Age | Commit message (Collapse) | Author | Files | Lines |
|
is invalid
ERR_INVALID_DN_SYNTAX fits better than ERR_OPERATION_ERROR in this case. This
one gets triggered if we perform "add" requests without the LDAP server.
Reviewed by: Tridge
|
|
This was already done in repl_meta_data, but it needs to be done here
as well to cope with Windows 2000 level links.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 2 02:03:58 CET 2011 on sn-devel-104
|
|
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as
64-bit integer.
Reviewed by: Kamenim and Metze
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
|
|
This isn't used anymore.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This isn't needed anymore and will be substituted by
"ldb_msg_add_string".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
We don't need all object attributes resolved and converted for a working
schema to be functional.
|
|
during replicated object convert stage.
The problem is that we may have loops in schema graph and we can't
resolve those loops in just one pass. Ignoring some attributes
conversion will allow us to have a functional schema cache that we
can use later to resolve all attribute OIDs on another pass
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
|
|
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sun Feb 27 00:10:45 CET 2011 on sn-devel-104
|
|
run_pending_ops directly
Executing dreplsrv_run_pending_ops() directly may cause a segfault
as in case of failure, the _drepl_replica_sync_done_cb() callback
gets called *before* drepl_replica_sync() returns. In such case,
irpc message gets freed twice - once when irpc_send_reply() gets called
and once when drepl_replica_sync() returns
|
|
last success
|
|
1. Take into account DSA options - we should not send replication
requests in case OUTBOUND_REPLICATION is disabled
2. Use replication flags for the operation to determine if
a forced replication is requested
3. In case outbound replication is disabled and we don't have
DRSUAPI_DRS_SYNC_FORCED flag set, then we should record
WERR_DS_DRA_SINK_DISABLED error as a last replication result
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Feb 22 12:39:23 CET 2011 on sn-devel-104
|
|
|
|
This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.
Andrew Bartlett
|
|
this removes a conflict with the s3 smbpasswd binary
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Feb 21 18:02:21 CET 2011 on sn-devel-104
|
|
callbacks.
|
|
descriptor_modify.
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
|
|
synchronous descriptor_add.
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
|
|
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
it does exactly what we need here
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Feb 15 16:55:32 CET 2011 on sn-devel-104
|
|
Exactly for the syntax which is needed by Volker in s3's "pdb_ads".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 16:10:15 CET 2011 on sn-devel-104
|
|
This is the same way as it is done in the samldb LDB module.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 12:08:26 CET 2011 on sn-devel-104
|
|
ntds_guid is NULL otherwise as it doesn't make sense for
not a DC object
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Feb 14 13:15:31 CET 2011 on sn-devel-104
|
|
|
|
as a counterpart for samdb_find_ntdsguid_for_computer()
to be used in LDB modules
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Feb 14 08:45:51 CET 2011 on sn-devel-104
|
|
This approach just asks the tdb backend to handle the single valued
constraint for us
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
different if the P flag is set.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Feb 10 12:31:34 CET 2011 on sn-devel-104
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
|
|
This both checks that the levels make sense, and they match what they
should be based on in the DB.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Feb 2 06:09:53 CET 2011 on sn-devel-104
|
|
The issue here is that when the samdb calls were removed, this call
relied on going back to the top of the module stack, so as to re-enter
the rootDSE search handler. It makes more sense to check the @ROOTDSE
record directly, and therefore not to invoke the search() handler
during the init.
Andrew Bartlett
|
|
This exact form of the construction is important, and we match on it
in the installation scripts.
Andrew Bartlett
|
|
errors.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Jan 28 12:04:01 CET 2011 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
|
|
into "objectclass_attrs" LDB module
LSA object classes are protected on both LDAP add and LDAP modify
operations, so I've refactored the previous check in the objectclass LDB
module only for LDAP adds in a new one in the objectclass_attrs LDB
module for both adds and modifies.
This is the result of the investigations done by Hongwei Sun and I in
the last months.
Interestingly these protection mechansim doesn't apply on LDAP deletes!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
metadata stamps are equal
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Jan 22 12:22:30 CET 2011 on sn-devel-104
|
|
|
|
If object is changed by same DC, then version should be incremented
|
|
This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **. This is in keeping with
the other sid lists in the security_token etc.
In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.
Andrew Bartlett
|