Age | Commit message (Collapse) | Author | Files | Lines |
|
The schema refresh operation itself starts requests from the top of the LDB
modules stack (see call "dsdb_schema_set_attributes" - search operations).
This doesn't work well when these do perform "dsdb_get_schema" calls. Since the
new schema isn't marked as "refreshed" atm (but in fact it still is - we didn't
terminate the reload/refresh yet) we could perform other calls to
"dsdb_schema_refresh" and run into serious trouble (segfault).
|
|
|
|
We already choose the right entry by specifying the right basedn with scope
"LDB_SCOPE_BASE".
|
|
|
|
|
|
|
|
After a patch proposal of Nadya and some reflection I think that it's really
worth to change all tests which need a "0" "minPwdAge" to set it manually and
reset the default afterwards.
So we can finally introduce the default "minPwdAge" on provision.
Patch proposal by: Nadya Ivanova
|
|
|
|
This is needed so we can find and free old schemas based using
the cached pointer
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
It was reported by aatanasov that we kept around one whole schema per
modification made. This does not fix that, but I hope moves us closer
to a fix
The most important part of the fix is that:
- if (schema_out != schema_in) {
- talloc_unlink(schema_in, ldb);
- }
was the wrong way around. This is now handled in the schema_set calls.
Andrew Bartlett
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
DSDB_FLAG_NEXT_MODULE flag
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
DSDB_FLAG_NEXT_MODULE flag
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
DSDB_FLAG_NEXT_MODULE flag
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Although it is not currently used in implementation,
my intention is for callers to clearly state what
action they want to execute.
Currently when a caller wants to pass the call to the next
module in the chain, this flag is either omitted or 0 is used
(which is somewhat hacky, isn't it)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
password changes
They will be enabled once the ACL modules supports it. It was my fault to not
import them earlier.
|
|
metze
|
|
Especially the "free"s after "ldb_msg_diff" are very important since the diff
message is allocated on the long-living LDB context.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
The problem here is that if the schema has been modified on the source
domain, there may be attributes that appear over DRS with 0 values (to
indicate that any existing values on the target should be deleted).
This would confuse the previous version of this macro.
Andrew Bartlett
|
|
also below the "if" block
|
|
backend."
This reverts commit ed4c107bc1eac8531fdd8d09f7698efcbc7ecb14.
See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
|
|
|
|
This ensures that our DC will use all the available encyption types.
(The KDC reads this entry to determine what the server supports)
Andrew Bartlett
|
|
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
|
|
|
|
When this right is granted, the user can add or remove themselves from a group even
if they dont have write property right.
|
|
We should rename objects only after we make sure, that
changes on the partner DC are newer than what we have.
This fixes a bug, when we have following situation with 2 DCs:
- we have an object O on the two DCs
- we rename (delete) object O on DC1
- DC1 replicates from DC2
In the above scenario, object O will be renamed back
to its original name (i.e. it will be restored).
Now, we check that DC2 state is older than what we have,
so nothing happens with object's DN.
|
|
metze
|
|
by any valid DSName attribute given, be it - partition DN,
partition GUID or partition SID
|
|
Using "#!/usr/bin/env python" is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
|
|
|
|
When a user only provides only the lanman hash (and nothing else) and the
lanman authentication is deactivated then we end in an account with no
password attribute at all! Lock this down.
|
|
|
|
|
|
This way dsdb_setup_sorted_accessors() will
free memory allocated for accessor arrays correctly
in case of failure,
|
|
O(n) search for dsdb_attribute by msDS-IntId value was
replaced by binary-search in ordered index.
I've choosen the approach of separate index on msDS-IntId values
as I think it is more clear what we are searching for.
And it should little bit faster as we can clearly determine
in which index to perform the search based on ATTID value -
ATTIDs based on prefixMap and ATTIDs based on msDS-IntId
are in separate ranges.
Other way to implement this index was to merge msDS-IntId values
in attributeID_id index.
This led me to a shorted but not so obvious implementation.
|
|
|
|
control
|
|
As far as I can tell and the test show the DN gets now normalised automatically
when stored into the database.
Anyway, if we find a case where this doesn't happen then I propose to do it
centrally for all DN attributes in common since we should get away from special
attribute hacks as far as possible.
|
|
private, to discourage them being called directly.
|