Age | Commit message (Collapse) | Author | Files | Lines |
|
This seems to show up (as an abort() from talloc) particularly under
ldb_ildap.
Andrew Bartlett
(This used to be commit 9890af534d845d471d2a98268c408a907b29e016)
|
|
attributes to backend (remote) attributes.
We can't do a reverse mapping safely where the remote attribute may be
a source for multiple local attributes. (We end up with the wrong
attributes returned).
In doing this, I've modified the samba3sam.js test to be more
realistic, and fixed some failures in the handling of primaryGroupID.
I've added a new (private) helper function ldb_msg_remove_element() to
avoid a double lookup of the element name.
I've also re-formatted many of the function headers, to fit into
standard editor widths.
Andrew Bartlett
(This used to be commit 186766e3095e71ba716c69e681592e217a3bc420)
|
|
the result entry is skipped!
metze
(This used to be commit 62aa73f3d56596780fc82fecbc99c688ecbf5b08)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
(This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
|
|
dependency loops).
This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.
Andrew Bartlett
(This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
|
|
libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
|
|
argument.
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
(This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
|
|
Andrew Bartlett
(This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
|
|
it to keep the data around as long as the module lives
(This used to be commit d2073c1f7e1bc674358df5da0dc09e183b4b8712)
|
|
(This used to be commit 524ec78086597e0507cb6ce307155ef1b6a47836)
|
|
(This used to be commit 3e0e2787c1da1c3831e21b163e1370001d725a3d)
|
|
(This used to be commit f163f422e3f201d8b0e22538949eccf0f7e62143)
|
|
(This used to be commit 3f48bcb0585684686ba7601eb7614589a1bc2f5d)
|
|
(This used to be commit f57535b9c2214e58c71084fcb9d74848e7d26b89)
|
|
Always set the krb5key from the ntPwdHash, even if we don't have the
cleartext password in sambaPassword. This fixes kerberos after a
vampire.
Andrew Bartlett
(This used to be commit 1d4d2271c9b944db3a9a2eba971aec5bcd9cf100)
|
|
There is a reason why we use them :-)
(This used to be commit e3b7e91299559ddc7f300be53785d313a4aa90fc)
|
|
Andrew Bartlett
(This used to be commit 331003239972d80864211377e864f7e469bd3d77)
|
|
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
|
|
metze
(This used to be commit ed195999c0c7d89cdc61e980576d191fc05d65d7)
|
|
reused by multiple connections
(This used to be commit ca8827d8f9a9f6ec60afed29b0b85f491d725d1c)
|
|
This moves these attributes from objectguid into an optional backend
(objectguid), used by ltdb. For OpenLDAP, the entryUUID module
converts entryCSN into usnChanged.
This also changes the sequence number API, and uses 'time based'
sequence numbers, when an LDAP or similar backend is detected.
To assist this, we also store the last modified time in the TDB,
whenever we change a value.
Andrew Bartlett
(This used to be commit 72858f859483c0c532dddb2c146d6bd7b9be5072)
|
|
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which
is different from SAMR_REJECT_COMPLEXITY.
torture test to follow as well.
Guenther
(This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
|
|
to mess with the values in these cases.
Where we do convert the values, try and convert substrings. This
isn't going to be perfect, but we should try rather than segfault.
This also avoids using the wrong arm of the union for the attribute
name
The change in the entryUUID module is to correct the case of
sAMAccountName, due to the case sensitive ldap.js test.
Andrew Bartlett
(This used to be commit 81d9a692c1e74ec9078bf718003eafdba85b4324)
|
|
This adds a list of attributes that are in our wildcard seaches, but
the remote server requires to be explicitly listed. This also cleans
up the handling of wildcards in ldb_map to be more consistant.
Also fix the partitions module to rebase the search, if on the GC
port, we do a subtree search. (Otherwise backends can rightly
complain that the search is not in their scope).
Andrew Bartlett
(This used to be commit bc58792b7102f086b19353635d5d5ef9d40a0aae)
|
|
asks for them as large integers, rather than a negative integer.
Due to an OpenLDAP bug, this only works reliably against OpenLDAP CVS
as of today. (but mostly works in older versions, depending on a
thread-specific value fo errno in the server).
Andrew Bartlett
(This used to be commit 3b5354aededc619ac6656611eacd43888e74260a)
|
|
supportedSASLMechanism list.
Andrew Bartlett
(This used to be commit 3e69637b5f79e4132026ebaf9d57cf67ef3826c1)
|
|
string-format GUID.
Andrew Bartlett
(This used to be commit 11cc6408c93f46f4d9ae7ae0ee18dac836fe270d)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
Store the plaintext password in userPassword in the LDAP backend so
that the OpenLDAP server can use DIGEST-MD5.
Andrew Bartlett
(This used to be commit 1b02c604b2c55e1c9e15ac1f266e7df74d619dbd)
|
|
* libreplace can now build stand-alone
* add stub testsuite for libreplace
* make talloc/tdb/ldb use libreplace
(This used to be commit fe7ca4b1454e01a33ed0d53791ebffdd349298b4)
|
|
(This used to be commit b49b8f5cb5ffa29a3b63f70a1f437c9720d2228c)
|
|
AD schema).
Andrew Bartlett
(This used to be commit fac27e4dddc98288dc765e135db6b168fbec760c)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
(This used to be commit 7664b52b89bfac6f2db52fae2daa65c856acd1ac)
|
|
(This used to be commit 4241a1bb832461ca44ce0f20cb770ea2b6f2d7e3)
|
|
For that, it needs to hook into the modify operation.
Andrew Bartlett
(This used to be commit d22117a53bafa4bb72c854353620099b5a6f81d8)
|
|
At the moment it is able to validate an object has no conflicting
objectlasses that it meets the criteria to be inserted as child of
the parent and also sorts and create the objectclass hierarchy so
that the objectclass .c module can be obsoleted.
Not activated by default as we have to completely rework the
current provisioning method. (In my tests I could not activate
it before all other ldif except for the one that create users
were loaded, make test seem to be happy anyway if it is activated
after provisioning).
Next steps will be attribute and attribute syntax checking on add operation.
And then the modify operation will follow.
Simo.
(This used to be commit 0c444ba1adfb9ce5cfa736bf0620aa3bec66050d)
|
|
contex :-)
once at connection time, after modules have been loaded.
Introduce a function to retrieve the value where needed.
(This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
|
|
(This used to be commit 4ec4f91a437bdfab7b8e0fd1e43c0b8b1927e461)
|
|
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
|
|
needed in searches
(This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
|
|
metze
(This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
|
|
OID mappings.
The key point is to 'enable' the partitions in the partitions module
before the init is complete. That way, the modules can perform
searches that use partitions.
Andrew Bartlett
(This used to be commit 420d1920a6824a6c0cb70b4ba832ddb90b0e95ff)
|
|
Try to cope with partital initialisation.
Andrew Bartlett
(This used to be commit 3c497405fea2f3e48a0d1bb2818b6a1ff345d368)
|
|
(This used to be commit 9f810ddd1436672e16a6b80500bb14aa21e097de)
|
|
translation. I hope to have this reading a schema structure in the
future.
Andrew Bartlett
(This used to be commit fb085a651ff60ab9b5d120a1ea228ff3edf0c224)
|
|
distinguisedName on templated objects.
In looking how to handle distinguishedName correctly on LDAP, I was
very glad to find it supported entryDN, and this adds another mapping.
Andrew Bartlett
(This used to be commit 3b5c973988648a2b2a5e1885ee894607e4d9679b)
|
|
Andrew Bartlett
(This used to be commit 0e19d159697e99f6c45879cf42c39c9b2b134ffa)
|