Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The first is the forest base DN, the second the domain base DN. At the moment
we assume that they are both the same but it hasn't to be so.
Nadia, I would invite you to fix the outstanding parts regarding this (I added
comments).
|
|
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.
Andrew Bartlett
|
|
w2k8-r2 gives a "schema mismatch" error if the revision is not set to
REVISION_ADS and you replicate the ntsecuritydescriptor using DRS.
Nadya, please check this!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
It can now also be used by objectclass.c
get_last_structural_class now ignores AUX classes, because they are
not structural
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
For controls that need to be seen by more than one module, it is best
to just mark them non-critical when handled, instead of removing
them. Otherwise lower modules can't see them.
In this case we want the operational module to see the SD_FLAGS
control
|
|
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
|
|
Nadya, I'm guessing you plan on adding some real elements to this
structure later. For now I've added _dummy so the build can continue
with the Solaris C compiler.
|
|
Also add error strings in descriptor module
|
|
This code was derived from the objectclass module, and we need the new
code in the default provision, or else no ACL is set on each object.
Andrew Bartlett
|
|
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
|
|
- Revert a change introduced by me since I didn't understood the meaning of the
version check
- Added some "const" to suppress compiler warnings
|
|
|
|
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|