summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-06-29Fixed incorrect use of cn instead of lDAPDisplayNameNadezhda Ivanova1-2/+2
2010-06-29s4/repl_meta_data: remove duplicated (and commented out) logKamen Mazdrashki1-6/+0
2010-06-28s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.Endi S. Dewata1-6/+8
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-28s4:repl_meta_data LDB module - fix counter typeMatthias Dieter Wallnöfer1-1/+1
2010-06-28s4:acl LDB module - fix counter typeMatthias Dieter Wallnöfer1-1/+2
2010-06-28Implementation of self membership validated right.Nadezhda Ivanova1-1/+100
When this right is granted, the user can add or remove themselves from a group even if they dont have write property right.
2010-06-28s4/drs: re-implement 'renaming' object replicationKamen Mazdrashki1-18/+53
We should rename objects only after we make sure, that changes on the partner DC are newer than what we have. This fixes a bug, when we have following situation with 2 DCs: - we have an object O on the two DCs - we rename (delete) object O on DC1 - DC1 replicates from DC2 In the above scenario, object O will be renamed back to its original name (i.e. it will be restored). Now, we check that DC2 state is older than what we have, so nothing happens with object's DN.
2010-06-26s4:dsdb/ridalloc: add comment about windows behavior regarding rIDUsedPoolStefan Metzmacher1-1/+6
metze
2010-06-24s4-python: python is not always in /usr/binAndrew Tridgell2-2/+2
Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-23s4:operational LDB module - fix a misleading commentMatthias Dieter Wallnöfer1-1/+2
2010-06-22s4:password_hash LDB module - fix another problem regarding the lanman hashMatthias Dieter Wallnöfer1-13/+16
When a user only provides only the lanman hash (and nothing else) and the lanman authentication is deactivated then we end in an account with no password attribute at all! Lock this down.
2010-06-20s4:subtree_delete LDB module - now do support tree delete operationsMatthias Dieter Wallnöfer1-9/+45
2010-06-20s4:dsdb - add a new dsdb delete function which understands the tree delete ↵Matthias Dieter Wallnöfer1-0/+53
control
2010-06-20s4:samldb LDB module - remove "samldb_set_defaultObjectCategory"Matthias Dieter Wallnöfer1-78/+0
As far as I can tell and the test show the DN gets now normalised automatically when stored into the database. Anyway, if we find a case where this doesn't happen then I propose to do it centrally for all DN attributes in common since we should get away from special attribute hacks as far as possible.
2010-06-20s4: Using control bypassoperational allow the logic of this module to be ↵Matthieu Patou1-10/+39
bypassed for some given attributes Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-06-19s4:instancetype LDB module - "instanceType" is single-valued - MS-ADTS ↵Matthias Dieter Wallnöfer1-2/+12
3.1.1.5.2.2
2010-06-19s4:objectclass LDB module - disable delete operations when ↵Matthias Dieter Wallnöfer1-5/+80
"SYSTEM_FLAG_DISALLOW_DELETE" is specified
2010-06-19s4:rootdse LDB module - strip trailing whitespacesMatthias Dieter Wallnöfer1-24/+24
2010-06-19s4:rootdse LDB module - protect add and delete operations on the rootdse entryMatthias Dieter Wallnöfer1-4/+34
2010-06-19s4:rootdse LDB module - Return "UNWILLING_TO_PERFORM" when no attribute fits ↵Matthias Dieter Wallnöfer1-1/+2
on a change
2010-06-19s4:rootdse LDB module - refactor error messagesMatthias Dieter Wallnöfer1-24/+29
Fix indentations, use "set_errstring" when no "asprintf" functionality required.
2010-06-19s4:objectclass LDB module - use the old DN when displaying error messagesMatthias Dieter Wallnöfer1-2/+2
2010-06-19s4:objectclass LDB module - add a better message when the parent DN is invalidMatthias Dieter Wallnöfer1-2/+3
2010-06-19s4:objectclass LDB module - add an error message when someone tries to add ↵Matthias Dieter Wallnöfer1-3/+4
entries without objectclasses
2010-06-19s4:objectclass LDB module - handle the case when there is a retry to add the ↵Matthias Dieter Wallnöfer1-0/+26
root basedn This isn't quitted with a normal "NO_SUCH_OBJECT" (parent not found) but with a very special referral: one with the DN itself and the hostname is the last component value of the DN.
2010-06-19dsdb: Fix includes when building against system ldb.Jelmer Vernooij2-0/+4
2010-06-19dsdb: Use Samba includes so _PUBLIC_ is defined.Jelmer Vernooij2-2/+2
2010-06-19dsdb: Make module ops struct for each module public.Jelmer Vernooij7-8/+6
2010-06-18s4:objectclass LDB module - move "mem_ctx" initialisation lowerMatthias Dieter Wallnöfer1-16/+11
Saves us some "talloc_free"s on error cases
2010-06-16s4: Fix build when there is a system-provided ldb.Jelmer Vernooij1-1/+1
2010-06-16s4:linked attributes LDB module - strip trailing whitespacesMatthias Dieter Wallnöfer1-35/+35
2010-06-16s4:linked_attributes LDB module - cosmeticsMatthias Dieter Wallnöfer1-12/+10
- unsigned counters for LDB objects - we tend to have the "ret" variable always as the last declaration to see which type of error a function returns
2010-06-16s4:dsdb Allow renames with (now removed) linked attributesAndrew Bartlett1-3/+11
It is important to allow the rename, even if we just have one-way links, as this happens on deleted objects, which have the backlinks alredy removed by repl_meta_data. Andrew Bartlett
2010-06-16s4:dsdb Fix linked_attributes to cope with the Feb 2010 changes to DLISTAndrew Bartlett1-2/+6
The DLIST macros changed in behaviour in Feb 2010, and walking the lists backwards is no longer safe if you don't use the macros. Andrew Bartlett
2010-06-16s4:dsdb Assert that we can't get backlinks as input in linked_attributesAndrew Bartlett1-2/+15
The objectclass_attr module should prevent users creating such links, and the mrepl_meta_data module should only create them in functional level 2003 or above. Andrew Bartlett
2010-06-16s4:dsdb use dsdb_module_modify() rather than ldb_next_request()Andrew Bartlett1-22/+2
This does exactly the same thing, but with less code. Andrew Bartlett
2010-06-16s4:dsdb Handle backlinks for Windows 2000 level linked attributesAndrew Bartlett2-12/+928
This revives the code from 5964acfa741d691c0196f91c0796122ec025f177, before tridge and I simplified this too much, and removed the Windows 2000 functional level linked attribute support. By telling the linked_attributes module that repl_meta_data has handled the links, we avoid a conflict for the new style (functional level 2003 and above) linked attributes. However, we still need backlinks for 2000 style linked attributes, so this allows that code in the linked_attributes module to be revived to handle those. Andrew Bartlett
2010-06-16s4:dsdb Add control for signaling between repl_meta_data and linked_attributesAndrew Bartlett1-0/+5
This control will allow the linked_attributes module to know if repl_meta_data has already handled the creation of forward and back links. Andrew Bartlett
2010-06-15dsdb: Fix includes when building against system ldb.Jelmer Vernooij5-44/+45
2010-06-15dsdb: Build modules as external modules when using system ldb.Jelmer Vernooij1-3/+37
2010-06-15s4:dsdb Move linked attribute restrictions to objectclass_attrsAndrew Bartlett1-0/+9
This puts more of the schema restrictions in one place. Andrew Bartlett
2010-06-13s4:fix allocated control OIDs for "password_hash" LDB moduleMatthias Dieter Wallnöfer1-3/+3
The password hash module controls overlapped others. Sorry, but the "schema_samba4.ldif" hasn't been kept up-to-date.
2010-06-13s4-test: Use smb.conf path set in environment rather than usingJelmer Vernooij1-14/+15
command-line options. This is the first step towards supporting custom test runners.
2010-06-12s4:password_hash LDB module - this does really deactivate the MS LAN manager ↵Matthias Dieter Wallnöfer1-5/+9
hash Previously, only the conversion from cleartext to the LM hash was deactivated, and not when the user specified it directly through "dBCSPwd".
2010-06-12s4:password_hash LDB module - fix commentMatthias Dieter Wallnöfer1-1/+1
2010-06-11s4:rootdse LDB module - use LDB result constantsMatthias Dieter Wallnöfer1-4/+5
2010-06-10s4:samldb LDB module - fix up the case when the old and new "primaryGroupID" ↵Matthias Dieter Wallnöfer1-7/+7
are the same
2010-06-10s4:samldb LDB module - don't create multiple "ac" module contexts on modify ↵Matthias Dieter Wallnöfer1-12/+6
operations Since we do now run sequentially through all checks we don't need multiple "ac" contexts anymore.
2010-06-10s4:samba_dsdb LDB module - move the "objectclass_attrs" module backMatthias Dieter Wallnöfer1-1/+1
I think it should be lower in order to control also the "instanceType" module.
2010-06-10s4:instancetype LDB module - prevent all types of "instanceType" manipulationMatthias Dieter Wallnöfer1-0/+16
Also on Windows Server you aren't able to change it.