summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-05-25s4:samldb LDB module - check if the RODC group exists if creating an RODCMatthias Dieter Wallnöfer1-13/+43
Older AD deployments simply don't have it and hence there is no RODC support. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
2011-05-25s4:samldb LDB module - better to call "samldb_prim_group_trigger"Matthias Dieter Wallnöfer1-1/+1
"samldb_prim_group_trigger" which as a wrapper calls "samldb_prim_group_change" for a LDB modify operation. Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - convert a "dsdb_module_search" into ↵Matthias Dieter Wallnöfer1-5/+2
"dsdb_module_search_dn" It saves us from checking the number of returned entries. Reviewed-by: abartlet
2011-05-25s4:sam.py - uncomment/enhance some account type testsMatthias Dieter Wallnöfer1-30/+48
Reviewed-by: abartlet
2011-05-25s4:samldb LDB modules - only objectClass "computer" is allowed to embed all ↵Matthias Dieter Wallnöfer1-3/+33
types of account Reviewed-by: abartlet
2011-05-25s4:sam.py - tests for "isCriticalSystemObject" attributeMatthias Dieter Wallnöfer1-0/+132
Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix "isCriticalSystemObject" behaviourMatthias Dieter Wallnöfer1-3/+22
Tests against Windows Server show that it gets set to "FALSE" (not deleted) if we change the account type to a domain member. Reviewed-by: abartlet
2011-05-25s4:sam.py - unchanged "primaryGroupID" when account type remains the sameMatthias Dieter Wallnöfer1-0/+38
Enhance the testcase with a workstation example. Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix the behaviour when changing the "userAccountControl"Matthias Dieter Wallnöfer1-14/+31
Ekacnet was not quite right yet but his patch made me think further. This primary group changing is only needed if the account type changes. With this patch we do one more search if the "userAccountControl" changes but we save us from doing these unneeded and wrong modify replace operations most of the time. Reviewed-by: abartlet
2011-05-21s4:sam.py - add tests to check that setting "userAccountValue" on usersdon't ↵Matthieu Patou1-2/+40
impact the "primaryGroupID" attribute Notice: The domain administrators groups isn't referenced as "Domain Admins" since this name could differ. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat May 21 19:19:57 CEST 2011 on sn-devel-104
2011-05-21s4:samldb LDB module - don't change the "primaryGroupId" on LDB ↵Matthieu Patou1-1/+16
modifications unless we are a computer/dc/rodc Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2011-05-21s4:ldb-samba/ldb_wrap.*-dsdb/samdb/samdb.c - handle LDB connection flags as ↵Matthias Dieter Wallnöfer1-1/+1
unsigned The LDB API ("ldb_connect") prescribes that they should be "unsigned". Signed-off-by: Metze
2011-05-21s4-dsdb: add unit tests for dirsync controlMatthieu Patou1-0/+713
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: implementation of the dirsync controlMatthieu Patou3-0/+1369
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: introduce dsdb_module_search_treeMatthieu Patou1-24/+63
With this function your own search tree can be specified This function is similar to ldb_build_search_req_ex as it allows to pass a parse tree structure. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: relax a bit the checks on read acl when dirsync control is specifiedMatthieu Patou1-12/+42
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: create flag for requesting ACL relax in case of DIRSYNC requestMatthieu Patou1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4: do not change the critical flag when it's on a dirsync controlMatthieu Patou1-1/+5
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-11s4/drepl_fsmo: Add an CR so that message is visible in the logsKamen Mazdrashki1-1/+1
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed May 11 21:03:59 CEST 2011 on sn-devel-104
2011-05-08s4-dsdb Add transactions to dsdb modify helpersAndrew Bartlett1-0/+18
2011-05-03s4-socket: rename allow_access() to socket_allow_access()Andrew Tridgell1-1/+1
this prevents a symbol collision with s3 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-05-03Remove strlower_m() and strupper_m() from source4 and common code.Andrew Bartlett1-2/+1
This function is problematic because a string may expand in size when changed into upper or lower case. This will then push characters off the end of the string in the s3 implementation, or panic in the former s4 implementation. Andrew Bartlett
2011-05-03s4-messaging Rename messaging -> imessagingAndrew Bartlett4-8/+8
This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett
2011-04-29s4:"ldb_connect" calls - proof for "!= LDB_SUCCESS"Matthias Dieter Wallnöfer1-1/+1
Reviewed-by: abartlet
2011-04-29s4:repl_meta_data LDB module - quiet a discard const ptr warningMatthias Dieter Wallnöfer1-1/+1
2011-04-29s4:token_group.py python test - fix typosMatthias Dieter Wallnöfer1-2/+2
2011-04-29s4-param Rename private_path() -> lpcfg_private_path()Andrew Bartlett1-2/+2
This is consistent with lock_path() Andrew Bartlett
2011-04-23Fix case of libUTIL_LDB.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Apr 23 18:52:06 CEST 2011 on sn-devel-104
2011-04-15s4-dsdb: Add more information on why we don't check the SD controlMatthieu Patou1-0/+5
Signed-off-by: Nadezhda Ivanova <nivanova@samba.org> Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104
2011-04-15s4-dsdb: If current attribute list is empty use the one from the requestMatthieu Patou1-1/+1
This will avoid overwritting attribute list made by upper modules. Signed-off-by: Nadezhda Ivanova <nivanova@samba.org>
2011-04-13libcli/ldap pull LIBCLI_LDAP_MESSAGE and LIBCLI_LDAP_NDR into a libraryAndrew Bartlett1-2/+2
This reduces symbol duplication Andrew Bartlett
2011-04-07dsdb:schema/schema_syntax.c - correctly check error code of ↵Matthias Dieter Wallnöfer1-2/+1
"ldb_string_utc_to_time" This one doesn't set ERRNO. An error happens if the result is "0". Reviewed-by: abartlet
2011-04-07dsdb:schema/schema_syntax.c - add some empty value checks on validate functionsMatthias Dieter Wallnöfer1-0/+9
They are needed since the check in "ldb_msg_sanity_check" will be removed. Reviewed-by: abartlet
2011-04-07s4:objectclass LDB module - "ldb_msg_sanity_check" call not really neededMatthias Dieter Wallnöfer1-5/+0
This call should only be performed at the beginning of a request. "ldb_msg_sanity_check" checks for DN validity (which should already have been done at the beginning of the request) and empty attributes (which should be done by the "objectclass_attrs" LDB module). Hence it is superflous here. Reviewed-by: abartlet
2011-04-07s4:objectclass LDB module - fix a comment - add a ")"Matthias Dieter Wallnöfer1-1/+1
Reviewed-by: abartlet
2011-04-07ldb: fixed --paged option in ldb toolsAndrew Tridgell1-1/+1
we were sometimes using 'paged_result' and sometimes using 'paged_results'. The latter seemed to be more common, so I changed the two places that used the 'paged_result' string to 'paged_results'
2011-04-06s4:dsdb/repl_meta_data: update replPropertyMetaData on originating renamesStefan Metzmacher1-6/+122
The version of the "name" attribute needs to change even if the value is the same. This also normalizes the rdn attribute name based on the schema. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Apr 6 19:55:50 CEST 2011 on sn-devel-104
2011-04-06s4:dsdb/repl_meta_data: allow passing an explicit attribute list to ↵Stefan Metzmacher1-4/+15
replmd_update_rpmd() This will be used for renames. metze
2011-04-06s4:dsdb/repl_meta_data: normalize the rdn attribute name based on the schemaStefan Metzmacher1-5/+15
metze
2011-04-06s4: Update/Set local USN only on attribute that have been modified/createdMatthieu Patou1-9/+15
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-04s4-dsdb: implemented creation of conflict recordsAndrew Tridgell1-48/+356
when a record with the same DN gets created on two DCs at the same time, this creates a replication conflict. To resolve this conflict one of the DCs needs to create a conflict record, which is a rename of one of the two DNs, based on which one is newer. This prevents replication from failing when DCs are temporarily disconnected and then have conflicts when they next replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Apr 4 03:27:07 CEST 2011 on sn-devel-104
2011-04-04s4-dsdb: added a ldb err -> NTSTATUS mappingAndrew Tridgell1-0/+78
this is not perfect, but its better than always giving NT_STATUS_UNSUCCESSFUL in our RPC servers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-31s4-dsdb: cope with failed searches in the linked attributes callbackAndrew Tridgell1-16/+15
This fixes a bug where we try to add an empty backlink because the search for the forward link failed. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 31 13:37:36 CEST 2011 on sn-devel-104
2011-03-29Ensure convert_string_XXX is always called with a valid converted_size pointer.Jeremy Allison1-2/+4
Preparation for cleaning up this API. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
2011-03-29s4-dsdb: allow modification of linked attribute targets with relaxAndrew Tridgell1-1/+2
this is used to help recover a corrupt database. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29s4-dsdb: perform FSMO transfers asynchronouslyAndrew Tridgell2-26/+43
this gives the administrator a proper error message on the command line Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29s4-fsmo: make rootDSE modify for FSMO transfer asyncAndrew Tridgell1-12/+50
this gives the ldap client the error code from the transfer Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29s4-dsdb: only allow administrators to trigger FSMO role transfersAndrew Tridgell1-0/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell3-10/+8
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-20pyldb: add more tests for control manipulationMatthieu Patou1-0/+4