summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-09-19s4-dsdb: use get_config_basedn() in python testsAndrew Tridgell4-18/+18
we can't just append CN=Configuration to the basedn, as that won't give the right configuration DN for a subdomain of a forest Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-19s4-drs: cope with REPL_OBJ getncchanges call for new objectAndrew Tridgell1-5/+10
when we do a subdomain join we create a new object using a REPL_OBJ getncchanges call for the partitions DN. This has a side effect of creating that object. We need to skip the UDV update in that case Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-08s4-cracknames: use consistent search for crossRef objectsAndrew Tridgell1-2/+4
This matches the search in other places Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Sep 8 05:02:54 CEST 2011 on sn-devel-104
2011-09-08s4-dsdb: prevent crash on bad DN in construct_parent_guid()Andrew Tridgell1-0/+3
this was found by a flakey test in autobuild
2011-09-08s4-dsdb: fixed compiler warningAndrew Tridgell1-1/+1
sid can be const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-07s4-kcc: Fix the list of NCs for DRS replica informationAmitay Isaacs1-3/+21
AD DNS partitions (DomainDnsZones and ForestDnsZones) are listed under msDs-hasMasterNCs attribute for post-2003 windows servers.
2011-09-05s4-cracknames: fixed cracknames to use more specific searchAndrew Tridgell1-13/+12
this uses the bitwise comparison ldap operators to ensure we only get NC roots Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Sep 5 12:48:39 CEST 2011 on sn-devel-104
2011-09-05s4-schema consolidate schema handlingAndrew Bartlett2-45/+37
It also creates a single routine dsdb_load_ldb_results_into_schema() to handle cases where the schema is in the form of an ldb_result. Andrew Bartlett
2011-09-05s4-dsdb Print clearer error messages when invalid account flags are ↵Andrew Bartlett1-0/+9
specified on add
2011-08-26s4-dsdb Return ACL errors as ldb_errstring()Andrew Bartlett3-17/+33
This string is reported to the caller, which makes debugging much easier. Andrew Bartlett
2011-08-25s4-dsdb: fixed use of RMD flags in ldb search in dirsync moduleAndrew Tridgell1-2/+2
I'm pretty sure a SHOW_DELETED was wanted here Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
2011-08-25s4-dsdb: fixed newlines in DEBUG() calls in cracknamesAndrew Tridgell1-14/+14
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-acl: use dnsforest not dnsdomain for GC namesAndrew Tridgell1-3/+3
2011-08-25s4-repl: fixed _msdcs DNS nameAndrew Tridgell3-14/+14
another multi-domain fix
2011-08-25s4-kcc: fixed _msdcs DNS nameAndrew Tridgell1-3/+1
we need to base this DNS name on the forest DNS name for multi-domain support Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: added samdb_ntds_msdcs_dns_name()Andrew Tridgell1-2/+37
this gets the DNS name for a NTDS GUID, based on the forest DNS name Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: fixed calls to ldb_val_string_cmp()Andrew Tridgell1-2/+2
wrong order of arguments
2011-08-25s4-dsdb: added samdb_dn_to_dns_domain()Andrew Tridgell1-0/+36
this converts a DC into the equivalent DNS domain. It is used when forming t_msdcs NTDS DNS names Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: assert that base DNs are used correctlyAndrew Tridgell2-0/+8
this will catch future programmer errors with incorrect base DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: enforce NULL DN validity in partition moduleAndrew Tridgell1-0/+3
windows does not allow a search on the empty DN except for rootDSE searches or for phantom_root searches (ie. with --cross-ncs). By enforcing this in Samba we make it more likely that our tests and utilities will work against windows Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed basedn in extended_dn_in moduleAndrew Tridgell1-6/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: cleanup use of NULL vs base DN in samldbAndrew Tridgell1-7/+18
NULL should be used when doing all partition searches. The default basedn should be used when wanting just the domain NC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: removed unused function in ACL moduleAndrew Tridgell1-39/+0
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed all partitions search in cracknamesAndrew Tridgell1-1/+1
when searching all partitions we must use the NULL basedn, or we will miss partitions in multi-domain setups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-21samdb: Install header file.Jelmer Vernooij1-0/+1
2011-08-18credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij2-2/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-18s4-dsdb: fixed deletion of backlinks for fl2000 DCsAndrew Tridgell1-18/+13
when in FL 2000 we were not correctly deleting backlinks as we uses dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules should use dsdb_module_dn_by_guid() which prevents going to the top level, and finds deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dsdb: added comments and fixed backlink check in repl_meta_dataAndrew Tridgell1-2/+17
added comments explaining the backlink deletion code, plus fix a use of a bitwise operation in a boolean expression, and avoid calling dsdb_functional_level() inside a loop Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dirsync: use dsdb_module_dn_by_guid() not dsdb_find_dn_by_guid() in modulesAndrew Tridgell1-1/+1
this prevents us going to the top level of the module stack Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4:dsdb: use tevent_ fn names instaed of legacy event_ onesSimo Sorce3-3/+3
2011-08-13s4-dsdb: Provide additional method to connect to specified database pathAmitay Isaacs1-5/+16
samdb_connect() now calls samdb_connect_url() with default "sam.ldb". Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb ensure we honour the hash_values control, even for really odd hashesAndrew Bartlett1-2/+4
2011-08-13s4-dsdb Give a less worrying error message on failure to get a transactionAndrew Bartlett1-1/+1
2011-08-13s4-dsdb Add ability to force a particular SID in the upgrade caseAndrew Bartlett1-1/+16
2011-08-13s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH controlAndrew Bartlett2-0/+9
2011-08-12s4-dsdb: don't cache the NTDS settings DNAndrew Tridgell1-9/+8
this DN can change due to a server rename, so we cannot cache it. It is set by provision, but not anywhere else. This seems to not have a large performance impact Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: expand dsServiceName from GUID form at runtimeAndrew Tridgell1-6/+54
this allows dsServiceName to be stored as an extended DN or GUID form in @ROOTDSE, and its string form will be found at runtime. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: remove the naming_fsmo and pdc_fsmo modulesAndrew Tridgell3-42/+0
these are not needed now that the rootdse modules calculates the validFSMOs attribute at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: calculate validFSMOs at runtime instead of pre-computingAndrew Tridgell3-251/+45
this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-10s4:subtree_rename LDB module - fix the move/rename constraintsMatthias Dieter Wallnöfer1-10/+7
s4:subtree_rename LDB module - fix the move/rename constraints By the inspiration of an email request by ekacnet I have rechecked the move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the MS-ADTS technical documentation. It really turns out that the constraint checking is only performed on the root object of a request. In addition add my copyright notice (I've written these constraint checks). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
2011-08-10s4-dsdb: avoid printing a pointless debug lineMatthieu Patou1-1/+1
2011-08-10s4-drsuapi: crackname search also for deleted objectsMatthieu Patou1-1/+4
2011-08-09s4-dsdb clarify that failure to load the schema items from DRS is expectedAndrew Bartlett1-3/+3
This happens if we have a custom schema - we need to build up the schema until it loads, by converting more objects. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Aug 9 13:10:25 CEST 2011 on sn-devel-104
2011-08-09move schema_fill_constructed() call to dsdb_setup_sorted_accessors()Andrew Bartlett1-5/+7
2011-08-09s4-dsdb Remove unused schema functionAndrew Bartlett1-18/+0
2011-08-09s4-dsdb: added SAMDB_INDEXING_VERSION to @INDEXLISTAndrew Tridgell1-0/+11
this can be used to force re-indexing of samdb when we change something that affects index comparison, in this case the canonicalisation of booleans Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: fixed booling conversion to check value lengthAndrew Tridgell1-11/+14
this ensures we don't look past the end of the data Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: add auto-normalisation of attributesAndrew Tridgell3-3/+57
this auto-normalises some attributes when they are added/modified. The list that we auto-normalise is currently: Boolean INT32 INTEGER UTC_TIME This fixes a problem with groupType being stored in an unnormalised form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: ensure rIDSetReferences is stored as an extended DNAndrew Tridgell2-2/+18
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: ensure we setup the dn_format field in schema attributesAndrew Tridgell2-31/+40
this ensures we setup dn_format when we do runtime schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>