summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-09-22s4-repl: remove unused principal_name elementAndrew Tridgell1-3/+0
2011-09-22s4-dsdb: load the partialReplica attribute in the @PARTITION objectAndrew Tridgell3-2/+27
this modifies the partition module to honor a partialReplica attribute on the @PARTITION module, marking partiations as partial replicas so the NO_GLOBAL_CATALOG control can be honoured
2011-09-22s4-repl: fill in GUID and SID from partition informationAndrew Tridgell1-2/+9
when we find a NC via a DN string, fill in the GUID and SID so the caller can properly report them
2011-09-22s4-kcc: return partial replica NCs in drs showreplAndrew Tridgell1-24/+20
the showrepl operation should return all our replicated NCs, including partial replicas
2011-09-22s4-dsdb: added NO_GLOBAL_CATALOG controlAndrew Tridgell3-1/+14
this control is used to ask samdb to not return searches with a basedn in partial repica partitions, which is needed to support the difference between a search on the 3268 GC ldap port and the non-GC 389 port
2011-09-22s4-dsdb: get GUID and SID for DSA from extended DNAndrew Tridgell1-21/+27
this allows us to use the DN from a hasPartialReplicaNCs attribute to create a reps1 object
2011-09-22s4-dsdb: enable initial replication of partitions via DsReplicaSyncAndrew Tridgell2-0/+52
we need to create a temporary dsa object to allow the replication task to replicate a NC that is not listed in a repsFrom attribute
2011-09-22s4-repl: get NCs to replicate from our NTDS objectAndrew Tridgell1-28/+64
we need to use the hasMasterNCs and hasPartialReplicaNCs attributes on our NTDS object to get the list of NCs to replicate, instead of using the rootDSE. This is needed to support replicating of GC partial replicas, which are not listed in the rootDSE
2011-09-22s4-dsdb: added support for replicating with GC partial attribute setAndrew Tridgell2-3/+51
if we are replicating a partial replica, then we need to supply the partial attribute set we want to replicate to the server
2011-09-22s4-dsdb: failing to find the object is not an error in dsdb_loadreps()Andrew Tridgell1-3/+8
we may not have replicated the partition yet, so this should be considered the same as having no repsFrom/repsTo
2011-09-19s4-dsdb: cope with out of sync replication attributes in partition moduleAndrew Tridgell1-1/+68
if the @ATTRIBUTES or other objects which are replicated between partions become out of sync, then the ldb would fail to open. This changes ensures that we can always fix those records, by running the operation in the top level partition, and replicating the result to the other partitions Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 19 04:31:48 CEST 2011 on sn-devel-104
2011-09-19pyldb: fixed places where we try to concatenate a Dn with a stringAndrew Tridgell2-16/+16
you need to either use str(dn) or use %s in a format string
2011-09-19s4-dsdb: use get_config_basedn() in python testsAndrew Tridgell4-18/+18
we can't just append CN=Configuration to the basedn, as that won't give the right configuration DN for a subdomain of a forest Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-19s4-drs: cope with REPL_OBJ getncchanges call for new objectAndrew Tridgell1-5/+10
when we do a subdomain join we create a new object using a REPL_OBJ getncchanges call for the partitions DN. This has a side effect of creating that object. We need to skip the UDV update in that case Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-08s4-cracknames: use consistent search for crossRef objectsAndrew Tridgell1-2/+4
This matches the search in other places Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Sep 8 05:02:54 CEST 2011 on sn-devel-104
2011-09-08s4-dsdb: prevent crash on bad DN in construct_parent_guid()Andrew Tridgell1-0/+3
this was found by a flakey test in autobuild
2011-09-08s4-dsdb: fixed compiler warningAndrew Tridgell1-1/+1
sid can be const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-07s4-kcc: Fix the list of NCs for DRS replica informationAmitay Isaacs1-3/+21
AD DNS partitions (DomainDnsZones and ForestDnsZones) are listed under msDs-hasMasterNCs attribute for post-2003 windows servers.
2011-09-05s4-cracknames: fixed cracknames to use more specific searchAndrew Tridgell1-13/+12
this uses the bitwise comparison ldap operators to ensure we only get NC roots Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Sep 5 12:48:39 CEST 2011 on sn-devel-104
2011-09-05s4-schema consolidate schema handlingAndrew Bartlett2-45/+37
It also creates a single routine dsdb_load_ldb_results_into_schema() to handle cases where the schema is in the form of an ldb_result. Andrew Bartlett
2011-09-05s4-dsdb Print clearer error messages when invalid account flags are ↵Andrew Bartlett1-0/+9
specified on add
2011-08-26s4-dsdb Return ACL errors as ldb_errstring()Andrew Bartlett3-17/+33
This string is reported to the caller, which makes debugging much easier. Andrew Bartlett
2011-08-25s4-dsdb: fixed use of RMD flags in ldb search in dirsync moduleAndrew Tridgell1-2/+2
I'm pretty sure a SHOW_DELETED was wanted here Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
2011-08-25s4-dsdb: fixed newlines in DEBUG() calls in cracknamesAndrew Tridgell1-14/+14
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-acl: use dnsforest not dnsdomain for GC namesAndrew Tridgell1-3/+3
2011-08-25s4-repl: fixed _msdcs DNS nameAndrew Tridgell3-14/+14
another multi-domain fix
2011-08-25s4-kcc: fixed _msdcs DNS nameAndrew Tridgell1-3/+1
we need to base this DNS name on the forest DNS name for multi-domain support Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: added samdb_ntds_msdcs_dns_name()Andrew Tridgell1-2/+37
this gets the DNS name for a NTDS GUID, based on the forest DNS name Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: fixed calls to ldb_val_string_cmp()Andrew Tridgell1-2/+2
wrong order of arguments
2011-08-25s4-dsdb: added samdb_dn_to_dns_domain()Andrew Tridgell1-0/+36
this converts a DC into the equivalent DNS domain. It is used when forming t_msdcs NTDS DNS names Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: assert that base DNs are used correctlyAndrew Tridgell2-0/+8
this will catch future programmer errors with incorrect base DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: enforce NULL DN validity in partition moduleAndrew Tridgell1-0/+3
windows does not allow a search on the empty DN except for rootDSE searches or for phantom_root searches (ie. with --cross-ncs). By enforcing this in Samba we make it more likely that our tests and utilities will work against windows Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed basedn in extended_dn_in moduleAndrew Tridgell1-6/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: cleanup use of NULL vs base DN in samldbAndrew Tridgell1-7/+18
NULL should be used when doing all partition searches. The default basedn should be used when wanting just the domain NC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: removed unused function in ACL moduleAndrew Tridgell1-39/+0
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed all partitions search in cracknamesAndrew Tridgell1-1/+1
when searching all partitions we must use the NULL basedn, or we will miss partitions in multi-domain setups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-21samdb: Install header file.Jelmer Vernooij1-0/+1
2011-08-18credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij2-2/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-18s4-dsdb: fixed deletion of backlinks for fl2000 DCsAndrew Tridgell1-18/+13
when in FL 2000 we were not correctly deleting backlinks as we uses dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules should use dsdb_module_dn_by_guid() which prevents going to the top level, and finds deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dsdb: added comments and fixed backlink check in repl_meta_dataAndrew Tridgell1-2/+17
added comments explaining the backlink deletion code, plus fix a use of a bitwise operation in a boolean expression, and avoid calling dsdb_functional_level() inside a loop Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dirsync: use dsdb_module_dn_by_guid() not dsdb_find_dn_by_guid() in modulesAndrew Tridgell1-1/+1
this prevents us going to the top level of the module stack Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4:dsdb: use tevent_ fn names instaed of legacy event_ onesSimo Sorce3-3/+3
2011-08-13s4-dsdb: Provide additional method to connect to specified database pathAmitay Isaacs1-5/+16
samdb_connect() now calls samdb_connect_url() with default "sam.ldb". Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb ensure we honour the hash_values control, even for really odd hashesAndrew Bartlett1-2/+4
2011-08-13s4-dsdb Give a less worrying error message on failure to get a transactionAndrew Bartlett1-1/+1
2011-08-13s4-dsdb Add ability to force a particular SID in the upgrade caseAndrew Bartlett1-1/+16
2011-08-13s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH controlAndrew Bartlett2-0/+9
2011-08-12s4-dsdb: don't cache the NTDS settings DNAndrew Tridgell1-9/+8
this DN can change due to a server rename, so we cannot cache it. It is set by provision, but not anywhere else. This seems to not have a large performance impact Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: expand dsServiceName from GUID form at runtimeAndrew Tridgell1-6/+54
this allows dsServiceName to be stored as an extended DN or GUID form in @ROOTDSE, and its string form will be found at runtime. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: remove the naming_fsmo and pdc_fsmo modulesAndrew Tridgell3-42/+0
these are not needed now that the rootdse modules calculates the validFSMOs attribute at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>