Age | Commit message (Collapse) | Author | Files | Lines |
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
Similarly to system_session(), this creates a static
samdb_credentials()
|
|
Those error cases should be handled by LDB itself to be available on all
connection methods and not only over LDAP.
|
|
The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.
|
|
The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.
Andrew Bartlett
|
|
|
|
|
|
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The
steal did not set ent->attributes, so it was incorrect to assign to
ent->attributes.
Andrew Bartlett
|
|
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.
Andrew Bartlett
|
|
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.
Andrew Bartlett
|
|
Guenther
|
|
Those error messages also include the WERROR code of the failed operation(s) in this
manner: <error code eight chars in HEX>: <further error message>
This also addresses bug #4949
|
|
|
|
This uses an early peek at the extended_dn_control (in the request) to see what output
format to use.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
There is no reason for these restrictions to be in the LDAP server -
they belong in the LDB layer. When accepting 'extended' or
'alternate' DNs we can't tell anyway.
Andrew Bartlett
|
|
|
|
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.
Andrew Bartlett
(This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
|
|
layer
metze
(This used to be commit 3da6f7f95d7c04cff49fa2312f94c059686d11e4)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
This passes down the timeout more consistantly, and ensures that no
matter how the modules screw up, we don't free() the memory we are
going to write into the ASN1 packet until we actually write it out.
Andrew Bartlett
(This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
|
|
These small changes seem to fix some of the early issues in 'make
valgrindtest'
Previously, the subtree_delete code didn't pass on the timeout,
leaving it uninitialised.
The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a
bit.
Andrew Bartlett
(This used to be commit 95314f29a9cf83db71d37e68728bfb5009fce60d)
|
|
(This used to be commit 99113075c4a96679bcec4f4d6bba4acb3dee4245)
|
|
determine if this (possibly critical) control has been decoded. This
allows us to return an error, rather than just dropping the socket.
Andrew Bartlett
(This used to be commit 230a60c1910f95ce5139c174d6d79786fca08433)
|
|
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
|
|
Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this
error is now correctly emited from ldb.
Andrew Bartlett
(This used to be commit ed57862b90812e5a38ca81935b131338112fb19f)
|
|
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
|
|
so pass struct cli_credentials *cred instead of
enum credentials_use_kerberos use_kerberos.
metze
(This used to be commit b945aaa9dadc4c0595340d35725b49bac8e5778e)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
blackbox tests: increase test coverage by running more options.
Andrew Bartlett
(This used to be commit 46abf82675ea0ce06a162be5d733da0c236880c2)
|
|
documentation.
Andrew Bartlett
(This used to be commit 6679003c0553804333f0090a91e1fe53837ceb47)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
test to prove the behaviour of LDAP renames etc.
Fix LDB to return correct error code when failing to rename one DN
onto another.
Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
|
|
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
(This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
|
|
metze
(This used to be commit d20d1872d5ed1176928b85ef9811c6a5177d0148)
|
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
metze
(This used to be commit fddcbf5d4cce77705be43956ea93895432b64aa1)
|
|
ldb_search_default_callback does the same...
metze
(This used to be commit 0edac60ec6f1e67de8e08f4e71e56b674915ad6e)
|
|
(This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
|
|
dependency loops).
This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.
Andrew Bartlett
(This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
|
|
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://gleg.net/protover_ldap_sample.shtml
Also fixes found by a subsequent audit of the code for similar issues.
(This used to be commit 441a4f6262459dabfefd9bb12622ada9c007a60c)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
metze
(This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
|
|
- we need this to later:
- to disallow a StartTLS when TLS is already in use
- to place the TLS socket between the raw and sasl socket
when we had a sasl bind before the StartTLS
- and rfc4513 says that the server may allow to remove the TLS from
the tcp connection again and reuse raw tcp
- and also a 2nd sasl bind should replace the old sasl socket
metze
(This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
|
|
our certificate, and proceed with the connection is left as an
exercise for the reader...
Andrew Bartlett
(This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
|