| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
single-valued attribute on SAM modifications
This saves quiet some work.
|
|
save memory
|
|
support multiple "primaryGroupID" modification entries
|
|
- adapt the "samldb_member_check" trigger to support multiple "member"
modification entries. There can exist special modification messages which
delete and add members in one operation
- support the right error codes when modifications do fail
(ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM)
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 30 15:41:46 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
based on running waf --symbol-check
|
|
this fixes some double linking. The name 'KERBEROS' was also a bit
confusing, as it sounded like a base kerberos library, when it is in
fact part of auth
|
|
ldb-wrap and the ldif-handlers are not really related, and this allows
us to remove another dependency loop
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
|
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
rather than WERR_DS_NO_MSDS_INTID.
WERR_DS_NO_MSDS_INTID is intended to be used for msDsIntId
attribute values handling
|
|
- Also multi-valued "member" attributes are allowed
- When you try to delete a member from a group which has it primary group set
exactly to this group you get "UNWILLING_TO_PERFORM"
|
|
constraints
Only the "description" attribute has this special restrictions.
|
|
|
|
|
|
|
|
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't?
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 12:31:57 UTC 2010 on sn-devel-104
|
|
This is the AD behaviour. But on attributes with the flag
"FLAG_ATTR_REQ_PARTIAL_SET_MEMBER" it is allowed.
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 09:48:15 UTC 2010 on sn-devel-104
|
|
|
|
|
|
strings
They can be substituted by "ldb_msg_add_string" if the string was already
talloc'ed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 24 20:03:27 UTC 2010 on sn-devel-104
|
|
In both the "objectguid" and the "repl_meta_data" DSDB module.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 24 18:39:43 UTC 2010 on sn-devel-104
|
|
This should prevent all possible integer storage problems in future.
|
|
Rename DSDB_MODULE to dsdb_module.
|
|
|
|
|
|
|
|
Only link to nss_wrapper when it is enabled.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Oct 23 23:05:44 UTC 2010 on sn-devel-104
|
|
|
|
LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
|
|
We didn't seem to get the control created by the time we do searches here.
Andrew Bartlett
Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org>
Autobuild-Date: Thu Oct 21 12:29:54 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
added some depenencies needed for -Wl,-no-undefined
|
|
this prevents a duplicate object file
|
|
samdb/ldb_modules/schema_util.c
these functions operate on ldb_modules, so they should be in the
ldb_modules directory. They also should return ldb errors codes, not
WERROR codes, as otherwise the error can be hidden from the ldap
caller
This re-arrangement fixes a dependency loop in the schema/samdb code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Kamen Mazdrashki <kamenim@samba.org>
|
|
This helps ensure that we don't get confusing error strings in the
logs on other error cases.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
|
|
If we send the full extended DN, then we risk standards-complient LDAP
servers rejecting it as invalid. Only the DN portion is needed to
resolve the record in any case, and any SID or GUID componenets have
already been evaluated into the DN.
Andrew Bartlett
|
|
this is needed to allow it over ldap
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
|
|
if we get an unregistered control in the rootdse module, and the
request comes from an untrusted source (eg. ldap://) then we need to:
1) filter the control out if it is marked non-critical
2) give an error if it is marked critical
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This shows up at build time on MacOS and runtime on Linux when we
use the LDAP backend.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Oct 18 00:57:51 UTC 2010 on sn-devel-104
|
|
|
|
in "dsdb/common/util.c""
This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
|
|
"dsdb/common/util.c"
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
|
