Age | Commit message (Collapse) | Author | Files | Lines |
|
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
|
|
we show wellknown links to the deleted objects container
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 7 07:58:08 CEST 2011 on sn-devel-104
|
|
unless the user asks for the display of deactivated links, we should
not display DNs that link to deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
to correctly implement the show_deleted and show_recycled control we
need to know if the recyclebin is enabled. When not enabled, the
isRecycled attribute is ignored, and only isDeleted is used.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the dsdb_check_optional_feature() call should look on our own NTDS DN
for the enabled feature. This should work for all features, not just
for forest wide fetaures.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows dbcheck to fix groupType on objects that have been deleted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
sAMAccountType
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Oct 6 03:43:13 CEST 2011 on sn-devel-104
|
|
|
|
|
|
when we are adding an object via DRS, we need to add the
DSDB_CONTROL_PARTIAL_REPLICA control if we are replicating a partial
replica, so ensure the partition module creates new NCs as partial
replicas
|
|
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
another missing newline
|
|
this is needed for a subdomain join by a new NC. The NC is initially
uninstantiated
|
|
this allows INSTANCE_TYPE_WRITE to be not set if
INSTANCE_TYPE_UNINSTANT is set
|
|
With this set, we accept changes even if they have the same tuple as
the local copy. This can be used by a FULL_SYNC replication to recover
a replica that is corrupt
|
|
if instanceType does not include INSTANCE_TYPE_WRITE, then disallow
changes to any replicated attributes. This ensures partial replicates
are not alterered
|
|
|
|
this modifies the partition module to honor a partialReplica attribute
on the @PARTITION module, marking partiations as partial replicas so
the NO_GLOBAL_CATALOG control can be honoured
|
|
if the @ATTRIBUTES or other objects which are replicated between
partions become out of sync, then the ldb would fail to open. This
changes ensures that we can always fix those records, by running the
operation in the top level partition, and replicating the result to
the other partitions
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 19 04:31:48 CEST 2011 on sn-devel-104
|
|
when we do a subdomain join we create a new object using a REPL_OBJ
getncchanges call for the partitions DN. This has a side effect of
creating that object. We need to skip the UDV update in that case
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this was found by a flakey test in autobuild
|
|
It also creates a single routine dsdb_load_ldb_results_into_schema()
to handle cases where the schema is in the form of an ldb_result.
Andrew Bartlett
|
|
This string is reported to the caller, which makes debugging much easier.
Andrew Bartlett
|
|
I'm pretty sure a SHOW_DELETED was wanted here
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
|
|
this will catch future programmer errors with incorrect base DNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
windows does not allow a search on the empty DN except for rootDSE
searches or for phantom_root searches (ie. with --cross-ncs). By
enforcing this in Samba we make it more likely that our tests and
utilities will work against windows
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
NULL should be used when doing all partition searches. The default
basedn should be used when wanting just the domain NC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
|
|
when in FL 2000 we were not correctly deleting backlinks as we uses
dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules
should use dsdb_module_dn_by_guid() which prevents going to the top
level, and finds deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
added comments explaining the backlink deletion code, plus fix a use
of a bitwise operation in a boolean expression, and avoid calling
dsdb_functional_level() inside a loop
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this prevents us going to the top level of the module stack
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
this allows dsServiceName to be stored as an extended DN or GUID form
in @ROOTDSE, and its string form will be found at runtime.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
these are not needed now that the rootdse modules calculates the
validFSMOs attribute at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this changes the rootdse to compute the validFSMOs attribute at
runtime by checking the fSMORoleOwner attribute on the appropriate
DN. This avoids the need for the pdc_fsmo and naming_fsmo modules.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
s4:subtree_rename LDB module - fix the move/rename constraints
By the inspiration of an email request by ekacnet I have rechecked the
move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the
MS-ADTS technical documentation.
It really turns out that the constraint checking is only performed on
the root object of a request.
In addition add my copyright notice (I've written these constraint checks).
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
|
|
|
|
this auto-normalises some attributes when they are added/modified. The
list that we auto-normalise is currently:
Boolean
INT32
INTEGER
UTC_TIME
This fixes a problem with groupType being stored in an unnormalised
form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
checking filter elements in the right order makes it a little faster
|
|
this saves some string comparisons
|
|
this replaces DN components in incoming filter expressions with the
full extended DN of the target, which allows search expressions based
on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way
links in search expressions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows for searches like member=<SID=S-1-2-3>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
to delete
If the parent request specify the show_deleted control we must use it in
order to be able to see the deleted objects.
Also we just allow to trusted connections with the system account to
remove deleted objects, others receive an unwilling to perform.
|