Age | Commit message (Collapse) | Author | Files | Lines |
|
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
|
|
This makes clear that struct dsdb_control_password_change
belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID.
metze
|
|
this will be used for overrides by the dbcheck validator
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
this allows the replication server to control replication via a set of
flags. Initial flags will allow control for partial replications and
full_sync support
|
|
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
|
|
these are not needed now that the rootdse modules calculates the
validFSMOs attribute at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Tru64
|
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
|
|
control
This contains the NT and/or LM hash of the password specified by the user.
|
|
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
|
|
This control is designed to allow replmetadata to be specified
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
When importing users from Samba3 we need to control all values.
metze
|
|
This control will allow the linked_attributes module to know if
repl_meta_data has already handled the creation of forward and back
links.
Andrew Bartlett
|
|
The password hash module controls overlapped others. Sorry, but the
"schema_samba4.ldif" hasn't been kept up-to-date.
|
|
- Add a new control for getting status informations (domain informations,
password change status) directly from the module
- Add a new control for allowing direct hash changes
- Introduce an addtional control "change_old password checked" for the password
|
|
This will be called by getncchanges when a client asks for a
DRSUAPI_EXOP_FSMO_RID_ALLOC operation
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
|
|
It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.
The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.
Andrew Bartlett
|
|
This aims to replace (and is based on) the code in ldb_dn.c. It is
however much stricter in the DNs it will accept.
Andrew Bartlett
|
|
This is done by passing an extended operation to the partitions module
to extend the @PARTITION record and to extend the in-memory list of
partitions.
This also splits things up into module parts that belong above and below
repl_meta_data
Also slit the partitions module into two files due to the complexity
of the code
Andrew Barltett
|
|
This exposes the linked_attributes to the repl_meta_data module
|
|
This structures was used in two ways. In one way it held variables
that are logically internal to the partition module, and in the other
way it was used to pass the partition DN down to other modules. This
change makes the structure contain just the dn which is being passed
down.
This change is part of the support for linked attributes. We will be
passing this control down from above the partition module to force
which partition a request acts upon. The partition module now only
adds this control if it isn't already there.
|
|
Guenther
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
extended_dn_store.
By splitting the module, the extended_dn_in and extended_dn_store
moudles can use extended_dn_out to actually get the extended DN. This
avoids code duplication.
The extended_dn_out module also contains a client implementation of
the OpenLDAP dereference control (draft-masarati-ldap-deref-00).
This also introduces a new control
'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module
to return whatever the 'storage format' is. This allows us to work
with both OpenLDAP (which performs a dereference at run time) and LDB
(which stores the GUID and SID on disk).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00)
At this time, the ldb_controls infrustructure does not handle request
and reply controls having different formats, so this is purely the
client implementation (ie, there is no decode of the client->server
packet, and no encode of the server->client packet).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We need to make sure replicated updates are handled differently
in some situations, e.g. we should bypass the schema checks.
metze
|
|
This includes additional Samba-specific syntaxes made available from
the ldif_handlers code.
This commit also changes some table to use #defines, to ensure
consistancy in other parts of the code.
Andrew Bartlett
(This used to be commit e26a5efd9a580ed3728e1f449e367b1cd4a73b5f)
|
|
metze
(This used to be commit 2f06fbe06be2e1b77ea013ddba853ce819e58e88)
|
|
The ldif for that operation looks like this:
dn:
changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1
It uses the rootdse's object functional attribute schemaUpdateNow.
In rootdse_modify() this command is being recognized and it is send as extended operation with DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID.
In the partition module its dispatched to the schema_fsmo module.
The request is processed in the schema_fsmo module by schema_fsmo_extended().
(This used to be commit 39f9184ddf215f2b512319211c0a05702218ef87)
|
|
metze
(This used to be commit 8538d305c803268c712a90879f29a2a74ba0ef03)
|
|
These flags are too useful just to hide away...
Andrew Bartlett
(This used to be commit 1e897b6148407e9921edd2c3db734930d79ccb42)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit 85eeecf997a071ca7e7ad0247e8d34d49b7ffcbb)
|
|
further up the call stack.
(This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
for the schema, domain naming and pdc fsmo roles
infrastructure and rid manager will be added later,
when we have module for them
metze
(This used to be commit 308f9cf822a3a34dae28a5fa5aa850e2adbeb472)
|
|
an oid for the
control
metze
(This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
|
|
metze
(This used to be commit 2e79863d54030526841e5858e7be6a815c25593b)
|
|
because we now use DSDB_EXTENDED_REPLICATED_OBJECTS_OID extended operation
metze
(This used to be commit 4380cc9ed6ac2e6c133b5a36f922b341474a8e7e)
|
|
attribute is there
- add the values for objectGUID and whenChanged inside the ldb module,
so that the ldb module has only replicated attributes as input
metze
(This used to be commit 0ecb07e0526462529fb21cec30e789a9002b30a1)
|
|
the source dsa
and the highwater mark vector
metze
(This used to be commit a31e017e5388e5abd6ed9d09adcf26d2527954a6)
|
|
DSDB_EXTENDED_REPLICATED_OBJECTS
metze
(This used to be commit c9e7a58f6a16dfa28323fd0fd01ad6ee516c51b0)
|
|
more useful,
so that we can apply the schema partition objects with one call
metze
(This used to be commit 165ff94b8a89ef4b9145405633ed11ab9567376b)
|
|
to pass all needed info to the repl_meta_data module
metze
(This used to be commit d5db31cde279cf05bd13bcf0da03767ab3498079)
|