Jan 3 09:19:07 CET 2011 on sn-devel-104
2010-11-30s3: Fix bug 7832Volker Lendecke1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Nov 30 14:39:34 CET 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3: Replace sid_binstring and sid_guidstring with PIDL-based alternativesAndrew Bartlett1-2/+3
This reduces the manual marshalling of these structures by removing the duplication here. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-1/+2
Guenther
2010-08-26s3-idmap: only include idmap headers where needed.Günther Deschner1-0/+1
Guenther
2010-08-14s3:idmap_ad: untangle two assignments from checksMichael Adam1-2/+4
2010-08-14s3:idmap_ad: remove unused filter_low_id and filter_high_id from ↵Michael Adam1-14/+0
idmap_ad_context The filter range from the idmap_domain is used now.
2010-08-14s3:idmap_ad: use range from idmap_domain in idmap_ad_sids_to_unixids()Michael Adam1-4/+2
2010-08-14s3:idmap_ad: use range from idmap_domain in idmap_ad_unixids_to_sids()Michael Adam1-4/+2
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-01s3-nss_info: only include nss_info.h where needed.Günther Deschner1-0/+1
Guenther
2010-07-01s3-libads: move ldap posix schema defines to their own header file.Günther Deschner1-0/+1
Guenther
2010-07-01s3-libads: only include libds flags where needed.Günther Deschner1-0/+1
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-4/+4
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-03Add some const to winbind_userinfoVolker Lendecke1-3/+3
2009-05-28Make sid_binstring & friends take a talloc contextVolker Lendecke1-4/+4
2009-03-02More fix to initialize idmap statusesBo Yang1-0/+10
2008-12-01s3: Fix 'ctx' might be used unitialized warningsTim Prouty1-2/+2
2008-12-01s3:winbindd/idmap_ad: add entry debug message to nss_ad_get_info()Michael Adam1-0/+3
Michael
2008-12-01s3:winbindd/idmap_ad: add support for trusted domains to idmap_ad (bug #3661)Michael Adam1-126/+221
This initial fix does at least work for explicitly configured domains. The patch has a few disadvantages: 1. It does work only for explicitly configured domains, not with the default backend (idmap backend = ad), since it relies on the domain name being passed in via the idmap_domain. One workaround for this would be to create clones of the default idmap_domain for domains not explicitly configured. 2. It calls find_domain_from_name_noinit() from idmap_ad_cached_connection. The problem here is that only the NetBIOS domain name (workgroup name) is passed in via the idmap_domain struct, and the module has to establish a connection to the domain based on that information. find_domain_from_name_noinit() has the disadvantage that it uses the state of the domain list at fork time (unless used from the main winbindd). But this should be ok as long as the primary domain was reachable at start time. For nss_info, the situation is similar - This will only work for domains explicitly configured in smb.conf as follows: "winbind nss info = rfc2307:dom1 sfu:dom2 rfc2307:dom3 template:dom4" Setting the default nss info to one of the ad backends (rfc2307, sfu, sfu20) will fail since the domain name is not passed in with the nss_domain_entry. Michael
2008-12-01s3:winbindd/idmap_ad: refactor core of nss_{sfu|sfu20|rfc2307}_init to ↵Michael Adam1-34/+48
common function. Michael
2008-12-01s3:winbindd/idmap_ad: rename ctx to mem_ctx in nss_ad_get_info()Michael Adam1-8/+8
in preparation to using the idmap_ad_context there Michael
2008-12-01s3:winbindd/nss_info: change nss_map_{to|from}_alias to take nss_domain_entryMichael Adam1-3/+3
instead of just the domain name Michael
2008-11-25Revert "UNFINISHED - s3:idmap_ad: multi-domain"Michael Adam1-83/+69
This reverts commit 6a4957d35d50e6508917aca62b282ae4904187c8. Sorry - this got accidentially pushed. Michael
2008-11-25UNFINISHED - s3:idmap_ad: multi-domainMichael Adam1-69/+83
Michael
2008-10-20Fix a valgrind error in idmap_ad_sids_to_unixids()Volker Lendecke1-0/+2
We need to initialize all mappings in case we don't find anything. Simo, please check! Volker
2008-09-16* Allow an admin to define the "uid" attribute for a RFC2307Gerald (Jerry) Carter1-9/+168
user object in AD to be the username alias. For example: $ net ads search "(uid=coffeedude)" distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org sAMAccountName: gcarter memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org uid: coffeedude uidNumber: 10000 gidNumber: 10000 unixHomeDirectory: /home/gcarter loginShell: /bin/bash $ ssh coffeedude@192.168.56.91 Password: coffeedude@orville:~$ id uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers) $ getent passwd PINK\\gcarter coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent passwd coffeedude coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent group PINK\\Unixusers PINK\unixusers:x:10000:coffeedude
2008-09-15idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure.Gerald W. Carter1-12/+69
2008-08-12idmap rewriteVolker Lendecke1-18/+2
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)