Age | Commit message (Collapse) | Author | Files | Lines |
|
Group membership has been already removed on deleted objects so there is
no mean doing something on this kind of object.
|
|
this fixes the DN to have a full GUID for new objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
|
|
We don't need to compare the delete against the primaryGroupID check
here - that test is for adds.
Andrew Bartlett
|
|
the samldb checks failed to account for the possibility of a member
being removed and added in the same modify operation. This happens
(for example) when dbcheck is fixing a SID in a DN.
The repl_meta_data.c code already has this check, it just wasn't
giving the right specialised error code for the 'member' attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
if we have the provision control, it's used by dbcheck
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This was only used by the Fedora DS backend for Samba4. We agreed to
no longer support external LDAP backends.
Andrew Bartlett
|
|
Older AD deployments simply don't have it and hence there is no RODC
support.
Reviewed-by: abartlet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
|
|
"samldb_prim_group_trigger" which as a wrapper calls "samldb_prim_group_change"
for a LDB modify operation.
Reviewed-by: abartlet
|
|
"dsdb_module_search_dn"
It saves us from checking the number of returned entries.
Reviewed-by: abartlet
|
|
types of account
Reviewed-by: abartlet
|
|
Tests against Windows Server show that it gets set to "FALSE" (not
deleted) if we change the account type to a domain member.
Reviewed-by: abartlet
|
|
Ekacnet was not quite right yet but his patch made me think further.
This primary group changing is only needed if the account type changes.
With this patch we do one more search if the "userAccountControl"
changes but we save us from doing these unneeded and wrong modify replace
operations most of the time.
Reviewed-by: abartlet
|
|
modifications unless we are a computer/dc/rodc
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
|
|
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This approach just asks the tdb backend to handle the single valued
constraint for us
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
dsdb_module_search()
this ensures we follow the module stack, and set the parent on child
requests
|
|
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we should be using the dsdb_module_search*() calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this avoids using a multi-part extended DN in a search that hits the
check in extended_dn_in
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Allow programs with the PROVISION control to bypass groupType checks.
This is needed by upgradeprovision for older alpha (11, 10 ...)
|
|
"objectclass_attrs" into "samldb"
This according to an answer from dochelp is SAM specific behaviour.
|
|
The new stricter test on clearTextPassword values caught out that
we did not provide a utf16 password here.
Andrew Bartlett
|
|
This should prevent crashes as pointed out on the mailing list.
|
|
attribute fetch also on LDB add operations
We've to completely ignore the flags in that case.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 11:10:23 UTC 2010 on sn-devel-104
|
|
We should only do searches when we have to.
metze
|
|
With 20000 objects in the database it's no fun to add members...
metze
|
|
into "ldb_modules/util.c"
It will be used by other LDB modules as well.
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 1 14:36:24 UTC 2010 on sn-devel-104
|
|
trigger
With "dNSHostName" and/or "sAMAccountName" updates
|
|
We need a "talloc_steal" for the retrieved "sAMAccountName" since the
memory is afterwards freed using the "talloc_free" call.
|
|
|
|
|
|
The same as with Windows
|
|
|
|
Also the "sAMAccountName" attribute is protected against corruption (e.g. two
accounts with the same name).
|
|
change trigger
When the "dNSHostName" changes then also the "servicePrincipalName"s are
changed as well.
|
|
Should always be done.
|
|
handlers separate functions
It's easier to maintain afterwards
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 30 19:07:20 UTC 2010 on sn-devel-104
|
|
single-valued attribute on SAM modifications
This saves quiet some work.
|
|
save memory
|
|
support multiple "primaryGroupID" modification entries
|
|
- adapt the "samldb_member_check" trigger to support multiple "member"
modification entries. There can exist special modification messages which
delete and add members in one operation
- support the right error codes when modifications do fail
(ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM)
|
|
- Also multi-valued "member" attributes are allowed
- When you try to delete a member from a group which has it primary group set
exactly to this group you get "UNWILLING_TO_PERFORM"
|
|
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't?
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
|