summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-09-05s4-cracknames: fixed cracknames to use more specific searchAndrew Tridgell1-13/+12
this uses the bitwise comparison ldap operators to ensure we only get NC roots Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Sep 5 12:48:39 CEST 2011 on sn-devel-104
2011-09-05s4-schema consolidate schema handlingAndrew Bartlett2-45/+37
It also creates a single routine dsdb_load_ldb_results_into_schema() to handle cases where the schema is in the form of an ldb_result. Andrew Bartlett
2011-09-05s4-dsdb Print clearer error messages when invalid account flags are ↵Andrew Bartlett1-0/+9
specified on add
2011-08-26s4-dsdb Return ACL errors as ldb_errstring()Andrew Bartlett3-17/+33
This string is reported to the caller, which makes debugging much easier. Andrew Bartlett
2011-08-25s4-dsdb: fixed use of RMD flags in ldb search in dirsync moduleAndrew Tridgell1-2/+2
I'm pretty sure a SHOW_DELETED was wanted here Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
2011-08-25s4-dsdb: fixed newlines in DEBUG() calls in cracknamesAndrew Tridgell1-14/+14
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-acl: use dnsforest not dnsdomain for GC namesAndrew Tridgell1-3/+3
2011-08-25s4-repl: fixed _msdcs DNS nameAndrew Tridgell3-14/+14
another multi-domain fix
2011-08-25s4-kcc: fixed _msdcs DNS nameAndrew Tridgell1-3/+1
we need to base this DNS name on the forest DNS name for multi-domain support Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: added samdb_ntds_msdcs_dns_name()Andrew Tridgell1-2/+37
this gets the DNS name for a NTDS GUID, based on the forest DNS name Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: fixed calls to ldb_val_string_cmp()Andrew Tridgell1-2/+2
wrong order of arguments
2011-08-25s4-dsdb: added samdb_dn_to_dns_domain()Andrew Tridgell1-0/+36
this converts a DC into the equivalent DNS domain. It is used when forming t_msdcs NTDS DNS names Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: assert that base DNs are used correctlyAndrew Tridgell2-0/+8
this will catch future programmer errors with incorrect base DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: enforce NULL DN validity in partition moduleAndrew Tridgell1-0/+3
windows does not allow a search on the empty DN except for rootDSE searches or for phantom_root searches (ie. with --cross-ncs). By enforcing this in Samba we make it more likely that our tests and utilities will work against windows Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed basedn in extended_dn_in moduleAndrew Tridgell1-6/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: cleanup use of NULL vs base DN in samldbAndrew Tridgell1-7/+18
NULL should be used when doing all partition searches. The default basedn should be used when wanting just the domain NC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: removed unused function in ACL moduleAndrew Tridgell1-39/+0
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed all partitions search in cracknamesAndrew Tridgell1-1/+1
when searching all partitions we must use the NULL basedn, or we will miss partitions in multi-domain setups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-21samdb: Install header file.Jelmer Vernooij1-0/+1
2011-08-18credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij2-2/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-18s4-dsdb: fixed deletion of backlinks for fl2000 DCsAndrew Tridgell1-18/+13
when in FL 2000 we were not correctly deleting backlinks as we uses dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules should use dsdb_module_dn_by_guid() which prevents going to the top level, and finds deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dsdb: added comments and fixed backlink check in repl_meta_dataAndrew Tridgell1-2/+17
added comments explaining the backlink deletion code, plus fix a use of a bitwise operation in a boolean expression, and avoid calling dsdb_functional_level() inside a loop Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dirsync: use dsdb_module_dn_by_guid() not dsdb_find_dn_by_guid() in modulesAndrew Tridgell1-1/+1
this prevents us going to the top level of the module stack Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4:dsdb: use tevent_ fn names instaed of legacy event_ onesSimo Sorce3-3/+3
2011-08-13s4-dsdb: Provide additional method to connect to specified database pathAmitay Isaacs1-5/+16
samdb_connect() now calls samdb_connect_url() with default "sam.ldb". Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb ensure we honour the hash_values control, even for really odd hashesAndrew Bartlett1-2/+4
2011-08-13s4-dsdb Give a less worrying error message on failure to get a transactionAndrew Bartlett1-1/+1
2011-08-13s4-dsdb Add ability to force a particular SID in the upgrade caseAndrew Bartlett1-1/+16
2011-08-13s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH controlAndrew Bartlett2-0/+9
2011-08-12s4-dsdb: don't cache the NTDS settings DNAndrew Tridgell1-9/+8
this DN can change due to a server rename, so we cannot cache it. It is set by provision, but not anywhere else. This seems to not have a large performance impact Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: expand dsServiceName from GUID form at runtimeAndrew Tridgell1-6/+54
this allows dsServiceName to be stored as an extended DN or GUID form in @ROOTDSE, and its string form will be found at runtime. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: remove the naming_fsmo and pdc_fsmo modulesAndrew Tridgell3-42/+0
these are not needed now that the rootdse modules calculates the validFSMOs attribute at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: calculate validFSMOs at runtime instead of pre-computingAndrew Tridgell3-251/+45
this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-10s4:subtree_rename LDB module - fix the move/rename constraintsMatthias Dieter Wallnöfer1-10/+7
s4:subtree_rename LDB module - fix the move/rename constraints By the inspiration of an email request by ekacnet I have rechecked the move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the MS-ADTS technical documentation. It really turns out that the constraint checking is only performed on the root object of a request. In addition add my copyright notice (I've written these constraint checks). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
2011-08-10s4-dsdb: avoid printing a pointless debug lineMatthieu Patou1-1/+1
2011-08-10s4-drsuapi: crackname search also for deleted objectsMatthieu Patou1-1/+4
2011-08-09s4-dsdb clarify that failure to load the schema items from DRS is expectedAndrew Bartlett1-3/+3
This happens if we have a custom schema - we need to build up the schema until it loads, by converting more objects. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Aug 9 13:10:25 CEST 2011 on sn-devel-104
2011-08-09move schema_fill_constructed() call to dsdb_setup_sorted_accessors()Andrew Bartlett1-5/+7
2011-08-09s4-dsdb Remove unused schema functionAndrew Bartlett1-18/+0
2011-08-09s4-dsdb: added SAMDB_INDEXING_VERSION to @INDEXLISTAndrew Tridgell1-0/+11
this can be used to force re-indexing of samdb when we change something that affects index comparison, in this case the canonicalisation of booleans Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: fixed booling conversion to check value lengthAndrew Tridgell1-11/+14
this ensures we don't look past the end of the data Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: add auto-normalisation of attributesAndrew Tridgell3-3/+57
this auto-normalises some attributes when they are added/modified. The list that we auto-normalise is currently: Boolean INT32 INTEGER UTC_TIME This fixes a problem with groupType being stored in an unnormalised form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: ensure rIDSetReferences is stored as an extended DNAndrew Tridgell2-2/+18
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: ensure we setup the dn_format field in schema attributesAndrew Tridgell2-31/+40
this ensures we setup dn_format when we do runtime schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-acl-test: use symbolic names for groupTypeAndrew Tridgell1-11/+16
clearer than magic numbers
2011-08-09s4-dsdb: make extended_dn_in a bit more efficientAndrew Tridgell1-9/+17
checking filter elements in the right order makes it a little faster
2011-08-09s4-dsdb: use dn_format shortcut to find DN formatAndrew Tridgell2-4/+4
this saves some string comparisons
2011-08-07pyldb: Consistently use pyldb_ prefix.Jelmer Vernooij1-11/+10
2011-08-04s4-dsdb: extend the extended_dn_in module to handle DN linksAndrew Tridgell1-44/+104
this replaces DN components in incoming filter expressions with the full extended DN of the target, which allows search expressions based on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way links in search expressions Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04s4-dsdb: handle search expressions containing extended DNsAndrew Tridgell2-1/+167
this allows for searches like member=<SID=S-1-2-3> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>