Age | Commit message (Collapse) | Author | Files | Lines |
|
Added simple DRS rename support in replication. This should be done
async, and I'm not sure if we should also do any repl data updates to
indicate the rename. I'm still learning how this stuff works, but at
least this allows a rename on a DC to propogate correctly
|
|
|
|
|
|
Should finally fix bug #6136 ("groupType", "sAMAccountType" ... attributes).
|
|
This triggered a failure in the updateNow schema test, as the current
global schema was not being updated when a new schema element was
added
|
|
This helps ensure we don't load the schema too often in the provision
(allowing a reference in of the schema before the modules load).
Andrew Bartlett
|
|
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
|
|
one-line wrapper)
|
|
With the previous check I got random failures when trying to connect to the
LDAP server.
|
|
|
|
|
|
This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules"
(suggested by abartlet) and enhances it for supporting dynamic generated
"primaryGroupToken" for AD groups. This should fix bug #6466.
|
|
Before this change, the first opener of the sam ldb context would
become the owner of the global schema, then the autofree context got a
reference to the schema. Any subsequent opens of the sam ldb also got
a reference. This meant that the talloc hierarchy was inconsistent
between the first sam ldb open and subsequent opens. With this change
the autofree context becomes the owner of the global schema, and all
ldb contexts get a reference.
|
|
These references were triggering the ambiguous talloc_free errors from
the recent talloc changes when the server is run using the 'standard'
process model instead of the 'single' process model. I am aiming to
move the build farm to use the 'standard' process model soon, as part
of an effort to make our test environment better match the real
deployment of Samba4.
The references are not needed as the way that the event context is
used is as the 'top parent', so when the event context is freed then
all of the structures that were taking a reference to the event
context were actually freed as well, thus making the references
redundent.
|
|
This removes a number of cases where we did a cast into a const char *
of an ldb_val. While convention is to alway have an extra \0 at
data[length] in the ldb_val, this is not required, and does not occour
at least on build farm host 'svart'.
Andrew Bartlett
|
|
|
|
|
|
Some corrections which make the code a bit more readable (no functional changes here)
|
|
Rather than have the functional levels scattered in 4 different,
unconnected locations, the provision script now sets it, and the
rootdse module maintains it's copy only as a cached view onto the
original values.
We also use the functional level to determine if we should store AES
Kerberos keys.
Andrew Bartlett
|
|
Guenther
|
|
Guenther
|
|
Windows 7 sets it's join password using the unicodePwd attribute (as a
quoted, utf16 string), and does so during the LDAPAdd of the object.
Previously, this code only handled unicodePwd for modifies.
Andrew Bartlett
|
|
|
|
|
|
|
|
Using ldb unique indexes for samAccountName doesn't work with DRS as
the other DC may send us a deleted record (tombstone record), which
has the same samAccountName as an existing record. That would then
create two records in the same partition with the same samAccountName.
So we needed to put back the logic in samldb.c which explicitly
checked whether a samAccountName already exists on add
|
|
We found this as an object came across from w2k3 with zero values,
which caused a segv when we tried to decrypt the first value
|
|
The previous code incorrectly assumed that attributes such as
subClassOf come over the wire as strings. In fact they come over as 32
bit integers which refer to goversIDs. We have to post-process these
as it sometimes happens that a governsID comes over the wire before
the record that defines what it means.
|
|
|
|
It seems quite reasonable to allow modules to re-initialise the set of
cached DNs on the ldb context.
Andrew Bartlett
|
|
This job is not complete (the partition module remains a unfinished
task), but now we do use the private ldb headers much less.
Andrew Bartlett
|
|
|
|
|
|
|
|
Enhance the simple ldap map to support also the "systemFlags" attribute in the
correct way.
|
|
I tried hard to not change the program logic. Should fix bug #6439.
|
|
- LDB handles now all 32-bit integer attributes correctly (also with overflows)
according to the schema
- LDAP backends handle the attributes "groupType", "userAccountControl" and
"sAMAccountType" correctly. This handling doesn't yet use the schema but
the conversion file "simple_ldap.map.c" which contains them hardcoded.
Did also a refactoring of the conversion function there.
- Bug #6136 should be gone
|
|
|
|
|
|
904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
|
|
|
|
|
|
|
|
These attributes now use the unique indexing flag
|
|
|
|
|
|
|
|
|
|
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
|
|
|