summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18031: Merge my replace fixes:Jelmer Vernooij1-1/+11
* libreplace can now build stand-alone * add stub testsuite for libreplace * make talloc/tdb/ldb use libreplace (This used to be commit fe7ca4b1454e01a33ed0d53791ebffdd349298b4)
2007-10-10r17998: start working on syntaxesSimo Sorce4-29/+441
(This used to be commit b49b8f5cb5ffa29a3b63f70a1f437c9720d2228c)
2007-10-10r17967: Somewhere along the line we lost unixName here, and so lost theAndrew Bartlett1-1/+1
ability for 'administrator' to log in as unix user 'root'. Andrew Bartlett (This used to be commit 221efba5289b8bbb54b770c556f19bfbdc9ee216)
2007-10-10r17955: Don't search for the dnsDomain attribute, it is invented (not in theAndrew Bartlett1-7/+23
AD schema). Andrew Bartlett (This used to be commit fac27e4dddc98288dc765e135db6b168fbec760c)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij6-5/+102
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17898: handle objectcategory and isdefunct for classesSimo Sorce1-17/+60
(This used to be commit 7664b52b89bfac6f2db52fae2daa65c856acd1ac)
2007-10-10r17894: better name for the internal syntax typeSimo Sorce1-3/+3
(This used to be commit 4241a1bb832461ca44ce0f20cb770ea2b6f2d7e3)
2007-10-10r17870: This module (for the moment) handles the modifyTimestamp generation. ↵Andrew Bartlett1-0/+1
For that, it needs to hook into the modify operation. Andrew Bartlett (This used to be commit d22117a53bafa4bb72c854353620099b5a6f81d8)
2007-10-10r17860: Let's commit the work down up to now on the new schema module.Simo Sorce2-0/+1320
At the moment it is able to validate an object has no conflicting objectlasses that it meets the criteria to be inserted as child of the parent and also sorts and create the objectclass hierarchy so that the objectclass .c module can be obsoleted. Not activated by default as we have to completely rework the current provisioning method. (In my tests I could not activate it before all other ldif except for the one that create users were loaded, make test seem to be happy anyway if it is activated after provisioning). Next steps will be attribute and attribute syntax checking on add operation. And then the modify operation will follow. Simo. (This used to be commit 0c444ba1adfb9ce5cfa736bf0620aa3bec66050d)
2007-10-10r17830: Set the default_basedn (hey, it comes from the "default" naming ↵Simo Sorce2-2/+2
contex :-) once at connection time, after modules have been loaded. Introduce a function to retrieve the value where needed. (This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
2007-10-10r17825: I broken cracknames in my last patch - fix it upAndrew Tridgell1-1/+1
(This used to be commit 4ec4f91a437bdfab7b8e0fd1e43c0b8b1927e461)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell3-33/+12
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell4-16/+14
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17788: fix compiler warningsStefan Metzmacher2-4/+4
metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2007-10-10r17703: Fixes to enable the entryUUID module to work for it's objectClass ->Andrew Bartlett2-6/+7
OID mappings. The key point is to 'enable' the partitions in the partitions module before the init is complete. That way, the modules can perform searches that use partitions. Andrew Bartlett (This used to be commit 420d1920a6824a6c0cb70b4ba832ddb90b0e95ff)
2007-10-10r17699: Remove more printf calls.Andrew Bartlett1-11/+9
Try to cope with partital initialisation. Andrew Bartlett (This used to be commit 3c497405fea2f3e48a0d1bb2818b6a1ff345d368)
2007-10-10r17694: Don't use printf() in a module...Andrew Bartlett1-6/+5
(This used to be commit 9f810ddd1436672e16a6b80500bb14aa21e097de)
2007-10-10r17690: Demonstrate how we can read the schema to find out details needed forAndrew Bartlett1-3/+182
translation. I hope to have this reading a schema structure in the future. Andrew Bartlett (This used to be commit fb085a651ff60ab9b5d120a1ea228ff3edf0c224)
2007-10-10r17639: Martin Kuhl noticed that we loaded an incorrect value forAndrew Bartlett2-0/+11
distinguisedName on templated objects. In looking how to handle distinguishedName correctly on LDAP, I was very glad to find it supported entryDN, and this adds another mapping. Andrew Bartlett (This used to be commit 3b5c973988648a2b2a5e1885ee894607e4d9679b)
2007-10-10r17553: Actually enable the samba3sam module. Should help 'make test'.Andrew Bartlett1-1/+0
Andrew Bartlett (This used to be commit 0e19d159697e99f6c45879cf42c39c9b2b134ffa)
2007-10-10r17530: Watching the build farm mails carefully pays off...Andrew Bartlett1-3/+2
This was another declaration before statement bug, in my just-committed code.. Andrew Bartlett (This used to be commit 1d1bf6b20512653c1de7920388f16fbef936ed47)
2007-10-10r17529: Simo doesn't like the use of the internal ldb_errstring in functionsAndrew Bartlett2-13/+37
not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2007-10-10r17526: Move timestamp generation into the objectGUID module. It probablyAndrew Bartlett1-1/+88
needs to be renamed (operation_add?). This allows me to match the behaviour and substitute with the entryUUID module for remote LDAP connections. Andrew Bartlett (This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60)
2007-10-10r17525: This is a merge from the Google Summer of Code 2006 project by ↵Andrew Bartlett3-2/+227
Martin Kühl <mkhl@samba.org>. Martin took over the work done last year by Jelmer, in last year's SoC. This was a substanital task, as the the ldb modules API changed significantly during the past year, with the addition of async calls. This changeset reimplements and enables the ldb_map ldb module and adapts the example module and test case, both named samba3sam, to the implementation. The ldb_map module supports splitting an ldb database into two parts (called the "local" and "remote" part) and storing the data in one of them (the remote database) in a different format while the other acts as a fallback. This allows ldb to e.g. store to and load data from a remote LDAP server and present it according to the Samba4 schema while still allowing the LDAP to present and modify its data separately. A complex example of this is the samba3sam module (by Jelmer Vernooij), which maps data between the samba3 and samba4 schemas. A simpler example is given by the entryUUID module (by Andrew Bartlett), which handles some of the differences between AD and OpenLDAP in operational attributes. It principally maps objectGUID, to and from entryUUID elements. This is also an example of a module that doesn't use the local backend as fallback storage. This merge also splits the ldb_map.c file into smaller, more manageable parts. (This used to be commit af2bece4d343a9f787b2e3628848b266cec2b9f0)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce5-28/+28
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r17514: Simplify the way to set ldb errors and add anotherSimo Sorce8-130/+125
helper function to set them. (This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
2007-10-10r17513: ldb_set_errstring is an ldb private string, samdb uses DEBUG() ↵Simo Sorce1-4/+3
statements (This used to be commit c57b6420aa4a220257df714aaccb016acb4bae24)
2007-10-10r17505: we are setting the timeout with the provide function right after.Simo Sorce1-1/+0
(This used to be commit 6520e3c83acfbb7b6aa63d1cbebe8f8801db292f)
2007-10-10r17504: Do not use the invented unixID but use the rfc2307 uidNumber and ↵Simo Sorce1-13/+13
gidNumber attributes instead Do not change unixName right now, we don't have an attribute to use in the posixGroup class, and I think we should remove its usage altogether and look up users and groups by their uid/gid only. Simo. (This used to be commit d57b521aadf24a277152ec1ff1dac3210bd14316)
2007-10-10r17474: Allow the partitions module to load modules for specific backends.Andrew Bartlett1-4/+75
Andrew Bartlett (This used to be commit c016db2187120991e8ad779b9df35480d7c19400)
2007-10-10r17331: Oops, how did I commit this empty file...Andrew Bartlett1-0/+0
Andrew Bartlett (This used to be commit 3b81f21d4153350b1febe23daad9a08efc617954)
2007-10-10r17303: More testing results: Don't try and call a NULL callback, and use theAndrew Bartlett1-1/+6
correct parameter, as this is called for more than just 'add'. Andrew Bartlett (This used to be commit be51b7240889bfcc752f92a2920d8b6a2eccecd6)
2007-10-10r17302: Testing!Andrew Bartlett2-5/+7
This confirms that records are replicated into the correct databases, and that the case insensitive flags really work. Andrew Bartlett (This used to be commit ad463c1a5243019548bdbeea3070ec2e6cbcfcdf)
2007-10-10r17299: Improve the partition module to replicate attribute records into allAndrew Bartlett1-59/+181
partitions. Test that we do that correctly. Andrew Bartlett (This used to be commit 90c07b88010b848423dee9556a24e8d181c365dd)
2007-10-10r17298: Fix up the local_password module to the current LDB API, and build ↵Andrew Bartlett2-96/+108
it by default. Andrew Bartlett (This used to be commit c1ea0a350cdc2c5ddfd71e08f8c3907d97fc1efd)
2007-10-10r17289: Fix the build: I havn't commited this module yet.Andrew Bartlett1-10/+0
Andrew Bartlett (This used to be commit 8b0f6e637ee3ef0767be4017b4106877c185d7c7)
2007-10-10r17288: Don't mess with entries in the local password prefix, and fix constAndrew Bartlett1-5/+21
warnings. Andrew Bartlett (This used to be commit 4569c58a42e1d65ae71ee57e391b9e3dbaba2218)
2007-10-10r17287: Add the local_password module to the tree, so it doesn't get lost inAndrew Bartlett3-3/+904
ldb API changes. Andrew Bartlett (This used to be commit 44806c67dbabe2952fe355de76d7fa51f772775f)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce7-78/+78
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce5-78/+78
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r17103: Big updates to the not-yet-enabled partitions module. It now servicesAndrew Bartlett1-4/+189
the Global Catalog port 'correctly' (in a very simple sense) in that it should be no worse than what we had before. We now combine partitions together to search over the whole tree, when we are marked as 'global catalog'. Andrew Bartlett (This used to be commit 0a354a1ddeccd9a6b1610bc6813a86fcdfc4d310)
2007-10-10r16972: Replace the sequence_number function pointer in ldb with the ldb flags.Andrew Bartlett1-1/+1
The function pointer was meant to be unused, this patch fixes partition.c to use ldb_sequence_number(). (No backend provided the pointer any more). Set the flags onto the ldb structure, so that all backends opened by the partitions module inherit the flags. Set the read-ony flag when accessed as the global catalog Modify the LDAP server to track that this query is for the global catalog (by incoming port), and set a opqaue pointer. Next step is to read that opaque pointer in the partitions module. Andrew Bartlett (This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
2007-10-10r16933: Sort the partitions in order from most, to least specific.Andrew Bartlett1-2/+13
Remember to perform operations on the base database as well. Andrew Bartlett (This used to be commit eae232530c967fe949355cf1914ca0cb8c0ea8c2)
2007-10-10r16914: Add more tests for the partition module.Andrew Bartlett1-25/+137
Andrew Bartlett (This used to be commit 2728b60dfa50ded03e06f0bd53eee55fce5143bd)
2007-10-10r16860: Fix (and reactivate) the RPC-SAMR test. We need to allow these sidsAndrew Bartlett1-5/+3
to be created as foreign, even if they are in a local domain. Also we do need the user to exist for the life of the test, as we add it to a group. Andrew Bartlett (This used to be commit ae470ff7014e52b55d88e9fe12e2322e069daf9d)
2007-10-10r16854: Fix the RPC-SAMR-PASSWORDS test. It failed because we allocated usersAndrew Bartlett1-1/+3
in the Builtin domain a SID from the global domain. Andrew Bartlett (This used to be commit 9d31b9f04721a2cac62f492f8db071aaa0aa966b)
2007-10-10r16833: Add a base DN to more search calls, we need to look for an ID over theAndrew Bartlett1-5/+5
whole tree here. Andrew Bartlett (This used to be commit 7674306e673341513d26556a845a698a28dec92b)
2007-10-10r16831: Use a valid memory context (found by the IBM checker).Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 9fdbedafad69e55ef4ccad51c4f002c49e43f372)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-1/+1
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett2-176/+179
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)