Age | Commit message (Collapse) | Author | Files | Lines |
|
This changes dsdb_write_prefixes_from_schema_to_ldb() to use an
internal talloc hirarchy, so we can safely give it a NULL context from
the python.
It also fixes manual construction of the ldb_message - we now use the
right helper functions.
Andrew Bartlett
|
|
|
|
The aim is to create a function that is more easily wrapped for
python, so that we can write the updated prefixMap in an upgrade
script.
Andrew Bartlett
|
|
|
|
The problem is that samdb_result_string() and
ldb_msg_find_attr_as_string() both simply cast the string, rather than
ensuring the return value is NULL terminated. This may be best
regarded as a flaw in LDB, but fixing it there is going to be more
difficult.
Andrew Bartlett
|
|
|
|
|
|
This triggered a failure in the updateNow schema test, as the current
global schema was not being updated when a new schema element was
added
|
|
This helps ensure we don't load the schema too often in the provision
(allowing a reference in of the schema before the modules load).
Andrew Bartlett
|
|
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
|
|
Before this change, the first opener of the sam ldb context would
become the owner of the global schema, then the autofree context got a
reference to the schema. Any subsequent opens of the sam ldb also got
a reference. This meant that the talloc hierarchy was inconsistent
between the first sam ldb open and subsequent opens. With this change
the autofree context becomes the owner of the global schema, and all
ldb contexts get a reference.
|
|
This removes a number of cases where we did a cast into a const char *
of an ldb_val. While convention is to alway have an extra \0 at
data[length] in the ldb_val, this is not required, and does not occour
at least on build farm host 'svart'.
Andrew Bartlett
|
|
|
|
Using ldb unique indexes for samAccountName doesn't work with DRS as
the other DC may send us a deleted record (tombstone record), which
has the same samAccountName as an existing record. That would then
create two records in the same partition with the same samAccountName.
So we needed to put back the logic in samldb.c which explicitly
checked whether a samAccountName already exists on add
|
|
The previous code incorrectly assumed that attributes such as
subClassOf come over the wire as strings. In fact they come over as 32
bit integers which refer to goversIDs. We have to post-process these
as it sometimes happens that a governsID comes over the wire before
the record that defines what it means.
|
|
|
|
I tried hard to not change the program logic. Should fix bug #6439.
|
|
- LDB handles now all 32-bit integer attributes correctly (also with overflows)
according to the schema
- LDAP backends handle the attributes "groupType", "userAccountControl" and
"sAMAccountType" correctly. This handling doesn't yet use the schema but
the conversion file "simple_ldap.map.c" which contains them hardcoded.
Did also a refactoring of the conversion function there.
- Bug #6136 should be gone
|
|
|
|
|
|
|
|
|
|
|
|
We are probably still using more memory here than we need to. That
needs to be looked at.
|
|
Sadly it still segfaults at this stage
Andrew Bartlett
|
|
|
|
|
|
This is all working towards supporting the full WSPP schema without a
major performance penalty.
We now use binary searches when looking up classes and attributes. We
also avoid the loop loading the attributes into ldb, by adding a hook
to override the ldb attribute search function in a module. The
attributes can thus be loaded once, and then saved as part of the
global schema.
Also added support for a few more key attribute syntaxes, as needed
for the full schema.
|
|
or from ldb
|
|
The short-to-long name canonicalisation rules use the schema, so
clearly they won't work when loading it.
Andrew Bartlett
|
|
This search uses the index, and is not recursive, so should avoid the
major performance problem with the current sorted schema load.
The ad2oLschema code (recently moved to provision-backend) no longer
needs the schema to be sorted.
Andrew Bartlett
|
|
This avoids the need to assume that the schema is sorted on load,
which happens more often and is a major performace issue in the
Samba4's use of ldb.
Andrew Bartlett
|
|
This removes a level of indirection via external binaries in the
provision-backend code, and also makes better use of our internal code
for loading schema from an LDIF file.
Remaining to do: Sort the output again, as the load from LDIF is
unsorted (also needed because the normal LDB load from sorted input is too slow
anyway, and is only needed here).
Andrew Bartlett
|
|
This includes things such as allowed attributes, which were not
populated into the schema structure before.
Andrew Bartlett
|
|
|
|
consistency with Samba 3.
|
|
do not reference it from ldb.h
|
|
metze
|
|
The only 2 modules escaping the rule so far are rootdse and partitions
|
|
|
|
This matches the way we work with DN+Binary. We need this for the
OpenLDAP backend.
Andrew Bartlett
|
|
Until the extended DN work was compleated, there was no way to store
the additional metadata.
Andrew Bartlett
|
|
This should fix the OpenLDAP backend
|
|
metze
|
|
metze
|
|
This makes clear there's an value stored in the schema,
as they can be '0'.
metze
|
|
syntax is already known
metze
|
|
metze
|
|
|
|
make them wrappers around convert_string{,talloc}_convenience().
|