summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
AgeCommit message (Collapse)AuthorFilesLines
2010-05-10s4:password_hash LDB module - we might not have a cleartext password at allMatthias Dieter Wallnöfer1-26/+29
When we don't have the cleartext of the new password then don't check it using "samdb_check_password".
2010-05-10s4:password_hash LDB module - quiet a warningMatthias Dieter Wallnöfer1-1/+1
2010-05-10s4:password hash LDB module - check that password hashes are != NULL before ↵Matthias Dieter Wallnöfer1-6/+10
copying them
2010-05-10s4:password_hash LDB module - don't break the provisionMatthias Dieter Wallnöfer1-0/+3
This is to don't break the provision process at the moment. We need to find a better solution.
2010-05-10s4:password_hash - Implement password restrictionsStefan Metzmacher1-0/+195
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze
2010-05-10s4:password_hash - Rework to handle password changesMatthias Dieter Wallnöfer1-138/+450
- Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5)
2010-05-10s4:password_hash - Rework unique value checksMatthias Dieter Wallnöfer1-49/+71
Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py".
2010-05-10s4:password_hash - Various (mostly cosmetic) preworkMatthias Dieter Wallnöfer1-176/+240
- Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values
2010-05-10s4:acl ldb module - fix typosMatthias Dieter Wallnöfer1-3/+3
2010-05-09s4:samldb LDB module - make "samldb_member_check" synchronous againMatthias Dieter Wallnöfer1-64/+33
2010-05-09s4:samldb LDB module - make "samldb_prim_group_users_check" synchronous againMatthias Dieter Wallnöfer1-235/+24
2010-05-09s4:samldb LDB module - update the copyright noticeMatthias Dieter Wallnöfer1-1/+1
2010-05-09dsdb/password_hash: remove usage of msDs-KeyVersionNumberStefan Metzmacher1-37/+1
metze
2010-05-09s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumberAndrew Bartlett1-10/+76
This means that the existing kvno will no longer be valid, all unix-based domain members may need to be rejoined, and upgradeprovision run to update the local kvno in secrets.ldb/secrets.keytab. This is required to match the algorithm used by Windows DCs, which we may be replicating with. We also need to find a way to generate a reasonable kvno with the OpenLDAP backend. Andrew Bartlett
2010-05-04s4/rodc: Support read-only databaseAnatoliy Atanasov4-13/+75
Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client.
2010-05-04s4/rodc: Fix the callbacks up the stack to handle referrals on modify requestsAnatoliy Atanasov6-0/+48
2010-05-03s4/rodc: Implement msDS-isRODC constructed attrAnatoliy Atanasov1-1/+152
2010-05-01s4:dsdb Fix use of memory after free in repl_meta_dataAndrew Bartlett1-7/+9
The upgraded link values are were allocated on tmp_ctx, and need to be kept until they are written to the DB. If we don't give the correct context, they will be gone after the talloc_free(tmp_ctx). Found by Matthieu Patou <mat+Informatique.Samba@matws.net> Andrew Bartlett
2010-04-29s4/rodc: RODC FAS initial implementationAnatoliy Atanasov2-12/+13
2010-04-27s4-repl: these messages are common, and don't deserve debug level 1Andrew Tridgell1-2/+2
getting older attributes is quite common
2010-04-26s4-ddb: don't create partitions with the UNINSTANT flag setAndrew Tridgell1-1/+14
these partitions and not on the server we are replicating from. Also check for deleted partitions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-26s4-drs: make links to foreign partitions non-fatalAndrew Tridgell1-8/+6
DN links outside the set of partitions we are replication should be allowed. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell4-4/+4
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-dsdb: removed an unused variableAndrew Tridgell1-1/+0
2010-04-22s4-dsdb: moved rodc schema validation to samldb.cAndrew Tridgell2-33/+37
This means we are only doing the checks for schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Do not allow system-critical attributes to be RODC filteredFernando J V da Silva1-0/+33
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDsAndrew Bartlett1-0/+24
The SIDs in some queries were not being passed as binary, but as strings in comparison with the securityIdentifer object. We need to recognise that these are SIDs in the simple_ldap_map. Andrew Bartlett
2010-04-22s4:OpenLDAP-backend Use the new rdnval module in OpenLDAPAndrew Bartlett2-3/+8
This is rather than rdn_name, which tries to do the job on the client side. We need to leave this module in the stack for Fedora DS (and of course the LDB backend). Andrew Bartlett
2010-04-22s4:dsdb Revert accidentilly commited change for LDAP backendsAndrew Bartlett1-1/+1
In the future, LDAP backends will be resposible for maintaining the 'name' attributes. Andrew Bartlett
2010-04-20s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()Andrew Bartlett1-1/+1
By putting these values into the cache on the LDB, this reduces some of the noise in provision, particularly with the LDAP backend. Andrew Bartlett
2010-04-16s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid()Nadezhda Ivanova1-24/+5
2010-04-15s4:rootdse: only return "tokenGroups", when the client asked for themStefan Metzmacher1-1/+1
metze
2010-04-13s4:acl/descriptor LDB module - distinguish between root and default basednMatthias Dieter Wallnöfer2-0/+12
The first is the forest base DN, the second the domain base DN. At the moment we assume that they are both the same but it hasn't to be so. Nadia, I would invite you to fix the outstanding parts regarding this (I added comments).
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer5-7/+8
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-13s4:objectclass LDB module - remove a unneeded newlineMatthias Dieter Wallnöfer1-2/+1
2010-04-11subunit: Remove more test output that could be interpreted by subunit.Jelmer Vernooij1-1/+1
2010-04-10s4:dsdb Don't return operational attributes on special DNsAndrew Bartlett1-0/+5
2010-04-10s4:rootdse Implement "tokenGroups" in the rootDSEAndrew Bartlett1-0/+18
This returns the currently connected user's full token. This is very useful for debugging, and should be used in ACL tests. Andrew Bartlett
2010-04-10s4:dsdb Improve error message in extended_dn_inAndrew Bartlett1-1/+1
This error occours when an extended DN cannot be resolved, so it's most helpful to print the problematic extended DN. Andrew Bartlett
2010-04-10s4:schema Try to fix OpenLDAP backend after schema reload support.Andrew Bartlett1-4/+2
If we can't get @REPLCHANGED, default to a value of 0. Andrew Bartlett
2010-04-09s4/samldb: schemaInfo attribute must be updated when adding new Schema objectKamen Mazdrashki1-0/+50
2010-04-08s4:dsdb - Handle INVALID_DN_SYNTAX from OpenLDAP in ↵Endi S. Dewata1-1/+1
dsdb_module_load_partition_usn(). Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: waf quicktest nearly worksAndrew Tridgell1-45/+41
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+309
2010-03-26s4-drs: replmd_delete with the 3 stage deletion recycle binEduardo Lima2-105/+204
2010-03-23s4:ldb_modules/util.c - fix two counter variables to be "unsigned"Matthias Dieter Wallnöfer1-2/+2
2010-03-22s4:dsdb Add a shortcut sequence number for schema reloadsAndrew Bartlett1-14/+79
This uses the ldb sequence number, in a hope to detect an unchanged schema quicker. Andrew Bartlett
2010-03-22s4:dsdb Rework schema loading and add schema reloadingAndrew Bartlett1-105/+126
This commit reworks Samba4's schema loading code to detect when it needs to reload the schema. This is done by watching the @REPLCHANGED special DN. The reload happens by means of a callback, which is only set when the schema is loaded from the ldb - not when loaded from an LDIF file or DRS. We also rework the global schema handling - instead of storing the pointer to the global schema in each ldb, we store a flag indicating that the global schema should be returned at run time. This makes it much easier to switch to a new global schema. Andrew Bartlett
2010-03-22s4:dsdb Move dsdb_save_partition_usn() to be a module helper functionAndrew Bartlett2-4/+178
This function should not traverse the module stack again, but instead run from this point. Also add a matching dsdb_module_load_partition_usn() and change repl_meta_data to match. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-07-03 03:52:52 +0000