Age | Commit message (Collapse) | Author | Files | Lines |
|
The NULL search expression expands to (objectClass=*), but %s expands
NULL to (NULL) which doesn't parse...
Andrew Bartlett
|
|
|
|
|
|
metze
|
|
metze
|
|
Make use of the new "change old password checked" control.
|
|
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.
An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
|
|
This is needed since we have not only reset operations on password fields
(attributes marked with REPLACE flag) but also change operations which can be
performed by users itself. They have one attribute with the old value marked
with the REMOVE flag and one with the new one marked with the ADD flag.
This function helps to retrieve them (argument "new" is used for the new
password on both reset and change).
|
|
We may as well fall back rather than return NULL (which callers don't
do useful things with).
Andrew Bartlett
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
|
|
|
|
This function is used in DRSUpdateRefs() implementation where we
get DSA's objectGUID rather than invocationId
|
|
as client site
metze
|
|
client address
The lookup of the client site is done using the subnets in the configuration
partition. If no one matches we use the Windows Server fallback mechansim.
This means: if only one site is available just use it. If they're more set the
output variable to "".
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This test is in the wrong place. We end up validating our own flags.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this validates that a invocationID matches an account sid
This will be used to ensure that we don't allow DRS replication
from someone a non-DC or administrator
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This will be used by the RODC code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This function is intended to check if some client is not lying about
his flags. At this moment, it only checks for RODC flags.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
By putting these values into the cache on the LDB, this reduces some
of the noise in provision, particularly with the LDAP backend.
Andrew Bartlett
|
|
|
|
domainname
|
|
"samdb_schema_dn"
They aren't needed anymore.
|
|
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
|
|
|
|
This function should not traverse the module stack again, but instead
run from this point. Also add a matching
dsdb_module_load_partition_usn() and change repl_meta_data to match.
Andrew Bartlett
|
|
|
|
No need to have "signed" counters at those places.
|
|
|
|
when the ntds objects were moved by a recent change it broke the
calculation of the server site
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Always better to rely on the standards rather than on custom results.
|
|
In a single record search, LDB_ERR_CONSTRAINT_VIOLATION is more useful
than the generic LDB_ERR_OPERATIONS_ERROR
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
dsdb_find_dn_by_guid() now takes a struct GUID instead of a
guid_string. All the callers in fact wanted a struct GUID, so we now
avoid the extra conversion.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
much simpler code by using dsdb_flags
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
dsdb_flags
Allows for arbitrary controls
|
|
This allows for controls to be added easily where they are needed.
|
|
|
|
This will be used to allow the flag based ldb functions to work on
both a ldb or a module, thus saving a lot of specialist functions.
|
|
This will be used in the drsuapi server
|
|
I wonder why nobody noticed this since for sure this "tombstone" functionality
was broken till now.
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This makes things much simpler for the callers
|
|
|
|
When a object or attribute is created/updated/deleted, according
to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED
for the partitions that it belongs.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
In lsa_BinaryString length and size are byte counts!
TODO: we may need to do byte order conversion in this functions too...
metze
|
|
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".
metze
|
|
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".
metze
|