| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This guesses the type by running each of the possible options.
Andrew Bartlett
|
|
|
|
This is not permitted in the AD aggregate schema, and more trouble
than it is worth in the OpenLDAP schema due to escaping issues.
Andrew Bartlett
|
|
A dITConentRules attribute (unlike objectClasses) must not contain a
'SUP'.
The ADSI layer in Windows would download the whole schema, and
validate it. Thanks to the team at Microsoft for very long debugging
session to find this.
Andrew Bartlett
|
|
|
|
- when multiple partitions are searched, consider the search a
success if any of the partitions return success
- only search the right subset of partitions, looking at the scope
and basedn of the search
This fixes several errors with GC searches
|
|
direct comparison instead of a sub-tree comparison in another
this fixes basedn searches on the global catalog port
|
|
need to call ldb_module_done in the main module functions, we can directly
return an error. ldb_module_done() is for callbacks
|
|
metze
|
|
metze
|
|
metze
|
|
attribute is missing
Windows 2003 has a broken schema where the definition of msDS-IsDomainFor
is missing (which is supposed to be the backlink of the msDS-HasDomainNCs
attribute.
Our schema is extracted from windows 2003, so we have the problem.
As the NET-API-BECOME-DC test triggers this bug, windows 2003
seems to just skip creating a backlink.
metze
|
|
metze
|
|
as basedn
We resolve them into the real basedn before do the real search.
metze
|
|
|
|
This removes the event_context leak that caused
NT_STATUS_TOO_MANY_OPENED_FILES in the server,
because of all the epool fds
metze
|
|
|
|
|
|
We need to make sure replicated updates are handled differently
in some situations, e.g. we should bypass the schema checks.
metze
|
|
|
|
This commit applies some cosmetic corrections for the DSDB (Directory Server Database).
|
|
|
|
|
|
This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091.
Conflicts:
source4/smbd/server.c
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
This reverts commit 0e9008be35a5b334bd65e6417193d4b8f27bdc36.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
supporting a schema
(This used to be commit 53b57300c799a079b4d64815243fe6120e0a9fa2)
|
|
This also tries to simplify the logic in the schema -> @ATTRIBUTES and
@INDEXES code.
Andrew Bartlett
(This used to be commit a383b8bf88a5681f9c9c6839ba645c872a735051)
|
|
I think it is just too complex and error prone to init and cancel
transactions during the module init code. Instead, this isn't prone
to races as it will always achieve a steady state (eventually), and
most cases will never do the write.
Andrew Bartlett
(This used to be commit d60977cc7f89f89f34187f310c91d1ab7db6ccf2)
|
|
I'm not sure if this fixes bug #5713, as this is not consistantly
reproducably on my equipment.
Andrew Bartlett
(This used to be commit 02d6645efc84179efd652dd29ab32f62ae310147)
|
|
(It instead ensured that only 'top' had a SUP keyword)
This clearly shows that 937b466266256d26d02cf8d48e72a26272fe8627 was
not a full or correct fix, but despite this I can no longer reproduce
the issue. Further investigation is required.
Andrew Bartlett
(This used to be commit 95a9e9b6b84866cd300b1d19915627c6718b4dde)
|
|
This bug is entitled 'Schema patch breaks interoperability with
Microsoft MMC consoles.', and it does so very spectacularly.
The issue is that we would include an entry:
objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT..
The MMC Active Directory Users and Computers snap in presumably
objected to the 'loop' this would present. The fixed entry is:
objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT
Thanks to Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> for his
persistance in getting me to look at this.
Andrew Bartlett
(This used to be commit 937b466266256d26d02cf8d48e72a26272fe8627)
|
|
(This used to be commit 36f727c4a73ffc8634692b0c5645343cb414de93)
|
|
The MS-ADTS document has quite detailed instrucitons on how these
flags should be processed. This change also causes the correct
sign-wrapping to occour, as these are declared as signed integers.
Andrew Bartlett
(This used to be commit 5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7)
|
|
This ensures they don't leak over LDAP, but does not prevent access,
as ldbsearch locally still bypasses these controls.
Andrew Bartlett
(This used to be commit fa3f3bab33001770a9d7e33875bf212636f6c128)
|
|
(This used to be commit 469fac2669991b130dec219e1a109a8b2ce224be)
|
|
when we can't process an ANR request we need to continue with the
parse tree we were given, not a NULL tree
(This used to be commit ed66feb80aac7432049fe9fd86a9232984587e17)
|
|
This is a partial fix towards bugs due to us walking past the end of
what we think are strings in ldb. There is much more work to do in
this area.
Andrew Bartlett
(This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
|
|
Something in the search stack adds a distinguisedName record, which
isn't in the message we generate. So we compare, fail and rewrite the
record - every time ldb starts up...
Andrew Bartlett
(This used to be commit 44775d1ed4a4b8edc66a06e2b3710aba6a0dd019)
|
|
This ensures that a rudementary schema is always present (for
bootstrapping), and that the indexes are maintained equal to the
schema (rather than hard-coded).
Andrew Bartlett
(This used to be commit 747d683b0d92c3b1cde67245d514977a2c87dc44)
|
