Age | Commit message (Collapse) | Author | Files | Lines |
|
This should represent a replication partner - never the DC iself
|
|
|
|
If Syntax OID is not in the prefixMap then we are getting
an unknown Attribute Syntax (which we can't handle anyway)
|
|
It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
|
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
dsdb_schema_pfm_attid_from_oid() instead of
dsdb_schema_pfm_make_attid() as those functions are
supposed to return ATTIDs only for OIDs we already know about
(i.e. are in prefixMap)
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Oct 26 22:44:36 UTC 2010 on sn-devel-104
|
|
read-write functions.
dsdb_schema_make_attid() may change prefixMap implicitly
and this is not always desired behavior.
The problem was that
(1) callers had no control on this behavior
(2) callers had no way to know wheter prefixMap has been
changed which can lead to hard to find bugs like
prefixMap is changed in read operation
|
|
rather than WERR_DS_NO_MSDS_INTID.
WERR_DS_NO_MSDS_INTID is intended to be used for msDsIntId
attribute values handling
|
|
And partially outcommented.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 26 18:53:12 UTC 2010 on sn-devel-104
|
|
|
|
- Also multi-valued "member" attributes are allowed
- When you try to delete a member from a group which has it primary group set
exactly to this group you get "UNWILLING_TO_PERFORM"
|
|
It tests only the "description" attribute in particular since it behaves
differently from all others.
|
|
constraints
Only the "description" attribute has this special restrictions.
|
|
|
|
|
|
|
|
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't?
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
|
|
This is useful for "samdb_search_count" where only the amount of entries
matters.
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 12:31:57 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 11:49:19 UTC 2010 on sn-devel-104
|
|
This is the AD behaviour. But on attributes with the flag
"FLAG_ATTR_REQ_PARTIAL_SET_MEMBER" it is allowed.
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 09:48:15 UTC 2010 on sn-devel-104
|
|
|
|
|
|
strings
They can be substituted by "ldb_msg_add_string" if the string was already
talloc'ed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 24 20:03:27 UTC 2010 on sn-devel-104
|
|
In both the "objectguid" and the "repl_meta_data" DSDB module.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 24 18:39:43 UTC 2010 on sn-devel-104
|
|
This should prevent all possible integer storage problems in future.
|
|
'ldb' python module.
|
|
Rename DSDB_MODULE to dsdb_module.
|
|
|
|
|
|
|
|
Only link to nss_wrapper when it is enabled.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Oct 23 23:05:44 UTC 2010 on sn-devel-104
|
|
|
|
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
|
|
LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
|
|
|
|
Currently it is mapped to Octet String LDAP syntax
for comparison purposes.
According to LDAP rfc we should be using same comparison
as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
But according to ms docs binary compare should do the job:
http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Fri Oct 22 22:19:50 UTC 2010 on sn-devel-104
|
|
This implementation doesn't use prefixMap/Schema to validate
numericoid OIDs. We may not have this OID yet, so I see no point
checking schema for if we have it.
Side effect of using prefixMap/Schema for validating numericoids
is that we mistakenly add the OID to the prefixMap.
This led to a corrupted prefixMap in LDB.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
|
|
We didn't seem to get the control created by the time we do searches here.
Andrew Bartlett
Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org>
Autobuild-Date: Thu Oct 21 12:29:54 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
added some depenencies needed for -Wl,-no-undefined
|
|
this prevents a duplicate object file
|
|
samdb/ldb_modules/schema_util.c
these functions operate on ldb_modules, so they should be in the
ldb_modules directory. They also should return ldb errors codes, not
WERROR codes, as otherwise the error can be hidden from the ldap
caller
This re-arrangement fixes a dependency loop in the schema/samdb code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Kamen Mazdrashki <kamenim@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Oct 20 13:54:01 UTC 2010 on sn-devel-104
|
|
This helps ensure that we don't get confusing error strings in the
logs on other error cases.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
|
|
If we send the full extended DN, then we risk standards-complient LDAP
servers rejecting it as invalid. Only the DN portion is needed to
resolve the record in any case, and any SID or GUID componenets have
already been evaluated into the DN.
Andrew Bartlett
|
|
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP.
We don't have these sequence numbers in this case.
Andrew Bartlett
|
|
|