| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
When we vampire from w2k8-r2, the DC sends us a linked attribute for
our machine account which has a target DN with a GUID of the OU=Domain
Controllers objects, but has a DN of CN=Computers. We need to use the
GUID to resolve the real DN.
|
|
This also ensures we add the SHOW_DELETED control on searches for old
replPropertyMetaData attributes
|
|
|
|
We need to sort on both module add and modify
|
|
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data
to ensure we fill in the meta data for replication
|
|
w2k8 sometimes sends us a new object via DRS with an attribute with no
values
|
|
These additional debug messages were added to help us track down
w2k8->s4 domain join
|
|
This is needed for the WSPP ADS testsuite
|
|
Also add error strings in descriptor module
|
|
|
|
Currently disabled. The search will be greatly modified,
also the object tree stuff will be simplified.
|
|
This code was derived from the objectclass module, and we need the new
code in the default provision, or else no ACL is set on each object.
Andrew Bartlett
|
|
|
|
W2K8 join as a DC relies on being able to ask for the sid component of
extended DNs from the rootDSE DNs
|
|
The previous commit changed the wrong end - we must fix our server,
not our client.
Andrew Bartlett
|
|
metze
|
|
metze
|
|
|
|
This shouldn't be specified on creation time (Windows Server doesn't allow that).
Hope this also fixes the test (see buildfarm).
|
|
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
|
|
Windows Servers allow OID strings to be used instead of
attribute/class names.
For now we only resolve the OIDs in the search expressions,
the rest will follow.
metze
|
|
|
|
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS
which are duplicates of entries that we already have. We need to cope
with this by using a remove/add pair in the ldb_modify() to avoid a
"entry already exists" error
|
|
- Revert a change introduced by me since I didn't understood the meaning of the
version check
- Added some "const" to suppress compiler warnings
|
|
|
|
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
we were setting local_usn after the marshall, so it wasn't going into
the object
|
|
On a rename we need to update uSNChanged, and the max uSN for the
partition
|
|
We could get a double free with multiple linked attributes in a
message
|
|
Michael
|
|
|
|
You can now attach a partition control to searches to search within a
specific partition. This is used to get at the per-partition
@REPLCHANGED object
|
|
This object tracks the highest uSN in each partition. It will be used
to allow us to efficiently detect changes in a partition for sending
DsReplicaSync messages to our replication partners.
|
|
metze
|
|
The partition module normally makes the sequence number extended op
operate across all partitions. It will be useful in the repl task to
be able to ask for the sequence number of one partition
|
|
we only need to allocate a new sequence number when
replPropertyMetaData is changing or being created on an object
|
|
I think these modules ended up LGPL because someone based the module
on an existing LGPL module in the core ldb, and it spread from
there. Certainly there is no reason for the ldb modules that are not
distributed as part of ldb to be LGPL.
|
|
When changing non-replicated attributes we should not update the
uSNChanged attribute on the record, otherwise the DRS server will
think this record needs replicating.
|
|
|
|
|
|
thanks to Metze for spotting this
|
|
Every time we change a ldb object with the repl_meta_data module
loaded we need to update the replPropertyMetaData attribute to fix the
timestamps and USNs of the attributes being changed.
|
|
metze
|
|
Previous patch was incomplete regarding the "primaryGroupId" attribute. Complete it.
|
|
|
|
|
|
This fixes up the change of the primary group of a user when using the ADUC
console:
- When the "primaryGroupId" attribute changes, we have to delete the
"member"/"memberOf" attribute reference of the new primary group and add one
for the old primary group.
- Deny deletion of primary groups according to Windows Server (so we cannot
have invalid "primaryGroupID" attributes in our AD).
- We cannot add a primary group directly before it isn't a secondary one of a
user account.
- We cannot add a secondary reference ("member" attribute) when the group has
been chosen as primary one.
This also removes the LDB templates which are basically overhead now.
This should also fix bug #6599.
|
