| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When a DsAddEntry is used to create a nTDSDSA object we need to also
create the SPNs for the NTDS GUID in the servers machine account.
|
|
|
|
We were trying to encode strings like 'top' as integers, without first
looking them up in our schema. We need special handling for all the
attributes that contain attributeID_id or governsID_id fields that
should be translated first before encoding.
|
|
|
|
This patch implements DsReplicaSync by passing the call via irpc to
the repl server task. The repl server then triggers an immediate
replication of the specified partition.
This means we no longer need to set a small value for
dreplsrv:periodic_interval to force frequent DRS replication. We can
now wait for the DC to send us a ReplicaSync msg for any partition
that changes, and we immediately sync that partition.
|
|
I've found that w2k3 deletes the repsTo records we carefully created
in the vampire join if we don't refresh them frequently. After about
30mins all 3 repsTo records are gone.
This patch adds automatic refresh of the repsTo by calling
DSReplicaUpdateRefs every time we do a sync cycle with the server
|
|
metze
|
|
metze
|
|
|
|
Here we just need to map the oid string in the ldb value to
the ATTRTYP id.
metze
|
|
Previous patch was incomplete regarding the "primaryGroupId" attribute. Complete it.
|
|
|
|
|
|
This fixes up the change of the primary group of a user when using the ADUC
console:
- When the "primaryGroupId" attribute changes, we have to delete the
"member"/"memberOf" attribute reference of the new primary group and add one
for the old primary group.
- Deny deletion of primary groups according to Windows Server (so we cannot
have invalid "primaryGroupID" attributes in our AD).
- We cannot add a primary group directly before it isn't a secondary one of a
user account.
- We cannot add a secondary reference ("member" attribute) when the group has
been chosen as primary one.
This also removes the LDB templates which are basically overhead now.
This should also fix bug #6599.
|
|
|
|
|
|
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform
write operations on them (look below in the code) we could get SIGSEGVs!
|
|
|
|
|
|
This replace the dsdb_syntax_FOOBAR_ldb_to_drsuapi function,
which was left as a TODO code. Implementation in both added functions
is completely identical and probably should differ in the future.
|
|
This one copes with deleted objects where linked attributes have been
set on the module. We hit this when we do the ldb wipe at the start of
a provision, which trigers linked attribute updates, but for objects
that have disappeared. We need to ensure that the linked attribute
updates only happen on the right object, and if the object gets
re-created (as happens with a provision) then it is not the right
object.
To cope with this we record the GUID of the object when the operation
that triggered the linked attribute update comes in, and then find the
DN by suing that GUID when we apply the change in the prepare commit
hook.
|
|
This allows for safe transaction end aborts
|
|
Now that ldb is calling prepare commit separately, the job of the
partition module on transaction end is much simpler (and more robust!)
|
|
This will be used by the linked_attribute module
|
|
When running at functional level 2 or above, the repl_meta_data module
can receive linked attribute structures from the repl replication
task. These attributes can come through DRS before the associated
objects have been created. To cope with this, we need to process
linked attributes in the end_transaction hook.
|
|
We need to call down to the next transaction function when we finish
in linked_attributes.
This also changes linked_attributes to use the common
dsdb_find_dn_by_guid() function
|
|
This exposes the linked_attributes to the repl_meta_data module
|
|
|
|
This came from the linked_attributes module, but now the
repl_meta_data module needs the same functionality, so move it to a
common routine.
|
|
items are added to the linked attribute list using DLIST_ADD(), which
means to commit them to the database in the same order they came from
the server we need to walk the list backwards when we traverse it
|
|
linked attribute changes can come in any order. This means it is
possible for a forward link to come over the wire in DRS before the
target even exists. To make this work this patch changed the linked
attributes module to gather up all the changes it needs to make in a
linked list, then execute the changes in the end_transaction hook for
the module.
During that commit phase we also fix up all the DNs that we got by
searching for their GUID, as the objects may have moved after the
linked attribute was sent, but before the end of the transaction
|
|
We know the partition DN from the DRS objects, we need to pass this
down the modules below us to ensure they operate on the right
partition
|
|
This structures was used in two ways. In one way it held variables
that are logically internal to the partition module, and in the other
way it was used to pass the partition DN down to other modules. This
change makes the structure contain just the dn which is being passed
down.
This change is part of the support for linked attributes. We will be
passing this control down from above the partition module to force
which partition a request acts upon. The partition module now only
adds this control if it isn't already there.
|
|
This helps a lot with debugging the DRS replication code
|
|
We should always apply a whole set of DRS changes or none of them. See
[MS-DRSR] 3.3.2
|
|
|
|
This changes dsdb_write_prefixes_from_schema_to_ldb() to use an
internal talloc hirarchy, so we can safely give it a NULL context from
the python.
It also fixes manual construction of the ldb_message - we now use the
right helper functions.
Andrew Bartlett
|
|
|
|
The aim is to create a function that is more easily wrapped for
python, so that we can write the updated prefixMap in an upgrade
script.
Andrew Bartlett
|
|
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4
to use ldb_request_add_control() instead of a manual construction.
Andrew Bartlett
|
|
The objectclass module checks that the target parent exists, and
refuses renames if it doesn't exist. For this to work for deleted
objects we have to do the search in the objectclass module with the
"show deleted" control enabled.
|
|
Instead, use the fact that the ldb_parse_tree structure is public to
construct the 'and not deleted' clause as a structure, and apply each
filter tree to that template.
Andrew Bartlett
|
|
The OIDs are not NULL terminated by the python caller, in line with
the LDB API, but we need them to be here, as we were casting them to a
string.
Andrew Bartlett
|
|
|
|
|
|
The problem is that samdb_result_string() and
ldb_msg_find_attr_as_string() both simply cast the string, rather than
ensuring the return value is NULL terminated. This may be best
regarded as a flaw in LDB, but fixing it there is going to be more
difficult.
Andrew Bartlett
|
|
Added simple DRS rename support in replication. This should be done
async, and I'm not sure if we should also do any repl data updates to
indicate the rename. I'm still learning how this stuff works, but at
least this allows a rename on a DC to propogate correctly
|
|
|
|
|
|
Should finally fix bug #6136 ("groupType", "sAMAccountType" ... attributes).
|
