| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ordinary external search operation
Referrals are valid results.
|
|
- add more OOM checks where needed
- remove message of an error which cannot happen anymore (since now the
structural objectclass is always checked by the objectclass LDB module)
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 3 18:30:52 UTC 2010 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
|
|
|
|
this allows you to call dsdb_req_chain_debug() in gdb or when writing
debug code to see the request chain
|
|
Also here we have to work with the default base DN.
After some reading I've discovered that this isn't really true. The forest
partition does exist on one or more DCs and is there the same as the default
base DN (which is already checked by the module).
And if we have other DCs which contain child domains then they never contain
data of the forest domain beside the schema and the configuration partition
(which are checked anyway) since a DC can always contain only one domain!
Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
|
|
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The first is the forest base DN, the second the domain base DN. At the moment
we assume that they are both the same but it hasn't to be so.
Nadia, I would invite you to fix the outstanding parts regarding this (I added
comments).
|
|
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.
Andrew Bartlett
|
|
w2k8-r2 gives a "schema mismatch" error if the revision is not set to
REVISION_ADS and you replicate the ntsecuritydescriptor using DRS.
Nadya, please check this!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
It can now also be used by objectclass.c
get_last_structural_class now ignores AUX classes, because they are
not structural
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
For controls that need to be seen by more than one module, it is best
to just mark them non-critical when handled, instead of removing
them. Otherwise lower modules can't see them.
In this case we want the operational module to see the SD_FLAGS
control
|
|
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
|
|
Nadya, I'm guessing you plan on adding some real elements to this
structure later. For now I've added _dummy so the build can continue
with the Solaris C compiler.
|
|
Also add error strings in descriptor module
|
|
This code was derived from the objectclass module, and we need the new
code in the default provision, or else no ACL is set on each object.
Andrew Bartlett
|
|
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
|
|
- Revert a change introduced by me since I didn't understood the meaning of the
version check
- Added some "const" to suppress compiler warnings
|
|
|
|
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
