summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2011-10-07s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OIDStefan Metzmacher2-1/+41
Which allows the caller to pass a given 'pwdLastSet' value (every useful for migrations). metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
2011-10-07s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.hStefan Metzmacher1-10/+10
This makes clear that struct dsdb_control_password_change belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID. metze
2011-10-07s4-dsdb: special case for deleted objects one way linkAndrew Tridgell1-4/+17
we show wellknown links to the deleted objects container Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Oct 7 07:58:08 CEST 2011 on sn-devel-104
2011-10-07s4-dsdb: don't display links to deleted objectsAndrew Tridgell1-9/+42
unless the user asks for the display of deactivated links, we should not display DNs that link to deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-07s4-dsdb: fixed behaviour of show_deleted and show_recycled controlAndrew Tridgell1-38/+71
to correctly implement the show_deleted and show_recycled control we need to know if the recyclebin is enabled. When not enabled, the isRecycled attribute is ignored, and only isDeleted is used. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-07s4-dsdb: fixed the check_optional_feature() callAndrew Tridgell1-19/+24
the dsdb_check_optional_feature() call should look on our own NTDS DN for the enabled feature. This should work for all features, not just for forest wide fetaures. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06s4-dsdb: allow deletion of backlinks if DSDB_CONTROL_DBCHECK givenAndrew Tridgell2-1/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06s4-dsdb: added DSDB_CONTROL_DBCHECKAndrew Tridgell1-0/+3
this will be used for overrides by the dbcheck validator Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06s4-dsdb: allow groupType update on deleted objectsAndrew Tridgell1-1/+2
this allows dbcheck to fix groupType on objects that have been deleted Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06s4-dsdb: Do not assume that all deleted objects have an objectCategory and ↵Andrew Bartlett1-2/+2
sAMAccountType Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Oct 6 03:43:13 CEST 2011 on sn-devel-104
2011-10-06dsdb: Do not attempt to resolve conflicts on an RODCAndrew Bartlett1-2/+26
2011-10-06dsdb: fix double-free in replication failure case on RODCAndrew Bartlett1-1/+1
2011-10-04s4-dsdb: add the DSDB_CONTROL_PARTIAL_REPLICA when neededAndrew Tridgell1-0/+9
when we are adding an object via DRS, we need to add the DSDB_CONTROL_PARTIAL_REPLICA control if we are replicating a partial replica, so ensure the partition module creates new NCs as partial replicas
2011-10-04s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICAAndrew Tridgell3-0/+27
this control tells the partition module that the DN being created is a partial replica, so it should modify the @PARTITION object to add the partialReplica attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-dsdb: added DSDB_REPL_FLAG_ADD_NCNAME flagAndrew Tridgell1-0/+1
2011-10-04s4-dsdb: fixed formatting of a debug messageAndrew Tridgell1-1/+1
another missing newline
2011-10-04s4-partition: allow creation of uninstantiated partitionsAndrew Tridgell1-6/+0
this is needed for a subdomain join by a new NC. The NC is initially uninstantiated
2011-10-04s4-dsdb: allow uninstantiated NC headsAndrew Tridgell1-2/+4
this allows INSTANCE_TYPE_WRITE to be not set if INSTANCE_TYPE_UNINSTANT is set
2011-10-04s4-dsdb: implement DSDB_REPL_FLAG_PRIORITISE_INCOMINGAndrew Tridgell1-4/+22
With this set, we accept changes even if they have the same tuple as the local copy. This can be used by a FULL_SYNC replication to recover a replica that is corrupt
2011-10-04s4-dsdb: disallow changes based on instanceTypeAndrew Tridgell1-4/+13
if instanceType does not include INSTANCE_TYPE_WRITE, then disallow changes to any replicated attributes. This ensures partial replicates are not alterered
2011-10-04s4-dsdb: added DSDB_REPL_FLAG* to replicationAndrew Tridgell1-2/+15
this allows the replication server to control replication via a set of flags. Initial flags will allow control for partial replications and full_sync support
2011-09-23build: avoid util.h as a public header name due to conflict with MacOSAndrew Bartlett8-8/+8
2011-09-22s4-dsdb: load the partialReplica attribute in the @PARTITION objectAndrew Tridgell3-2/+27
this modifies the partition module to honor a partialReplica attribute on the @PARTITION module, marking partiations as partial replicas so the NO_GLOBAL_CATALOG control can be honoured
2011-09-22s4-dsdb: added NO_GLOBAL_CATALOG controlAndrew Tridgell1-0/+3
this control is used to ask samdb to not return searches with a basedn in partial repica partitions, which is needed to support the difference between a search on the 3268 GC ldap port and the non-GC 389 port
2011-09-19s4-dsdb: cope with out of sync replication attributes in partition moduleAndrew Tridgell1-1/+68
if the @ATTRIBUTES or other objects which are replicated between partions become out of sync, then the ldb would fail to open. This changes ensures that we can always fix those records, by running the operation in the top level partition, and replicating the result to the other partitions Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 19 04:31:48 CEST 2011 on sn-devel-104
2011-09-19s4-drs: cope with REPL_OBJ getncchanges call for new objectAndrew Tridgell1-5/+10
when we do a subdomain join we create a new object using a REPL_OBJ getncchanges call for the partitions DN. This has a side effect of creating that object. We need to skip the UDV update in that case Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-08s4-cracknames: use consistent search for crossRef objectsAndrew Tridgell1-2/+4
This matches the search in other places Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Sep 8 05:02:54 CEST 2011 on sn-devel-104
2011-09-08s4-dsdb: prevent crash on bad DN in construct_parent_guid()Andrew Tridgell1-0/+3
this was found by a flakey test in autobuild
2011-09-05s4-cracknames: fixed cracknames to use more specific searchAndrew Tridgell1-13/+12
this uses the bitwise comparison ldap operators to ensure we only get NC roots Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Sep 5 12:48:39 CEST 2011 on sn-devel-104
2011-09-05s4-schema consolidate schema handlingAndrew Bartlett1-21/+5
It also creates a single routine dsdb_load_ldb_results_into_schema() to handle cases where the schema is in the form of an ldb_result. Andrew Bartlett
2011-08-26s4-dsdb Return ACL errors as ldb_errstring()Andrew Bartlett2-17/+30
This string is reported to the caller, which makes debugging much easier. Andrew Bartlett
2011-08-25s4-dsdb: fixed use of RMD flags in ldb search in dirsync moduleAndrew Tridgell1-2/+2
I'm pretty sure a SHOW_DELETED was wanted here Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
2011-08-25s4-dsdb: fixed newlines in DEBUG() calls in cracknamesAndrew Tridgell1-14/+14
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: assert that base DNs are used correctlyAndrew Tridgell1-0/+5
this will catch future programmer errors with incorrect base DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: enforce NULL DN validity in partition moduleAndrew Tridgell1-0/+3
windows does not allow a search on the empty DN except for rootDSE searches or for phantom_root searches (ie. with --cross-ncs). By enforcing this in Samba we make it more likely that our tests and utilities will work against windows Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed basedn in extended_dn_in moduleAndrew Tridgell1-6/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: cleanup use of NULL vs base DN in samldbAndrew Tridgell1-7/+18
NULL should be used when doing all partition searches. The default basedn should be used when wanting just the domain NC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: removed unused function in ACL moduleAndrew Tridgell1-39/+0
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed all partitions search in cracknamesAndrew Tridgell1-1/+1
when searching all partitions we must use the NULL basedn, or we will miss partitions in multi-domain setups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-18s4-dsdb: fixed deletion of backlinks for fl2000 DCsAndrew Tridgell1-18/+13
when in FL 2000 we were not correctly deleting backlinks as we uses dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules should use dsdb_module_dn_by_guid() which prevents going to the top level, and finds deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dsdb: added comments and fixed backlink check in repl_meta_dataAndrew Tridgell1-2/+17
added comments explaining the backlink deletion code, plus fix a use of a bitwise operation in a boolean expression, and avoid calling dsdb_functional_level() inside a loop Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dirsync: use dsdb_module_dn_by_guid() not dsdb_find_dn_by_guid() in modulesAndrew Tridgell1-1/+1
this prevents us going to the top level of the module stack Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb: Provide additional method to connect to specified database pathAmitay Isaacs1-5/+16
samdb_connect() now calls samdb_connect_url() with default "sam.ldb". Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb ensure we honour the hash_values control, even for really odd hashesAndrew Bartlett1-2/+4
2011-08-12s4-dsdb: expand dsServiceName from GUID form at runtimeAndrew Tridgell1-6/+54
this allows dsServiceName to be stored as an extended DN or GUID form in @ROOTDSE, and its string form will be found at runtime. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: remove the naming_fsmo and pdc_fsmo modulesAndrew Tridgell3-42/+0
these are not needed now that the rootdse modules calculates the validFSMOs attribute at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: calculate validFSMOs at runtime instead of pre-computingAndrew Tridgell3-251/+45
this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-10s4:subtree_rename LDB module - fix the move/rename constraintsMatthias Dieter Wallnöfer1-10/+7
s4:subtree_rename LDB module - fix the move/rename constraints By the inspiration of an email request by ekacnet I have rechecked the move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the MS-ADTS technical documentation. It really turns out that the constraint checking is only performed on the root object of a request. In addition add my copyright notice (I've written these constraint checks). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
2011-08-10s4-dsdb: avoid printing a pointless debug lineMatthieu Patou1-1/+1