Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
We should treat most gensec related structures private.
It's a long way, but this is a start.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Samba 4 use to try to reload the schema every time dsdb_get_schema was
called (which could be 20+ time per ldb request). Now we only reload at
most every xx seconds (xx being the value of dsdb:"schema_reload_interval"
or 120). The timestamp of the last reloaded schema is kept in the
dsdb_schema object. There is also a timestamp in the ldb_context, that
is used by the LDAP server to know if it has to reload the schema after
handling the request. This is used to allow that the schema will be
immediately reload after a schemaUpdateNow request has been issued, the
reload can't occur in the handling of the LDAP request itself because
we have a transaction autostarted.
|
|
If the call was done using an error string ("add_err_string"), then use that one
without an additional "ldb_strerror()" for the definitive LDAP output.
Otherwise generate one using "ldb_strerror()".
This omits redundancies in the error string generation (twice the same
information by "ldb_strerror()").
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
this makes us honor GC semantics on the two ldap ports
|
|
We should rather try to let the LDB modules perform these checks
otherwise different backends behaviour differently.
Reviewed by: Tridge
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
socket
metze
|
|
metze
|
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
this allows the rootdse module to filter unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 18 20:32:40 UTC 2010 on sn-devel-104
|
|
|
|
|
|
we need to pass the controls down to the add and rename ldb operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
WERROR codes
This is strictly needed by my recent passwords work, since I want to remove
most of the password change stuff in "samr_password.c". Since AD gives us
CONSTRAINT_VIOLATION on all change problems I cannot distinguish on the SAMR
level which the real cause was about. Therefore I need the extended WERROR codes
here.
|
|
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
the supportedSASLMechanisms opaque must live for at least as long as
the ldb, or we can crash when the first connection is torn down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
operations
|
|
place in the code
Under the "add" and over the "delete" function.
|
|
|
|
behaviour on renames
|
|
"res" still set to "NULL"
|
|
"AddResponse")
|
|
This is needed to remove samba specifc symbols from the bundled
ldb, in order to get the ABI right.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
it exists
This message often contains suggestions how to fix issues.
|
|
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h
Andrew Bartlett
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is needed for my work regarding the referrals when the domain scope control
isn't specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
Similarly to system_session(), this creates a static
samdb_credentials()
|
|
Those error cases should be handled by LDB itself to be available on all
connection methods and not only over LDAP.
|
|
The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.
|
|
The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.
Andrew Bartlett
|
|
|
|
|
|
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The
steal did not set ent->attributes, so it was incorrect to assign to
ent->attributes.
Andrew Bartlett
|
|
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.
Andrew Bartlett
|
|
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.
Andrew Bartlett
|
|
Guenther
|
|
Those error messages also include the WERROR code of the failed operation(s) in this
manner: <error code eight chars in HEX>: <further error message>
This also addresses bug #4949
|
|
|