Age | Commit message (Collapse) | Author | Files | Lines |
|
attributes
We should have them just in one place, so that we don't forget some of them.
metze
|
|
- don't crash when no values where specified
- return ERR_CONSTRAINT_VIOLATION on malformed messages
- only check for flags when we are involved in a LDB modify operation
|
|
fetch and set should use the same name!
metze
|
|
This should represent a replication partner - never the DC iself
|
|
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't?
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
|
|
This is useful for "samdb_search_count" where only the amount of entries
matters.
|
|
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
|
|
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP.
We don't have these sequence numbers in this case.
Andrew Bartlett
|
|
in "dsdb/common/util.c""
This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
|
|
"dsdb/common/util.c"
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
|
|
"samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint" a bit more
Unsigned int data in AD is a bit problematic to handle. Problem described by
abartlet.
|
|
"samdb_msg_add_string"
"ldb_msg_add_string" is safe here since the integer has already been converted
to a string which is "talloc"ed on "mem_ctx".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104
|
|
"samdb_msg_add_string"
|
|
|
|
need to be duplicated
This is done internally by the LDB library - look at "ldb_msg_add_empty".
|
|
This can be substituted by "ldb_msg_add_value".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
SAMDB_COMMON and DSDB_MODULE_HELPERS.
|
|
They will be used by the samldb LDB module
|
|
Use it only in conjunction with the DELETE one to allow the functions to work
also against Windows < 2008R2. This is really important for the vampire
operation.
Also mark the RECYCLED control as non-critical (so that it's simply ignored by
older Windows'es).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 4 16:10:11 UTC 2010 on sn-devel-104
|
|
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.
As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is needed since starting with 2008_R2 function level we get another type
of hidden objects which aren't seen by the "show_deleted" control: recycled
objects.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Do this as in "dsdb_dn_is_upgraded_link_val". There is really no reason to
truncate before search.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 3 10:45:39 UTC 2010 on sn-devel-104
|
|
this is more efficient than first searching for the DN, then doing a
search. We should look at using this in lots of existing code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
If we don't we could show an old, incrorrect error
|
|
This simplifies the function. While doing so, also change the error
string setting to set a really clear error string for the failure to find
and failure to parse cases.
Andrew Bartlett
|
|
samdb_find_ntdsguid_for_computer()
these will be used by the new RODC dns update code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This functionality is needed for DsCrackNames ListRoles command also.
|
|
LDAP filters
This makes also lookups through special backends as "samba3sam" work.
|
|
|
|
|
|
it should honor the component_name
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
the password change control
And introduce parameters to pass the old password hashes.
|
|
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Add more possible result NTSTATUS codes
|
|
(Sorry, I've overseen this)
|
|
|
|
account doesn't exist
This is for the (SAMR) account detection protection mechanism.
|
|
Sooner or later we'll need this too since not all operations depend only on the
current's domain function level (see the MS-ADTS docs).
|
|
|
|
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
|
|
"-1" we shouldn't force a password change
This value is set by the ADUC console.
|