Age | Commit message (Collapse) | Author | Files | Lines |
|
dn might be broken
The usual use case is that you have a not complete linked attribute (ie.
without the SID) if we keep using the old dn, then the SID will never be
added.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is needed because we can have more than 1 value in a single valued
attribute as we store also deleted values. So we do the check in repl_meta_data
and then indicate LDB to do the check.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
the objectclass_attrs validation that an object contains all mandatory
attributes is incorrect for deleted objects, as they get stripped of
some mandatory attributes when deleted (for example, objectCategory
gets stripped)
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
when extended_dn_in fails to resolve a GUID extended DN component, the
debug code assumed that it was a search operation, and accessed
ac->req->op.search.base, which is not valid for non-search DN
expansions.
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this allows attributes not known in the schema to be removed if the
caller has set the RELAX control. This will be used by dbcheck to
allow cleaning of bad attributes from the database
|
|
We need to ensure that if this parses name.name_string as just one
val, then we don't read uninitialised and possibly unallocated memory.
Found by Adam Thorn <alt36@cam.ac.uk>
While we are checking that, we need to fix the strncasecmp() check to
first check if the string is the expected length, then check for a
match against sAMAccountName-without-doller, as otherwise we will
permit a string such as machinefoo to match a sAMAccountName of
machine.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jul 1 03:55:00 CEST 2011 on sn-devel-104
|
|
This is pointless, but MacOS X (version 10.6.8 was tested) apparently
sets machine$ into this field.
Andrew Bartlett
|
|
this allows dbcheck to fix bad attributes
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
|
|
if we search with a base DN that has both a GUID and a SID, then use
the GUID first. This matters for the S-1-5-17 SID.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When searching using extended DNs, if there are multiple matches then
return an object not found error. This is needed for the case of a
duplicate objectSid, which happens for S-1-5-17
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
if the link was a w2k style, and we are upgrading it, then set the
RMD_ADDTIME to the current time
|
|
if backlinks have not propogated correctly in a previous replication
this allows us to recover
|
|
This was only used by the Fedora DS backend for Samba4. We agreed to
no longer support external LDAP backends.
Andrew Bartlett
|
|
This now just relies on the private dir parameter, which remains.
Andrew Bartlett
|
|
Older AD deployments simply don't have it and hence there is no RODC
support.
Reviewed-by: abartlet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
|
|
"samldb_prim_group_trigger" which as a wrapper calls "samldb_prim_group_change"
for a LDB modify operation.
Reviewed-by: abartlet
|
|
"dsdb_module_search_dn"
It saves us from checking the number of returned entries.
Reviewed-by: abartlet
|
|
types of account
Reviewed-by: abartlet
|
|
Tests against Windows Server show that it gets set to "FALSE" (not
deleted) if we change the account type to a domain member.
Reviewed-by: abartlet
|
|
Ekacnet was not quite right yet but his patch made me think further.
This primary group changing is only needed if the account type changes.
With this patch we do one more search if the "userAccountControl"
changes but we save us from doing these unneeded and wrong modify replace
operations most of the time.
Reviewed-by: abartlet
|
|
modifications unless we are a computer/dc/rodc
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
unsigned
The LDB API ("ldb_connect") prescribes that they should be "unsigned".
Signed-off-by: Metze
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
With this function your own search tree can be specified
This function is similar to ldb_build_search_req_ex as it allows to
pass a parse tree structure.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This function is problematic because a string may expand in size when
changed into upper or lower case. This will then push characters off
the end of the string in the s3 implementation, or panic in the former
s4 implementation.
Andrew Bartlett
|
|
This avoid symbol and structure conflicts between Samba3 and Samba4,
and chooses a less generic name.
Andrew Bartlett
|
|
Reviewed-by: abartlet
|
|
|
|
Signed-off-by: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104
|
|
This will avoid overwritting attribute list made by upper modules.
Signed-off-by: Nadezhda Ivanova <nivanova@samba.org>
|
|
This call should only be performed at the beginning of a request.
"ldb_msg_sanity_check" checks for DN validity (which should already have been
done at the beginning of the request) and empty attributes (which should
be done by the "objectclass_attrs" LDB module).
Hence it is superflous here.
Reviewed-by: abartlet
|
|
Reviewed-by: abartlet
|
|
The version of the "name" attribute needs to change even if the value
is the same. This also normalizes the rdn attribute name based on
the schema.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Apr 6 19:55:50 CEST 2011 on sn-devel-104
|
|
replmd_update_rpmd()
This will be used for renames.
metze
|
|
metze
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
when a record with the same DN gets created on two DCs at the same
time, this creates a replication conflict. To resolve this conflict
one of the DCs needs to create a conflict record, which is a rename of
one of the two DNs, based on which one is newer.
This prevents replication from failing when DCs are temporarily
disconnected and then have conflicts when they next replicate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Apr 4 03:27:07 CEST 2011 on sn-devel-104
|
|
This fixes a bug where we try to add an empty backlink because the
search for the forward link failed.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 31 13:37:36 CEST 2011 on sn-devel-104
|
|
this is used to help recover a corrupt database.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives the ldap client the error code from the transfer
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
|
|
|
|
|
|
|
|
this gives better localisation of errors in rootdse. This is to help
track down a production error
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Mar 18 05:46:58 CET 2011 on sn-devel-104
|
|
To prevent memory leaks under valgrind.
|