summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22531: Fix up OpenLDAP schema map to almost pass 'make test'.Andrew Bartlett1-1/+19
Andrew Bartlett (This used to be commit ef9320ae5b0b01bd39b60c22ff4e3698ac0ae9a7)
2007-10-10r22522: Print why we can't find these entries.Andrew Bartlett1-1/+7
Andrew Bartlett (This used to be commit 465f1811683d22f4a3e3f5e693b3b29c59053cb4)
2007-10-10r22521: Don't fail the module load just because we don't have a schema yet.Andrew Bartlett1-4/+4
This code to be replaced by metze's schema loader soon... Andrew Bartlett (This used to be commit a354ec282232c00d149304d90f9b8ef01c9a2e5f)
2007-10-10r22508: at option for the startup delayStefan Metzmacher1-1/+3
metze (This used to be commit 09da9f6490bf57d231a2ace4697adc8c6cd5f912)
2007-10-10r22497: Support renaming objectclasses and attributes for the LDAP backend.Andrew Bartlett1-3/+24
OpenLDAP is fussy about operational attributes in user-supplied schema. Andrew Bartlett (This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a)
2007-10-10r22476: The OID match is used very oddly in AD, as it is often used for fieldsAndrew Bartlett1-0/+4
that contain attribute names and objectClasses. Make it a case insensitive string for now. Andrew Bartlett (This used to be commit 9908a05ef70c748c699b5a18178e7948f7814d7a)
2007-10-10r22472: Commit the start of the DRSUAPI pull replication service.Stefan Metzmacher8-55/+1156
It doesn't work completely yet because we aren't able to resolve DNS SRV records. And also we also need a kdc locator plugin... But with some hacks the pull replication works fine metze (This used to be commit 0dc78f7439c9c786fd8c592960f9669dea40b811)
2007-10-10r22406: this dependencies should also be privateStefan Metzmacher1-6/+2
metze (This used to be commit 7f07895cac3e933b39f81bf67812834352184af0)
2007-10-10r22196: give better error codes to make RPC-UNIXINFO passStefan Metzmacher1-6/+6
metze (This used to be commit 0096e068d02b5e09fed94373a7018ec0a58fb6d6)
2007-10-10r22120: Expand the RPC-CRACKNAMES test, to test more values and expose patterns.Andrew Bartlett1-18/+49
Fix up our server side implementation to pass almost all the tests (a couple are skipped). Don't require the DsGetDomainControllerInfo calls to pass, just get some info from them. Andrew Bartlett (This used to be commit a29eb8f7e541d2021726601faf52355e312c916b)
2007-10-10r22119: Where we get a request to 'crack' a user principal name from aAndrew Bartlett1-22/+52
compleatly unknown domain, return the correct error code. Andrew Bartlett (This used to be commit 7d04a36cdb3628ea9c1260f3318f2b964f10c346)
2007-10-10r21859: add a comment why we remove the rid_crypt obfuscationStefan Metzmacher1-0/+8
metze (This used to be commit e44b6df1387096989726c0a68189fe6c4e37dfd7)
2007-10-10r21842: fix typo in commentStefan Metzmacher1-12/+12
metze (This used to be commit 8fcd5209ae46823f7d99bddff6e61873e75dd24c)
2007-10-10r21839: add my email addressStefan Metzmacher7-7/+7
metze (This used to be commit e3be33c1d9f9e44ef37e6ef72a23576474f6e725)
2007-10-10r21838: generate no metadata for constructed attributesStefan Metzmacher1-2/+4
metze (This used to be commit 7e0620e524886a66dbdb16f35fee4f51f2867a2a)
2007-10-10r21806: I've been working over the last week to fix up the LDAP backend forAndrew Bartlett1-23/+38
Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
2007-10-10r21773: fix typo orginating -> originatingStefan Metzmacher2-15/+15
and use the struct member names in all cases metze (This used to be commit c543ee57454d006c545e3e9e20c9ac0114081d3d)
2007-10-10r21772: add DS_BEHAVIOR_WIN2003_INTERIM constantStefan Metzmacher1-2/+3
metze (This used to be commit 59fffa7ba148a082d0cf13226d0577b3fcd7b5ad)
2007-10-10r21503: add usefull function to get the site dn for the local serverStefan Metzmacher1-0/+17
metze (This used to be commit 08b8e9acff6779ecc2e568ae0a875013d93838b7)
2007-10-10r21497: Pass more of the RPC-CRACKNAMES test by using the new search_options ↵Andrew Bartlett1-26/+89
control. Andrew Bartlett (This used to be commit 47c8a059c4d90b7befde390d2d050f0d1934ecc1)
2007-10-10r21496: A number of ldb control and LDAP changes, surrounding theAndrew Bartlett4-7/+25
'phantom_root' flag in the search_options control - Add in support for LDB controls to the js layer - Test the behaviour - Implement support for the 'phantom_root' flag in the partitions module - Make the LDAP server set the 'phantom_root' flag in the search_options control - This replaces the global_catalog flag passed down as an opaque pointer - Rework the string-format control parsing function into ldb_parse_control_strings(), returning errors by ldb_errorstring() method, rather than with printf to stderr - Rework some of the ldb_control handling logic Andrew Bartlett (This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
2007-10-10r21470: generate Primary:WDigest blob with precalculated digest-md5 hashes:Stefan Metzmacher1-6/+383
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true for how the hashes are supposed to be (but w2k3 doesn't to some correctly...) this is a verify nice tool to test the hash genaration, but you need to add support for "" realm strings... http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c metze (This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
2007-10-10r21465: the LDAP-UPTODATEVECTOR test shows that the replUpToDateVectorStefan Metzmacher1-37/+11
doesn't contain an entry for the local invocation_id metze (This used to be commit 4bd0ddeb80b0a6695a457434594c0240c8880d9f)
2007-10-10r21441: create a union for the PrimaryKerberosBlob contentStefan Metzmacher1-35/+45
so that ndr_pull will fail if version isn't 3 and we notice if the format changes... metze (This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3)
2007-10-10r21434: - get rid of "krb5Key"Stefan Metzmacher2-359/+732
- use "sambaPassword" only as virtual attribute for passing the cleartext password (in unix charset) into the ldb layer - store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos blob to match w2k and w2k3 - aes key support is disabled by default, as we don't know exacly how longhorn stores them. use password_hash:create_aes_key=yes to force creation of them. - store the cleartext password in the Primary:CLEARTEXT blob if configured TODO: - find out how longhorn stores aes keys - find out how the Primary:WDigest blob needs to be constructed (not supported by w2k) metze (This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
2007-10-10r21395: fix commentsStefan Metzmacher1-7/+7
metze (This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
2007-10-10r21364: cosmetic change: it's nicer to use the KEYTYPE_ macroStefan Metzmacher1-2/+2
for the keytype field... metze (This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
2007-10-10r21362: rename:Stefan Metzmacher4-46/+46
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r21359: remove the rid encryption before storing the password hashesStefan Metzmacher1-7/+39
We decided to store them plain in our ldb metze (This used to be commit ff13b21102641a308bd48a8efa6b94a98f567e15)
2007-10-10r21355: work in child domains, CN=Configuration isn't always under the domain dnStefan Metzmacher1-2/+2
metze (This used to be commit cdfd4ee8e5202a3df1da2d82b592d8814a3209ba)
2007-10-10r21315: ldb now supports filters like ↵Stefan Metzmacher1-4/+30
(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
2007-10-10r21306: fix the RPC-LSA tests the admin couldn't no longer get the ↵Stefan Metzmacher1-0/+1
'currentValue' attribute... this needs more works, but make it work again for now metze (This used to be commit 608d24f0016ff090b7de7fbd0bed85153bcc703d)
2007-10-10r21296: remove the session specific encryption from the attributesStefan Metzmacher1-1/+132
before storing them. metze (This used to be commit 7146e265a441eaa46c20361178be371eb6985371)
2007-10-10r21282: we only need one for loop...Stefan Metzmacher1-7/+5
metze (This used to be commit 181b3a031f9683ea5e9aa2c96f121639561c6830)
2007-10-10r21281: move constinancy checks to the beginning of the functionStefan Metzmacher1-8/+8
metze (This used to be commit f2af44d20484e57495ab0ebd5aab993e4af43fd4)
2007-10-10r21179: Anything more complex than this causes the keytab never to be updated...Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit c3977b4bae1e1b5e4ff4a64c7146534536685e91)
2007-10-10r21135: Instead of having hooks to update keytabs as an explicit thing, updateAndrew Bartlett2-2/+203
them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-10-10r20978: 300 seconds as interval is ok, when we do nothingStefan Metzmacher1-1/+1
metze (This used to be commit 4d6629c68332985f9122e4591f31ae46250de646)
2007-10-10r20977: start the 'drepl' service, which currently does nothing by default,Stefan Metzmacher1-1/+1
but make it less verbose metze (This used to be commit f7e82a0c94fc8996827ea8d8a9b459bcaee029de)
2007-10-10r20975: - implement handling of meta data an on originating addStefan Metzmacher1-37/+240
there're a few things TODO, but it's a good start we need to research if an originating change causes the replUpToDateVector attribute to change...(I assume it, but needs testing) metze (This used to be commit fde0aabd9ae79fcefbcba34e6f9143f93ffcf96c)
2007-10-10r20974: add basic infrastructure for a DSDB replication serviceStefan Metzmacher3-0/+267
not activated yet... it will handle inbound pull replication and outbound change notification metze (This used to be commit 15eae968b8c72b4ce47071012e4110f3b7f3c3bc)
2007-10-10r20973: add functions to create the autocreated subSchema Attributes:Stefan Metzmacher2-0/+192
attributeTypes, objectClasses and dITContentRules this is just a start and doesn't create anything useful yet... metze (This used to be commit 4c8b717092c201c30be4d266bbb45b1142a9d627)
2007-10-10r20971: we don't need this check twice:-)Stefan Metzmacher1-7/+0
metze (This used to be commit b7d48274a7341c5e4a3f103387f87fcc94853271)
2007-10-10r20968: - add functions to sort the meta data and attribute arraysStefan Metzmacher1-25/+90
- we should use them before we store records to disk metze (This used to be commit a5200ef0cae5e8b0cedf196c9d76afc46e08c316)
2007-10-10r20957: a value of FF0000000000000000000000000000000000000000 isn't stored ↵Stefan Metzmacher1-4/+8
as schemaInfo so we need to use it as value if nothing is stored metze (This used to be commit cd326134079375fc83640444d6323a5cbe7c02ee)
2007-10-10r20923: only allow extended operations for SYSTEM or administrators for nowStefan Metzmacher1-0/+1
metze (This used to be commit f062f09fbf45dd6cd36d1bfd9abb301d850c19dc)
2007-10-10r20921: - only give password attributes to the SYSTEM accountStefan Metzmacher1-2/+0
- but SYSTEM and administrators can change them metze (This used to be commit fc5319e927d96b68d8bd90a01e10aa00a6ddf494)
2007-10-10r20909: add a module that implements the LDAP_CONTROL_SHOW_DELETED_OID controlStefan Metzmacher2-0/+227
it hides objects with isDeleted=TRUE by default, and let them through if the control is present metze (This used to be commit 7108d62cb0360e734045eb39c03508d8528dc9cc)
2007-10-10r20906: allow LDAP simple binds using the following syntaxes in the DN field:Stefan Metzmacher1-7/+34
CN=Administrator,CN=Users,DC=w2k3,DC=vmnet1,DC=vm,DC=base Administrator@W2K3 W2K3\Administrator w2k3.vmnet1.vm.base/Users/Administrator w2k3 also allows this (and maybe more...?) metze (This used to be commit 40c27ef88df9021e9ef2a6c43aabab709ac9662f)
2007-10-10r20902: don't crash if the object isn't there yetStefan Metzmacher1-0/+4
metze (This used to be commit 4588e2522b11f707e608488c782f6988fd97628a)