Age | Commit message (Collapse) | Author | Files | Lines |
|
Windows displays attribute values with Object(OR-Name) syntax
in plain DN format when queried through LDAP.
Hence, we need to post-process such values specially
in extended_dn_out.c module so they are always shown as plain DN,
no matter what controls are passed for search request.
|
|
OR-Name syntax through DRS calls looks like DN-Binary syntax
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
a helper function to a DN element to an ldb_msg using ldb_msg_add_string.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Some attributes (like ntSecurityDescriptor) are stored in our db, but
should only be displayed if asked for. This also applied to parentGUID
from old installs, which is now generated.
|
|
parentGUID is now created on demand in operational.c
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This generated parentGUID on demand, rather than getting it from the
database
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
dsdb_find_parentguid_by_dn() returns the parentGUID for a given DN
dsdb_msg_add_guid() adds a GUID value to a given message (either
objectGUID or parentGUID).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
abartlet suggested me to not use anymore "\n"s in those kind of outputs.
Plus, enhance a search filter to consider also "builtinDomain" objects which
are basically domain objects too.
|
|
str_list_unique() changes the pointer via talloc_realloc().
metze
|
|
This makes these full extended DNs, so we set the right values into
the database, even before we actually set the schema objects
themselves.
Andrew Bartlett
|
|
It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.
The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.
Andrew Bartlett
|
|
The load of defaultObjectCategory as an extended DN means we need to
use the common parsing functions I just split out, rather than the
GET_DS_DN macro.
The objectGUIDs are loaded so that we can create the extended DN when
we load from LDIF (and are loaded for the other cases for
consistency).
Also adapt callers to API changes needed for common parsing code
Andrew Bartlett
|
|
This loads the defaultObjectCategory DN as an extended DN, so we can
apply it, with the associated GUID, when setting this on records in
the objectClass module.
Previously we would not store the extended DN components for
objectCategory.
Andrew Bartlett
|
|
This should make it easier to call this function from the DRS schema
load code, rather than duplicate it.
(we may do the same with other functions in future).
Andrew Bartlett
|
|
These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.
Andrew Bartlett
|
|
- Add more "\n" to make sure that error messages are displayed immediately
- Add a "NULL" in a attribute list
|
|
"lDAPDisplayName" generator"
This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4.
abartlet pointed out in a post on the samba-technical list that this isn't
necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks
functionality of the replication.
|
|
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack).
Andrew Bartlett
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
"lDAPDisplayName" generator
Also here we've to be sure to generate the attribute correctly if it doesn't
exist yet.
|
|
This missing support found by Microsoft test suite at AD interop event.
Patch by Andrew Bartlett
Enhancements by Matthias Dieter Wallnöfer
|
|
This is needed for the SAMLDB module enhancement regarding schema objects.
The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
|
|
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know
when is really is allowed, treat it as a warning only.
|
|
|
|
The bug here was that by assuming all linked attributes were 'normal
DNs', we would miss the binary portion of DN+Binary.
This patch then has us reparse the string to determine it's GUID, for
the GUID lookup, but maintains the binary porition into the on-disk
format.
Andrew Bartlett
|
|
|
|
|
|
|
|
I've left out those for which I could not find an expected value in my
default Windows 2003 server's database, and the values that rely on
the current prefix map at the time.
Andrew Bartlett
|
|
This is most likely the cause of the DRS replication failures I
observed with my changes.
Andrew Bartlett
|
|
This will allow us in future to do tests on the LDB values we generate
from the DRS replication.
Andrew Bartlett
|
|
It turns out that we always add the class/attribute to the schema.
|
|
These changes include reworking the code to call ldb_module_get_ctx()
less often (avoid the function calls, particularly during the step
into a complex function).
Andrew Bartlett
|
|
(Found in a code review by metze)
Andrew Bartlett
|
|
|
|
This converts the code from using the binary DN code in ldb_dn to
using a special Samba-specfic wrapper around ldb_dn.
We also use the dsdb_dn code for DN+Binary and DN+String comparisons
(changed from treating them as Binary blobs)
Andrew Bartlett
|
|
This aims to replace (and is based on) the code in ldb_dn.c. It is
however much stricter in the DNs it will accept.
Andrew Bartlett
|
|
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Andrew Bartlett
|