summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-09-21s4-schema: don't trace the schema load (too verbose)Andrew Tridgell1-12/+24
2009-09-21s4-ldap: default edn type is 0Andrew Tridgell1-1/+1
2009-09-21s4-ldb: add support for extended DNs in the rootDSEAndrew Tridgell1-2/+135
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs
2009-09-21s4-dsdb: fixed a printf format warningAndrew Tridgell1-1/+1
2009-09-21s4:kerberos Fix the salt to match Windows 2008.Andrew Bartlett1-1/+1
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett
2009-09-21s4:dsdb/resolve_oids: add fast pathes for the common operations without oidsStefan Metzmacher1-0/+217
metze
2009-09-21s4:dsdb/resolve_oids: check return values in recursionStefan Metzmacher1-3/+6
metze
2009-09-21Merge branch 'master' of git://git.samba.org/sambaMatthias Dieter Wallnöfer1-0/+29
2009-09-20s4:samba3sam.py test - remove the primary group ID attribute hereMatthias Dieter Wallnöfer1-7/+2
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm).
2009-09-20Disable descriptor module unless enabled in smb.confNadezhda Ivanova1-0/+29
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf
2009-09-20s4:dsdb/common/util - Check for the right forest/domain function levelMatthias Dieter Wallnöfer1-0/+57
This adds a function which performs the check for the supported forest and domain function levels. On an unsuccessful result a textual error message can be created (parameter "errmsg" != NULL) which gives hints for the user to help him fixing the issue.
2009-09-20dsdb/samdb: add resolve_oids moduleStefan Metzmacher2-0/+438
Windows Servers allow OID strings to be used instead of attribute/class names. For now we only resolve the OIDs in the search expressions, the rest will follow. metze
2009-09-19Handle dsdb_class_by_lDAPDisplayName returned values in schema_inferiors.cAnatoliy Atanasov1-0/+8
2009-09-19Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.Anatoliy Atanasov2-7/+7
2009-09-19s4:dsdb Print the partition we failed to suggest replication forAndrew Bartlett1-1/+2
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell5-20/+23
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-09-18s4-drs: cope with dupliate linked attributesAndrew Tridgell1-1/+41
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS which are duplicates of entries that we already have. We need to cope with this by using a remove/add pair in the ldb_modify() to avoid a "entry already exists" error
2009-09-17s4:descriptor module - Revert and const fixupsMatthias Dieter Wallnöfer1-7/+18
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings
2009-09-17s4:descriptor - cosmeticMatthias Dieter Wallnöfer1-1/+1
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer2-10/+3
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-16Owner and group defaulting.Nadezhda Ivanova3-57/+479
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16s4-repl: raise a debug levelAndrew Tridgell1-1/+1
2009-09-16s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't existAndrew Tridgell1-0/+8
When a partition is first created it still needs a uSNHighest value
2009-09-15s4-repl: take advantage of async RPC forwardingAndrew Tridgell1-5/+3
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15s4-repl: don't do double replicationAndrew Tridgell2-2/+36
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-15s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell1-10/+10
we were setting local_usn after the marshall, so it wasn't going into the object
2009-09-15s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()Andrew Tridgell2-4/+4
Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better.
2009-09-15s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell1-0/+5
2009-09-15s4:schema Add code to provide an index into the subClass treeAndrew Bartlett2-1/+27
In time, this should avoid the astounding (order) complexity of the objectclass sorting in objectclass.c eventually. Andrew Bartlett
2009-09-14s4-repl: handle rename in repl_meta_dataAndrew Tridgell1-0/+97
On a rename we need to update uSNChanged, and the max uSN for the partition
2009-09-14s4-repl: fixed a memory error handling linked attributesAndrew Tridgell1-10/+10
We could get a double free with multiple linked attributes in a message
2009-09-14s4-repl: fall back to repsFrom if repsTo not setAndrew Tridgell1-2/+4
Windows does not seem to be always setting up repsTo using DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo is empty. This is almost certainly incorrect, but it does get notification based replication working with both w2k3 and w2k8.
2009-09-14dsdb: the samba3 ldap schema has no sambaAccountPolicy (any more at least)Michael Adam1-1/+0
Michael
2009-09-13s4-repl: added a preiodic notification check to the repl taskAndrew Tridgell7-4/+480
The dreplsrv_notify code checks the partition uSN values every N seconds, and if one has changed then it sends a DsReplicaSync to all the replication partners listed in the repsTo attribute for the partition.
2009-09-13s4-repl: use the new dsdb partition uSN helper fnsAndrew Tridgell1-78/+16
2009-09-13s4-dsdb: added dsdb_load_partition_usn and dsdb_save_partition_usnAndrew Tridgell1-0/+146
These are used to load/save the per-partition uSN values managed by the repl_meta_data module
2009-09-13s4-sam: allow a search to specify a partitionAndrew Tridgell1-2/+17
You can now attach a partition control to searches to search within a specific partition. This is used to get at the per-partition @REPLCHANGED object
2009-09-13s4-repl: keep a @REPLCHANGED object on each partitionAndrew Tridgell1-24/+310
This object tracks the highest uSN in each partition. It will be used to allow us to efficiently detect changes in a partition for sending DsReplicaSync messages to our replication partners.
2009-09-12s4:repl_meta_data: increment the attribute version with each changeStefan Metzmacher1-1/+2
metze
2009-09-12s4-samdb: make it possible to ask for the sequence number of a partitionAndrew Tridgell1-0/+9
The partition module normally makes the sequence number extended op operate across all partitions. It will be useful in the repl task to be able to ask for the sequence number of one partition
2009-09-12s4-repl: fixed memory leaksAndrew Tridgell3-12/+31
These memory leaks were mostly caused by the fact that refresh_partitions is now called periodically
2009-09-12s4-repl: don't be too eager to allocate new sequence numbersAndrew Tridgell1-7/+9
we only need to allocate a new sequence number when replPropertyMetaData is changing or being created on an object
2009-09-12s4-samdb: internal s4 ldb modules should be GPL not LGPLAndrew Tridgell8-95/+63
I think these modules ended up LGPL because someone based the module on an existing LGPL module in the core ldb, and it spread from there. Certainly there is no reason for the ldb modules that are not distributed as part of ldb to be LGPL.
2009-09-12s4-repl: we should only update uSNChanged when replication data changesAndrew Tridgell1-29/+39
When changing non-replicated attributes we should not update the uSNChanged attribute on the record, otherwise the DRS server will think this record needs replicating.
2009-09-12s4-kcc: we should only add to the repsFrom if it doesn't already existAndrew Tridgell2-45/+182
If we already have a repsFrom for a particular DC and naming context then we should not overwrite it, as it contains info on what replication we've already done
2009-09-12repl_meta_data: Fix include path when building with standalone ldb.Jelmer Vernooij1-1/+1
2009-09-11s4-vampire: cope with no invocationID when vampiring the schemaAndrew Tridgell1-3/+4
2009-09-11s4-repl: refresh the partitions on each cycleAndrew Tridgell2-3/+4
The KCC might have changed repsFrom, which is stored in the partitions structure
2009-09-11s4-kcc: add a very simple KCCAndrew Tridgell4-0/+533
A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon that works out who will replicate with who in a AD domain. This implements an extremely simple KCC task that just wants to replicate with everyone :-)
2009-09-11s4-repl: don't update replPropertyMetaData for non-replicated attributesAndrew Tridgell1-0/+7
thanks to Metze for spotting this