summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
AgeCommit message (Collapse)AuthorFilesLines
2009-10-03s4:dsdb Add objectClass and RDN constraints to objectClass moduleAndrew Bartlett1-8/+35
These additional constraints are applied, found by the Microsoft testsuite. - When the parent is not present, we now return 'NO_SUCH_OBJECT'. - Restrict the choice of RDN to the correct one per the schema - Honour the allowedChildClasses attribute from the parent's objectClass. Andrew Bartlett
2009-10-03s4:dsdb Don't allow creation of systemOnly objectclassesMatthias Dieter Wallnöfer2-4/+10
(except as part of the provision, which specifies the 'relax' control) Andrew Bartlett
2009-10-02s4:repl_meta_data - variousMatthias Dieter Wallnöfer1-9/+38
- Add more "talloc_free"s and right error values where needed - Add a pre-lookup for entries before searching for metadata attribute (also suggested by TODO list) - Now the most part of "ldap.py" works again
2009-10-02s4:dsdb Return correct error on invalid attributeAndrew Bartlett1-1/+2
This error per the Microsoft testsuite
2009-10-02s4:dsdb Pass down the exact error code on failure in repl_meta_dataAndrew Bartlett1-5/+5
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-6/+8
2009-10-02s4:dsdb rework instanceType module - put instanceType in provisionAndrew Bartlett1-29/+9
The instanceType needs to be specified in future because that's how the partitions are actually created.
2009-10-02s4:dsdb Don't allow creating of new objects with an isDefunct schema classAndrew Bartlett1-1/+7
2009-10-02s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OIDAndrew Bartlett2-0/+144
This allows this control to be specified as critical. We support the control because we choose to always be durable in our transactions. We really, really need a 'duplicate request' API, as at the moment we can't do this without a large, error-prone set of code that cannot cope with new request fields or types. Andrew Bartlett
2009-10-02s4-ldb: Use relax control to check in replace metadata module if we accept ↵Matthieu Patou1-5/+38
request that specify objectGUID attribute.
2009-10-02s4:Ensure the selected RDN is the right one per the schemaAndrew Bartlett1-1/+7
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett
2009-10-02s4-samldb: the samldb module requires that the primary group existsAndrew Tridgell1-9/+17
We need to create Domain Users in the test ldb
2009-10-02s4-samdb: added some debuggingAndrew Tridgell1-2/+8
This helped track down the samba3sam.py failures
2009-10-02s4-ldb: accept the binary DN OIDs in extended DN modulesAndrew Tridgell2-4/+8
2009-09-28s4-dsdb: don't return the partition root objectsAndrew Tridgell1-1/+19
When searching across partitions, we want to avoid sending duplicate records caused by the record appearing both as a mount point and as a partition root in a nested partition. This patch works by intercepting objects from searches and checking if they match a partition root. If they do, and the partition is not the one in the partition control request, then discard the object.
2009-09-28s4-dsdb: removed extraneous debug messagesAndrew Tridgell1-4/+0
2009-09-28s4-dsdb: update replPropertyMetaData on linked attribute source attributesAndrew Tridgell1-0/+23
2009-09-28s4-dsdb: fixed searching for GUID based DNs between partitionsAndrew Tridgell1-2/+16
2009-09-28s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as criticalAndrew Tridgell1-0/+10
We may also need to remove the isCriticalSystemObject when the machine is demoted
2009-09-28s4-repl: free the la list on prepare commit failureAndrew Tridgell1-0/+3
2009-09-28s4-samdb: free the linked_attributes list on prepare commit failureAndrew Tridgell1-0/+6
2009-09-28s4-repl: use GUID to resolve target in linked attributesAndrew Tridgell1-8/+7
When we vampire from w2k8-r2, the DC sends us a linked attribute for our machine account which has a target DN with a GUID of the OU=Domain Controllers objects, but has a DN of CN=Computers. We need to use the GUID to resolve the real DN.
2009-09-28s4-drs: fixed sorting of replPropertyMetaDataAndrew Tridgell1-31/+44
This also ensures we add the SHOW_DELETED control on searches for old replPropertyMetaData attributes
2009-09-24s4-drs: add defines for replication flags on attributesAndrew Tridgell1-5/+2
2009-09-24s4-ldb: sort replPropertyMetaData by attidAndrew Tridgell1-1/+16
We need to sort on both module add and modify
2009-09-24s4-ldb: add instanceType in repl_meta_data moduleAndrew Tridgell1-0/+8
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data to ensure we fill in the meta data for replication
2009-09-23s4-drs: ignore zero value elements in DRS add operationsAndrew Tridgell1-0/+13
w2k8 sometimes sends us a new object via DRS with an attribute with no values
2009-09-22s4-ldb: added a bunch more debug for DC joinAndrew Tridgell3-0/+9
These additional debug messages were added to help us track down w2k8->s4 domain join
2009-09-22s4-ldbmodules: allow instanceType to be specified by clientsAndrew Tridgell1-0/+6
This is needed for the WSPP ADS testsuite
2009-09-21s4:dsdb Fix of double addition of SD-sNadezhda Ivanova2-11/+25
Also add error strings in descriptor module
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova2-8/+135
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova3-0/+1176
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-21s4:dsdb Run the new 'descriptor' module by default.Andrew Bartlett1-6/+0
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett
2009-09-21s4-ldap: default edn type is 0Andrew Tridgell1-1/+1
2009-09-21s4-ldb: add support for extended DNs in the rootDSEAndrew Tridgell1-2/+135
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs
2009-09-21s4:kerberos Fix the salt to match Windows 2008.Andrew Bartlett1-1/+1
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett
2009-09-21s4:dsdb/resolve_oids: add fast pathes for the common operations without oidsStefan Metzmacher1-0/+217
metze
2009-09-21s4:dsdb/resolve_oids: check return values in recursionStefan Metzmacher1-3/+6
metze
2009-09-21Merge branch 'master' of git://git.samba.org/sambaMatthias Dieter Wallnöfer1-0/+29
2009-09-20s4:samba3sam.py test - remove the primary group ID attribute hereMatthias Dieter Wallnöfer1-7/+2
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm).
2009-09-20Disable descriptor module unless enabled in smb.confNadezhda Ivanova1-0/+29
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf
2009-09-20dsdb/samdb: add resolve_oids moduleStefan Metzmacher2-0/+438
Windows Servers allow OID strings to be used instead of attribute/class names. For now we only resolve the OIDs in the search expressions, the rest will follow. metze
2009-09-19Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.Anatoliy Atanasov1-7/+1
2009-09-18s4-drs: cope with dupliate linked attributesAndrew Tridgell1-1/+41
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS which are duplicates of entries that we already have. We need to cope with this by using a remove/add pair in the ldb_modify() to avoid a "entry already exists" error
2009-09-17s4:descriptor module - Revert and const fixupsMatthias Dieter Wallnöfer1-7/+18
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings
2009-09-17s4:descriptor - cosmeticMatthias Dieter Wallnöfer1-1/+1
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer2-10/+3
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-16Owner and group defaulting.Nadezhda Ivanova3-57/+479
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-15s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell1-10/+10
we were setting local_usn after the marshall, so it wasn't going into the object
2009-09-14s4-repl: handle rename in repl_meta_dataAndrew Tridgell1-0/+97
On a rename we need to update uSNChanged, and the max uSN for the partition