summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2011-10-04s4-dsdb: implement DSDB_REPL_FLAG_PRIORITISE_INCOMINGAndrew Tridgell1-4/+22
With this set, we accept changes even if they have the same tuple as the local copy. This can be used by a FULL_SYNC replication to recover a replica that is corrupt
2011-10-04s4-dsdb: disallow changes based on instanceTypeAndrew Tridgell1-4/+13
if instanceType does not include INSTANCE_TYPE_WRITE, then disallow changes to any replicated attributes. This ensures partial replicates are not alterered
2011-10-04s4-dsdb: added DSDB_REPL_FLAG* to replicationAndrew Tridgell1-2/+15
this allows the replication server to control replication via a set of flags. Initial flags will allow control for partial replications and full_sync support
2011-09-23build: avoid util.h as a public header name due to conflict with MacOSAndrew Bartlett8-8/+8
2011-09-22s4-dsdb: load the partialReplica attribute in the @PARTITION objectAndrew Tridgell3-2/+27
this modifies the partition module to honor a partialReplica attribute on the @PARTITION module, marking partiations as partial replicas so the NO_GLOBAL_CATALOG control can be honoured
2011-09-22s4-dsdb: added NO_GLOBAL_CATALOG controlAndrew Tridgell1-0/+3
this control is used to ask samdb to not return searches with a basedn in partial repica partitions, which is needed to support the difference between a search on the 3268 GC ldap port and the non-GC 389 port
2011-09-19s4-dsdb: cope with out of sync replication attributes in partition moduleAndrew Tridgell1-1/+68
if the @ATTRIBUTES or other objects which are replicated between partions become out of sync, then the ldb would fail to open. This changes ensures that we can always fix those records, by running the operation in the top level partition, and replicating the result to the other partitions Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 19 04:31:48 CEST 2011 on sn-devel-104
2011-09-19s4-drs: cope with REPL_OBJ getncchanges call for new objectAndrew Tridgell1-5/+10
when we do a subdomain join we create a new object using a REPL_OBJ getncchanges call for the partitions DN. This has a side effect of creating that object. We need to skip the UDV update in that case Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-08s4-cracknames: use consistent search for crossRef objectsAndrew Tridgell1-2/+4
This matches the search in other places Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Sep 8 05:02:54 CEST 2011 on sn-devel-104
2011-09-08s4-dsdb: prevent crash on bad DN in construct_parent_guid()Andrew Tridgell1-0/+3
this was found by a flakey test in autobuild
2011-09-05s4-cracknames: fixed cracknames to use more specific searchAndrew Tridgell1-13/+12
this uses the bitwise comparison ldap operators to ensure we only get NC roots Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Sep 5 12:48:39 CEST 2011 on sn-devel-104
2011-09-05s4-schema consolidate schema handlingAndrew Bartlett1-21/+5
It also creates a single routine dsdb_load_ldb_results_into_schema() to handle cases where the schema is in the form of an ldb_result. Andrew Bartlett
2011-08-26s4-dsdb Return ACL errors as ldb_errstring()Andrew Bartlett2-17/+30
This string is reported to the caller, which makes debugging much easier. Andrew Bartlett
2011-08-25s4-dsdb: fixed use of RMD flags in ldb search in dirsync moduleAndrew Tridgell1-2/+2
I'm pretty sure a SHOW_DELETED was wanted here Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
2011-08-25s4-dsdb: fixed newlines in DEBUG() calls in cracknamesAndrew Tridgell1-14/+14
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: assert that base DNs are used correctlyAndrew Tridgell1-0/+5
this will catch future programmer errors with incorrect base DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: enforce NULL DN validity in partition moduleAndrew Tridgell1-0/+3
windows does not allow a search on the empty DN except for rootDSE searches or for phantom_root searches (ie. with --cross-ncs). By enforcing this in Samba we make it more likely that our tests and utilities will work against windows Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed basedn in extended_dn_in moduleAndrew Tridgell1-6/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: cleanup use of NULL vs base DN in samldbAndrew Tridgell1-7/+18
NULL should be used when doing all partition searches. The default basedn should be used when wanting just the domain NC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: removed unused function in ACL moduleAndrew Tridgell1-39/+0
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed all partitions search in cracknamesAndrew Tridgell1-1/+1
when searching all partitions we must use the NULL basedn, or we will miss partitions in multi-domain setups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-18s4-dsdb: fixed deletion of backlinks for fl2000 DCsAndrew Tridgell1-18/+13
when in FL 2000 we were not correctly deleting backlinks as we uses dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules should use dsdb_module_dn_by_guid() which prevents going to the top level, and finds deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dsdb: added comments and fixed backlink check in repl_meta_dataAndrew Tridgell1-2/+17
added comments explaining the backlink deletion code, plus fix a use of a bitwise operation in a boolean expression, and avoid calling dsdb_functional_level() inside a loop Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dirsync: use dsdb_module_dn_by_guid() not dsdb_find_dn_by_guid() in modulesAndrew Tridgell1-1/+1
this prevents us going to the top level of the module stack Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb: Provide additional method to connect to specified database pathAmitay Isaacs1-5/+16
samdb_connect() now calls samdb_connect_url() with default "sam.ldb". Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb ensure we honour the hash_values control, even for really odd hashesAndrew Bartlett1-2/+4
2011-08-12s4-dsdb: expand dsServiceName from GUID form at runtimeAndrew Tridgell1-6/+54
this allows dsServiceName to be stored as an extended DN or GUID form in @ROOTDSE, and its string form will be found at runtime. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: remove the naming_fsmo and pdc_fsmo modulesAndrew Tridgell3-42/+0
these are not needed now that the rootdse modules calculates the validFSMOs attribute at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: calculate validFSMOs at runtime instead of pre-computingAndrew Tridgell3-251/+45
this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-10s4:subtree_rename LDB module - fix the move/rename constraintsMatthias Dieter Wallnöfer1-10/+7
s4:subtree_rename LDB module - fix the move/rename constraints By the inspiration of an email request by ekacnet I have rechecked the move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the MS-ADTS technical documentation. It really turns out that the constraint checking is only performed on the root object of a request. In addition add my copyright notice (I've written these constraint checks). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
2011-08-10s4-dsdb: avoid printing a pointless debug lineMatthieu Patou1-1/+1
2011-08-10s4-drsuapi: crackname search also for deleted objectsMatthieu Patou1-1/+4
2011-08-09s4-dsdb: add auto-normalisation of attributesAndrew Tridgell1-0/+47
this auto-normalises some attributes when they are added/modified. The list that we auto-normalise is currently: Boolean INT32 INTEGER UTC_TIME This fixes a problem with groupType being stored in an unnormalised form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: ensure rIDSetReferences is stored as an extended DNAndrew Tridgell2-2/+18
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: make extended_dn_in a bit more efficientAndrew Tridgell1-9/+17
checking filter elements in the right order makes it a little faster
2011-08-09s4-dsdb: use dn_format shortcut to find DN formatAndrew Tridgell2-4/+4
this saves some string comparisons
2011-08-04s4-dsdb: extend the extended_dn_in module to handle DN linksAndrew Tridgell1-44/+104
this replaces DN components in incoming filter expressions with the full extended DN of the target, which allows search expressions based on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way links in search expressions Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04s4-dsdb: handle search expressions containing extended DNsAndrew Tridgell2-1/+167
this allows for searches like member=<SID=S-1-2-3> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: fixed outgoing one way link DNsAndrew Tridgell2-3/+63
when we return a DN which is a one way link, fix the string DN component by searching for the GUID and replacing the DN components Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-01remove unnecessary dependency on 'events' from ldb modules.Jelmer Vernooij1-35/+35
2011-07-26s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou1-2/+3
2011-07-21s4-dsdb: Use controls provided during the request while searching for object ↵Matthieu Patou1-1/+13
to delete If the parent request specify the show_deleted control we must use it in order to be able to see the deleted objects. Also we just allow to trusted connections with the system account to remove deleted objects, others receive an unwilling to perform.
2011-07-21s4-dsdb: check group membership only for non deleted objectsMatthieu Patou1-2/+9
Group membership has been already removed on deleted objects so there is no mean doing something on this kind of object.
2011-07-21update/add my copyrightMatthieu Patou3-0/+3
2011-07-21s4-dsdb: In rootdse add extended dn info on all values for a given attributeMatthieu Patou1-57/+66
And not only on the fist value as it was the case up to this changeset.
2011-07-21s4-dsdb: add dsdb_module_extended function similar to other dsdb_module_* ↵Matthieu Patou1-0/+61
functions
2011-07-13s4-dsdb: fixed the defaultObjectCategory to have a full GUIDAndrew Tridgell1-0/+24
this fixes the DN to have a full GUID for new objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
2011-07-13s4-dsdb: another special case for the "member" attributeAndrew Tridgell1-1/+6
thanks to Matthias for his great test suite work! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-dsdb Don't process deletion of member attributes here.Andrew Bartlett1-0/+9
We don't need to compare the delete against the primaryGroupID check here - that test is for adds. Andrew Bartlett