summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-09-13Revert "s4:samldb LDB module - simplify the message handling on add and ↵Matthias Dieter Wallnöfer1-26/+33
modify operations" This reverts commit 1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d. This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this. I will rework this further.
2010-09-12s4:samldb LDB module - remove a disastrous "talloc_free"Matthias Dieter Wallnöfer1-2/+0
This completely destroys the program logic (async callbacks). Sorry for introducing this.
2010-09-12Revert "s4:util_samr.c - also here we've now the default primaryGroupID ↵Matthias Dieter Wallnöfer1-1/+4
detection working" This reverts commit 7e9e35db4126f953e8a2579d992c63b274011119. Sorry, the logic is working differently here. We do still need this.
2010-09-12s4:util_samr.c - also here we've now the default primaryGroupID detection ↵Matthias Dieter Wallnöfer1-4/+1
working
2010-09-12s4:ldap.py - tests the primary group detection by the "userAccountControl"Matthias Dieter Wallnöfer1-2/+47
2010-09-12s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID ↵Matthias Dieter Wallnöfer1-1/+5
derivation from "userAccountControl" Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
2010-09-12s4:samldb LDB module - free the "ac" context after the delete checksMatthias Dieter Wallnöfer1-1/+4
2010-09-12s4:samldb LDB module - simplify the message handling on add and modify ↵Matthias Dieter Wallnöfer1-33/+28
operations We perform always only one shallow copy operation of the message on the "req" context. This allows to free the "ac" context when we've prepared all our changes.
2010-09-12s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see ↵Matthias Dieter Wallnöfer1-41/+41
that it is only in use by the delete operation add and modify helpers will stay on the top of the add and modify operation since they will likely be shared as much as possible.
2010-09-12s4:samldb LDB module - add a comment to mark the beginning of the extended ↵Matthias Dieter Wallnöfer1-0/+2
operation handler
2010-09-12s4:samldb LDB module - refactor "samldb_find_for_defaultObjectCategory" to ↵Matthias Dieter Wallnöfer1-94/+22
be again synchronous Also to make it easier to comprehend
2010-09-12s4:samldb LDB module - refactor the "primaryGroupID" check on user creationMatthias Dieter Wallnöfer1-137/+39
This looks more straight-forward now.
2010-09-12s4:samldb LDB module - get rid of the SID context variableMatthias Dieter Wallnöfer1-20/+17
Since we get more and more rid of async stuff we don't need this in the context anymore.
2010-09-12s4:samldb LDB module - use also here the real attribute denomination ↵Matthias Dieter Wallnöfer1-1/+1
"sAMAccountName" Purely cosmetic - but nicer to read
2010-09-12s4:samldb LDB module - rename "check_SamAccountType" into "check_sAMAccountType"Matthias Dieter Wallnöfer1-5/+4
And a small cosmetic change. I like to have the real attribute names in the function denominations
2010-09-12s4:samldb LDB module - make "samldb_check_sAMAccountName" synchronous againMatthias Dieter Wallnöfer1-71/+19
To make it more understandable
2010-09-11s4:ldb_register_samba_handlers - fix up and convert result codes to LDB/LDAP ↵Matthias Dieter Wallnöfer1-3/+3
results
2010-09-11libcli/security Use talloc_zero when making a struct security_tokenAndrew Bartlett1-2/+0
2010-09-11s4-privs Seperate rights and privilegesAndrew Bartlett1-2/+6
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-1/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-10s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOroleAnatoliy Atanasov2-3/+4
This removed an unnecessary conversion of the return type in drepl_take_FSMO_role.
2010-09-10s4/fsmo: Fix callback declarationAnatoliy Atanasov1-1/+2
2010-09-10s4-dreplsrv: fix 'dn' for partition object being createdKamen Mazdrashki1-1/+9
2010-09-10s4-drs-fsmo: try to dispatch ops in queue as soon as possibleKamen Mazdrashki1-1/+9
In most cases this will transfer of schema master role to look like a synchronous operation.
2010-09-10s4-fsmo: update FSMO changes for recent IRPC workAndrew Tridgell2-7/+13
the IRPC API has changed Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-10s4/drs: update repsFrom only when we are not in getncchanges extended opAnatoliy Atanasov1-4/+4
2010-09-10s4-ldap: Added support for FSMO role transfer via LDAP by modify on rootDSENadezhda Ivanova1-1/+46
GetNCChanges with the corresponding extended operation is initiated and added to the queue when a modify request is received on becomeSchemaMaster, becomeRidMaster, becomeNamingMaster, becomeInfrastructureMaster and becomePDC attributes in rootDSE.
2010-09-10s4-irpc: Added internal rpc call DREPL_TAKEFSMOROLENadezhda Ivanova1-1/+10
It schedules a getncchanges with extended op 6, to be used when a modify request on becomeROLEMaster atteibute on rootDSE is received.
2010-09-10s4-drs: Implementation of GetNCChanges extended op 6 - fsmo role transferNadezhda Ivanova3-2/+154
Basically the candidate owner makes a getncchanges call with extended op 6 when they want to become the new owner. The current owner then updates the corresponding fSMORoleOwner attribute in its database with the new owner, and replicates the change to the candidate, who then becomes the owner. The patch was made in cooperation with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> who kindly helped to debug it.
2010-09-10s4-drs: Refactored drepl_service and send_ridalloc_request so that the ↵Nadezhda Ivanova2-27/+48
structures can be used for other extended ops
2010-09-09s4-dreplsrv: Do allocations on long-living context so that callback gets calledKamen Mazdrashki1-1/+1
2010-09-09s4-dreplsrv: Call dreplsrv_out_operation::callback in case we fail to even ↵Kamen Mazdrashki1-0/+8
run the operation Operation was scheduled already, so we need to call the callback function for it to be able to do its job. For instance, if we are blocking an rpc call until an operation is completed and there is no memory, then client will be blocked without knowing what is going on with the server.
2010-09-09s4-dsdb/repl/drepl_out_pull.c: Remove unused codeKamen Mazdrashki1-43/+0
2010-09-09s4-drepl_service.c: Update (C)Kamen Mazdrashki1-9/+10
and remove few trailing white spaces
2010-09-09s4-drepsrv: Dump more info when drepl_replica_sync() failsKamen Mazdrashki1-24/+28
There are many spots where this function may fail and I find it very useful to know where exactly function fails and what are the input parameters during testing. REPLICA_SYNC_FAIL() macro now dumps an error message so we may remove extra DEBUG() dump in implementation.
2010-09-09s4-dsdb Change debug levels for startup messagesAndrew Bartlett2-10/+10
We should make the 'common' error not show up, but the unusal case fatal. Andrew Bartlett
2010-09-09s4-pydsdb: expose samdb_partitions_dn() as get_partitions_dn() in pythonAndrew Tridgell1-0/+30
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-07s4-dreplsrv: Run NC replication synchronously if requestedKamen Mazdrashki1-30/+119
2010-09-05s4-idl: redefine dreplsrv_refresh() to be alike other RPC function definitionsKamen Mazdrashki1-1/+1
Sorry for the 'custom' definition first time
2010-09-05dsdb: make the ATTRIBUTE NOT FOUND more clearMatthieu Patou2-0/+5
2010-09-04dsdb: Add missing dependencies for dsdb ldb modules.Jelmer Vernooij1-2/+2
2010-09-03s4:dsdb/kcc: use irpc_binding_handle_by_name()Stefan Metzmacher2-7/+40
metze
2010-09-03s4-dreplsrv: Refactor drepl_replica_sync() to behave as described in MS-DRSRKamen Mazdrashki1-8/+111
see: MS-DRSR - 4.1.23.2 Note: Synchronious replication not implemented yet.
2010-09-03s4-dreplsrv: Helpers to locate source DSA in a partition by GUID or DNS nameKamen Mazdrashki1-0/+40
2010-09-03s4-dreplsrv: Helper to find NC by DN or GUID or SIDKamen Mazdrashki1-0/+33
2010-09-03s4-dreplsrv: Add caller-specific data parameter for dreplsrv_fsmo_callback_tKamen Mazdrashki3-7/+14
It is to be used when we need to preserve a state to be used in tha callback when dreplsrv_out_operation is completed
2010-09-02s4:dsdb Fix attribute being searched for in dereference against Fedora DSAndrew Bartlett1-1/+1
The problem here is that these attributes are not mapped in the simple_ldap_map, and they were changed a while back. Andrew Bartlett
2010-09-02s4:dsdb Make the dereference control critical if input is criticalAndrew Bartlett1-1/+3
This helps us ensure that the backend knows about and respects the dereference control if our caller has asked that the extended DN control be considered critical. Andrew Bartlett
2010-09-02s4:dsdb Don't reload the schema against OpenLDAP backendAndrew Bartlett2-3/+13
The schema should be considered read-only when we are using the OL backend, as we can't update the backend schema in real time anyway. Andrew Bartlett
2010-08-28s4-kcc: Notify dreplsrv that Topology has changedKamen Mazdrashki1-0/+29
generated by cgit (git 2.34.1) at 2024-07-07 15:28:42 +0000