Age | Commit message (Collapse) | Author | Files | Lines |
|
This makes these full extended DNs, so we set the right values into
the database, even before we actually set the schema objects
themselves.
Andrew Bartlett
|
|
It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.
The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.
Andrew Bartlett
|
|
The load of defaultObjectCategory as an extended DN means we need to
use the common parsing functions I just split out, rather than the
GET_DS_DN macro.
The objectGUIDs are loaded so that we can create the extended DN when
we load from LDIF (and are loaded for the other cases for
consistency).
Also adapt callers to API changes needed for common parsing code
Andrew Bartlett
|
|
This loads the defaultObjectCategory DN as an extended DN, so we can
apply it, with the associated GUID, when setting this on records in
the objectClass module.
Previously we would not store the extended DN components for
objectCategory.
Andrew Bartlett
|
|
This should make it easier to call this function from the DRS schema
load code, rather than duplicate it.
(we may do the same with other functions in future).
Andrew Bartlett
|
|
These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.
Andrew Bartlett
|
|
- Add more "\n" to make sure that error messages are displayed immediately
- Add a "NULL" in a attribute list
|
|
"lDAPDisplayName" generator"
This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4.
abartlet pointed out in a post on the samba-technical list that this isn't
necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks
functionality of the replication.
|
|
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack).
Andrew Bartlett
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
"lDAPDisplayName" generator
Also here we've to be sure to generate the attribute correctly if it doesn't
exist yet.
|
|
This missing support found by Microsoft test suite at AD interop event.
Patch by Andrew Bartlett
Enhancements by Matthias Dieter Wallnöfer
|
|
This is needed for the SAMLDB module enhancement regarding schema objects.
The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
|
|
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know
when is really is allowed, treat it as a warning only.
|
|
|
|
The bug here was that by assuming all linked attributes were 'normal
DNs', we would miss the binary portion of DN+Binary.
This patch then has us reparse the string to determine it's GUID, for
the GUID lookup, but maintains the binary porition into the on-disk
format.
Andrew Bartlett
|
|
|
|
|
|
|
|
I've left out those for which I could not find an expected value in my
default Windows 2003 server's database, and the values that rely on
the current prefix map at the time.
Andrew Bartlett
|
|
This is most likely the cause of the DRS replication failures I
observed with my changes.
Andrew Bartlett
|
|
This will allow us in future to do tests on the LDB values we generate
from the DRS replication.
Andrew Bartlett
|
|
It turns out that we always add the class/attribute to the schema.
|
|
These changes include reworking the code to call ldb_module_get_ctx()
less often (avoid the function calls, particularly during the step
into a complex function).
Andrew Bartlett
|
|
(Found in a code review by metze)
Andrew Bartlett
|
|
|
|
This converts the code from using the binary DN code in ldb_dn to
using a special Samba-specfic wrapper around ldb_dn.
We also use the dsdb_dn code for DN+Binary and DN+String comparisons
(changed from treating them as Binary blobs)
Andrew Bartlett
|
|
This aims to replace (and is based on) the code in ldb_dn.c. It is
however much stricter in the DNs it will accept.
Andrew Bartlett
|
|
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Andrew Bartlett
|
|
This size constraint is not correct in it's current form, as windows
does send us rDN values for CN with lengths longer than 64. Once we
know how this constraint really works we can add it back in.
|
|
|
|
This deactivates the password complexity check, but not the minimum password
length one, since the length is specified.
This change is needed by my password module work.
|
|
the password data blob
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
TODO: this function may be refactored further.
Actually we don't need to look up for the OID supplied,
but just call sdb_schema_pfm_make_attid() - it will
search for the OID anyway and add it if necessary
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
_dsdb_prefixmap_from_ldb_val()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It is to be used later in several places when we need such conversion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
"partial drsuapi_prefixMap" is a prefix map without last entry
being special - i.e. map that does not contains schema_info entry.
Test for dsdb_schema_pfm_from_drsuapi_pfm() were also extended to
cover both 'full' and 'partial' map conversion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
dsdb_schema_pfm_contains_drsuapi_pfm()
dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented
prefixMap interface.
This name was choosen to clearly show, that this a week verification
in case we want to determine if remote schema is changed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
dsdb_get_oid_mappings_drsuapi() just need to call
dsdb_drsuapi_pfm_from_schema_pfm() to get filled-in DRSUAPI
prefixMap.
Perhaps it won't be bad to rename this function to have
more expressive name in the future
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Also, dsdb_load_oid_mappings_drsuapi() was reimplemented to use
dsdb_schema_pfm_from_drsuapi_pfm() function to load
drsuapi_prefixMap into schema->prefixmap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|