Age | Commit message (Collapse) | Author | Files | Lines |
|
The objectClass list is sorted at this point, as we are called below
the objectclass module here, or are working from a search result.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar 26 05:38:13 CEST 2012 on sn-devel-104
|
|
"(dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local)" test
This syntax is not supported by Windows AD and should also be denied by
s4/LDB.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar 26 02:30:53 CEST 2012 on sn-devel-104
|
|
Make it AD-compatible using "(distinguishedName=...)".
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
behaviour
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
If the objectclass entry has been sorted before we are able to determine
the (last) structural or 88 object class in constant time.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
88 objectclasses
Please have a look at MS-ADTS 3.1.1.1.4.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Make it easier to comprehend
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Mar 14 11:59:02 CET 2012 on sn-devel-104
|
|
It's a bit confusing to mix low-level and high-level libraries. We had
multiple libraries in one directory, and there were have circular
dependencies with other libraries outside that directory (in this case,
samba-hostconfig).
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
|
|
This patch addresses a segfault in acl_validate_spn_value which occurs
when the "dnsHostName" attribute is missing. This seems to be the case
in domains migrated with samba3upgrade. Looks similar to MS KB 817543.
Signed-off-by: Nadezhda Ivanova <nivanova@drizzit.(none)>
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Mar 2 21:26:40 CET 2012 on sn-devel-104
|
|
Found by callcatcher.
Ricky Nance
|
|
Found by callcatcher.
Ricky Nance
|
|
Found by callcatcher
Ricky Nance
|
|
Kerberos is efficient when the credentials cache is set up once and
then reused.
Sadly this test creates a user, does a test and deletes the user, over
and over.
For this, using NTLM saves a little time, but we also stress the rest
of the DB, and should rework the test.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
|
|
This fixes the error output from tdb2 when metadata module tries
to create metadata.tdb first time. This error is reported since
metadata module tries to check if tdb exists by trying to open
tdb file.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon Feb 13 03:02:09 CET 2012 on sn-devel-104
|
|
anymore in reps*"
This reverts commit 5bfd6251eb22ff701184a95649822a73cf4d157b.
This change has been causing regular segfaults in the build farm since
it was applied. I also think it may be unnecessary as
dreplsrv_refresh_partitions() should already be achieving the same
thing (removing stale replication targets).
I think the segfaults were caused by freeing an in-flight DSA, but I
have been unable to reproduce it outside of the build farm
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Feb 1 07:49:42 CET 2012 on sn-devel-104
|
|
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now.
Similarly, tdb_errorstr() -> tdb_errorstr_compat().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
This way we only catch true exceptions and keyboard interrupts
are not caught here.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
|
|
supplementalCredentials
If this is missing a w2k8r2 server will reboot, when someone tries to
change a password.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
|
|
Add NTDSSITELINK options to dsdb class for use
in python samba_kcc
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
"unix_to_nt_time()" which is based on "time_t" behaves differently for
literals > 32 bit on 32 and 64 bit platforms.
Reviewed-by: ekacnet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
|
|
For the configuration container we do a full scan at every run of the
kcc-delete service. For the base DN we introduce a new parameter that
avoid the full scan to kick just when samba starts.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
If the parent object is a SAM object (as defined in 3.1.1.5.2.3
Special Classes and Attributes of MS-ADTS) then we can use the subtree
delete control even if the object is a critical one.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
|
|
metze
|
|
doing
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
|
|
Modification to periodic and explicit invocation
paths of the KCC topology generation code. Managed
via samba_runcmd_send() API. The samba_kcc script
is invoked if (kccsrv:samba_kcc = true) appears in smb.conf
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The subreq and status fields in the kcc_service struct
are added for execution management of the external samba_kcc
python script.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
in reps*
Servers connection can be removed from repsTo and respFrom either due to
DC demote or topology change by the KCC, if a server is removed from the
reps* it must be effectivly removed from the list of server that we will
contact for getNcChanges and for replicaSync.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
|
|
the one we want to use
|
|
|
|
Sometimes windows DC will set up dNSHostname before setting up
GC SPN and that causes replication errors since samba tries to
use GC SPN, which does not yet exist locally.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This adds support for global sequence number which is independent of
partition information.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The result of the extended operation is now available in the calling
routine.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This was a hack for LDAP backends to store a sequence number as a
timestamp. It is still supported in standalone ldb tdb backend.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We launch a search request with base scope on exactly the same DN (see
downwards).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
attribute interSiteTopologyGenerator even if the value didn't change
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
|
|
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if
pwdLastSet = null, or
pwdLastSet = 0, or
(maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
|
|
|
|
This checks if instanceType attribute is available, and if
INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then
the DN is NC root and security descriptor is not inherited
from parent SD.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
|
|
Normally they should always be passed to the main backend unless
something different has been specified.
Reviewed-by: abartlet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov 15 22:43:06 CET 2011 on sn-devel-104
|
|
"dsdb:schema update allowed = yes" is now needed in smb.conf
to enable schema updates, as schema updates are a currenty a good
way to prevent samba from startup again, because of errors in
the schema definition.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
|
|
By default schema updates are not allowed anymore, as we don't have
complete validation code to prevent database corruption.
metze
|
|
msDS-IntId
As windows we return CONSTRAINT_VIOLATION now.
metze
|
|
schema master
metze
|
|
schema base
The objectclass module should also check for this, but make sure
we also reject it on things like provision.
metze
|