summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2009-09-18s4-drs: cope with dupliate linked attributesAndrew Tridgell1-1/+41
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS which are duplicates of entries that we already have. We need to cope with this by using a remove/add pair in the ldb_modify() to avoid a "entry already exists" error
2009-09-17s4:descriptor module - Revert and const fixupsMatthias Dieter Wallnöfer1-7/+18
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings
2009-09-17s4:descriptor - cosmeticMatthias Dieter Wallnöfer1-1/+1
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer2-10/+3
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-16Owner and group defaulting.Nadezhda Ivanova3-57/+479
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-15s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell1-10/+10
we were setting local_usn after the marshall, so it wasn't going into the object
2009-09-14s4-repl: handle rename in repl_meta_dataAndrew Tridgell1-0/+97
On a rename we need to update uSNChanged, and the max uSN for the partition
2009-09-14s4-repl: fixed a memory error handling linked attributesAndrew Tridgell1-10/+10
We could get a double free with multiple linked attributes in a message
2009-09-14dsdb: the samba3 ldap schema has no sambaAccountPolicy (any more at least)Michael Adam1-1/+0
Michael
2009-09-13s4-repl: use the new dsdb partition uSN helper fnsAndrew Tridgell1-78/+16
2009-09-13s4-sam: allow a search to specify a partitionAndrew Tridgell1-2/+17
You can now attach a partition control to searches to search within a specific partition. This is used to get at the per-partition @REPLCHANGED object
2009-09-13s4-repl: keep a @REPLCHANGED object on each partitionAndrew Tridgell1-24/+310
This object tracks the highest uSN in each partition. It will be used to allow us to efficiently detect changes in a partition for sending DsReplicaSync messages to our replication partners.
2009-09-12s4:repl_meta_data: increment the attribute version with each changeStefan Metzmacher1-1/+2
metze
2009-09-12s4-samdb: make it possible to ask for the sequence number of a partitionAndrew Tridgell1-0/+9
The partition module normally makes the sequence number extended op operate across all partitions. It will be useful in the repl task to be able to ask for the sequence number of one partition
2009-09-12s4-repl: don't be too eager to allocate new sequence numbersAndrew Tridgell1-7/+9
we only need to allocate a new sequence number when replPropertyMetaData is changing or being created on an object
2009-09-12s4-samdb: internal s4 ldb modules should be GPL not LGPLAndrew Tridgell8-95/+63
I think these modules ended up LGPL because someone based the module on an existing LGPL module in the core ldb, and it spread from there. Certainly there is no reason for the ldb modules that are not distributed as part of ldb to be LGPL.
2009-09-12s4-repl: we should only update uSNChanged when replication data changesAndrew Tridgell1-29/+39
When changing non-replicated attributes we should not update the uSNChanged attribute on the record, otherwise the DRS server will think this record needs replicating.
2009-09-12repl_meta_data: Fix include path when building with standalone ldb.Jelmer Vernooij1-1/+1
2009-09-11s4-vampire: cope with no invocationID when vampiring the schemaAndrew Tridgell1-3/+4
2009-09-11s4-repl: don't update replPropertyMetaData for non-replicated attributesAndrew Tridgell1-0/+7
thanks to Metze for spotting this
2009-09-11s4-repl: on every ldb modify we need to update replPropertyMetaDataAndrew Tridgell1-8/+171
Every time we change a ldb object with the repl_meta_data module loaded we need to update the replPropertyMetaData attribute to fix the timestamps and USNs of the attributes being changed.
2009-09-08s4:repl_meta_data: remove unused codeStefan Metzmacher1-11/+0
metze
2009-09-07s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")Matthias Dieter Wallnöfer1-104/+0
2009-09-07s4:simple_ldap_map - "primaryGroupId"Matthias Dieter Wallnöfer1-4/+15
Previous patch was incomplete regarding the "primaryGroupId" attribute. Complete it.
2009-09-07s4:samldb - Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-09-07s4:subtree delete module - Cosmetic adaptionsMatthias Dieter Wallnöfer1-11/+16
2009-09-07s4:samldb - Major reworkMatthias Dieter Wallnöfer1-243/+1000
This fixes up the change of the primary group of a user when using the ADUC console: - When the "primaryGroupId" attribute changes, we have to delete the "member"/"memberOf" attribute reference of the new primary group and add one for the old primary group. - Deny deletion of primary groups according to Windows Server (so we cannot have invalid "primaryGroupID" attributes in our AD). - We cannot add a primary group directly before it isn't a secondary one of a user account. - We cannot add a secondary reference ("member" attribute) when the group has been chosen as primary one. This also removes the LDB templates which are basically overhead now. This should also fix bug #6599.
2009-09-06s4:simple_ldap_map - Enhance it for supporting "primaryGroupID" in the right wayMatthias Dieter Wallnöfer1-14/+25
2009-09-06s4:"linked attributes" modules - correct the commentsMatthias Dieter Wallnöfer1-2/+2
2009-09-03another large change to the linked_attribute moduleAndrew Tridgell1-20/+64
This one copes with deleted objects where linked attributes have been set on the module. We hit this when we do the ldb wipe at the start of a provision, which trigers linked attribute updates, but for objects that have disappeared. We need to ensure that the linked attribute updates only happen on the right object, and if the object gets re-created (as happens with a provision) then it is not the right object. To cope with this we record the GUID of the object when the operation that triggered the linked attribute update comes in, and then find the DN by suing that GUID when we apply the change in the prepare commit hook.
2009-09-03hook on prepare_commit instead of transaction_endAndrew Tridgell2-8/+11
This allows for safe transaction end aborts
2009-09-03greatly simplify the transaction processing in the partition moduleAndrew Tridgell1-51/+29
Now that ldb is calling prepare commit separately, the job of the partition module on transaction end is much simpler (and more robust!)
2009-09-03change repl_meta_data to process linked_attributes structures in end_transactionAndrew Tridgell1-4/+276
When running at functional level 2 or above, the repl_meta_data module can receive linked attribute structures from the repl replication task. These attributes can come through DRS before the associated objects have been created. To cope with this, we need to process linked attributes in the end_transaction hook.
2009-09-03fixed transaction handling in linked_attributes moduleAndrew Tridgell1-76/+4
We need to call down to the next transaction function when we finish in linked_attributes. This also changes linked_attributes to use the common dsdb_find_dn_by_guid() function
2009-09-03add the the linked attributes elements to the repl structureAndrew Tridgell1-1/+4
This exposes the linked_attributes to the repl_meta_data module
2009-09-02traverse the ac list in reverse orderAndrew Tridgell1-1/+6
items are added to the linked attribute list using DLIST_ADD(), which means to commit them to the database in the same order they came from the server we need to walk the list backwards when we traverse it
2009-09-02s4:dsdb rewrite the linked_atrributes code to commit in the end_transaction hookAndrew Tridgell1-107/+281
linked attribute changes can come in any order. This means it is possible for a forward link to come over the wire in DRS before the target even exists. To make this work this patch changed the linked attributes module to gather up all the changes it needs to make in a linked list, then execute the changes in the end_transaction hook for the module. During that commit phase we also fix up all the DNs that we got by searching for their GUID, as the objects may have moved after the linked attribute was sent, but before the end of the transaction
2009-09-02add the partition_control control to replication requestsAndrew Tridgell1-0/+22
We know the partition DN from the DRS objects, we need to pass this down the modules below us to ensure they operate on the right partition
2009-09-02change the dsdb_control_current_partition to not include internal variablesAndrew Tridgell2-82/+88
This structures was used in two ways. In one way it held variables that are logically internal to the partition module, and in the other way it was used to pass the partition DN down to other modules. This change makes the structure contain just the dn which is being passed down. This change is part of the support for linked attributes. We will be passing this control down from above the partition module to force which partition a request acts upon. The partition module now only adds this control if it isn't already there.
2009-09-02Display ldif formatted versions of all DRS changes at log level 4Andrew Tridgell1-0/+18
This helps a lot with debugging the DRS replication code
2009-09-02fixed spellingAndrew Tridgell1-1/+1
2009-08-26s4:dsdb Use helper function to add 'show deleted' controlAndrew Bartlett1-20/+10
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4 to use ldb_request_add_control() instead of a manual construction. Andrew Bartlett
2009-08-25fixed DRS rename of deleted objectsAndrew Tridgell1-1/+20
The objectclass module checks that the target parent exists, and refuses renames if it doesn't exist. For this to work for deleted objects we have to do the search in the objectclass module with the "show deleted" control enabled.
2009-08-25s4:dsdb Rework show_deleted module not to liniearise the LDAP filterAndrew Bartlett1-72/+37
Instead, use the fact that the ldb_parse_tree structure is public to construct the 'and not deleted' clause as a structure, and apply each filter tree to that template. Andrew Bartlett
2009-08-24s4:dsdb Use talloc_strndup() to ensure OIDs are null terminatedAndrew Bartlett1-8/+11
The OIDs are not NULL terminated by the python caller, in line with the LDB API, but we need them to be here, as we were casting them to a string. Andrew Bartlett
2009-08-24s4:dsdb remove unused variableAndrew Bartlett1-1/+0
2009-08-19added basic support for rename in DRS replicationAndrew Tridgell1-5/+9
Added simple DRS rename support in replication. This should be done async, and I'm not sure if we should also do any repl data updates to indicate the rename. I'm still learning how this stuff works, but at least this allows a rename on a DC to propogate correctly
2009-08-17s4: Make the int32 problem more clear - and fix another errorMatthias Dieter Wallnöfer1-0/+2
2009-08-17s4: Fixed the int32 datatype supportMatthias Dieter Wallnöfer1-1/+1
Should finally fix bug #6136 ("groupType", "sAMAccountType" ... attributes).
2009-08-14s4: cracknames.c: Change the handling of the NT_STATUS_NO_MEMORY status resultsMatthias Dieter Wallnöfer1-4/+6
With the previous check I got random failures when trying to connect to the LDAP server.