| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The issue here is that before we load the schema partition, we may not
have the correct casefolding rules. As such, keep things simple and
use the DN exactly as found in the @PARTITIONS record to find the
database.
Andrew Bartlett
|
|
|
|
This is needed because the new format of the partitions record is a
casefolded DN, not a DN and file combination.
Andrew Bartlett
|
|
I really don't want a cn=foo/../bar in my ldb file name.
Andrew Bartlett
|
|
This allows the partition to be created before we try and set a
notification on it. (perhaps extra work required here for partition
heads).
Andrew Bartlett
|
|
This is done by passing an extended operation to the partitions module
to extend the @PARTITION record and to extend the in-memory list of
partitions.
This also splits things up into module parts that belong above and below
repl_meta_data
Also slit the partitions module into two files due to the complexity
of the code
Andrew Barltett
|
|
Nadya, I'm guessing you plan on adding some real elements to this
structure later. For now I've added _dummy so the build can continue
with the Solaris C compiler.
|
|
According to abartlet's response on my post about "lp_workgroup" this should be
the right call.
|
|
We were storing privileges in the sam, which was OK when we were a
standalone DC, but is no good when we replicate with a windows DC.
This moves the privileges to a separate (local) database
|
|
w2k8 imposes a limit of 64 characters on the rDN
|
|
And don't cut them out from the DNS hostname.
|
|
I think the check for empty messages fits best here.
|
|
This avoids using an ldb_search(), which would run from the top of the
module stack. This will help us load the schema before the partitions
are initialised.
Andrew Bartlett
|
|
These take an ldb_module argument, and avoid doing the search from the
top of the stack again.
(This will help when modules are initialised before being added to the
partition set)
Andrew Bartlett
|
|
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
|
|
|
|
It's very useful to know the exact result code when something fails and not
only a generic (by the module) created one.
Sure, there are some exception cases with specific results (special message
constellations, attributes, values...) which shouldn't be changed at all
(examples of them are in the "ldap.py" test). Therefore I looked very
carefully to not change them.
|
|
|
|
|
|
|
|
This also uses systemPossibleInferiors when the 'relax' control is
specified, which is done by the provision.
Andrew Bartlett
|
|
These additional constraints are applied, found by the Microsoft testsuite.
- When the parent is not present, we now return 'NO_SUCH_OBJECT'.
- Restrict the choice of RDN to the correct one per the schema
- Honour the allowedChildClasses attribute from the parent's objectClass.
Andrew Bartlett
|
|
(except as part of the provision, which specifies the 'relax' control)
Andrew Bartlett
|
|
- Add more "talloc_free"s and right error values where needed
- Add a pre-lookup for entries before searching for metadata attribute
(also suggested by TODO list)
- Now the most part of "ldap.py" works again
|
|
This error per the Microsoft testsuite
|
|
|
|
|
|
The issue here is that when we resolve DOM\\ into an NT4 name, we
would not initilise the nt4_account output.
Andrew Bartlett
|
|
The instanceType needs to be specified in future because that's how
the partitions are actually created.
|
|
|
|
This allows this control to be specified as critical. We support the
control because we choose to always be durable in our transactions.
We really, really need a 'duplicate request' API, as at the
moment we can't do this without a large, error-prone set of code that
cannot cope with new request fields or types.
Andrew Bartlett
|
|
request that specify objectGUID attribute.
|
|
The relative DN must be the one that the most specific structural
objectclass specifies.
Andrew Bartlett
|
|
We need to create Domain Users in the test ldb
|
|
This helped track down the samba3sam.py failures
|
|
|
|
When searching across partitions, we want to avoid sending duplicate
records caused by the record appearing both as a mount point and as a
partition root in a nested partition. This patch works by intercepting
objects from searches and checking if they match a partition root. If
they do, and the partition is not the one in the partition control
request, then discard the object.
|
|
|
|
|
|
|
|
We may also need to remove the isCriticalSystemObject when the machine
is demoted
|
|
|
|
|
|
When we vampire from w2k8-r2, the DC sends us a linked attribute for
our machine account which has a target DN with a GUID of the OU=Domain
Controllers objects, but has a DN of CN=Computers. We need to use the
GUID to resolve the real DN.
|
|
This also ensures we add the SHOW_DELETED control on searches for old
replPropertyMetaData attributes
|
|
|
|
We need to sort on both module add and modify
|
|
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data
to ensure we fill in the meta data for replication
|
|
w2k8 sometimes sends us a new object via DRS with an attribute with no
values
|
|
These additional debug messages were added to help us track down
w2k8->s4 domain join
|
