| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Unnecessary, waste of time
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
|
|
The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
|
|
Don't "fix" plain DNs before sending them to OpenLDAP
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
|
|
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
|
|
This makes testing from the command line much easier, as ldbsearch -H
sam.ldb will now just work as well as it did with a tdb-based
provision.
This code was removed from it's previous location outside the ldb
module stack in aabda85a2fc9f6763abd56d61ff819012f2225ad.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Apr 19 13:15:40 CEST 2013 on sn-devel-104
|
|
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
The objectClass list is sorted at this point, as we are called below
the objectclass module here, or are working from a search result.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar 26 05:38:13 CEST 2012 on sn-devel-104
|
|
these are not needed now that the rootdse modules calculates the
validFSMOs attribute at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
The aclread needs to be belod descriptor, as it needs to have the full nTsecurityDescriptor to make the
checks, and the descriptor module may filter out parts of it if SD_FLAGS_CONTROL is provided.
|
|
this will allow s4 to use a system version of ldb
|
|
|
|
|
|
If we send the full extended DN, then we risk standards-complient LDAP
servers rejecting it as invalid. Only the DN portion is needed to
resolve the record in any case, and any SID or GUID componenets have
already been evaluated into the DN.
Andrew Bartlett
|
|
It is currently enabled only if the request comes from the LDAP server, and is
disabled by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
|
|
|
|
The schema should be considered read-only when we are using the OL
backend, as we can't update the backend schema in real time anyway.
Andrew Bartlett
|
|
Moved the access check on extended operations to acl module and removed kludge_acl
|
|
|
|
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
|
|
|
|
I think it should be lower in order to control also the "instanceType" module.
|
|
|
|
|
|
far more complete "objectclass_attrs" LDB module
|
|
objectclass attributes checking
Until now we had no real consistent mechanism which allowed us to check if
attributes belong to the specified objectclasses.
|
|
This is rather than rdn_name, which tries to do the job on the client
side. We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).
Andrew Bartlett
|
|
In the future, LDAP backends will be resposible for maintaining the
'name' attributes.
Andrew Bartlett
|
|
By putting these values into the cache on the LDB, this reduces some
of the noise in provision, particularly with the LDAP backend.
Andrew Bartlett
|
|
This is done so that it can be (in future) removed when the OpenLDAP
backend is in use and the rdn_val module is used, while keeping as
similar semantics as possible between the module stacks.
Andrew Bartlett
|
|
metze
|
|
They now work the same way as a DC
|
|
We don't want to be debugging two different code paths through the ldb
module stack, so better to always do the work of repl_meta_data, even
for a standalone server
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
To allow us to use the repl_meta_data module in standalone mode (and
thus not have two module stacks to test), we need a invocationID
stored somewhere when standalone. This creates a random one, and
stores it in @SAMBA_DSDB.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
The original code had the wrong module names, and use strcasecmp()
incorrectly.
Andrew Bartlett
|
|
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
|
