summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/samldb.c
AgeCommit message (Collapse)AuthorFilesLines
2011-07-21s4-dsdb: check group membership only for non deleted objectsMatthieu Patou1-2/+9
Group membership has been already removed on deleted objects so there is no mean doing something on this kind of object.
2011-07-13s4-dsdb: fixed the defaultObjectCategory to have a full GUIDAndrew Tridgell1-0/+24
this fixes the DN to have a full GUID for new objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
2011-07-13s4-dsdb Don't process deletion of member attributes here.Andrew Bartlett1-0/+9
We don't need to compare the delete against the primaryGroupID check here - that test is for adds. Andrew Bartlett
2011-07-13s4-dsdb: moved checking of duplicate member entries to repl_meta_data.cAndrew Tridgell1-32/+3
the samldb checks failed to account for the possibility of a member being removed and added in the same modify operation. This happens (for example) when dbcheck is fixing a SID in a DN. The repl_meta_data.c code already has this check, it just wasn't giving the right specialised error code for the 'member' attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-11s4-dsdb: allow objectsid to be specified in a modification operationMatthieu Patou1-3/+5
if we have the provision control, it's used by dbcheck Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-06s4-param Remove 'sid generator'Andrew Bartlett1-9/+5
This was only used by the Fedora DS backend for Samba4. We agreed to no longer support external LDAP backends. Andrew Bartlett
2011-05-25s4:samldb LDB module - check if the RODC group exists if creating an RODCMatthias Dieter Wallnöfer1-13/+43
Older AD deployments simply don't have it and hence there is no RODC support. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
2011-05-25s4:samldb LDB module - better to call "samldb_prim_group_trigger"Matthias Dieter Wallnöfer1-1/+1
"samldb_prim_group_trigger" which as a wrapper calls "samldb_prim_group_change" for a LDB modify operation. Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - convert a "dsdb_module_search" into ↵Matthias Dieter Wallnöfer1-5/+2
"dsdb_module_search_dn" It saves us from checking the number of returned entries. Reviewed-by: abartlet
2011-05-25s4:samldb LDB modules - only objectClass "computer" is allowed to embed all ↵Matthias Dieter Wallnöfer1-3/+33
types of account Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix "isCriticalSystemObject" behaviourMatthias Dieter Wallnöfer1-3/+22
Tests against Windows Server show that it gets set to "FALSE" (not deleted) if we change the account type to a domain member. Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix the behaviour when changing the "userAccountControl"Matthias Dieter Wallnöfer1-14/+31
Ekacnet was not quite right yet but his patch made me think further. This primary group changing is only needed if the account type changes. With this patch we do one more search if the "userAccountControl" changes but we save us from doing these unneeded and wrong modify replace operations most of the time. Reviewed-by: abartlet
2011-05-21s4:samldb LDB module - don't change the "primaryGroupId" on LDB ↵Matthieu Patou1-1/+16
modifications unless we are a computer/dc/rodc Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell1-1/+1
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-01s4:remove many invocations of "samdb_msg_add_string"Matthias Dieter Wallnöfer1-2/+2
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-28Fix some typesJelmer Vernooij1-5/+5
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-24build: moved libds/common/flag_mapping.c into a common subsystemAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-14s4-dsdb: fixed problem with constrained modification of description attributeAndrew Tridgell1-44/+13
This approach just asks the tdb backend to handle the single valued constraint for us Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-17s4-dsdb: replaced the calls to ldb_search() in dsdb modules with ↵Andrew Tridgell1-10/+11
dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell1-15/+27
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4:samldb LDB module - fix "userAccountControl" handlingMatthias Dieter Wallnöfer1-8/+20
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags are set on LDAP add operations. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: removed some more samdb_search_*() calls from samldb.cAndrew Tridgell1-26/+69
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: replaced another use of samdb_search in a ldb moduleAndrew Tridgell1-4/+10
we should be using the dsdb_module_search*() calls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: fixed primaryGroupID to use dsdb_module_search_dn()Andrew Tridgell1-6/+14
this avoids using a multi-part extended DN in a search that hits the check in extended_dn_in Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-20s4:samldb LDB module - objectclass trigger - reorder template attributesMatthias Dieter Wallnöfer1-9/+10
2010-11-12samldb: relax groupType modification checksMatthieu Patou1-27/+32
Allow programs with the PROVISION control to bypass groupType checks. This is needed by upgradeprovision for older alpha (11, 10 ...)
2010-11-12s4:samldb/objectclass_attrs LDB modules - move "description" logic from ↵Matthias Dieter Wallnöfer1-0/+81
"objectclass_attrs" into "samldb" This according to an answer from dochelp is SAM specific behaviour.
2010-11-11s4-dsdb Convert new krbtgt_xxx password into UTF16Andrew Bartlett1-1/+12
The new stricter test on clearTextPassword values caught out that we did not provide a utf16 password here. Andrew Bartlett
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer1-1/+12
This should prevent crashes as pointed out on the mailing list.
2010-11-07s4:ldb_modules/util.c - "dsdb_get_single_valued_attr" - support the ↵Matthias Dieter Wallnöfer1-6/+12
attribute fetch also on LDB add operations We've to completely ignore the flags in that case. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Nov 7 11:10:23 UTC 2010 on sn-devel-104
2010-11-04s4:dsdb/samdb: optimize samldb_prim_group_change()Stefan Metzmacher1-60/+60
We should only do searches when we have to. metze
2010-11-03s4:dsdb/samldb: avoid nested unindexed searches in samldb_member_check()Stefan Metzmacher1-14/+31
With 20000 objects in the database it's no fun to add members... metze
2010-11-03s4:samldb LDB module - improve the "get_single_valued_attr" call and move it ↵Matthias Dieter Wallnöfer1-84/+6
into "ldb_modules/util.c" It will be used by other LDB modules as well.
2010-11-01s4:samldb LDB module - the "sAMAccountName" cannot be substituted by nothingMatthias Dieter Wallnöfer1-2/+8
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 1 14:36:24 UTC 2010 on sn-devel-104
2010-11-01s4:samldb LDB module - support now the full "servicePrincipalName" update ↵Matthias Dieter Wallnöfer1-30/+96
trigger With "dNSHostName" and/or "sAMAccountName" updates
2010-11-01s4:samldb LDB module - "sAMAccountName" checkerMatthias Dieter Wallnöfer1-2/+2
We need a "talloc_steal" for the retrieved "sAMAccountName" since the memory is afterwards freed using the "talloc_free" call.
2010-11-01s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell1-0/+1
2010-11-01s4:samldb LDB module - unify objectSid assignment error messagesMatthias Dieter Wallnöfer1-3/+2
2010-11-01s4:samldb LDB module - deny "objectSid" modificationsMatthias Dieter Wallnöfer1-0/+7
The same as with Windows
2010-11-01s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell1-1/+6
2010-10-31s4:samldb LDB module - validate "sAMAccountName" modificationsMatthias Dieter Wallnöfer1-0/+74
Also the "sAMAccountName" attribute is protected against corruption (e.g. two accounts with the same name).
2010-10-31s4:samldb LDB module - implement the "dNSHostName" - "servicePrincipalName" ↵Matthias Dieter Wallnöfer1-0/+155
change trigger When the "dNSHostName" changes then also the "servicePrincipalName"s are changed as well.
2010-10-31s4:samldb LDB module - check for the number of results after a search operationMatthias Dieter Wallnöfer1-0/+3
Should always be done.
2010-10-30s4:samldb LDB module - make the "userAccountControl" and "groupType" modify ↵Matthias Dieter Wallnöfer1-122/+173
handlers separate functions It's easier to maintain afterwards Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 30 19:07:20 UTC 2010 on sn-devel-104
2010-10-30s4:samldb LDB module - add a new function which handles special cases for ↵Matthias Dieter Wallnöfer1-28/+51
single-valued attribute on SAM modifications This saves quiet some work.
2010-10-30s4:samldb LDB module - primary group change - free temporary messages to ↵Matthias Dieter Wallnöfer1-2/+4
save memory
2010-10-30s4:samldb LDB module - adapt the "samldb_prim_group_change" trigger to ↵Matthias Dieter Wallnöfer1-10/+55
support multiple "primaryGroupID" modification entries
2010-10-30s4:samldb LDB module - "member" triggerMatthias Dieter Wallnöfer1-38/+69
- adapt the "samldb_member_check" trigger to support multiple "member" modification entries. There can exist special modification messages which delete and add members in one operation - support the right error codes when modifications do fail (ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM)
2010-10-26s4:samldb LDB module - enhance the "member"-check triggerMatthias Dieter Wallnöfer1-3/+7
- Also multi-valued "member" attributes are allowed - When you try to delete a member from a group which has it primary group set exactly to this group you get "UNWILLING_TO_PERFORM"
2010-10-25s4:"samdb_search_count" - introduce a "mem_ctx" parameterMatthias Dieter Wallnöfer1-2/+2
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't? Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104