Age | Commit message (Collapse) | Author | Files | Lines |
|
For the configuration container we do a full scan at every run of the
kcc-delete service. For the base DN we introduce a new parameter that
avoid the full scan to kick just when samba starts.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
If the parent object is a SAM object (as defined in 3.1.1.5.2.3
Special Classes and Attributes of MS-ADTS) then we can use the subtree
delete control even if the object is a critical one.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
|
|
metze
|
|
doing
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
|
|
Modification to periodic and explicit invocation
paths of the KCC topology generation code. Managed
via samba_runcmd_send() API. The samba_kcc script
is invoked if (kccsrv:samba_kcc = true) appears in smb.conf
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The subreq and status fields in the kcc_service struct
are added for execution management of the external samba_kcc
python script.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
in reps*
Servers connection can be removed from repsTo and respFrom either due to
DC demote or topology change by the KCC, if a server is removed from the
reps* it must be effectivly removed from the list of server that we will
contact for getNcChanges and for replicaSync.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
|
|
the one we want to use
|
|
|
|
Sometimes windows DC will set up dNSHostname before setting up
GC SPN and that causes replication errors since samba tries to
use GC SPN, which does not yet exist locally.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This adds support for global sequence number which is independent of
partition information.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The result of the extended operation is now available in the calling
routine.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This was a hack for LDAP backends to store a sequence number as a
timestamp. It is still supported in standalone ldb tdb backend.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We launch a search request with base scope on exactly the same DN (see
downwards).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
attribute interSiteTopologyGenerator even if the value didn't change
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
|
|
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if
pwdLastSet = null, or
pwdLastSet = 0, or
(maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
|
|
|
|
This checks if instanceType attribute is available, and if
INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then
the DN is NC root and security descriptor is not inherited
from parent SD.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
|
|
Normally they should always be passed to the main backend unless
something different has been specified.
Reviewed-by: abartlet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov 15 22:43:06 CET 2011 on sn-devel-104
|
|
"dsdb:schema update allowed = yes" is now needed in smb.conf
to enable schema updates, as schema updates are a currenty a good
way to prevent samba from startup again, because of errors in
the schema definition.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
|
|
By default schema updates are not allowed anymore, as we don't have
complete validation code to prevent database corruption.
metze
|
|
msDS-IntId
As windows we return CONSTRAINT_VIOLATION now.
metze
|
|
schema master
metze
|
|
schema base
The objectclass module should also check for this, but make sure
we also reject it on things like provision.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
We should only be able to update the schemaInfo internaly.
metze
|
|
|
|
Deleted Object Container
|
|
this fixes error checking. Test failures were not being detected
otherwise
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
Add missing flags present in C code base to python
code base dsdb/pydsdb.c
INSTANCE_TYPE...
DS_NTDSSETTINGS_OPT...
NTDSCONN_OPT...
These are consumed by the python KCC scripts
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Nov 2 22:35:00 CET 2011 on sn-devel-104
|
|
|
|
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Nov 2 07:03:40 CET 2011 on sn-devel-104
|
|
To replicate application partitions (e.g. DNS partitions) consult
msDs-hasMasterNCs attribute as well. Also, make sure we don't add
same partition twice in the list. hasMasterNCs and msDs-hasMasterNCs
have domain, configuration and schema partitions common.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The error message from this causes confusion, for a feature
that we have never finished and have agreed to remove.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 1 06:32:52 CET 2011 on sn-devel-104
|
|
referrals
Reviewed-by: abartlet
|
|
messages
"ldb_error" could overwrite possibly useful error messages.
Reviewed-by: abartlet
|
|
These are displayed when an object just doesn't exist!
Reviewed-by: abartlet
|
|
on failure
And add "ldb_operr()" before the "return ret" to point out the position
where it failed (for "add_time_element" and "add_uint64_element")
Reworked after a suggestion by abartlet.
|
|
len(res) == 1
No need to perform an additional check here. As a return value we should
always give back the original error code and not generate a new one (to
let the caller know what is going on).
Reviewed-by: abartlet
|
|
Reviewed-by: abartlet
|
|
correctly
Consider bug #8489
Reviewed-by: abartlet
|
|
testcase
Reviewed-by: abartlet
|
|
Also address the problem described in bug #8486.
Reviewed-by: abartlet
|
|
"talloc_strdup"
We are adding strings embedded in the schema structure which is basically
global and lives longer than the request - hence no duplication needed.
Reviewed-by: abartlet
|