summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-12-23s4-kcc: Remove also deleted objects that are not in the Deleted Object containerMatthieu Patou2-2/+38
For the configuration container we do a full scan at every run of the kcc-delete service. For the base DN we introduce a new parameter that avoid the full scan to kick just when samba starts. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23s4-ldb: Add isRecycled when is defined in the schemaMatthieu Patou1-3/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19s4-dsdb: Relax the conditions where we can't do a subtree deleteMatthieu Patou1-1/+19
If the parent object is a SAM object (as defined in 3.1.1.5.2.3 Special Classes and Attributes of MS-ADTS) then we can use the subtree delete control even if the object is a critical one. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
2011-12-13s4:pydsdb: remove unused variable from py_dsdb_am_pdc()Stefan Metzmacher1-1/+0
metze
2011-12-09s4:dsdb/common/util.c - test LDB result against LDB_SUCCESS as we are always ↵Matthias Dieter Wallnöfer1-1/+1
doing Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
2011-12-08Invocation of samba_kcc from KCC taskDave Craft3-21/+89
Modification to periodic and explicit invocation paths of the KCC topology generation code. Managed via samba_runcmd_send() API. The samba_kcc script is invoked if (kccsrv:samba_kcc = true) appears in smb.conf Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-08Add subreq and status to kcc_service structDave Craft1-2/+9
The subreq and status fields in the kcc_service struct are added for execution management of the external samba_kcc python script. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-07pydsdb: provide a am_pdc hook like am_rodc to python scriptsAndrew Bartlett1-0/+22
2011-12-05s4-drs: do not try to contact for replication servers that are not anymore ↵Matthieu Patou1-6/+40
in reps* Servers connection can be removed from repsTo and respFrom either due to DC demote or topology change by the KCC, if a server is removed from the reps* it must be effectivly removed from the list of server that we will contact for getNcChanges and for replicaSync. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
2011-12-05s4-resolver: do not use all the A and AAAA records, those after a NS are not ↵Matthieu Patou1-1/+1
the one we want to use
2011-12-05s4-drs: mark WERR_DS_DRA_BUSY as a non error in DsReplicaUpdateRefsMatthieu Patou1-2/+22
2011-11-29s4-repl: Check if GC SPN exists before using it for replicationAmitay Isaacs1-3/+54
Sometimes windows DC will set up dNSHostname before setting up GC SPN and that causes replication errors since samba tries to use GC SPN, which does not yet exist locally. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Added metadata to partition module for global sequence numberAmitay Isaacs5-17/+612
This adds support for global sequence number which is independent of partition information. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: use dsdb_module_extended instead of duplicate codeAmitay Isaacs2-31/+13
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Return ldb_result context in dsdb_module_extendedAmitay Isaacs1-3/+20
The result of the extended operation is now available in the calling routine. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number supportAmitay Isaacs2-140/+13
This was a hack for LDAP backends to store a sequence number as a timestamp. It is still supported in standalone ldb tdb backend. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-26s4:update_keytab LDB module - no need to filter for the DNMatthias Dieter Wallnöfer1-2/+2
We launch a search request with base scope on exactly the same DN (see downwards). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-19s4-dsdb: Modify the repl_meta_data behavior to allow Metadata change on ↵Matthieu Patou1-2/+8
attribute interSiteTopologyGenerator even if the value didn't change Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
2011-11-18dsdb: Fix the password expiry calculationAmitay Isaacs1-1/+1
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
2011-11-17s4-dsdb: Remove unsed variableAmitay Isaacs1-2/+0
2011-11-16s4-dsdb: rework the NC detection for the descriptor calculationMatthieu Patou1-12/+31
This checks if instanceType attribute is available, and if INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then the DN is NC root and security descriptor is not inherited from parent SD. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2011-11-15s4:partition LDB module - fix handling regarding special DNs on searchesMatthias Dieter Wallnöfer1-0/+5
Normally they should always be passed to the main backend unless something different has been specified. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 15 22:43:06 CET 2011 on sn-devel-104
2011-11-15s4:dsdb/schema_data: reject schema update unless they're allowedStefan Metzmacher1-0/+12
"dsdb:schema update allowed = yes" is now needed in smb.conf to enable schema updates, as schema updates are a currenty a good way to prevent samba from startup again, because of errors in the schema definition. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
2011-11-15s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updatesStefan Metzmacher3-2/+17
By default schema updates are not allowed anymore, as we don't have complete validation code to prevent database corruption. metze
2011-11-15s4:dsdb/schema_data: reject changes to schemaInfo, msDs-Schema-Extensions, ↵Stefan Metzmacher1-0/+28
msDS-IntId As windows we return CONSTRAINT_VIOLATION now. metze
2011-11-15s4:dsdb/schema_data: make sure we reject schema changes if we're not the ↵Stefan Metzmacher1-0/+101
schema master metze
2011-11-15s4:dsdb/schema_data: make sure we only allow objects one level below the ↵Stefan Metzmacher1-1/+33
schema base The objectclass module should also check for this, but make sure we also reject it on things like provision. metze
2011-11-15s4:param/provision: pass schema_dn to provision_get_schema()Stefan Metzmacher1-1/+1
metze
2011-11-15s4:dsdb/schema: pass and remember the schema_dn in dsdb_set_schema_from_ldif()Stefan Metzmacher2-4/+12
metze
2011-11-15s4:dsdb/pydsdb: pass down schema_dn to _dsdb_set_schema_from_ldif()Stefan Metzmacher1-2/+2
metze
2011-11-15s4:dsdb/samldb: use DSDB_FLAG_AS_SYSTEM in samldb_schema_info_update()Stefan Metzmacher1-1/+3
We should only be able to update the schemaInfo internaly. metze
2011-11-14Remove broken code - these lines use undefined symbols.Jelmer Vernooij1-7/+2
2011-11-13s4-dsdb: initialize correctly the value of originating_change_time for the ↵Matthieu Patou1-2/+52
Deleted Object Container
2011-11-10test: fixed several tests to use samba.testsAndrew Tridgell5-8/+9
this fixes error checking. Test failures were not being detected otherwise Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-11-07python dsdb flag addtions (NTDSSETTINGS, NTDSCONN)Dave Craft1-0/+27
Add missing flags present in C code base to python code base dsdb/pydsdb.c INSTANCE_TYPE... DS_NTDSSETTINGS_OPT... NTDSCONN_OPT... These are consumed by the python KCC scripts Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02s4-sites: Document, fix under optimal coding, use exceptionsMatthieu Patou1-18/+18
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Nov 2 22:35:00 CET 2011 on sn-devel-104
2011-11-02s4-selftest: add unit tests for sites's function in pythonMatthieu Patou1-0/+125
2011-11-02dsdb: Handle the case when extended rights string is NULLAmitay Isaacs1-4/+7
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Nov 2 07:03:40 CET 2011 on sn-devel-104
2011-11-02s4-drepl: Search for application partitions in addition to main onesAmitay Isaacs1-3/+16
To replicate application partitions (e.g. DNS partitions) consult msDs-hasMasterNCs attribute as well. Also, make sure we don't add same partition twice in the list. hasMasterNCs and msDs-hasMasterNCs have domain, configuration and schema partitions common. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-01s4-dsdb Remove LDAP backend credentials supportAndrew Bartlett1-51/+3
The error message from this causes confusion, for a feature that we have never finished and have agreed to remove. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 1 06:32:52 CET 2011 on sn-devel-104
2011-10-27s4:repl_meta_data LDB module - don't intercept the partition LDB module ↵Matthias Dieter Wallnöfer1-17/+18
referrals Reviewed-by: abartlet
2011-10-27s4:repl_meta_data LDB module - rename operation - do not overwrite error ↵Matthias Dieter Wallnöfer1-3/+1
messages "ldb_error" could overwrite possibly useful error messages. Reviewed-by: abartlet
2011-10-27s4:repl_meta_data LDB module - remove pointless debug messagesMatthias Dieter Wallnöfer1-4/+0
These are displayed when an object just doesn't exist! Reviewed-by: abartlet
2011-10-27s4:repl_meta_data LDB module - always return the original LDB result codes ↵Matthias Dieter Wallnöfer1-5/+12
on failure And add "ldb_operr()" before the "return ret" to point out the position where it failed (for "add_time_element" and "add_uint64_element") Reworked after a suggestion by abartlet.
2011-10-27s4:repl_meta_data LDB module - "dsdb_search_module_dn" already checks if ↵Matthias Dieter Wallnöfer1-4/+4
len(res) == 1 No need to perform an additional check here. As a return value we should always give back the original error code and not generate a new one (to let the caller know what is going on). Reviewed-by: abartlet
2011-10-27s4:ldap.py - fix up the dSHeuristics test to check for the right behaviourMatthias Dieter Wallnöfer1-15/+27
Reviewed-by: abartlet
2011-10-27s4:objectclass_attrs LDB module - implement the dSHeuristics length checks ↵Matthias Dieter Wallnöfer1-5/+37
correctly Consider bug #8489 Reviewed-by: abartlet
2011-10-27s4:ldap.py - we test the creation of secrets already in the "systemOnly" ↵Matthias Dieter Wallnöfer1-9/+0
testcase Reviewed-by: abartlet
2011-10-27s4:ldap.py - enhance and fix up the object class testMatthias Dieter Wallnöfer1-6/+95
Also address the problem described in bug #8486. Reviewed-by: abartlet
2011-10-27s4:objectclass LDB module - objectclass modify op. - remove superflous ↵Matthias Dieter Wallnöfer1-8/+4
"talloc_strdup" We are adding strings embedded in the schema structure which is basically global and lives longer than the request - hence no duplication needed. Reviewed-by: abartlet