summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-05-20s4:dsdb disable tokenGroups until end of rewriteAndrew Bartlett1-1/+2
I need to change the functions this calls Andrew Bartlett
2010-05-19s4/metadata: fix whitespacesKamen Mazdrashki1-71/+71
2010-05-18s3: Fix some more iconv convenience usages.Jelmer Vernooij1-1/+1
2010-05-18Remove more usages of iconv_convenience in files which were apparently not ↵Jelmer Vernooij1-3/+1
recompiled by waf.
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij8-47/+18
2010-05-14s4:repl_meta_data LDB module - fix counter typesMatthias Dieter Wallnöfer1-1/+1
2010-05-14s4:dsdb_cache LDB module - fix a typoMatthias Dieter Wallnöfer1-1/+1
2010-05-14s4:samldb LDB module - remove unused variablesMatthias Dieter Wallnöfer1-2/+0
2010-05-11Revert "s4:password_hash LDB module - don't break the provision"Stefan Metzmacher1-3/+0
This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze
2010-05-11Revert "s4:password hash LDB module - check that password hashes are != NULL ↵Stefan Metzmacher1-10/+6
before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze
2010-05-11s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵Stefan Metzmacher1-2/+2
it's given Sorry, I removed this logic while cleaning up indentation levels... metze
2010-05-10s4:password_hash LDB module - we might not have a cleartext password at allMatthias Dieter Wallnöfer1-26/+29
When we don't have the cleartext of the new password then don't check it using "samdb_check_password".
2010-05-10s4:password_hash LDB module - quiet a warningMatthias Dieter Wallnöfer1-1/+1
2010-05-10s4:password hash LDB module - check that password hashes are != NULL before ↵Matthias Dieter Wallnöfer1-6/+10
copying them
2010-05-10s4:password_hash LDB module - don't break the provisionMatthias Dieter Wallnöfer1-0/+3
This is to don't break the provision process at the moment. We need to find a better solution.
2010-05-10s4:password_hash - Implement password restrictionsStefan Metzmacher1-0/+195
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze
2010-05-10s4:password_hash - Rework to handle password changesMatthias Dieter Wallnöfer1-138/+450
- Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5)
2010-05-10s4:password_hash - Rework unique value checksMatthias Dieter Wallnöfer1-49/+71
Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py".
2010-05-10s4:password_hash - Various (mostly cosmetic) preworkMatthias Dieter Wallnöfer1-176/+240
- Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values
2010-05-10s4:dsdb: add new controlsMatthias Dieter Wallnöfer1-0/+21
- Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password
2010-05-10s4:acl ldb module - fix typosMatthias Dieter Wallnöfer1-3/+3
2010-05-09s4:samldb LDB module - make "samldb_member_check" synchronous againMatthias Dieter Wallnöfer1-64/+33
2010-05-09s4:samldb LDB module - make "samldb_prim_group_users_check" synchronous againMatthias Dieter Wallnöfer1-235/+24
2010-05-09s4:samldb LDB module - update the copyright noticeMatthias Dieter Wallnöfer1-1/+1
2010-05-09dsdb/password_hash: remove usage of msDs-KeyVersionNumberStefan Metzmacher1-37/+1
metze
2010-05-09s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumberAndrew Bartlett1-10/+76
This means that the existing kvno will no longer be valid, all unix-based domain members may need to be rejoined, and upgradeprovision run to update the local kvno in secrets.ldb/secrets.keytab. This is required to match the algorithm used by Windows DCs, which we may be replicating with. We also need to find a way to generate a reasonable kvno with the OpenLDAP backend. Andrew Bartlett
2010-05-04s4/rodc: Support read-only databaseAnatoliy Atanasov4-13/+75
Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client.
2010-05-04s4/rodc: Fix the callbacks up the stack to handle referrals on modify requestsAnatoliy Atanasov6-0/+48
2010-05-03s4/rodc: Implement msDS-isRODC constructed attrAnatoliy Atanasov1-1/+152
2010-05-01s4:dsdb Fix use of memory after free in repl_meta_dataAndrew Bartlett1-7/+9
The upgraded link values are were allocated on tmp_ctx, and need to be kept until they are written to the DB. If we don't give the correct context, they will be gone after the talloc_free(tmp_ctx). Found by Matthieu Patou <mat+Informatique.Samba@matws.net> Andrew Bartlett
2010-04-29s4/rodc: RODC FAS initial implementationAnatoliy Atanasov2-12/+13
2010-04-27s4-repl: these messages are common, and don't deserve debug level 1Andrew Tridgell1-2/+2
getting older attributes is quite common
2010-04-26s4-ddb: don't create partitions with the UNINSTANT flag setAndrew Tridgell1-1/+14
these partitions and not on the server we are replicating from. Also check for deleted partitions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-26s4-drs: make links to foreign partitions non-fatalAndrew Tridgell1-8/+6
DN links outside the set of partitions we are replication should be allowed. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell4-4/+4
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-dsdb: removed an unused variableAndrew Tridgell1-1/+0
2010-04-22s4-dsdb: moved rodc schema validation to samldb.cAndrew Tridgell2-33/+37
This means we are only doing the checks for schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Do not allow system-critical attributes to be RODC filteredFernando J V da Silva1-0/+33
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDsAndrew Bartlett1-0/+24
The SIDs in some queries were not being passed as binary, but as strings in comparison with the securityIdentifer object. We need to recognise that these are SIDs in the simple_ldap_map. Andrew Bartlett
2010-04-22s4:OpenLDAP-backend Use the new rdnval module in OpenLDAPAndrew Bartlett2-3/+8
This is rather than rdn_name, which tries to do the job on the client side. We need to leave this module in the stack for Fedora DS (and of course the LDB backend). Andrew Bartlett
2010-04-22s4:dsdb Revert accidentilly commited change for LDAP backendsAndrew Bartlett1-1/+1
In the future, LDAP backends will be resposible for maintaining the 'name' attributes. Andrew Bartlett
2010-04-20s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()Andrew Bartlett1-1/+1
By putting these values into the cache on the LDB, this reduces some of the noise in provision, particularly with the LDAP backend. Andrew Bartlett
2010-04-16s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid()Nadezhda Ivanova1-24/+5
2010-04-15s4:rootdse: only return "tokenGroups", when the client asked for themStefan Metzmacher1-1/+1
metze
2010-04-13s4:acl/descriptor LDB module - distinguish between root and default basednMatthias Dieter Wallnöfer2-0/+12
The first is the forest base DN, the second the domain base DN. At the moment we assume that they are both the same but it hasn't to be so. Nadia, I would invite you to fix the outstanding parts regarding this (I added comments).
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer6-9/+10
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-13s4:objectclass LDB module - remove a unneeded newlineMatthias Dieter Wallnöfer1-2/+1
2010-04-12s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functionsMatthias Dieter Wallnöfer1-1/+1
Purely cosmetic change.
2010-04-11subunit: Remove more test output that could be interpreted by subunit.Jelmer Vernooij1-1/+1
2010-04-10s4:dsdb Don't return operational attributes on special DNsAndrew Bartlett1-0/+5