| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We should rename objects only after we make sure, that
changes on the partner DC are newer than what we have.
This fixes a bug, when we have following situation with 2 DCs:
- we have an object O on the two DCs
- we rename (delete) object O on DC1
- DC1 replicates from DC2
In the above scenario, object O will be renamed back
to its original name (i.e. it will be restored).
Now, we check that DC2 state is older than what we have,
so nothing happens with object's DN.
|
|
metze
|
|
by any valid DSName attribute given, be it - partition DN,
partition GUID or partition SID
|
|
Using "#!/usr/bin/env python" is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
|
|
|
|
When a user only provides only the lanman hash (and nothing else) and the
lanman authentication is deactivated then we end in an account with no
password attribute at all! Lock this down.
|
|
|
|
|
|
This way dsdb_setup_sorted_accessors() will
free memory allocated for accessor arrays correctly
in case of failure,
|
|
O(n) search for dsdb_attribute by msDS-IntId value was
replaced by binary-search in ordered index.
I've choosen the approach of separate index on msDS-IntId values
as I think it is more clear what we are searching for.
And it should little bit faster as we can clearly determine
in which index to perform the search based on ATTID value -
ATTIDs based on prefixMap and ATTIDs based on msDS-IntId
are in separate ranges.
Other way to implement this index was to merge msDS-IntId values
in attributeID_id index.
This led me to a shorted but not so obvious implementation.
|
|
|
|
control
|
|
As far as I can tell and the test show the DN gets now normalised automatically
when stored into the database.
Anyway, if we find a case where this doesn't happen then I propose to do it
centrally for all DN attributes in common since we should get away from special
attribute hacks as far as possible.
|
|
private, to discourage them being called directly.
|
|
bypassed for some given attributes
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
|
|
3.1.1.5.2.2
|
|
"SYSTEM_FLAG_DISALLOW_DELETE" is specified
|
|
|
|
|
|
on a change
|
|
Fix indentations, use "set_errstring" when no "asprintf" functionality required.
|
|
|
|
|
|
entries without objectclasses
|
|
root basedn
This isn't quitted with a normal "NO_SUCH_OBJECT" (parent not found) but with a
very special referral: one with the DN itself and the hostname is the last
component value of the DN.
|
|
|
|
|
|
|
|
Saves us some "talloc_free"s on error cases
|
|
|
|
|
|
- unsigned counters for LDB objects
- we tend to have the "ret" variable always as the last declaration to see
which type of error a function returns
|
|
This is needed to remove samba specifc symbols from the bundled
ldb, in order to get the ABI right.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
It is important to allow the rename, even if we just have one-way
links, as this happens on deleted objects, which have the backlinks
alredy removed by repl_meta_data.
Andrew Bartlett
|
|
The DLIST macros changed in behaviour in Feb 2010, and walking the
lists backwards is no longer safe if you don't use the macros.
Andrew Bartlett
|
|
The objectclass_attr module should prevent users creating such links,
and the mrepl_meta_data module should only create them in functional
level 2003 or above.
Andrew Bartlett
|
|
This does exactly the same thing, but with less code.
Andrew Bartlett
|
|
This revives the code from 5964acfa741d691c0196f91c0796122ec025f177,
before tridge and I simplified this too much, and removed the Windows
2000 functional level linked attribute support.
By telling the linked_attributes module that repl_meta_data has
handled the links, we avoid a conflict for the new style (functional
level 2003 and above) linked attributes. However, we still need
backlinks for 2000 style linked attributes, so this allows that code
in the linked_attributes module to be revived to handle those.
Andrew Bartlett
|
|
This control will allow the linked_attributes module to know if
repl_meta_data has already handled the creation of forward and back
links.
Andrew Bartlett
|
|
|
|
|
|
This puts more of the schema restrictions in one place.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
provision
This allows the prefixMap from a DRS server to be used when loading
the schema from the local files. This helps us then import other
schema with this map in place.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
|
|
The change here is to try and convert a per the previous rules, but if
we don't know a particular OID as a attributeID, then store it as an
OID (for example). This allows known values to be converted as
before, but still copes with unknown values.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
|
|
This works on the assumption that the schema partition can only
contain schema objects.
We may need to pass down some kind of 'relax' to the DRS -> LDB
conversion code, so that it allows incomplete conversions, so that we
don't fail if a new attribute is present, and we can't decode it.
This would then be resolved the second time we do the conversion.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
|
