summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-06-16s4:dsdb Allow renames with (now removed) linked attributesAndrew Bartlett1-3/+11
It is important to allow the rename, even if we just have one-way links, as this happens on deleted objects, which have the backlinks alredy removed by repl_meta_data. Andrew Bartlett
2010-06-16s4:dsdb Fix linked_attributes to cope with the Feb 2010 changes to DLISTAndrew Bartlett1-2/+6
The DLIST macros changed in behaviour in Feb 2010, and walking the lists backwards is no longer safe if you don't use the macros. Andrew Bartlett
2010-06-16s4:dsdb Assert that we can't get backlinks as input in linked_attributesAndrew Bartlett1-2/+15
The objectclass_attr module should prevent users creating such links, and the mrepl_meta_data module should only create them in functional level 2003 or above. Andrew Bartlett
2010-06-16s4:dsdb use dsdb_module_modify() rather than ldb_next_request()Andrew Bartlett1-22/+2
This does exactly the same thing, but with less code. Andrew Bartlett
2010-06-16s4:dsdb Handle backlinks for Windows 2000 level linked attributesAndrew Bartlett2-12/+928
This revives the code from 5964acfa741d691c0196f91c0796122ec025f177, before tridge and I simplified this too much, and removed the Windows 2000 functional level linked attribute support. By telling the linked_attributes module that repl_meta_data has handled the links, we avoid a conflict for the new style (functional level 2003 and above) linked attributes. However, we still need backlinks for 2000 style linked attributes, so this allows that code in the linked_attributes module to be revived to handle those. Andrew Bartlett
2010-06-16s4:dsdb Add control for signaling between repl_meta_data and linked_attributesAndrew Bartlett2-0/+6
This control will allow the linked_attributes module to know if repl_meta_data has already handled the creation of forward and back links. Andrew Bartlett
2010-06-15dsdb: Fix includes when building against system ldb.Jelmer Vernooij5-44/+45
2010-06-15dsdb: Build modules as external modules when using system ldb.Jelmer Vernooij1-3/+37
2010-06-15s4:dsdb Move linked attribute restrictions to objectclass_attrsAndrew Bartlett1-0/+9
This puts more of the schema restrictions in one place. Andrew Bartlett
2010-06-15s4:dsdb Add const to dsdb_dn functions that operate on an ldb_val.Andrew Bartlett1-2/+2
Andrew Bartlett
2010-06-15s4:provision Allow a specific prefix map to be loaded into a new schema ↵Andrew Bartlett1-1/+1
provision This allows the prefixMap from a DRS server to be used when loading the schema from the local files. This helps us then import other schema with this map in place. Andrew Bartlett Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
2010-06-15s4:dsdb Allow the setting an override on the schemaAndrew Bartlett2-6/+23
The change here is to try and convert a per the previous rules, but if we don't know a particular OID as a attributeID, then store it as an OID (for example). This allows known values to be converted as before, but still copes with unknown values. Andrew Bartlett Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
2010-06-15s4:dsdb Use the schema from our local provision to decode the schemaAndrew Bartlett1-367/+0
This works on the assumption that the schema partition can only contain schema objects. We may need to pass down some kind of 'relax' to the DRS -> LDB conversion code, so that it allows incomplete conversions, so that we don't fail if a new attribute is present, and we can't decode it. This would then be resolved the second time we do the conversion. Andrew Bartlett Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
2010-06-13s4:fix allocated control OIDs for "password_hash" LDB moduleMatthias Dieter Wallnöfer1-3/+3
The password hash module controls overlapped others. Sorry, but the "schema_samba4.ldif" hasn't been kept up-to-date.
2010-06-13s4-test: Use smb.conf path set in environment rather than usingJelmer Vernooij1-14/+15
command-line options. This is the first step towards supporting custom test runners.
2010-06-12s4:password_hash LDB module - this does really deactivate the MS LAN manager ↵Matthias Dieter Wallnöfer1-5/+9
hash Previously, only the conversion from cleartext to the LM hash was deactivated, and not when the user specified it directly through "dBCSPwd".
2010-06-12s4:password_hash LDB module - fix commentMatthias Dieter Wallnöfer1-1/+1
2010-06-12s4:dsdb Allow calling dsdb_convert_object_ex() directlyAndrew Bartlett1-6/+6
This will allow the libnet_vampire code to manually convert individual schema objects. Andrew Bartlett
2010-06-12s4:dsdb Simplfy match of objectclass in dsdb_schema_set_el_from_ldb_msgAndrew Bartlett1-17/+4
There is no need to do a full ldb_match_msg() for a simple case insensitive string. Andrew Bartlett
2010-06-12s4:dsdb Provide a function to convert from DRS prefix maps to the LDB prefixmapAndrew Bartlett1-12/+21
This allows us to push a prefixmap directly into the schema we generate in the provision code. Andrew Bartlett
2010-06-12s4:dsdb Add more debugs to help track down failures to parse the prefixmapAndrew Bartlett1-5/+20
2010-06-12s4:dsdb Put back the reference and set_attributes in dsdb_reference_schemaAndrew Bartlett1-0/+9
I'm not sure why I removed these in fe3e1af901c970f738bee92baac5d7d4f5736e17 Andrew Bartlett
2010-06-11s4:rootdse LDB module - use LDB result constantsMatthias Dieter Wallnöfer1-4/+5
2010-06-10s4:samldb LDB module - fix up the case when the old and new "primaryGroupID" ↵Matthias Dieter Wallnöfer1-7/+7
are the same
2010-06-10s4:samldb LDB module - don't create multiple "ac" module contexts on modify ↵Matthias Dieter Wallnöfer1-12/+6
operations Since we do now run sequentially through all checks we don't need multiple "ac" contexts anymore.
2010-06-10s4:samba_dsdb LDB module - move the "objectclass_attrs" module backMatthias Dieter Wallnöfer1-1/+1
I think it should be lower in order to control also the "instanceType" module.
2010-06-10s4:instancetype LDB module - prevent all types of "instanceType" manipulationMatthias Dieter Wallnöfer1-0/+16
Also on Windows Server you aren't able to change it.
2010-06-07s4:objectclass_attrs LDB module - move the single-valued attribute check ↵Matthias Dieter Wallnöfer1-1/+13
into this module It seems to me more consistent (and also to keep the same behaviour on all backends). Also the DRS hack should therefore not be needed anymore since the "repl_meta_data" module launches requests behind "objectclass_attrs".
2010-06-07s4:samba_dsdb LDB module - fix typosMatthias Dieter Wallnöfer1-2/+2
2010-06-07s4:samba_dsdb LDB module - enhance/fix module rule commentsMatthias Dieter Wallnöfer1-3/+5
2010-06-07s4:objectclass LDB module - rework the code which handles the objectclasses ↵Matthias Dieter Wallnöfer1-149/+191
modification Before it has been very incomplete. We try now to match the Windows Server behaviour as close as possible.
2010-06-07s4:acl LDB module - LDB attribute names should be compared using ↵Matthias Dieter Wallnöfer1-2/+2
"ldb_attr_cmp" or "strcasecmp"
2010-06-07s4:acl LDB module - adaption for "objectclass_attrs" moduleMatthias Dieter Wallnöfer1-5/+15
Since the attribute schema checking code moved back we need to give here the "LDB_ERR_NO_SUCH_ATTRIBUTE" error.
2010-06-07s4:objectclass LDB module - remove "fix_check_attributes"Matthias Dieter Wallnöfer1-62/+0
Also this task is now performed by the "objectclass_attrs" LDB module.
2010-06-07s4:samldb LDB module - adjust the module to set always a ↵Matthias Dieter Wallnöfer1-35/+45
"defaultObjectCategory" on objectclass add operations This is needed to make the "objectclass_attrs" LDB module happy. The search check and case adjustment are done as it was using a second modify operation.
2010-06-07s4:remove the "validate_update" LDB module - the task is now handled by the ↵Matthias Dieter Wallnöfer4-141/+0
far more complete "objectclass_attrs" LDB module
2010-06-07s4:dsdb - introduce a new "objectclass_attrs" LDB module which performs the ↵Matthias Dieter Wallnöfer3-0/+401
objectclass attributes checking Until now we had no real consistent mechanism which allowed us to check if attributes belong to the specified objectclasses.
2010-06-07s4:objectclass LDB module - instanciate the schema variable centrally on the ↵Matthias Dieter Wallnöfer1-28/+28
"ac" context creation This unifies the position when the schema is read and prevents multiple instanciations (eg on a modification operation).
2010-06-07s4:samldb LDB module - finally we can remove the RDN checkMatthias Dieter Wallnöfer1-53/+0
This is now dynamically always done by the objectclass LDB module
2010-06-07s4:objectclass LDB module - finally implement the correct entry rename ↵Matthias Dieter Wallnöfer1-25/+130
protections Only the "systemFlags" check is still missing.
2010-06-07s4:objectclass LDB module - cosmetic changeMatthias Dieter Wallnöfer1-2/+3
2010-06-07s4:objectclass LDB module - remove duplicated codeMatthias Dieter Wallnöfer1-13/+4
2010-06-07s4:objectclass LDB module - fix counter variable typesMatthias Dieter Wallnöfer1-1/+1
2010-06-07s4:objectclass LDB module - explain why the search can return with an empty ↵Matthias Dieter Wallnöfer1-1/+2
return
2010-06-07s4:objectclass LDB module - this "talloc_steal" is not necessaryMatthias Dieter Wallnöfer1-1/+0
The "parent_dn" was created on the "ac" context which lives anyway longer than this child request.
2010-06-07s4:objectclass LDB module - fix error result if an entry doesn't contain a ↵Matthias Dieter Wallnöfer1-3/+3
structural objectclass We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
2010-06-07s4:objectclass LDB module - use "ldb_oom" for expressing out of memoryMatthias Dieter Wallnöfer1-2/+1
2010-06-07s4:objectclass LDB module - fix header and add my copyrightMatthias Dieter Wallnöfer1-4/+6
2010-06-06s4:password_hash LDB module - adapt the module to the new ↵Matthias Dieter Wallnöfer1-17/+6
"ldb_msg_remove_attr" behaviour
2010-06-06s4:samldb LDB module - this codepart isn't needed due to the objectclass LDB ↵Matthias Dieter Wallnöfer1-13/+0
module When a "computer" entry will be added, also the inherited "user" objectclass is going to be specified.