summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-09-24s4:samldb LDB module - it isn't allowed to create user/computer accounts ↵Matthias Dieter Wallnöfer2-10/+13
with a primary group specified It can only be changed afterwards. We allow a "relax"ed exception for the provision state since we need this for the guest account. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:dsdb/common/util_samr.c - remove the primary group specificationsMatthias Dieter Wallnöfer1-4/+0
Now also the primary group detection/change on modify operations does work Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:ldap.py - test default primary groups on modify operationsMatthias Dieter Wallnöfer1-0/+70
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:samldb LDB module - support the "userAccountControl" -> "primaryGroupID" ↵Matthias Dieter Wallnöfer1-16/+11
detection also on modify operations Also requested by MS-SAMR 3.1.1.8.1. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:ldap.py - enhance SAM user/groups behaviour test regarding default ↵Matthias Dieter Wallnöfer1-5/+34
primary groups Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - make more use of LDB result constantsMatthias Dieter Wallnöfer1-17/+17
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - fix comment typoMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:password_hash LDB module - don't assign "lp_ctx" twiceMatthias Dieter Wallnöfer1-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - fix counter typesMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:extended_dn_in LDB module - fix a counter typeMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:drepl_out_helpers.c - fix a counter typeMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4/dsdb:kcc: cleanup and improve readabilityAnatoliy Atanasov1-4/+5
2010-09-23s4:dsdb/kcc: we don't need to manually allocate [out,ref] pointers anymoreStefan Metzmacher1-6/+1
metze Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-23s4-kcc: the kcc should not be setting the repsTo attributeAndrew Tridgell1-32/+2
repsTo is set by other DCs, when they ask to be notified about changes in a partition
2010-09-23s4-kcc: added service->am_rodcAndrew Tridgell4-21/+14
use a rodc flag on the service instead of calling samdb_rodc each time
2010-09-23s4-kcc: pass the service context into the kcc connection codeAndrew Tridgell2-64/+65
this will be used for the RODC changes needed for the kcc
2010-09-22s4-selftest: Move samba3sam test to standard python directory.Jelmer Vernooij1-1092/+0
2010-09-22dsdb: Use short path for ldb_handlers.h, in case ldb is installed in theJelmer Vernooij1-1/+1
system.
2010-09-21s4-ldap: Fixed a problem with NC's having a parentGUID attributeNadezhda Ivanova2-14/+48
NC's other than default NC had a parentGUID, due to an incorrect check of whether the object has a parent. Fixed by checking object's instanceType instead.
2010-09-20s4-drepl: use the partition UDV and hwm for extended getncchanges opsAndrew Tridgell3-28/+75
we find the NC root then load the uptodateness vector and highwater mark, if available, from there
2010-09-20s4-rodc: fixed repsFrom store on RODCAndrew Tridgell1-14/+11
We were disallowing repsFrom store as a RODC on the basis that it is a write to the directory. It should be allowed, as its is a non-replicated attribute. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-20s4-kcc: a bit more debug info on repsFrom creationAndrew Tridgell1-1/+7
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-21s4-dsdb-schema_prefixmap: return WERR_DS_NO_ATTRIBUTE_OR_VALUE when ATTID is ↵Kamen Mazdrashki1-1/+1
not found rather than WERR_INTERNAL_ERROR - it is not internal error!
2010-09-21s4-dsdb-schema_prefixmap: Print debug message when internal failure occursKamen Mazdrashki1-0/+5
2010-09-20s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders testAnatoliy Atanasov2-0/+94
2010-09-20s4/fsmo: Create separate function for retrieving fsmo role dn and owner dn.Anatoliy Atanasov2-54/+81
This functionality is needed for DsCrackNames ListRoles command also.
2010-09-20s4/drs: use type enum drsuapi_DsNameFormat in DsCrackNames codeAnatoliy Atanasov1-9/+20
2010-09-19s4-rootdse: mark registered controls as non-criticalAndrew Tridgell1-0/+37
this is needed for clients that may include unnecessary controls in requests and mark them as non-critical
2010-09-19s4/fsmo: Naming master support addedAnatoliy Atanasov1-1/+2
Test suite for fsmo is extended with a test case for naming master too.
2010-09-19s4-pydsdb: added am_rodc() method on samdbAndrew Tridgell1-0/+27
2010-09-18s4-drs: Check for schema changes only in case we are *not* applying Schema ↵Kamen Mazdrashki1-8/+19
replica This fixes the problem when we fail to replicate with a partner DC that has a newer Schema with attributeSchema objects with OIDs that we don't have in our local prefixMap.
2010-09-17s4-schema: Helper func to compare schemaInfo signituresKamen Mazdrashki1-0/+41
2010-09-17s4-schema: use dsdb_schema_info_blob_is_valid() to verify schemaInfo blobKamen Mazdrashki1-9/+6
instead of parsing it.
2010-09-17s4-prefixMap: use dsdb_schema_info_blob_is_valid() for schemaInfo blob ↵Kamen Mazdrashki1-4/+2
validation This fixes a leaking dsdb_schema_info object also.
2010-09-17s4-dsdb: Add dsdb_schema_info_blob_is_valid() to verify schemaInfo bloblsKamen Mazdrashki1-10/+24
2010-09-16s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} callsAndrew Tridgell3-1/+97
2010-09-16s4-repl: if we are an RODC don't set WRIT_REP in replicationAndrew Tridgell1-2/+7
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: add partial attribute set to getncchanges calls for RODCsAndrew Tridgell4-9/+67
when we are a RODC we must supply a partial attribute set in the getncchanges call Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: added min_usn to extended replication callAndrew Tridgell4-2/+9
the repl_secret code needs to set it to avoid too many duplicate attributes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: added repl_secret handling Andrew Tridgell2-2/+98
initiate a repl secret extended op when requested Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: cleanup the extended op calls in repl serverAndrew Tridgell5-21/+23
- use generic parameter names - trigger a run of pending ops on all extended ops - don't prevent parallel fsmo transfers - moved extended op code into drepl_extended
2010-09-16s4-pyjoin: fill in the dns name in the python replication methodAndrew Tridgell1-0/+40
this is needed to get the repsFrom DNS entry right Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: split out the extended op handling Andrew Tridgell3-137/+169
this is not part of the rid allocation logic Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: cleanup getncchanges extended op callsAndrew Tridgell3-40/+70
Multiple calls are allowed to run in parallel as long as they don't conflict. This also cleans up the variable names in the extended op calls. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4/fsmo: Handle infrastructure, pdc and rid extended opsAnatoliy Atanasov2-45/+53
With this change we can transfer all roles back and forward, except for the naming master. Also this commit fixes the naming of fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner role_owner_dn - used to point to the NTDSDSA who owns the role Now we always pass fsmo_role_dn, role_owner_dn to the extended operation and to drepl_create_role_owner_source_dsa Conflicts: source4/dsdb/repl/drepl_ridalloc.c
2010-09-15s4-repl: use consistent API calls for getting DN GUIDAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4: fixed some printf format errorsAndrew Tridgell1-1/+1
2010-09-15s4-rodc: add a trigger message for REPL_SECRET to auth_samAndrew Tridgell1-0/+14
when an RODC tries to authenticate against an account and the account has no password information it needs to send a message to the drepl server to tell it to try and replicate the secret information from a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4-kcc: removed redundent loop check Andrew Tridgell1-1/+1
el has already been checked for NULL
2010-09-15s4-dsdb: check for invalid backend typeAndrew Tridgell1-0/+2