Age | Commit message (Collapse) | Author | Files | Lines |
|
when doing DRS between domains, using the right SPN is essential so
the KDC can generate referrals to point us at the right DC. We prefer
the GC/hostname/DNSDOMAIN form if possible, but if we can't find the
hostname then this changes the code that generates the target
principal name to use either the msDS-HasDomainNCs or hasMasterNCs
attributes to try to find the target DC domainname so we can use the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/GUID/DNSDOMAIN SPN form.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
another missing newline
|
|
this is needed for a subdomain join by a new NC. The NC is initially
uninstantiated
|
|
this allows INSTANCE_TYPE_WRITE to be not set if
INSTANCE_TYPE_UNINSTANT is set
|
|
this adds a flag to dsdb_origin_objects_commit that tells it to create
a new NC based on the nCName in a crossRef object
|
|
|
|
when we receive objects to a partial replica, we need to change the
incoming instanceType to not include the INSTANCE_TYPE_WRITE
flag. Partial replicas unset this flag.
|
|
this sets the appropriate flags for replication with FULL_SYNC and
partial replica replications
|
|
With this set, we accept changes even if they have the same tuple as
the local copy. This can be used by a FULL_SYNC replication to recover
a replica that is corrupt
|
|
if instanceType does not include INSTANCE_TYPE_WRITE, then disallow
changes to any replicated attributes. This ensures partial replicates
are not alterered
|
|
this allows the replication server to control replication via a set of
flags. Initial flags will allow control for partial replications and
full_sync support
|
|
|
|
|
|
this modifies the partition module to honor a partialReplica attribute
on the @PARTITION module, marking partiations as partial replicas so
the NO_GLOBAL_CATALOG control can be honoured
|
|
when we find a NC via a DN string, fill in the GUID and SID so the
caller can properly report them
|
|
the showrepl operation should return all our replicated NCs, including
partial replicas
|
|
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
|
|
this allows us to use the DN from a hasPartialReplicaNCs attribute to
create a reps1 object
|
|
we need to create a temporary dsa object to allow the replication task
to replicate a NC that is not listed in a repsFrom attribute
|
|
we need to use the hasMasterNCs and hasPartialReplicaNCs attributes on
our NTDS object to get the list of NCs to replicate, instead of using
the rootDSE. This is needed to support replicating of GC partial
replicas, which are not listed in the rootDSE
|
|
if we are replicating a partial replica, then we need to supply the
partial attribute set we want to replicate to the server
|
|
we may not have replicated the partition yet, so this should be
considered the same as having no repsFrom/repsTo
|
|
if the @ATTRIBUTES or other objects which are replicated between
partions become out of sync, then the ldb would fail to open. This
changes ensures that we can always fix those records, by running the
operation in the top level partition, and replicating the result to
the other partitions
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 19 04:31:48 CEST 2011 on sn-devel-104
|
|
you need to either use str(dn) or use %s in a format string
|
|
we can't just append CN=Configuration to the basedn, as that won't
give the right configuration DN for a subdomain of a forest
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we do a subdomain join we create a new object using a REPL_OBJ
getncchanges call for the partitions DN. This has a side effect of
creating that object. We need to skip the UDV update in that case
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This matches the search in other places
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep 8 05:02:54 CEST 2011 on sn-devel-104
|
|
this was found by a flakey test in autobuild
|
|
sid can be const
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
AD DNS partitions (DomainDnsZones and ForestDnsZones) are listed
under msDs-hasMasterNCs attribute for post-2003 windows servers.
|
|
this uses the bitwise comparison ldap operators to ensure we only get
NC roots
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Sep 5 12:48:39 CEST 2011 on sn-devel-104
|
|
It also creates a single routine dsdb_load_ldb_results_into_schema()
to handle cases where the schema is in the form of an ldb_result.
Andrew Bartlett
|
|
specified on add
|
|
This string is reported to the caller, which makes debugging much easier.
Andrew Bartlett
|
|
I'm pretty sure a SHOW_DELETED was wanted here
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
|
|
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
|
|
another multi-domain fix
|
|
we need to base this DNS name on the forest DNS name for multi-domain
support
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this gets the DNS name for a NTDS GUID, based on the forest DNS name
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
wrong order of arguments
|
|
this converts a DC into the equivalent DNS domain. It is used when
forming t_msdcs NTDS DNS names
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this will catch future programmer errors with incorrect base DNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
windows does not allow a search on the empty DN except for rootDSE
searches or for phantom_root searches (ie. with --cross-ncs). By
enforcing this in Samba we make it more likely that our tests and
utilities will work against windows
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
NULL should be used when doing all partition searches. The default
basedn should be used when wanting just the domain NC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when searching all partitions we must use the NULL basedn, or we will
miss partitions in multi-domain setups
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|