summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-09-07s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")Matthias Dieter Wallnöfer1-104/+0
2009-09-07s4:dsdb: correctly implement _dsdb_syntax_OID_oid_ldb_to_drsuapi()Stefan Metzmacher1-1/+31
Here we just need to map the oid string in the ldb value to the ATTRTYP id. metze
2009-09-07s4:simple_ldap_map - "primaryGroupId"Matthias Dieter Wallnöfer1-4/+15
Previous patch was incomplete regarding the "primaryGroupId" attribute. Complete it.
2009-09-07s4:samldb - Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-09-07s4:subtree delete module - Cosmetic adaptionsMatthias Dieter Wallnöfer1-11/+16
2009-09-07s4:samldb - Major reworkMatthias Dieter Wallnöfer1-243/+1000
This fixes up the change of the primary group of a user when using the ADUC console: - When the "primaryGroupId" attribute changes, we have to delete the "member"/"memberOf" attribute reference of the new primary group and add one for the old primary group. - Deny deletion of primary groups according to Windows Server (so we cannot have invalid "primaryGroupID" attributes in our AD). - We cannot add a primary group directly before it isn't a secondary one of a user account. - We cannot add a secondary reference ("member" attribute) when the group has been chosen as primary one. This also removes the LDB templates which are basically overhead now. This should also fix bug #6599.
2009-09-06s4:simple_ldap_map - Enhance it for supporting "primaryGroupID" in the right wayMatthias Dieter Wallnöfer1-14/+25
2009-09-06s4:"linked attributes" modules - correct the commentsMatthias Dieter Wallnöfer1-2/+2
2009-09-06s4:dsdb/common/util.c - Copy parameters to prevent segfaultsMatthias Dieter Wallnöfer1-3/+8
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform write operations on them (look below in the code) we could get SIGSEGVs!
2009-09-06s4:dsdb/common/util - Indentation fixesMatthias Dieter Wallnöfer1-4/+5
2009-09-04s4: fixed a missing NULL termination in a attribute list passed to ldb_searchAndrew Tridgell1-1/+1
2009-09-03Fix the dsdb_syntax_OID_ldb_to_drsuapi functionAnatoliy Atanasov1-1/+51
This replace the dsdb_syntax_FOOBAR_ldb_to_drsuapi function, which was left as a TODO code. Implementation in both added functions is completely identical and probably should differ in the future.
2009-09-03another large change to the linked_attribute moduleAndrew Tridgell1-20/+64
This one copes with deleted objects where linked attributes have been set on the module. We hit this when we do the ldb wipe at the start of a provision, which trigers linked attribute updates, but for objects that have disappeared. We need to ensure that the linked attribute updates only happen on the right object, and if the object gets re-created (as happens with a provision) then it is not the right object. To cope with this we record the GUID of the object when the operation that triggered the linked attribute update comes in, and then find the DN by suing that GUID when we apply the change in the prepare commit hook.
2009-09-03hook on prepare_commit instead of transaction_endAndrew Tridgell2-8/+11
This allows for safe transaction end aborts
2009-09-03greatly simplify the transaction processing in the partition moduleAndrew Tridgell1-51/+29
Now that ldb is calling prepare commit separately, the job of the partition module on transaction end is much simpler (and more robust!)
2009-09-03added dsdb_find_guid_by_dn()Andrew Tridgell1-1/+21
This will be used by the linked_attribute module
2009-09-03change repl_meta_data to process linked_attributes structures in end_transactionAndrew Tridgell1-4/+276
When running at functional level 2 or above, the repl_meta_data module can receive linked attribute structures from the repl replication task. These attributes can come through DRS before the associated objects have been created. To cope with this, we need to process linked attributes in the end_transaction hook.
2009-09-03fixed transaction handling in linked_attributes moduleAndrew Tridgell1-76/+4
We need to call down to the next transaction function when we finish in linked_attributes. This also changes linked_attributes to use the common dsdb_find_dn_by_guid() function
2009-09-03add the the linked attributes elements to the repl structureAndrew Tridgell2-1/+9
This exposes the linked_attributes to the repl_meta_data module
2009-09-03tell the server that we support linked attribute replicationAndrew Tridgell1-6/+1
2009-09-03added dsdb_find_dn_by_guid()Andrew Tridgell1-0/+78
This came from the linked_attributes module, but now the repl_meta_data module needs the same functionality, so move it to a common routine.
2009-09-02traverse the ac list in reverse orderAndrew Tridgell1-1/+6
items are added to the linked attribute list using DLIST_ADD(), which means to commit them to the database in the same order they came from the server we need to walk the list backwards when we traverse it
2009-09-02s4:dsdb rewrite the linked_atrributes code to commit in the end_transaction hookAndrew Tridgell1-107/+281
linked attribute changes can come in any order. This means it is possible for a forward link to come over the wire in DRS before the target even exists. To make this work this patch changed the linked attributes module to gather up all the changes it needs to make in a linked list, then execute the changes in the end_transaction hook for the module. During that commit phase we also fix up all the DNs that we got by searching for their GUID, as the objects may have moved after the linked attribute was sent, but before the end of the transaction
2009-09-02add the partition_control control to replication requestsAndrew Tridgell1-0/+22
We know the partition DN from the DRS objects, we need to pass this down the modules below us to ensure they operate on the right partition
2009-09-02change the dsdb_control_current_partition to not include internal variablesAndrew Tridgell2-82/+88
This structures was used in two ways. In one way it held variables that are logically internal to the partition module, and in the other way it was used to pass the partition DN down to other modules. This change makes the structure contain just the dn which is being passed down. This change is part of the support for linked attributes. We will be passing this control down from above the partition module to force which partition a request acts upon. The partition module now only adds this control if it isn't already there.
2009-09-02Display ldif formatted versions of all DRS changes at log level 4Andrew Tridgell1-0/+18
This helps a lot with debugging the DRS replication code
2009-09-02Wrap DRS changes in a transactionAndrew Tridgell1-0/+18
We should always apply a whole set of DRS changes or none of them. See [MS-DRSR] 3.3.2
2009-09-02fixed spellingAndrew Tridgell1-1/+1
2009-08-26s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use tallocAndrew Bartlett1-14/+20
This changes dsdb_write_prefixes_from_schema_to_ldb() to use an internal talloc hirarchy, so we can safely give it a NULL context from the python. It also fixes manual construction of the ldb_message - we now use the right helper functions. Andrew Bartlett
2009-08-26s4:scheam quiet a 'const' warningAndrew Bartlett1-1/+1
2009-08-26s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schemaAndrew Bartlett1-14/+13
The aim is to create a function that is more easily wrapped for python, so that we can write the updated prefixMap in an upgrade script. Andrew Bartlett
2009-08-26s4:dsdb Use helper function to add 'show deleted' controlAndrew Bartlett1-20/+10
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4 to use ldb_request_add_control() instead of a manual construction. Andrew Bartlett
2009-08-25fixed DRS rename of deleted objectsAndrew Tridgell1-1/+20
The objectclass module checks that the target parent exists, and refuses renames if it doesn't exist. For this to work for deleted objects we have to do the search in the objectclass module with the "show deleted" control enabled.
2009-08-25s4:dsdb Rework show_deleted module not to liniearise the LDAP filterAndrew Bartlett1-72/+37
Instead, use the fact that the ldb_parse_tree structure is public to construct the 'and not deleted' clause as a structure, and apply each filter tree to that template. Andrew Bartlett
2009-08-24s4:dsdb Use talloc_strndup() to ensure OIDs are null terminatedAndrew Bartlett1-8/+11
The OIDs are not NULL terminated by the python caller, in line with the LDB API, but we need them to be here, as we were casting them to a string. Andrew Bartlett
2009-08-24s4:dsdb Add constAndrew Bartlett1-2/+2
2009-08-24s4:dsdb remove unused variableAndrew Bartlett1-1/+0
2009-08-24s4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the endAndrew Bartlett1-7/+17
The problem is that samdb_result_string() and ldb_msg_find_attr_as_string() both simply cast the string, rather than ensuring the return value is NULL terminated. This may be best regarded as a flaw in LDB, but fixing it there is going to be more difficult. Andrew Bartlett
2009-08-19added basic support for rename in DRS replicationAndrew Tridgell1-5/+9
Added simple DRS rename support in replication. This should be done async, and I'm not sure if we should also do any repl data updates to indicate the rename. I'm still learning how this stuff works, but at least this allows a rename on a DC to propogate correctly
2009-08-17s4: int32 handling: previous fix was not fully correctMatthias Dieter Wallnöfer1-1/+1
2009-08-17s4: Make the int32 problem more clear - and fix another errorMatthias Dieter Wallnöfer2-1/+5
2009-08-17s4: Fixed the int32 datatype supportMatthias Dieter Wallnöfer1-1/+1
Should finally fix bug #6136 ("groupType", "sAMAccountType" ... attributes).
2009-08-17make sure we update the current schema->prefixes when we add a new prefixAndrew Tridgell1-0/+9
This triggered a failure in the updateNow schema test, as the current global schema was not being updated when a new schema element was added
2009-08-17s4:schema Allow a schema load on an unconnected databaseAndrew Bartlett1-5/+6
This helps ensure we don't load the schema too often in the provision (allowing a reference in of the schema before the modules load). Andrew Bartlett
2009-08-17s4:schema Provide a way to reference a loaded schema between ldbsAndrew Bartlett1-11/+19
This allows us to load the schema against one ldb context, but apply it to another. This will be useful in the provision script, as we need the schema before we start the LDAP server backend. Adnrew Bartlett
2009-08-14s4: Remove obsolete "samdb_password_quality_ok" function (it's just a ↵Matthias Dieter Wallnöfer1-10/+1
one-line wrapper)
2009-08-14s4: cracknames.c: Change the handling of the NT_STATUS_NO_MEMORY status resultsMatthias Dieter Wallnöfer1-4/+6
With the previous check I got random failures when trying to connect to the LDAP server.
2009-08-11s4:operational - Remove some outdated commentsMatthias Dieter Wallnöfer1-12/+0
2009-08-11s4:samldb module - Remove duplicate lineMatthias Dieter Wallnöfer1-1/+0
2009-08-11s4:operational module - move and enhancementsMatthias Dieter Wallnöfer2-0/+358
This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules" (suggested by abartlet) and enhances it for supporting dynamic generated "primaryGroupToken" for AD groups. This should fix bug #6466.