| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This includes some of the original ildap ldap client API. ldb
provides a much easier abstraction on this to use, and doesn't use
these functions.
Andrew Bartlett
(This used to be commit dc27a7e41c297472675e8c251bb14327a1af3902)
|
|
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
|
|
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
test to prove the behaviour of LDAP renames etc.
Fix LDB to return correct error code when failing to rename one DN
onto another.
Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
|
|
When we set up the schema, we don't have a partitions container yet.
The LDAP error differs from that given by LDB, so I think we still
have some conformance work to do.
Andrew Bartlett
(This used to be commit 5ddbca73d4971a885c105c8d893e53598c5582b4)
|
|
Andrew Bartlett
(This used to be commit 645a8862a3d7c493020e432d76ad0e5da5ea77b5)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
(This used to be commit 1abda90f15bcfb56ac56b01fd2b7343fade3843c)
|
|
hopefully fix the crash on some hosts in the farm...
metze
(This used to be commit 4fb9e4a353b1ef4177a6ef60996a366a8b56988f)
|
|
metze
(This used to be commit b592ac1c2c91a72a8aae8ed11d74cba3ce0778c5)
|
|
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
|
|
(This used to be commit 74d51579aff73913cae31734bddc3b5a48cd32fa)
|
|
* Change license to LGPL, so it can be used by non-Samba users of
LDB (cleared with Martin as well).
* Include ldb_map in standalone build.
* Move ldb_map to its own directory
(This used to be commit a90202abca26c0da5425a2f3dd8494077c3290fd)
|
|
(This used to be commit 1093875d59f1ea9b8bd82277d4f9d8366e584952)
|
|
not relative to the location of the sam.ldb, but instead
lp_private_dir().
This fixes that issue.
Andrew Bartlett
(This used to be commit c0fd6f63399d55a1938e31ae7b10689cc02ff2fa)
|
|
Andrew Bartlett
(This used to be commit ef9320ae5b0b01bd39b60c22ff4e3698ac0ae9a7)
|
|
Andrew Bartlett
(This used to be commit 465f1811683d22f4a3e3f5e693b3b29c59053cb4)
|
|
This code to be replaced by metze's schema loader soon...
Andrew Bartlett
(This used to be commit a354ec282232c00d149304d90f9b8ef01c9a2e5f)
|
|
OpenLDAP is fussy about operational attributes in user-supplied
schema.
Andrew Bartlett
(This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a)
|
|
that contain attribute names and objectClasses. Make it a case
insensitive string for now.
Andrew Bartlett
(This used to be commit 9908a05ef70c748c699b5a18178e7948f7814d7a)
|
|
metze
(This used to be commit 7f07895cac3e933b39f81bf67812834352184af0)
|
|
Fix up our server side implementation to pass almost all the tests (a
couple are skipped).
Don't require the DsGetDomainControllerInfo calls to pass, just get
some info from them.
Andrew Bartlett
(This used to be commit a29eb8f7e541d2021726601faf52355e312c916b)
|
|
compleatly unknown domain, return the correct error code.
Andrew Bartlett
(This used to be commit 7d04a36cdb3628ea9c1260f3318f2b964f10c346)
|
|
metze
(This used to be commit 8fcd5209ae46823f7d99bddff6e61873e75dd24c)
|
|
metze
(This used to be commit e3be33c1d9f9e44ef37e6ef72a23576474f6e725)
|
|
metze
(This used to be commit 7e0620e524886a66dbdb16f35fee4f51f2867a2a)
|
|
Samba4. This only broke on global catalog queries, which turned out to
be due to changes in the partitions module that metze needed for his
DRSUAPI work.
I've reworked partitions.c to always include the 'problematic' control,
and therefore demonstrated that this is the issue. This ensures
consistency, and should help with finding issues like this in future.
As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to
be linearised, I've added logic to allow it to be skipped when creating
network packets.
I've likewise make our LDAP server skip unknown controls, when marked
'not critical' on it's input, rather than just dropping the entire
request. I need some help to generate a correct error packet when it is
marked critical.
Further work could perhaps be to have the ldap_encode routine return a
textual description of what failed to encode, as that would have saved
me a lot of time...
Andrew Bartlett
(This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
|
|
and use the struct member names in all cases
metze
(This used to be commit c543ee57454d006c545e3e9e20c9ac0114081d3d)
|
|
metze
(This used to be commit 08b8e9acff6779ecc2e568ae0a875013d93838b7)
|
|
control.
Andrew Bartlett
(This used to be commit 47c8a059c4d90b7befde390d2d050f0d1934ecc1)
|
|
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
|
|
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true
for how the hashes are supposed to be (but w2k3 doesn't to some correctly...)
this is a verify nice tool to test the hash genaration, but
you need to add support for "" realm strings...
http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c
metze
(This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
|
|
doesn't contain an entry for the local invocation_id
metze
(This used to be commit 4bd0ddeb80b0a6695a457434594c0240c8880d9f)
|
|
so that ndr_pull will fail if version isn't 3 and we notice
if the format changes...
metze
(This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3)
|
|
- use "sambaPassword" only as virtual attribute for passing
the cleartext password (in unix charset) into the ldb layer
- store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos
blob to match w2k and w2k3
- aes key support is disabled by default, as we don't know
exacly how longhorn stores them. use password_hash:create_aes_key=yes
to force creation of them.
- store the cleartext password in the Primary:CLEARTEXT blob
if configured
TODO:
- find out how longhorn stores aes keys
- find out how the Primary:WDigest blob needs to be constructed
(not supported by w2k)
metze
(This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
|
|
metze
(This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
|
|
for the keytype field...
metze
(This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
metze
(This used to be commit cdfd4ee8e5202a3df1da2d82b592d8814a3209ba)
|
|
(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again
we can use such a filter:-)
we should only update the keytab for records matching this filter,
that means we need to do a search before calling cli_credentials_set_secrets()
metze
(This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
|
|
'currentValue'
attribute...
this needs more works, but make it work again for now
metze
(This used to be commit 608d24f0016ff090b7de7fbd0bed85153bcc703d)
|
|
Andrew Bartlett
(This used to be commit c3977b4bae1e1b5e4ff4a64c7146534536685e91)
|
|
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
|
|
there're a few things TODO, but it's a good start
we need to research if an originating change causes the replUpToDateVector
attribute to change...(I assume it, but needs testing)
metze
(This used to be commit fde0aabd9ae79fcefbcba34e6f9143f93ffcf96c)
|
|
metze
(This used to be commit b7d48274a7341c5e4a3f103387f87fcc94853271)
|
|
- we should use them before we store records to disk
metze
(This used to be commit a5200ef0cae5e8b0cedf196c9d76afc46e08c316)
|
|
as schemaInfo
so we need to use it as value if nothing is stored
metze
(This used to be commit cd326134079375fc83640444d6323a5cbe7c02ee)
|
|
metze
(This used to be commit f062f09fbf45dd6cd36d1bfd9abb301d850c19dc)
|
|
- but SYSTEM and administrators can change them
metze
(This used to be commit fc5319e927d96b68d8bd90a01e10aa00a6ddf494)
|
