| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This allows a lastKnownParent from LostAndFound to be replaced.
Andrew Bartlett
|
|
When we call ldb_module_done() rather than just calling the callback, we make log entries
that are critical in debugging.
Andrew Bartlett
|
|
Previously we would only consider renaming the local object, now we can cope with
renaming the remote object as well.
This should avoid most of the cases where Samba AD replication can just stop.
Andrew Bartlett
|
|
parent
This fixes up the lastKnownParent attribute on lostAndFound objects to have a GUID
(found by dbcheck).
Andrew Bartlett
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 16:51:34 CEST 2012 on sn-devel-104
|
|
|
|
add debugging
The logic looking for LostAndFound failed for a user, so add extensive
debugging to make this eaiser to trace down in future.
Andrew Bartlett
|
|
This should mean that a samba-tool drs replicate --full-sync forces a
replication of all objects, regardless of if we think the local name
is newer and regards any local name as being in conflict.
Andrew Bartlett
|
|
This allows us to proceed with replication when the source DC is sending us an object
which has a matching object in this NC (by name) but not by GUID.
Andrew Bartlett
|
|
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.
Andrew Bartlett
|
|
|
|
|
|
This allows the parent to be renmaed while a new object is added on another replica.
This rename may also be a delete, in which case we must move it to lostandfound.
Andrew Bartlett
|
|
This was an interesting hack, and the local_password module still exists, but
until it has a use case and a test case, remove the bypass of password_hash.
Andrew Bartlett
|
|
|
|
modifyTimeStamp is a generated attribute, for most object it's generated
directly from the whenChanged attribute. But for the CN=aggregate object
in the schema we have to handle it in a different way, that's because
for this object whenChanged!=modifyTimeStamp (as checked against Windows
2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the
most recently modified and loaded schema object (that is to the one with
the highest USN before the schema was reload due to timeout or by the
reloadSchemaNow command).
Some third party are using this information to know if they have to
update their schema cache and also to check that schema updates have
been correctly reloaded by the DC, a good example of this behavior is
exchange 2010.
|
|
If the value has changed then reload the schema, this means that now the
schema is only reloaded on a periodical basis or if we have been asked
explicitly to do it and not necesserly if the schema partition has
changed.
|
|
The idea is to signal to other process accessing the database that the
schema was forced to be reloaded and so they should reload as well.
|
|
|
|
|
|
|
|
|
|
we are a GC
In theory when presented this control and not a GC we should use the
specified name as the DC to contact for cross-domain link verification.
But for the moment we don't support this so we just fail when we have
this control and are not a GC.
|
|
|
|
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because
in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID).
If so generate another random value.
If not check if the highest USN in the database for the schema partition is the
one that we know.
If so it means that's only this ldb context that is touching the schema in the database.
If not it means that's someone else has modified the database while we are doing our changes too
(this case should be very bery rare) in order to be sure do the search in the database.
|
|
Samba 4 use to try to reload the schema every time dsdb_get_schema was
called (which could be 20+ time per ldb request). Now we only reload at
most every xx seconds (xx being the value of dsdb:"schema_reload_interval"
or 120). The timestamp of the last reloaded schema is kept in the
dsdb_schema object. There is also a timestamp in the ldb_context, that
is used by the LDAP server to know if it has to reload the schema after
handling the request. This is used to allow that the schema will be
immediately reload after a schemaUpdateNow request has been issued, the
reload can't occur in the handling of the LDAP request itself because
we have a transaction autostarted.
|
|
|
|
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
To remove finddcs_nbt these missing deps need to be added. These
subsystems linked to to implicit dependencies provided by finddcs.
Due to the new arrangmenet of subsystems, MESSAGING needs to be a
private library to avoid being a source of duplicate symbols.
Andrew Bartlett
|
|
Thanks to Matthieu Patou <mat@matws.net> for pointing it out.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104
|
|
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
|
|
control is presented
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
|
|
|
|
function in samldb
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri May 4 02:34:41 CEST 2012 on sn-devel-104
|
|
|
|
"servicePrincipalName"s more than once
The service principal names need to be case-insensitively unique, otherwise we
end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error.
This issue has been discovered on the technical mailing list (thread:
cannot rename windows xp machine in samba4) when trying to rename a AD
client workstation.
|
|
First they do not need to be "static" any longer since we have abandoned
asynchronous result handling (where global variables have been important).
In addition add some "const" in order to protect us from unwanted writes.
Reviewed-by: Andrew Bartlett
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Apr 30 16:46:20 CEST 2012 on sn-devel-104
|
|
This is a very essential attribute since it references to various domain
master roles (PDC emulator, schema...) depending on which entry it has
been set. Incautious modifications can cause severe problems.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 30 02:04:24 CEST 2012 on sn-devel-104
|
|
uncontrolled changes
|
|
Comment indicate that this is needed by dbcheck only and it permits
other projects to push broken schema and remain undetected
|
|
Also avoid a silly game with directly modifying the principal and
then calling krb5_principal_unparse_flags to get out a string.
If we already assume it is a 2 components name and know what outcome we are
going to get, just go ahead and talloc_asprintf the linearized string.
|
|
when dbcheck is fixing DNs, it will sometimes operated on a deleted DN
link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
are not present in ldb requests
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
