| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This was done according to MS-SAMR 3.1.1.8.2
But do use it only for add operations at the moment.
|
|
Additionally clean up "samldb_fill_object" which is now much easier to
comprehend.
|
|
This was done according to MS-SAMR 3.1.1.8.1
I need to perform some RELAX checks since otherwise the provision wouldn't work
anymore.
|
|
|
|
It's a bit redundant given that we have the "type" variable on "ac".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 6 10:20:45 UTC 2010 on sn-devel-104
|
|
operations
- Perform only shallow copies (should be enough)
- Perform only one copy per operation (also on modifications)
- Build a new request on modify operations if needed ("modified" flag) - this
makes it look cleaner
- Fix an important bug: the "el" pointers could have changed after
modifications. Therefore we have to refresh them on the FLAG_DELETE checks
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 5 09:24:57 UTC 2010 on sn-devel-104
|
|
|
|
when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
with a primary group specified
It can only be changed afterwards. We allow a "relax"ed exception for the
provision state since we need this for the guest account.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
detection also on modify operations
Also requested by MS-SAMR 3.1.1.8.1.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
LDAP filters
This makes also lookups through special backends as "samba3sam" work.
|
|
|
|
modify operations"
This reverts commit 1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d.
This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this.
I will rework this further.
|
|
This completely destroys the program logic (async callbacks). Sorry for
introducing this.
|
|
derivation from "userAccountControl"
Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
|
|
|
|
operations
We perform always only one shallow copy operation of the message on the "req"
context. This allows to free the "ac" context when we've prepared all our
changes.
|
|
that it is only in use by the delete operation
add and modify helpers will stay on the top of the add and modify operation
since they will likely be shared as much as possible.
|
|
operation handler
|
|
be again synchronous
Also to make it easier to comprehend
|
|
This looks more straight-forward now.
|
|
Since we get more and more rid of async stuff we don't need this in the context
anymore.
|
|
"sAMAccountName"
Purely cosmetic - but nicer to read
|
|
And a small cosmetic change.
I like to have the real attribute names in the function denominations
|
|
To make it more understandable
|
|
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the
range allowed by the schema (the schema has
rangeLower==rangeUpper==65536). We need to mark this element as being
internally generated to avoid the range checks
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
As far as I can tell and the test show the DN gets now normalised automatically
when stored into the database.
Anyway, if we find a case where this doesn't happen then I propose to do it
centrally for all DN attributes in common since we should get away from special
attribute hacks as far as possible.
|
|
are the same
|
|
operations
Since we do now run sequentially through all checks we don't need multiple "ac"
contexts anymore.
|
|
"defaultObjectCategory" on objectclass add operations
This is needed to make the "objectclass_attrs" LDB module happy. The search
check and case adjustment are done as it was using a second modify operation.
|
|
This is now dynamically always done by the objectclass LDB module
|
|
module
When a "computer" entry will be added, also the inherited "user" objectclass is
going to be specified.
|
|
This is a start to allow the triggers to be called sequentially.
|
|
Add operations are denied since these are single-valued - only replace is
allowed.
This is only provisorily at the moment - we need to implement the triggers
specified in MS-ADTS.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
