summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2008-03-13Don't use 'dn', this attribute does not exist with the LDAP backend,Andrew Bartlett1-1/+1
or in AD. Andrew Bartlett (This used to be commit a3e1f2830679a56366f0080115de504cdb0144f7)
2008-03-13Bail out, rather than segfault on no domain sid.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit 7e85f318b571d1a909dffad0ecd661468ed497ca)
2008-03-13Correctly normalise records against OpenLDAP.Andrew Bartlett1-1/+1
Fixing this simple typo allows more of the ldap.js test to pass. Andrew Bartlett (This used to be commit 7c80cd18d5cd9cbf32dac15a4734f5a3c67cd0e7)
2008-03-13Don't search the whole tree for the domains's sidAndrew Bartlett1-4/+18
This change removes a dependency on objectclass=domainDNS, and avoids a subtree search when we really know exactly where this record is. Andrew Bartlett (This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett2-2/+2
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-03-13Don't segfault on invalid objectClass input.Andrew Bartlett1-6/+13
If the objectClass found does not include a defaultSecurityDescriptor, then we should not segfault in the SDDL parser. Andrew Bartlett (This used to be commit 5a92771fb55149fcf24f21f30e4c6a622bef44f8)
2008-03-07Treat maxPwdAge == 0 as passwords never expire.Andrew Kroeger1-1/+1
(This used to be commit d28f2cb678b334086f601505c88e56b9c1ee559d)
2008-03-07Add samdb_result_account_expires() function.Andrew Kroeger1-0/+24
Windows uses 2 different values to indicate an account doesn't expire: 0 and 9223372036854775807 (0x7FFFFFFFFFFFFFFFULL). This function looks up the value of the accountExpires attribute and if the value is either value indicating the account doesn't expire, 0x7FFFFFFFFFFFFFFFULL is returned. This simplifies the tests for account expiration. There is no need to check elsewhere in the code for both values, therefore a simple greater-than expression can be used. (This used to be commit 7ce5575a3a40cca4a45ec179a153f7e909065a87)
2008-03-06Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).Andrew Bartlett2-7/+15
To make Samba4, using the python provision system, pass this test required some major rework. Untested code is broken code, and some of the refactoring for a seperate provision test (which also now passes) broke things. Similarly, the iconv work has compiled, but these codepaths have never been run (NULL pointer de-reference). In working to use a local, rather than global, loadparm context, and to support using a target directory, a few things needed to be reworked, particularly around path handling. Andrew Bartlett (This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
2008-03-04The DN in objectCategory should, if possible, be returned pretty...Andrew Bartlett2-2/+10
This avoids going via the canonicalise_fn(), which will upper case the DN Andrew Bartlett (This used to be commit cdff1b0802437d713652b89f4522d3cce97c30ec)
2008-02-29Change remaining prototype headers to be private.Jelmer Vernooij1-1/+1
(This used to be commit 2f7ff409e89c9682e681ddcf54439db9e3b6ccb4)
2008-02-29Move public header accumulation out of the perl code.Jelmer Vernooij1-4/+8
Never install generated prototype files. It's easier to break the API when using them and they're not easily readable for 3rd party users. Conflicts: source/auth/config.mk source/auth/credentials/config.mk source/auth/gensec/config.mk source/build/smb_build/config_mk.pm source/build/smb_build/main.pl source/build/smb_build/makefile.pm source/dsdb/config.mk source/lib/charset/config.mk source/lib/tdr/config.mk source/lib/util/config.mk source/libcli/config.mk source/libcli/ldap/config.mk source/librpc/config.mk source/param/config.mk source/rpc_server/config.mk source/torture/config.mk (This used to be commit 6c659689ed4081f1d7a6253c538c7f01784197ba)
2008-02-29Fix typo.Jelmer Vernooij1-1/+1
(This used to be commit 2b408e9ed4caf14e1ac047fd76127a5c979e5177)
2008-02-29Simplify the 'password must change' logicAndrew Bartlett1-22/+17
This takes the previous patches further, so we catch all the cases (the KDC looked at the time directly). Andrew Bartlett (This used to be commit cda4642a937d249399e25eaa6e5e20a0d440bcbf)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-4/+30
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-02-28Users and computers now share the same template.Andrew Bartlett1-35/+100
Slowly work away at the samldb module again, it is clear that AD does not use much of a templating system. samAccountType is managed, as far as I can tell, when groupType or userAccountControl changes. Andrew Bartlett (This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
2008-02-20Fix use of some modules (needed _PUBLIC_).Jelmer Vernooij25-56/+53
(This used to be commit ce332130ea77159832da23bab760fa26921719e2)
2008-02-20Use struct-based rather than function-based initialization for ldb modules ↵Jelmer Vernooij27-205/+33
everywhere. (This used to be commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b)
2008-02-19Fix accidently introduced bug - thanks metze.Jelmer Vernooij1-1/+1
(This used to be commit d0dfdab85ac751c62b0a6d6e6b1ff128940098ed)
2008-02-19Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-trivialJelmer Vernooij1-0/+1
(This used to be commit 8238415f3cf2d48601dd3102edfa2c438155f49a)
2008-02-19Remove uses of global_loadparm.Jelmer Vernooij3-15/+18
(This used to be commit 138aaef0781e0754cc17b3ffdaa6062ba70c0c6a)
2008-02-19Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartletAndrew Bartlett1-1/+1
(This used to be commit 837eb8a0bc011cd84bc7e8d2849028313d709928)
2008-02-19Explain that these OIDs are DNsAndrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 69af290c91c61cdaf821750d0d2dddf9cb1b8255)
2008-02-18Rename include to mkinclude to emphasize it is different from make's include.Jelmer Vernooij1-1/+1
(This used to be commit 0e1d0a874ae3d22b8f97a79b81fe0af3ef53a771)
2008-02-09Give a more useful error when the templates.ldb can't be found.Andrew Bartlett1-2/+4
Andrew Bartlett (This used to be commit 26108eb66b4b5d4b339dfc845e8a018190068e81)
2008-02-08Reset error stringsAndrew Bartlett1-0/+2
Avoid leaking error strings up to the application, when we are ignoring them. (This used to be commit 57b4b43b6548d1cd81cfaebc5ea8abc88aaca989)
2008-02-05sidmap: Some source code cleanups.Kai Blin1-10/+12
(This used to be commit 16466b543bf8dd35bc79a030696f78598ca82f54)
2008-02-04Remove useless layer of indirection, where every service calledAndrew Bartlett1-9/+1
task_service_init() manually. Now this is called from service.c for all services. Andrew Bartlett (This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db)
2008-02-04Rework service init functions to pass down service name. This isAndrew Bartlett1-1/+1
needed to change prefork behaviour based on what service is being started. Andrew Bartlett and David Disseldorp (This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0)
2008-01-26ldb: Add ldb_oom() calls in a couple of places.Jelmer Vernooij4-2/+18
(This used to be commit 1163c2ad54b122487fa25960b8989f0f6d0b8c64)
2008-01-25repl_meta_data: add some TODOs to replmd_modify_originating()Stefan Metzmacher1-0/+17
metze (This used to be commit ba495f9d19e7c7cfc9135a5d40e1050dd8f9ebc6)
2008-01-24Use the repl_meta_data module by default.Andrew Bartlett1-0/+4
This means that, except when we back onto LDAP, when it will be replaced with the mapping backend, we will keep this codepath tested. Andrew Bartlett (This used to be commit e8fb5da5a18c1c3bd788b1ab3f814ffb847b00fd)
2008-01-23Get more information from ldb when reporting a failed replication.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 948ee9b7acd90b994bb9d9f7c1813a8eca430e4f)
2008-01-23Fix DRSUAPI replication test - NET-API-BECOME-DC.Andrew Bartlett1-126/+14
The main change here is to work with the current module stack, replacing only the objectGUID module, rather than a number of modules. However, two changes were key: - Fixing a typo search_req->handle -> change_req->handle - Allowing an error of NO_SUCH_OBJECT - it is quite valid for the object not to exist when being replicated in. Other small changes were required to the ejs provision to match changes in that code. Andrew Bartlett (This used to be commit 7b87a58502a052de391f4e1c56ac78a8d35b4e34)
2008-01-23Fix segfaults in codepaths only tested by the NET-API-BECOME-DC test.Andrew Bartlett1-2/+2
(I presume this has resulted from the global variable elimination) Perhaps the iconv handle argument to ndr_push_struct needs to be marked as 'not NULL' or similar? Andrew Bartlett (This used to be commit e8081333b8d43d96974c9e06a26aaa25dd34da56)
2008-01-23ranged_results: fix use of uninitialised variable (end)Andrew Bartlett1-2/+4
This matches the range parsing in the search and callback - end was uninitilaised, causing occasional failures in make test. Andrew Bartlett (This used to be commit 669f137f0ecad10248a51b337c8f115d14d55b05)
2008-01-18Only set showOnlyInAdvancedView: TRUE when adding default values.Andrew Bartlett1-2/+2
False is the default, so only set this when the schema requires the hiding behaviour. Andrew Bartlett (This used to be commit 45f6ccefda39e8f0a9820ba55b1924b7cfb12262)
2008-01-18Merge commit 'origin/v4-0-test' into 4-0-localAndrew Bartlett1-0/+1
(This used to be commit 51422414bed28f425197519298c6b04a9f4e2c4e)
2008-01-18Add showInAdvancedViewOnly to every new objectAndrew Bartlett1-0/+4
Unless already set, the default value for this comes from the defaultHidingValue in the schema. Andrew Bartlett (This used to be commit 673f1805006f879fa5302aab8411767a22488e64)
2008-01-18Search for memberOf when clients ask for a wildcard against OpenLDAPAndrew Bartlett1-0/+1
The memberOf module in OpenLDAP make this attribute operational, so we need to add it here or clients won't get it when using *. Andrew Bartlett (This used to be commit 35148fd51f22d81fe9f590b7d6f13285c35656a7)
2008-01-18Correct authorship of instanceType moduleAndrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit d427cf4fa67e84ccdece9a3fb31d8e89379a86e7)
2008-01-18Add in a new module to handle instanceTypeAndrew Bartlett2-0/+141
This code raided from the repl_meta_data module, which probably needs to be downsized to just handling the replication data. Andrew Bartlett (This used to be commit 2a418f33705a792d9d16cf1d4aa3dcda467e6e04)
2008-01-17ldb_map objectClass munging: Don't hard-code 'extensibleObject'.Andrew Bartlett2-3/+3
This allows objectClass munging to be removed, or modified to not include adding an objectClass, or for that objectClass to be something different. Andrew Bartlett (This used to be commit ee93b4e2ee1dd1cd38bcf14b2bb62556a13cec4a)
2008-01-16Rework linked_attributes module for the REPLACE case.Andrew Bartlett1-6/+86
This moves to a smarter 'find the delta' based operation of the linked attributes module, when the caller asks for a 'replace' of the link source. Previously we would spray operations all over the database, even if the net result was just to modify one record. This also means we need the transaction safety less, which may be useful for some LDAP backends that don't provide this functionality on the LDAP server. Andrew Bartlett (This used to be commit 8c88e4eb1c0a606e7899091525260e8d6558ffd0)
2008-01-16Rework control handling to remove the 'domain_scope' controlAndrew Bartlett1-17/+37
Also remove the search_options control earlier, before, rather than after duplicating the request. When we generate referalls in the partition module, the domain_scope control with suppress them. Andrew Bartlett (This used to be commit fc57a119f53a7bc0a0eb76b868bbd7386b3c5008)
2008-01-11Remove 'dn' from mapping, it isn't a valid attribute in AD, and causesAndrew Bartlett2-19/+1
problems with ldap.js test with OpenLDAP as the backend. Likewise, remove it from the template lookup (for consistancy). TODO: see if it can be removed from ldb Andrew Bartlett (This used to be commit 47a1b76f7fff30229d3f23c6723f047923faf196)
2008-01-11Add in new module to normalise DNs being returned from OpenLDAP. ThisAndrew Bartlett2-0/+179
fixes the case of the attribute in teh DN. Fix option spelling for example re-provision Andrew Bartlett (This used to be commit e3a76be04760a81a9c1b7ad9b139f088decc9ee6)
2008-01-08r26697: Leak less memory into the ldb context.Andrew Bartlett1-3/+15
(Trying to chase down memory leaks in provision) Andrew Bartlett (This used to be commit a0cf47c3359ca5dfab90c1a5831a73b89ff9f027)
2008-01-06r26679: It is very bad to free the ldb handle when you didn't create it...Andrew Bartlett1-1/+1
(My bad when copying this code into samdb_is_gc()). Andrew Bartlett (This used to be commit b4a95a89853a0ebd75b39f01bbdbf82e05e97bd7)
2008-01-05r26672: Janitorial: Remove uses of global_loadparm.Jelmer Vernooij1-1/+1
(This used to be commit 18cd08623eaad7d2cd63b82ea5275d4dfd21cf00)