| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
metze
(This used to be commit 08b8e9acff6779ecc2e568ae0a875013d93838b7)
|
|
control.
Andrew Bartlett
(This used to be commit 47c8a059c4d90b7befde390d2d050f0d1934ecc1)
|
|
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
|
|
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true
for how the hashes are supposed to be (but w2k3 doesn't to some correctly...)
this is a verify nice tool to test the hash genaration, but
you need to add support for "" realm strings...
http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c
metze
(This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
|
|
doesn't contain an entry for the local invocation_id
metze
(This used to be commit 4bd0ddeb80b0a6695a457434594c0240c8880d9f)
|
|
so that ndr_pull will fail if version isn't 3 and we notice
if the format changes...
metze
(This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3)
|
|
- use "sambaPassword" only as virtual attribute for passing
the cleartext password (in unix charset) into the ldb layer
- store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos
blob to match w2k and w2k3
- aes key support is disabled by default, as we don't know
exacly how longhorn stores them. use password_hash:create_aes_key=yes
to force creation of them.
- store the cleartext password in the Primary:CLEARTEXT blob
if configured
TODO:
- find out how longhorn stores aes keys
- find out how the Primary:WDigest blob needs to be constructed
(not supported by w2k)
metze
(This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
|
|
metze
(This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
|
|
for the keytype field...
metze
(This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
We decided to store them plain in our ldb
metze
(This used to be commit ff13b21102641a308bd48a8efa6b94a98f567e15)
|
|
metze
(This used to be commit cdfd4ee8e5202a3df1da2d82b592d8814a3209ba)
|
|
(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again
we can use such a filter:-)
we should only update the keytab for records matching this filter,
that means we need to do a search before calling cli_credentials_set_secrets()
metze
(This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
|
|
'currentValue'
attribute...
this needs more works, but make it work again for now
metze
(This used to be commit 608d24f0016ff090b7de7fbd0bed85153bcc703d)
|
|
before storing them.
metze
(This used to be commit 7146e265a441eaa46c20361178be371eb6985371)
|
|
metze
(This used to be commit 181b3a031f9683ea5e9aa2c96f121639561c6830)
|
|
metze
(This used to be commit f2af44d20484e57495ab0ebd5aab993e4af43fd4)
|
|
Andrew Bartlett
(This used to be commit c3977b4bae1e1b5e4ff4a64c7146534536685e91)
|
|
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
|
|
metze
(This used to be commit 4d6629c68332985f9122e4591f31ae46250de646)
|
|
but make it less verbose
metze
(This used to be commit f7e82a0c94fc8996827ea8d8a9b459bcaee029de)
|
|
there're a few things TODO, but it's a good start
we need to research if an originating change causes the replUpToDateVector
attribute to change...(I assume it, but needs testing)
metze
(This used to be commit fde0aabd9ae79fcefbcba34e6f9143f93ffcf96c)
|
|
not activated yet...
it will handle inbound pull replication and outbound change notification
metze
(This used to be commit 15eae968b8c72b4ce47071012e4110f3b7f3c3bc)
|
|
attributeTypes, objectClasses and dITContentRules
this is just a start and doesn't create anything useful yet...
metze
(This used to be commit 4c8b717092c201c30be4d266bbb45b1142a9d627)
|
|
metze
(This used to be commit b7d48274a7341c5e4a3f103387f87fcc94853271)
|
|
- we should use them before we store records to disk
metze
(This used to be commit a5200ef0cae5e8b0cedf196c9d76afc46e08c316)
|
|
as schemaInfo
so we need to use it as value if nothing is stored
metze
(This used to be commit cd326134079375fc83640444d6323a5cbe7c02ee)
|
|
metze
(This used to be commit f062f09fbf45dd6cd36d1bfd9abb301d850c19dc)
|
|
- but SYSTEM and administrators can change them
metze
(This used to be commit fc5319e927d96b68d8bd90a01e10aa00a6ddf494)
|
|
it hides objects with isDeleted=TRUE by default, and let them through
if the control is present
metze
(This used to be commit 7108d62cb0360e734045eb39c03508d8528dc9cc)
|
|
CN=Administrator,CN=Users,DC=w2k3,DC=vmnet1,DC=vm,DC=base
Administrator@W2K3
W2K3\Administrator
w2k3.vmnet1.vm.base/Users/Administrator
w2k3 also allows this (and maybe more...?)
metze
(This used to be commit 40c27ef88df9021e9ef2a6c43aabab709ac9662f)
|
|
metze
(This used to be commit 4588e2522b11f707e608488c782f6988fd97628a)
|
|
for the schema, domain naming and pdc fsmo roles
infrastructure and rid manager will be added later,
when we have module for them
metze
(This used to be commit 308f9cf822a3a34dae28a5fa5aa850e2adbeb472)
|
|
dsSchemaClassCount and dsSchemaPrefixCount on the rootdse
having a loaded dsdb_schema make things so easy...:-)
metze
(This used to be commit 7862fcdbb5ce43e702512c1acdbb5843ef551293)
|
|
metze
(This used to be commit 341fae8e8465e67023ab0e82110835669a593577)
|
|
- use LDB_DEBUG_WARNING in some places
- debug if we're the schema master
metze
(This used to be commit 63f46344437002202990bd34fb200d847fcfcf40)
|
|
metze
(This used to be commit 3f441741a6ff00ba88d3134c97e597285afbfed7)
|
|
metze
(This used to be commit b1377a2e240dbe36277816452d33d6abaa486b9e)
|
|
send_all case
metze
(This used to be commit b3fce383d3824ee418cbb7343f5d06720f5d31df)
|
|
are passed to a specific partition
metze
(This used to be commit 06a46b1db46251989676fb04548f038930c83eb5)
|
|
find_partition()
instead
metze
(This used to be commit 0d75cca6f37975a3855973468dc55520cb3b3fb7)
|
|
- make all functions static
metze
(This used to be commit 3d313f08c7d6b201011f3b4744c8e54b1d0640c7)
|
|
an oid for the
control
metze
(This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
|
|
we'll soon pass this down as DSDB_CONTROL_CURRENT_PARTITION_OID control
so that the repl_meta_data module knows where to update the replUpToDateVector
attribute
metze
(This used to be commit e5de40f8c2377d6dce54109a8d8bf9c6b681b813)
|
|
and remember if we're the schema master
metze
(This used to be commit c42dab21fb275ca36a517f97922af21447671785)
|
|
metze
(This used to be commit 0b98f11d3eeee3eaf862dc06468332a20e22c059)
|
|
metze
(This used to be commit 0ef90769b49b93cb57e9a1ba2aea280ec70ae151)
|
|
(later we'll require it for all originating changes...)
metze
(This used to be commit fc1a836eccc0913fdab644341fa3e37a2f086de8)
|
|
constraints and it also loads the dsdb_schema at startup.
currently it only loads the dsdb_schema
metze
(This used to be commit d78de0fb68f8b4ef4c5372f3c3ed171e44cf2037)
|
|
anymore it should use the dsdb_schema attached to the ldb_context
via dsdb_get_schema()
metze
(This used to be commit efa31bbc3717fbf087ff76c4396975f131b16b92)
|
