| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion
of security objects with RID < 1000. This patch will prevent deletion of
well-known accounts and groups.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
|
|
"UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are
used for special semantics.
"UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED"
forces password expiration.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
|
|
acct. type
Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in
MS-SAMR section 3.1.1.8.10.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
|
|
Windows Server 2008 has changed semantics in comparison to Server 2003.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
"servicePrincipalName"s more than once
The service principal names need to be case-insensitively unique, otherwise we
end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error.
This issue has been discovered on the technical mailing list (thread:
cannot rename windows xp machine in samba4) when trying to rename a AD
client workstation.
|
|
This is a very essential attribute since it references to various domain
master roles (PDC emulator, schema...) depending on which entry it has
been set. Incautious modifications can cause severe problems.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 30 02:04:24 CEST 2012 on sn-devel-104
|
|
this fixes error checking. Test failures were not being detected
otherwise
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
Reviewed-by: abartlet
|
|
Reviewed-by: abartlet
|
|
Enhance the testcase with a workstation example.
Reviewed-by: abartlet
|
|
impact the "primaryGroupID" attribute
Notice: The domain administrators groups isn't referenced as "Domain Admins"
since this name could differ.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat May 21 19:19:57 CEST 2011 on sn-devel-104
|
|
Exactly for the syntax which is needed by Volker in s3's "pdb_ads".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 16:10:15 CET 2011 on sn-devel-104
|
|
This exact form of the construction is important, and we match on it
in the installation scripts.
Andrew Bartlett
|
|
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
|
|
|
|
system_session()
Otherwise system_session() creates a LoadParm() instance
which resets certain global parameters to their defaults
from smb.conf ("log level" for instance)
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Dec 15 15:10:47 CET 2010 on sn-devel-104
|
|
|
|
|
|
And enhance the testsuite
|
|
By inspiration of Nadya's patches
|
|
Do always escape RDN values - this fixes bug #7794
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 18 10:43:40 UTC 2010 on sn-devel-104
|
|
"objectclass_attrs" into "samldb"
This according to an answer from dochelp is SAM specific behaviour.
|
|
metze
|
|
constraint checks
The problem is that s4 per construction does the checks in a different order. It
first checks for validity (pre-operation trigger in samldb LDB module) and then
for the schema (post-operation trigger in objectclass_attrs LDB module).
constraints (post-operation trigger
|
|
testtools installed.
Also, cleanup some imports.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Wed Nov 3 17:47:55 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 1 14:36:24 UTC 2010 on sn-devel-104
|
|
|
|
- For user accounts we only need to specify "user" ("person" is an inherited
objectclass)
- Don't use the brackets when we have only one objectclass specified
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 31 21:02:48 UTC 2010 on sn-devel-104
|
|
mechanism
|
|
It's not really meaningful but can happen.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 30 18:15:31 UTC 2010 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 17:31:29 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 14:17:31 UTC 2010 on sn-devel-104
|
|
ldap.py would still need some additional split-up but it's a start.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Oct 8 14:05:18 UTC 2010 on sn-devel-104
|
