summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-10-03s4:dsdb Add objectClass and RDN constraints to objectClass moduleAndrew Bartlett1-8/+35
These additional constraints are applied, found by the Microsoft testsuite. - When the parent is not present, we now return 'NO_SUCH_OBJECT'. - Restrict the choice of RDN to the correct one per the schema - Honour the allowedChildClasses attribute from the parent's objectClass. Andrew Bartlett
2009-10-03s4:dsdb Don't allow creation of systemOnly objectclassesMatthias Dieter Wallnöfer2-4/+10
(except as part of the provision, which specifies the 'relax' control) Andrew Bartlett
2009-10-02s4:repl_meta_data - variousMatthias Dieter Wallnöfer1-9/+38
- Add more "talloc_free"s and right error values where needed - Add a pre-lookup for entries before searching for metadata attribute (also suggested by TODO list) - Now the most part of "ldap.py" works again
2009-10-02s4:dsdb Return correct error on invalid attributeAndrew Bartlett1-1/+2
This error per the Microsoft testsuite
2009-10-02s4:dsdb Pass down the exact error code on failure in repl_meta_dataAndrew Bartlett1-5/+5
2009-10-02s4:samdb_set_password - Return the maximum password age when requested (not ↵Matthias Dieter Wallnöfer1-2/+3
the minimum one)
2009-10-02s4:samdb_set_password - cosmetic fixesMatthias Dieter Wallnöfer1-44/+58
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-6/+8
2009-10-02s4:dsdb Fix crash from LDAP login of DOM\\Andrew Bartlett1-5/+3
The issue here is that when we resolve DOM\\ into an NT4 name, we would not initilise the nt4_account output. Andrew Bartlett
2009-10-02s4:dsdb rework instanceType module - put instanceType in provisionAndrew Bartlett1-29/+9
The instanceType needs to be specified in future because that's how the partitions are actually created.
2009-10-02s4:dsdb Don't allow creating of new objects with an isDefunct schema classAndrew Bartlett1-1/+7
2009-10-02s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OIDAndrew Bartlett2-0/+144
This allows this control to be specified as critical. We support the control because we choose to always be durable in our transactions. We really, really need a 'duplicate request' API, as at the moment we can't do this without a large, error-prone set of code that cannot cope with new request fields or types. Andrew Bartlett
2009-10-02s4-ldb: Use relax control to check in replace metadata module if we accept ↵Matthieu Patou1-5/+38
request that specify objectGUID attribute.
2009-10-02s4:Ensure the selected RDN is the right one per the schemaAndrew Bartlett1-1/+7
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett
2009-10-02s4-samldb: the samldb module requires that the primary group existsAndrew Tridgell1-9/+17
We need to create Domain Users in the test ldb
2009-10-02s4-samdb: added some debuggingAndrew Tridgell1-2/+8
This helped track down the samba3sam.py failures
2009-10-02s4:dsdb/common/sidmap - RemoveMatthias Dieter Wallnöfer2-613/+0
As metze pointed out - this seems to be completely dead code. I too didn't find any dependencies in other code parts. Therefore remove it.
2009-10-02s4-ldb: accept the binary DN OIDs in extended DN modulesAndrew Tridgell2-4/+8
2009-10-02s4-ldb: Add support for binary blobs in DNsAndrew Tridgell1-23/+113
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-09-30s4:dsdb/common/util - remove introduced "samdb_is_capable_dc" callMatthias Dieter Wallnöfer1-57/+0
I came up with a better solution which is invoked when we try to join a domain as a DC (in file "libnet_become_dc.c"). Consider a following commit for this patch.
2009-09-28s4-kcc: fixed corruption of repsFrom records by kccAndrew Tridgell1-4/+2
We were re-using a stack variable outside of the stack scope
2009-09-28s4-kcc: remove stale repsFrom entries in kcc runAndrew Tridgell1-0/+11
2009-09-28s4-dsdb: don't return the partition root objectsAndrew Tridgell1-1/+19
When searching across partitions, we want to avoid sending duplicate records caused by the record appearing both as a mount point and as a partition root in a nested partition. This patch works by intercepting objects from searches and checking if they match a partition root. If they do, and the partition is not the one in the partition control request, then discard the object.
2009-09-28s4-dsdb: removed extraneous debug messagesAndrew Tridgell1-4/+0
2009-09-28s4-dsdb: update replPropertyMetaData on linked attribute source attributesAndrew Tridgell1-0/+23
2009-09-28s4-dsdb: fixed searching for GUID based DNs between partitionsAndrew Tridgell1-2/+16
2009-09-28s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as criticalAndrew Tridgell1-0/+10
We may also need to remove the isCriticalSystemObject when the machine is demoted
2009-09-28s4-repl: free the la list on prepare commit failureAndrew Tridgell1-0/+3
2009-09-28s4-samdb: free the linked_attributes list on prepare commit failureAndrew Tridgell1-0/+6
2009-09-28s4-repl: use GUID to resolve target in linked attributesAndrew Tridgell1-8/+7
When we vampire from w2k8-r2, the DC sends us a linked attribute for our machine account which has a target DN with a GUID of the OU=Domain Controllers objects, but has a DN of CN=Computers. We need to use the GUID to resolve the real DN.
2009-09-28s4-dsdb: ask for an extended DN in dsdb_find_dn_by_guid()Andrew Tridgell1-0/+5
2009-09-28s4-dsdb: make dsdb_search_dn_with_deleted public for repl_meta_data moduleAndrew Tridgell1-5/+5
2009-09-28s4-drs: fixed sorting of replPropertyMetaDataAndrew Tridgell1-31/+44
This also ensures we add the SHOW_DELETED control on searches for old replPropertyMetaData attributes
2009-09-24s4-drs: add defines for replication flags on attributesAndrew Tridgell1-5/+2
2009-09-24s4-ldb: sort replPropertyMetaData by attidAndrew Tridgell1-1/+16
We need to sort on both module add and modify
2009-09-24s4-ldb: add instanceType in repl_meta_data moduleAndrew Tridgell1-0/+8
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data to ensure we fill in the meta data for replication
2009-09-24s4-drs: add SHOW_DELETED control on dsdb utility callsAndrew Tridgell1-2/+60
The dsdb_find_dn_by_guid() and dsdb_find_sid_by_dn() are using by the DRS server call getncchanges on objects that may be deleted.
2009-09-23s4-dsdb: cope with windows sending extra pad bytesAndrew Tridgell1-4/+4
2009-09-23s4-dsdb: added dsdb_find_sid_by_dn()Andrew Tridgell1-0/+30
2009-09-23s4-drs: ignore zero value elements in DRS add operationsAndrew Tridgell1-0/+13
w2k8 sometimes sends us a new object via DRS with an attribute with no values
2009-09-22s4-ldb: added a bunch more debug for DC joinAndrew Tridgell5-0/+17
These additional debug messages were added to help us track down w2k8->s4 domain join
2009-09-22s4-ldbmodules: allow instanceType to be specified by clientsAndrew Tridgell1-0/+6
This is needed for the WSPP ADS testsuite
2009-09-21s4:dsdb Fix of double addition of SD-sNadezhda Ivanova2-11/+25
Also add error strings in descriptor module
2009-09-21s4:ldb Add 'single-value' support to LDB.Andrew Bartlett1-0/+4
This is currently only triggered via Samba4's schema code.
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova4-21/+160
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova4-0/+1188
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-21s4:dsdb Run the new 'descriptor' module by default.Andrew Bartlett1-6/+0
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett
2009-09-21s4-schema: don't trace the schema load (too verbose)Andrew Tridgell1-12/+24
2009-09-21s4-ldap: default edn type is 0Andrew Tridgell1-1/+1
2009-09-21s4-ldb: add support for extended DNs in the rootDSEAndrew Tridgell1-2/+135
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs