Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-05-20 | s4:dsdb disable tokenGroups until end of rewrite | Andrew Bartlett | 1 | -1/+2 | |
I need to change the functions this calls Andrew Bartlett | |||||
2010-05-19 | s4/metadata: fix whitespaces | Kamen Mazdrashki | 1 | -71/+71 | |
2010-05-18 | s3: Fix some more iconv convenience usages. | Jelmer Vernooij | 1 | -1/+1 | |
2010-05-18 | Remove more usages of iconv_convenience in files which were apparently not ↵ | Jelmer Vernooij | 1 | -3/+1 | |
recompiled by waf. | |||||
2010-05-18 | Finish removal of iconv_convenience in public API's. | Jelmer Vernooij | 8 | -47/+18 | |
2010-05-14 | s4:repl_meta_data LDB module - fix counter types | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-14 | s4:dsdb_cache LDB module - fix a typo | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-14 | s4:samldb LDB module - remove unused variables | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-05-11 | Revert "s4:password_hash LDB module - don't break the provision" | Stefan Metzmacher | 1 | -3/+0 | |
This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze | |||||
2010-05-11 | Revert "s4:password hash LDB module - check that password hashes are != NULL ↵ | Stefan Metzmacher | 1 | -10/+6 | |
before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze | |||||
2010-05-11 | s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵ | Stefan Metzmacher | 1 | -2/+2 | |
it's given Sorry, I removed this logic while cleaning up indentation levels... metze | |||||
2010-05-10 | s4:password_hash LDB module - we might not have a cleartext password at all | Matthias Dieter Wallnöfer | 1 | -26/+29 | |
When we don't have the cleartext of the new password then don't check it using "samdb_check_password". | |||||
2010-05-10 | s4:password_hash LDB module - quiet a warning | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-10 | s4:password hash LDB module - check that password hashes are != NULL before ↵ | Matthias Dieter Wallnöfer | 1 | -6/+10 | |
copying them | |||||
2010-05-10 | s4:password_hash LDB module - don't break the provision | Matthias Dieter Wallnöfer | 1 | -0/+3 | |
This is to don't break the provision process at the moment. We need to find a better solution. | |||||
2010-05-10 | s4:password_hash - Implement password restrictions | Stefan Metzmacher | 1 | -0/+195 | |
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze | |||||
2010-05-10 | s4:password_hash - Rework to handle password changes | Matthias Dieter Wallnöfer | 1 | -138/+450 | |
- Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5) | |||||
2010-05-10 | s4:password_hash - Rework unique value checks | Matthias Dieter Wallnöfer | 1 | -49/+71 | |
Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py". | |||||
2010-05-10 | s4:password_hash - Various (mostly cosmetic) prework | Matthias Dieter Wallnöfer | 1 | -176/+240 | |
- Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values | |||||
2010-05-10 | s4:dsdb: add new controls | Matthias Dieter Wallnöfer | 1 | -0/+21 | |
- Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password | |||||
2010-05-10 | s4:acl ldb module - fix typos | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-05-09 | s4:samldb LDB module - make "samldb_member_check" synchronous again | Matthias Dieter Wallnöfer | 1 | -64/+33 | |
2010-05-09 | s4:samldb LDB module - make "samldb_prim_group_users_check" synchronous again | Matthias Dieter Wallnöfer | 1 | -235/+24 | |
2010-05-09 | s4:samldb LDB module - update the copyright notice | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-09 | dsdb/password_hash: remove usage of msDs-KeyVersionNumber | Stefan Metzmacher | 1 | -37/+1 | |
metze | |||||
2010-05-09 | s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumber | Andrew Bartlett | 1 | -10/+76 | |
This means that the existing kvno will no longer be valid, all unix-based domain members may need to be rejoined, and upgradeprovision run to update the local kvno in secrets.ldb/secrets.keytab. This is required to match the algorithm used by Windows DCs, which we may be replicating with. We also need to find a way to generate a reasonable kvno with the OpenLDAP backend. Andrew Bartlett | |||||
2010-05-04 | s4/rodc: Support read-only database | Anatoliy Atanasov | 4 | -13/+75 | |
Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client. | |||||
2010-05-04 | s4/rodc: Fix the callbacks up the stack to handle referrals on modify requests | Anatoliy Atanasov | 6 | -0/+48 | |
2010-05-03 | s4/rodc: Implement msDS-isRODC constructed attr | Anatoliy Atanasov | 1 | -1/+152 | |
2010-05-01 | s4:dsdb Fix use of memory after free in repl_meta_data | Andrew Bartlett | 1 | -7/+9 | |
The upgraded link values are were allocated on tmp_ctx, and need to be kept until they are written to the DB. If we don't give the correct context, they will be gone after the talloc_free(tmp_ctx). Found by Matthieu Patou <mat+Informatique.Samba@matws.net> Andrew Bartlett | |||||
2010-04-29 | s4/rodc: RODC FAS initial implementation | Anatoliy Atanasov | 2 | -12/+13 | |
2010-04-27 | s4-repl: these messages are common, and don't deserve debug level 1 | Andrew Tridgell | 1 | -2/+2 | |
getting older attributes is quite common | |||||
2010-04-26 | s4-ddb: don't create partitions with the UNINSTANT flag set | Andrew Tridgell | 1 | -1/+14 | |
these partitions and not on the server we are replicating from. Also check for deleted partitions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-04-26 | s4-drs: make links to foreign partitions non-fatal | Andrew Tridgell | 1 | -8/+6 | |
DN links outside the set of partitions we are replication should be allowed. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-04-22 | s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level | Andrew Tridgell | 4 | -4/+4 | |
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org> | |||||
2010-04-22 | s4-dsdb: removed an unused variable | Andrew Tridgell | 1 | -1/+0 | |
2010-04-22 | s4-dsdb: moved rodc schema validation to samldb.c | Andrew Tridgell | 2 | -33/+37 | |
This means we are only doing the checks for schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-04-22 | s4-drs: Do not allow system-critical attributes to be RODC filtered | Fernando J V da Silva | 1 | -0/+33 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-04-22 | s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDs | Andrew Bartlett | 1 | -0/+24 | |
The SIDs in some queries were not being passed as binary, but as strings in comparison with the securityIdentifer object. We need to recognise that these are SIDs in the simple_ldap_map. Andrew Bartlett | |||||
2010-04-22 | s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP | Andrew Bartlett | 2 | -3/+8 | |
This is rather than rdn_name, which tries to do the job on the client side. We need to leave this module in the stack for Fedora DS (and of course the LDB backend). Andrew Bartlett | |||||
2010-04-22 | s4:dsdb Revert accidentilly commited change for LDAP backends | Andrew Bartlett | 1 | -1/+1 | |
In the future, LDAP backends will be resposible for maintaining the 'name' attributes. Andrew Bartlett | |||||
2010-04-20 | s4:provision Pass in the invoication ID and NTDS Settings DN to Schema() | Andrew Bartlett | 1 | -1/+1 | |
By putting these values into the cache on the LDB, this reduces some of the noise in provision, particularly with the LDAP backend. Andrew Bartlett | |||||
2010-04-16 | s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid() | Nadezhda Ivanova | 1 | -24/+5 | |
2010-04-15 | s4:rootdse: only return "tokenGroups", when the client asked for them | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2010-04-13 | s4:acl/descriptor LDB module - distinguish between root and default basedn | Matthias Dieter Wallnöfer | 2 | -0/+12 | |
The first is the forest base DN, the second the domain base DN. At the moment we assume that they are both the same but it hasn't to be so. Nadia, I would invite you to fix the outstanding parts regarding this (I added comments). | |||||
2010-04-13 | Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions" | Matthias Dieter Wallnöfer | 6 | -9/+10 | |
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library. | |||||
2010-04-13 | s4:objectclass LDB module - remove a unneeded newline | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2010-04-12 | s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Purely cosmetic change. | |||||
2010-04-11 | subunit: Remove more test output that could be interpreted by subunit. | Jelmer Vernooij | 1 | -1/+1 | |
2010-04-10 | s4:dsdb Don't return operational attributes on special DNs | Andrew Bartlett | 1 | -0/+5 | |