Age | Commit message (Collapse) | Author | Files | Lines |
|
And enhance the testsuite
|
|
"objectclass_attrs" into "samldb"
This according to an answer from dochelp is SAM specific behaviour.
|
|
as must contain
Before we got the following error, while starting samba after a
'samba-tool vampire':
Failed to store repsFrom - objectclass_attrs: delete protected attribute
'objectSid' on entry 'DC=ForestDnsZones,DC=alpha,DC=sz,DC=salzgitter-ag,DC=lab'
missing!
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 4 17:01:59 UTC 2010 on sn-devel-104
|
|
The backend is the only place that can do this properly. It makes no
sense to do it anywhere else. As a result of it moving out of the
backend we ended up with some bugs causing multiple values in single
valued attributes (eg. isDeleted), which can really damage the
inregrity of the database.
For the override of single valued values needed for deleted linked
attributes we should use attribute flags.
This reverts commit 1949864417f3d10fb8996df7db259649eb777271.
|
|
attributes list
This is a hardcoded list in AD of attributes, which can never be deleted.
|
|
The checks are done when there are more than 0 values. The other checks should
be performed by the other parts of the module.
|
|
checker
It's always invoked on add and modify operations.
|
|
|
|
|
|
|
|
constraints
Only the "description" attribute has this special restrictions.
|
|
This is the AD behaviour. But on attributes with the flag
"FLAG_ATTR_REQ_PARTIAL_SET_MEMBER" it is allowed.
|
|
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.
As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
For attributes that we know that are harmless and that used to be stored
in the ldb we relax the tests on the existance in a given objectclass.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
|
|
This puts more of the schema restrictions in one place.
Andrew Bartlett
|
|
into this module
It seems to me more consistent (and also to keep the same behaviour on all
backends).
Also the DRS hack should therefore not be needed anymore since the
"repl_meta_data" module launches requests behind "objectclass_attrs".
|
|
objectclass attributes checking
Until now we had no real consistent mechanism which allowed us to check if
attributes belong to the specified objectclasses.
|